Privacy Notice Summary (Effective December 1, 2006)

This notice describes the privacy policy of Catholic Charities. Catholic Charities may amend this policy at any time, and new versions will be posted any time that changes are made. This notice applies to the personal information of persons served through our program(s) that is collected or maintained by Catholic Charities in hard copy or electronic formats or through the DC Homeless Management Information System (HMIS). 

 

In relation to this information, Catholic Charities:

§         Collects personal information only when appropriate or required by funders;

§         Will not disclose personal information without written consent unless specifically stated within the notice;

§         May use or disclose information in order to provide services;

§         May also use or disclose information to comply with legal requirements or other obligations as described in the notice; and

§         Assumes that, unless stated otherwise, persons applying for or receiving services agree to allow us to collect, use or disclose information as described in this notice.

 

Each person providing personal information can:

§         Inspect his/her personal information that is maintained by Catholic Charities;

§         Ask us to correct inaccurate or incomplete information within the record;

§         Ask about Catholic Community Services privacy policy or practices;

§         File a grievance regarding Catholic Charities privacy policies and practices.  Catholic Charities will respond to questions and complaints;

§         Request a copy of the full notice for more details.

Catholic Charities

Privacy Notice

December 1, 2006

 

A.        What This Notice Covers

 

1.         This notice describes the privacy policy and practices of Catholic Charities. Our main office is at 924 G Street, NW, Washington DC, 20001.  Our phone number is 202.772.4300 and our web site is located at www.ccs-dc.org.

2.         The policy and practices in this notice cover the processing of protected personal information for clients of Catholic Charities and its programs. This notice covers all personal information that is maintained by Catholic Charities in its role as administrator for DC Continuum of Care programs. 

3.         Protected PersonalInformation (PPI) is any information Catholic Charities  maintains about a client that:

a.       allows identification of an individual directly or indirectly; and

b.      can be manipulated by a reasonably foreseeable method to identify a specific individual;

Or

c.       can be linked with other available information to identify a specific client. When this notice refers to personal information, it means PPI.

4.         Catholic Community Services adopted this policy in accordance with the Homeless Management Information Systems Data and Technical Standards issued by the U.S. Department of Housing and Urban Development. We intend our policy and practices to be consistent with those standards. See 69 Federal Register 45888 (July 30, 2004).  We also intend for our policies to be consistent with requirements outlined in the DC Homeless Services Reform Act and other applicable local laws.

5.         This notice tells Catholic Charities clients, staff, contractors, HMIS users and others how personal information is processed at Catholic Charities.

 

6.         We may amend this notice and change our policy or practices at any time.  Amendments may affect personal information that we obtained before the effective date of the amendment. The new notice will be posted at our Headquarters Office at least 30 days prior to taking effect.

 

7.         Catholic Community Services will provide a written copy of this privacy notice to any individual or organization that requests one.

 

B.        How and Why We Collect Personal Information

 

1.         Catholic Community Services collects and maintains personal information only when appropriate to provide services, or for another specific purpose of our organization, or when required by law.  Information may be collected for the following purposes:

a.       To provide or coordinate services to clients;

b.      To locate other programs that may be able to assist clients;

c.       For functions related to payment or reimbursement from others for services provided by Catholic Charities or our contractors;

d.      To operate our organization and its programs, including legal, audits, personnel, oversight, contract monitoring, program evaluation and other management administrative functions;

e.       To comply with government and funder reporting obligations;

f.        For research, data analysis and community reporting purposes, including reporting to the DC Interagency Council on Homelessness to inform policy decisions;

g.       When required by law.

 

2.         Catholic Community Services uses only lawful and fair means to collect personal information.

 

3.         If you seek Catholic Community Services assistance and provide personal information, Catholic Charities assumes that you consent to the collection of information as described in this notice.

 

4.         Catholic Community Services may also obtain information about those seeking services from:

a.       Other individuals who are accompanying the person seeking services, such as a guardian, caretaker or advocate; or

b.      Referring organizations and/or service providers (with proper consent).

 

5.         Catholic Community Services posts a sign at our offices explaining the reasons we ask for personal information. The sign says:

 

DC Continuum of Care Privacy Posting

 

The U.S. Department of Housing and Urban Development (HUD) requires that each jurisdiction that receives funding from HUD must have a Homeless Management Information System (HMIS) in place. Therefore, this Agency is required to participate in the DC Homeless Management Information System (HMIS), a computerized system that collects and stores basic information about the persons who receive services from this Agency.  The goal of the DC HMIS is to assist us in determining your needs and to provide a record for evaluating the services we are providing to you.

 

We only collect information that is needed to provide you services, and we do not share your information without written consent, except when required by our funders or by law.   By requesting and accepting services from this program, you are giving consent for us to enter your personal information into the HMIS.

 

The collection and use of all personal information is guided by strict standards of confidentiality as outlined in our privacy policy.  A copy of our agency’s Privacy Notice is available upon request for your review.

 

 

C.        How Catholic Community Services Uses and Discloses Personal Information

 

1. Catholic Community Services uses or discloses personal information for activities described in this part of the notice. As necessary to help you, we may or may not make any of these uses or disclosures.

 

We assume that you consent to the use or disclosure of your personal information for the purposes described below and for other uses and disclosures that we determine to be compatible with these uses or disclosures:

 

1. to provide or coordinate services for individuals to help them exit homelessness. We share client records (with consent) with other organizations that may have separate privacy policies and that may allow different uses and disclosures of the information;
2. for functions related to payment or reimbursement for services;
3. to carry out administrative functions such as audits, personnel, oversight, reporting, analysis and management functions, including the maintenance and operation of the HMIS;

 

4. to create de-identified (anonymous) information that can be used for research and statistical purposes without identifying clients;
5. when required by law to the extent that use or disclosure complies with and is limited to the requirements of the law;
6. to avert a serious threat to health or safety if:

·        we believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of an individual or the public, and

·        the use or disclosure is made to a person reasonably able to prevent or lessen the threat, including the target of the threat.

7. to report about an individual we reasonably believe to be a victim of abuse, neglect or domestic violence to a governmental authority (including a social service or protective services agency) authorized by law to receive reports of abuse, neglect or domestic violence under any of the following circumstances:

·        where the disclosure is required by law and the disclosure complies with and is limited to the requirements of the law;

·        if the individual agrees to the disclosure; or

·        to the extent that the disclosure is expressly authorized by statute or regulation; and

·        we believe the disclosure is necessary to prevent serious harm to the individual or other potential victims; or

·        if the individual is unable to agree because of incapacity, then a law enforcement or other public official authorized to receive the report must represent that the PPI for which disclosure is sought is not intended to be used against the individual, and must represent that an immediate enforcement activity that depends upon the disclosure would be materially and adversely affected by waiting until the individual is able to agree to the disclosure; and

·        when we make a permitted disclosure about a victim of abuse, neglect or domestic violence, we will promptly inform the individual who is the victim that a disclosure has been or will be made, except if:

·        in the exercise of professional judgment we believe informing the individual would place the individual at risk of serious harm, or

·        we would be informing a personal representative (such as a family member or friend) and reasonably believe the personal representative is responsible for the abuse, neglect or other injury; such that informing the personal representative would not be in the best interests of the individual as we determine in the exercise of professional judgment.

 

8. for academic research purposes, release of PPI will be allowed if research is:

·        Conducted by an individual or institution that has a formal relationship with the Covered Homeless Organization (CHO, or the agency that participates in HMIS) if the research is conducted by either:

o       an individual employed by or affiliated with the organization for use in a research project conducted under a written research agreement approved in writing by a designated CHO program administrator (other than the individual conducting the research); or

o       an institution for use in a research project conducted under a written research agreement approved in writing by a designated CHO program administrator; and

·        The formal relationship is contained in a written research agreement that must:

o       establish rules and limitations for the processing and security of PPI in the course of the research;

o       provide for the return or proper disposal of all PPI at the conclusion of the research;

o       restrict additional use or disclosure of PPI, except where required by law;

o       require that the recipient of data formally agree to comply with all terms and conditions of the agreement;

o       is not a substitute for approval (if appropriate) of a research project by an Institutional Review Board, Privacy Board or other applicable human subjects protection institution.

·        Catholic Community Services may also seek approval, as appropriate, by the public entity that has rights to the data (in part or in full) because the data has been generated and collected under a contract or subcontract with the public entity.

 

9. to a law enforcement official for a law enforcement purpose (if consistent with applicable law and standards of ethical conduct) under any of these circumstances:

·        in response to a lawful court order, court-ordered warrant, subpoena or summons issued by a judicial officer, or a grand jury subpoena; and

·        if the law enforcement official makes a written request for PPI that:

o          is signed by a supervisory official of the law enforcement agency seeking the PPI;

o          states that the information is relevant and material to a legitimate law enforcement investigation;

o          identifies the PPI sought;

o          is specific and limited in scope to the extent reasonably practicable in light of the purpose for which the information is sought; and

o          states that de-identified information could not be used to accomplish the purpose of the disclosure.

·        if we believe in good faith that the PPI constitutes evidence of criminal conduct that occurred on our premises;

·        in response to a written request, as described above, for the purpose of identifying or locating a suspect, fugitive, material witness or missing person and the PPI disclosed consists only of name, address, date of birth, place of birth, Social Security Number, and distinguishing physical characteristics;

·        if the official is an authorized federal official seeking PPI for the provision of protective services to the President or other persons authorized by 18 U.S.C. 3056, or to foreign heads of state or other persons authorized by 22 U.S.C. 2709(a)(3), or for the conduct of investigations authorized by 18 U.S.C. 871 and 879 (threats against the President and others); and if the information requested is in writing and is specific and limited in scope to the extent reasonably practicable in light of the purpose for which it is sought.

10. (C.1.j) to comply with government funding reporting obligations.

 

2.   Before we make any use/disclosure of your personal information that is not described herein and above, we will seek your consent first.

 

 

D.        How to Inspect and Correct Personal Information

 

1. Consumers may inspect and have a copy of their PPI that is maintained in the HMIS. Catholic Charities will respond to any such request made by a consumer within a reasonable time frame, usually 2-3 business days.  Agency staff will offer to explain any information in the file. 

 

2. Catholic Charities will consider requests for correction of inaccurate or incomplete personal information from consumers. If Catholic Community Services agrees that the information is inaccurate or incomplete, staff may delete it or may choose to mark it as inaccurate or incomplete and to supplement it with additional information.

 

3. To inspect, get a copy of, or ask for correction of personal information, a consumer can contact any Catholic Charities staff member.  The appropriate staff member will be located to assist with the review and/or correction of the file within a reasonable time period, usually 2-3 business days.

 

4. Catholic Charities may deny a request for inspection or copying of personal information if:
1. the information was compiled in reasonable anticipation of litigation or comparable proceedings;
2. the information is about another individual;
3. the information was obtained under a promise of confidentiality and if the disclosure would reveal the source of the information; or
4. disclosure of the information would be reasonably likely to endanger the life or physical safety of any individual.
5. If a request for access or correction is denied, Catholic Charities will explain the reason for the denial. Catholic Charities will also include, as part of the personal information that is maintained, documentation of the request and the reason for the denial
6. Catholic Charities may reject repeated or harassing requests for access or correction.

 

E.         Data Quality

 

1.      Catholic Community Services collects only personal information that is relevant to the purposes for which we plan to use it or as required for reporting to our funders.  To the extent necessary for those purposes, Catholic Charities seeks to maintain only personal information that is accurate, complete, and timely.

2.      Catholic Community Services is developing and implementing a plan to dispose of personal information not in current use seven years after the information was created or last changed. As an alternative to disposal, Catholic Charities may choose to remove identifiers from the information so that the data can be maintained for analysis purposes.

3.      Catholic Community Services may keep information for a longer period if required to do so by statute, regulation, contract, or other requirement.

 

F.         Complaints and Accountability

 

1.       Catholic Community Services accepts and considers questions or complaints about our privacy and security policies and practices.  To file a complaint or question, a consumer should do the following:

o       The consumer should first follow Catholic Community Services grievance procedure. 

o       If the question or complaint cannot be resolved internally, Catholic Charities will then follow procedures for grievances as required by the Homeless Services Reform Act.

2.      All members of our staff (including employees, volunteers, affiliates, contractors and associates) are required to comply with this privacy notice. Each staff member must receive and acknowledge receipt of a copy of this privacy notice.

 

G.        Privacy Notice Change History

 

Each copy of this notice will have a history of changes made to the document.  This document’s change history is as follows:

 

• December 1, 2006 – First Version