Supervisor Responsibilities in Regards to Confidentiality and Security of PEMS Client-level Data

1. Supervisor Responsibilities in Regards to Confidentiality and Security of PEMS Client-level Data

2. How to navigate this presentation • To move from slide to slide, either click the left button of your mouse or use the scroll on your mouse • Throughout this presentation, you will see places that say “click here” in order to see more information on a topic. • When you come to one of these place, click on the word “here” with your mouse and that will bring you to another slide • Somewhere on the slide you have been brought to, you will see the word “back” • Move your mouse around over the word “back” until the arrow becomes a hand, and then click the left mouse button on “back” . BE SURE only to click with the hand. If you click with the arrow instead of the hand, you will be brought to the wrong slide.

3. Purpose of this Presentation

4. Purpose of this Presentation • As a person who supervises staff who will be using PEMS client-level data, you will have certain responsibilities with regards to maintaining the confidentiality of the data. These responsibilities will be reviewed here preceded by a brief overview of PEMS related terminology

5. What is ?

6. What is PEMS? • PEMS stands for the Program Evaluation and Monitoring System 2. PEMS is an internet browser-based software for data entry and reporting 3. If an agency receives funding from the Centers for Disease Control (CDC) for HIV prevention programs, that agency must collect data for PEMS 4. There are two types of data to be collected: • Data that describes a program being funded • Data that describes the clients being served

7. PEMS Client-Level Data

8. PEMS Client-Level Datais: • Information that is collected about a particular client while the client is enrolled in your program • For the purposes of PEMS, this data could be: • Client demographics – such as the race, ethnicity, gender or year of birth of the client • Client risk-behaviors – such as whether the client has had sex or used injection drugs during a certain period of time • The official definition of PEMS Client-Level Data for the purposes of this policy can be viewed by clicking here

9. PEMS Client-Level Datais: 4. PEMS client-level data records can consist of either: • Paper Records – client-level data that is on a data collection form for example • Electronic Records – client-level data that is stored electronically (on a computer most likely). • Portable Electronic Records – client-level data that is stored on portable electronic devices such as a laptop, blackberry etc., or on removable storage media such as a diskette or CD etc.

10. Managing PEMS Users

11. Managing PEMS Users: New Users • A PEMS user is a staff member who will have access to PEMS client-level data for the purposes of collecting, processing or analyzing that data – If you will be a PEMS user as well as supervising other PEMS users you must review the slide presentation for PEMS users and take the related quiz. 2. If you supervise a staff member who is new and will need to handle PEMS client-level data you must: • Complete a Request for Access to PEMS Client-Level Data Form and submit it to the PEMS System Administrator. • Click here to see the form. • Click here to see more about the System Administrator including contact information

12. Managing PEMS Users: New Users 3. In order to be authorized to be a PEMS user, a staff member must do the following: • Sign a confidentiality statement. Click here. • Sign a statement of acknowledgement and agreement of the PEMS confidentiality and security policy. Click here. • Take the PEMS Confidentiality and Security Quiz, and review the correct answers to assure errors are understood 4. Staff are instructed to give all three of these documents to their supervisor. You in turn will have to submit them to the System Administrator before the staff member is considered authorized.

13. Managing PEMS Users: Changes to a User’s Duties • If a staff member who has been a PEMS user will no longer need access to PEMS data, you must: • Complete a Notification of Staff Separation Form and submit it to the System Administrator • Click here to see the form • Terminate the staff member’s access to client-level data • Collect all Keys to PEMS data storage areas • Conduct an exit interview during which the staff member reviews the need to adhere to the confidentiality statement and signs the statement on page 2 of the Notification of Staff Separation Form

14. Managing PEMS Users: Changes to a User’s Duties • If a staff member who is a PEMS user will be changing duties within your agency but will still be a PEMS user you must: • Modify what client-level data the user has access to accordingly: • Take possible steps to make sure the user does not have access to data unnecessary for his/her new scope of work • Ultimately, it is up to the PEMS user to only access data needed to do his/her job

15. Data Release

16. Release of Client-Level Data • Releasing client-level data means giving that data to an individual or organization other than the Vermont Department of Health or the CDC • Any request that you get for client-level data from an individual or agency outside of your own must be forwarded to the PEMS System Administrator • However, staff are allowed to release referral codes to other agencies that get money from the Vermont Department of health in order to track referrals

17. END Thank you! (If you will be a PEMS user as well as a supervisor, be sure to view the PPT Presentation for PEMS Users)

18. back • PEMS CLIENT-LEVEL DATA Any record containing PEMS constructive identifying information • PEMS CONSTRUCTIVE IDENTIFYING INFORMATION Any single piece of information or combination of several pieces of information from PEMS that could be used to deduce the identity of an individual (e.g, names or pieces of names, addresses, ZIP codes, telephone numbers, ethnicity, gender)

19. back

20. The PEMS System Administrator • The System Administrator is responsible for: • The security of the PEMS data and database • Ensuring staff training • Reviewing and updating this policy • Receiving complaints about this policy • Anything that must be submitted to the System Administrator should be mailed to this address or emailed to this email add: Leah Kittredge Vermont Department of Health 108 Cherry Street, PO Box 70 Drawer 41-HAST Burlington, VT 05402 lkittre@vdh.state.vt.us 802-651-1534 back

21. back

22. Acknowledgement and Agreement of Confidentiality and Security Policies and Procedures for PEMS Client-Level Data I have reviewed the Power Point slide presentation entitled “Confidentiality and Security Policies and Procedures for PEMS Client-Level Data – An Overview for PEMS Users” and completed the related quiz and I agree to comply with the terms and conditions governing the appropriate and allowed use of PEMS client-level data as defined by the Confidentiality and Security Policies and Procedures for PEMS Client-Level Data. I agree to abide by the procedures stated in this document. ________________________________________ (Signature) ________________________________________ (Printed Name) back

23. back