HUD, HIPAA, and HMIS: What You Need to Know

Doctor or psychiatrist consulting and diagnostic examining stressful woman patient on obstetric - gynecological female illness, or mental health in medical clinic or hospital healthcare service center

Can homeless services utilize health data? The answer is yes—but only if they follow strict rules put forth by HUD and HIPAA for homeless management information systems (HMISes). Check out what these rules entail and what benefits come from following them.

Health Data and Homeless Services

When was the last time you used data to make a decision?

Whether we know it or not, data makes the world go round. It’s collected to establish trends, predict risks, and better understand how companies, communities, and individuals can improve their outcomes.

Homelessness services are no exception; they need data to maximize their program outreach while ensuring those they care for receive the resources they need.

Health data—which homeless services and other social service-providers use—is uniquely protected under federal law. Due to the sensitive nature of this information, homelessness services need to follow strict guidelines to ensure organizational compliance and protection for those they serve.

Why Protect Health Data?

Health data can be incredibly useful to homelessness-service organizations. These organizations can see which individuals receive critical healthcare and which ones don’t, which in turn informs both the short- and long-term consequences of receiving care. Through this data, services can also track progress (ensuring less attrition from programs) and assess how effective initiatives are in achieving outcomes.

What is Health Data?

Health data is defined as any “information relating to the physical or mental health of a person, including pre-existing conditions, personal choice about selecting a treatment, health security or policy number, treatment reports, causes of death, and socio-economic parameters regarding health and wellness.”

Examples of health data include:

  • General personal information
  • Name
  • Date of birth or age
  • Citizenship
  • Veteran status
  • Disability status
  • Contact information
  • Social Security number
  • Mental health records
  • Substance abuse records
  • Previous treatments, surgeries, and operations
  • Past and current medications
  • Educational records
  • Financial information

Each of these examples—which only scratch the surface of what constitutes health data—can help healthcare providers know exactly where their patient is at and how best to serve them. 

There is a catch, however. Much of this information is sensitive, private, and potentially embarrassing for the individual. In the wrong hands, health data can be abused—which is why there are such strict legal rules around this information.

These rules, established in the Health Insurance Portability and Accountability Act of 1996 (HIPAA), must be followed exactly in order to protect the privacy of individuals and prevent potential misuse.

To ensure homelessness-service providers can benefit from health data while protecting the identity and privacy of those they serve, the US Department of Urban Housing and Development (HUD) established a comprehensive set of criteria specifically for homeless-data systems to follow so they can receive funding, resources, and legal recognition.


HUD’s solution to HIPAA adherence developed into what we today call homeless management information systems (HMISes). These systems are designed to respect HIPAA regulations specifically in the context of homeless individuals receiving care.

Various case management platforms and other data storage systems—such as ClientTrack™—are designed specifically to meet HMIS standards. These systems go through regular assessments to ensure that they are up to date on all of HUD’s requirements, which are continually adjusted. If HMISes are not compatible with HUD’s most recent requirements, the system could potentially jeopardize funding and resources for the homelessness-service organization and even incur legal penalties, such as fines and even criminal prosecution.

In a nutshell, HMIS platforms have no wiggle room when it comes to HIPAA compliance. They must always ensure total adherence in order to safely and securely utilize the health data of those they serve.

How HMISes Improve Homeless Services

While the consequences can be severe for failing to respect health-data regulation, the majority of homeless services find HIPAA compliance to be a nonissue. As long as organizations follow the clear set of rules put forth by HUD, they are unlikely to violate any privacy policy.

Notably, the legalistic nature of HIPAA compliance means homeless organizations are best served when the HMIS they use is staffed by proactive HUD experts. Our team of experts at Eccovia are trained to the highest standards of HUD, HIPAA, and HMIS standards to ensure that system users are always compliant. 

With HIPAA and HUD requirements met, homeless services can focus on reaping the benefits of qualifying to use HMIS health data.


Perhaps the most useful part of health data is how quickly it can provide detailed, meaningful assessments. Homelessness services can generate immediate reports on performance, resources, and risks, and then share those with other organizations within the continuum of care. When HUD standards are met, then providers can also spend less time worrying about security breaches or potential data misuse and instead focus on implementing their care.

Trust and Vulnerability

While it’s easy to think of HMIS data as raw statistical information, it’s important to remember that behind each number and indicator is a real person. When homeless services follow health-data regulations, they build trust among those they serve. People experiencing homelessness who trust their providers are more likely to give complete and honest responses and seek future care.


With more social services moving to a model of whole-person care (i.e., addressing all parts of an individual’s health needs), collaboration is playing a central role. Sharing health data with other providers is a limited experience at best, but it’s only possible through HUD and HIPAA compliance. When services interact with one another, they combine health data to ensure that unsheltered individuals are receiving the resources they need without having to “double up” on care.

The Future of Health Data

As data continues to integrate into our daily lives, there’s no doubt that homelessness services will need to focus even more heavily on HMIS and health data. With so many benefits coming from these systems, it’s a no-brainer to follow HUD and HIPAA requirements. By doing so, both the organization and the individual can be protected and maximize their outcomes.

Enjoy This Article? You May Also Like:

HMIS 2020 Data Standards Retrospective

Why HMIS Software Is Important

Homelessness Mental Health

More Topics

With major funding cuts and every indication of increasing need for VOCA-funded services, what does the future hold for VOCA funding recipients? Outcomes aren’t set in stone, but they will …

February is Teen Dating Violence Awareness Month. Learn how to get involved and promote healthy, respectful relationships for teenagers, and how learning how to identify warning signs of abuse can …

ClientConnect 2023, our inaugural peer-to-peer conference for human services organizations, was a resounding success! But if you missed out, don’t let that stop you from catching the next one. In …

Contact Us