ICA has seen an uptick in HMIS user license policy violations lately. All users sign a User Policy, Responsibility Statement, and Code of Ethics before gaining access to HMIS and must abide by the User Responsibilities outlined in this document. ICA takes data security very seriously and will sanction users that have violated the user policies.A reminder of activities that are strictly prohibited:

• Searching the system for your own name or names of friends or family members - you should only be accessing information necessary to do your job.

• Logging into someone else’s account.

• Sharing passwords.

• Looking over someone’s shoulder while they do their HMIS data entry or reporting or anything! If you want direct access to HMIS, you need your own login. If you need a login, go through New User Training and do not attempt to access HMIS until after you have your own user account.

 For the first violation, your user account will be suspended for 30 days, or until your agency notifies ICA of action taken to remedy the violation. More information about the actions that will be taken due to violations of HMIS policies can be found in the Minnesota HMIS Policies.We would also like to remind agencies that they must notify ICA within 24 hours once a user has left the agency or no longer needs access to HMIS so we can delete or inactivate their user account. Agencies may want to incorporate this step into their procedures for when an employee leaves the agency. The Agency Agreement outlines the responsibilities agencies have to maintain the security and confidentiality of HMIS. Contact the Helpdesk to notify us of any user accounts that need to be deleted or inactivated.