INTRODUCTION

This article is to outline some information about Social Security Numbers (SSN) as it relates to HMIS.

WHY ARE SSNs COLLECTED IN CMIS?

Social Security Numbers are collected in CMIS to allow CMIS end users, communities, and CMIS itself to deduplicate clients. Collecting SSN information supports to unique identification of each person input into CMIS, and allows projects to avoid creating duplicate client profiles for the same individual.

While Name and Date of Birth are useful identifiers, SSN is an additional step towards deduplicating clients, since Name and/or Date of Birth 1) may be identical, or extremely close between individuals, and 2) can be learned by others and can be used in instances of impersonation, while SSNs are typically kept private.

Relatedly, SSNs are required for many mainstream programs, which many homeless assistance providers assist clients with accessing. Collecting SSN information in CMIS aids having that information available for those processes.

Social Security Numbers are not collected in CMIS for any form of tracking or monitoring.

IS COLLECTING CLIENT SSNs REQUIRED?

The data collection requirements for Social Security Numbers vary by program or funding type of the project that is entering the client's data.

• PATH-, CoC-, and ESG-funded programs are, per the funding source, required to collect the last four (4) digits of a client's SSN. They are not prohibited from collecting all nine digits, so that is also an option in CMIS.

• VA-funded SSVF projects are required to collect full Social Security Numbers, because verifying a client's eligibility is required for receiving services through these grants. The Veteran's household members, however, may decline to provide their SSNs.

• The Delaware Continuum of Care gives clients the right to decline to answer any question asked for CMIS collection purposes. Declining to provide any information collected in CMIS should not disqualify or make a person ineligible for services. This includes Social Security Number. The Delaware Continuum of Care also understands that some clients do not know/remember their SSN, and many clients (for example, those under the age of 18) do not have a Social Security Number.

• For instances like these, the options of "Client doesn't know" or "Client prefers not to answer" can be used in CMIS.

• These options, however, do lead to data quality issues. Therefore, providers should still be asking for SSNs from all clients to "level out" the unavoidable data issues that would arise.
  

DATA SECURITY & SOCIAL SECURITY NUMBERS

Social Security Numbers, as well as Name (with or without Date of Birth), are considered Personally Identifiable Information (PII). PII allows for a client profile in CMIS to be linked to a specific individual.

The sharing of PII collected in CMIS is strictly prohibited. Therefore, no client's Social Security Number should be taken from CMIS and shared outside of those who have access to CMIS and are using it to provide services to a specific client.

As the CMIS Lead Agency, Housing Alliance Delaware does not provide client PII for reasons outside of what is outlined in the CMIS Privacy Policies & Procedures. If PII is shared, it is always:

1. To a specific recipient (most likely, the agency working directly with the requested client/clients or their funder) through a report that was requested for a specific, approved purpose, and
   
2. Through safe electronic means, such as encrypted emails. Physical documents with CMIS information are never used, especially when PII is included (with exception to the Point in Time Count, during surveying).
   
1. Physical documents with SSNs (such as PIT surveys) are stored in locked areas for a set number of years, per law, and then are shredded.
   

PII is only used locally, and for the purposes mentioned in this article so far. Federal reports that Housing Alliance Delaware submits to HUD (the US Department of Housing and Urban Development), only aggregate data is sent. This means that no PII and no client-level data is sent to the federal government. The federal government also does not have access to CMIS or cannot get access to the client-level files within the system.

ADDITIONAL CMIS-RELATED INFORMATION ABOUT SOCIAL SECURITY NUMBERS

DATA QUALITY

While Housing Alliance Delaware is aware of providers' desire to have data with as little Data Quality issues as possible, there are some important things to note about some of the "shortcuts" being used to address Social Security Number data quality issues.

• Client files with identical SSNs are flagged on back-end reports and cause several issues down the line with the administration of CMIS. Housing Alliance Delaware spends hours every month reviewing these cases.

• Since CoC-, ESG-, and PATH-funded programs only require the last four digits of a client's SSN, this has increased the amount of time Housing Alliance Delaware needs to review SSNs.

• Do not use "dummy"/fake SSNs, as it is the main reason for clients having identical SSNs in CMIS.

• Avoid using SSNs like 000-00-0000, 123-45-6789, XXX-XX-1234, or 999-99-9999 to "work around" CMIS guidelines. Multiple providers do this, leading to an increasing number of clients being flagged as potentially identical.

• Do not use a Head of Household's SSN for other household members to work around not having their own SSNs. In many families' cases, names are close enough where CMIS will actually merge two clients with near-identical information into one in reports, making data inaccurate for the provider who needs their information, as well as HAD for system-wide reports. Housing Alliance Delaware has seen this situation arise on multiple occasions.

• EXAMPLE 1: Twins Carina Smith and Carter Smith, being born on the same date, and a provider entered their mother's SSN as theirs. CMIS will count both twins (and potentially the mother) as one client since they have the same SSN entered into CMIS. This is because their Dates of Birth are identical, their Last Names are identical, and their First Names are spelled similarly.

• EXAMPLE 2: A father and son are both named Trevor Smith, and a provider entered the father's SSN as the son's as well, to avoid a Data Quality issue. However, since their names are identical (CMIS does not pull name suffixes on reports) and their Social Security Numbers are identical, CMIS reports will count these two profiles as one.

• While clients may provide fake SSNs to receive services, end users should not do the same. End users have signed that they will not falsify any data in CMIS for the sake of avoiding blanks in CMIS. Blank assessment responses are preferred over faked client information.

• Being a 12+ year old system, CMIS has multiple profiles where clients have different SSNs. As the Lead Agency, Housing Alliance Delaware will have no way to confirm which SSN is correct for a client, so profiles cannot be merged. This also results in an overcount of clients in our system.