freality | home | art | code | essays | music | stuff | resume

An example of your ghost in the system: HUD's HMIS

Government databases have been at hot topic of late. President Bush's appointee, John Poindexter, had The Department of Defense planning to unite as many governmental databases as possible under a single large system, run by his office of Total Information Awareness. That struck a deeply Orwellian chord, and along with other problems, got Poindexter booted. But what really was at stake? It's hard to know what data of ours is available to our government. Recently, though, we got a glimpse.

The United States' Department of Housing and Urban Development recently published its guidelines for a "Homeless Management Information System". Read the source document here: "HMIS Data and Technical Standards Notice". You probably aren't homeless, but this database still provides a rare look at the kind of general personal information any good government agency likes to keep on its citizenry. Here's a look at what information this database would record, how the information would be kept secure, and who could access it.

Here are the information fields to be collected that are considered "protected personal information" and thus under special security management:

• All geographic subdivisions smaller than a state, including street address, city, county, precinct, zip code, and their equivalent geocodes.
• All elements of dates (except year) directly related to an individual, including birth date, admission date, discharge date, and date of death.
• Telephone numbers.
• Social Security numbers.
• Medical record numbers.
• Vehicle identifiers and serial numbers, including license plate numbers.

Here's a brief sense of the security checks:

• The data is kept on "secure" computers.
• The data is encrypted when transferred across private or public networks.
• Hard copies must be supervised in public areas and secured when in private.

Here's a break-down of who can get access to the personal private information with varying levels of consent and knowledge by the client.

1. With the *consent* of the client, you can basically give the data to anyone, but it's specifically enumerated as:
   • Disclosure to a non-governmental entity.
2. Without consent, but with written or oral notification to the client:
   • Sharing data between other HMIS-equipped localities.
3. Without consent, without written or oral notification to the client, the data can be shared with these entities or for the following reasons:
   • Administrative purposes.
   • Academic institutions.
   • Public Health officials, if they can reasonably use the information to avert "a serious and imminent threat to the health or safety of a person or the public".
   • Coroners
   • Funeral Directors
   • Law enforcement officials by court order as necessary.
   • Government authorities that monitor abuse, neglect or domestic violence, if the client is reasonably believed to be a victim of these.
   • National Security entities for intelligence, counter-intelligence and other activities as authorized by the National Security Act.
   • Bodyguards of the President and other Heads of State.

XHTML 1.1 & CSS 2 & Copyleft