INTRODUCTION
This article is to outline some information about Social
Security Numbers (SSN) as it relates to HMIS.
WHY ARE SSNs COLLECTED IN CMIS?
Social Security Numbers are collected in CMIS to allow CMIS
end users, communities, and CMIS itself to deduplicate clients. Collecting SSN
information supports to unique identification of each person input into CMIS,
and allows projects to avoid creating duplicate client profiles for the same
individual.
While Name and Date of Birth are useful identifiers, SSN is
an additional step towards deduplicating clients, since Name and/or Date of
Birth 1) may be identical, or extremely close between individuals, and 2) can
be learned by others and can be used in instances of impersonation, while SSNs
are typically kept private.
Relatedly, SSNs are required for many mainstream programs,
which many homeless assistance providers assist clients with accessing.
Collecting SSN information in CMIS aids having that information available for
those processes.
Social Security Numbers are not collected
in CMIS for any form of tracking or monitoring.
IS COLLECTING CLIENT SSNs REQUIRED?
The data collection requirements for Social Security Numbers
vary by program or funding type of the project that is entering the client's
data.
- PATH-, CoC-, and ESG-funded
programs are, per the funding source, required to collect the last four
(4) digits of a client's SSN. They are not prohibited from collecting all
nine digits, so that is also an option in CMIS.
- VA-funded
SSVF projects are required to collect full Social Security
Numbers, because verifying a client's eligibility is required for
receiving services through these grants. The Veteran's household members,
however, may decline to provide their SSNs.
- The
Delaware Continuum of Care gives clients the right to decline to answer
any question asked for CMIS collection purposes. Declining to
provide any information collected in CMIS should not disqualify or make a
person ineligible for services. This includes Social Security
Number. The Delaware Continuum of Care also understands that some clients
do not know/remember their SSN, and many clients (for example, those under
the age of 18) do not have a Social Security Number.
- For
instances like these, the options of "Client doesn't know" or
"Client prefers not to answer" can be used in CMIS.
- These
options, however, do lead to data quality issues. Therefore, providers
should still be asking for SSNs from all clients to
"level out" the unavoidable data issues that would arise.
DATA SECURITY & SOCIAL SECURITY NUMBERS
Social Security Numbers, as well as Name (with or without
Date of Birth), are considered Personally Identifiable Information (PII).
PII allows for a client profile in CMIS to be linked to a specific individual.
The sharing of PII collected in CMIS is strictly
prohibited. Therefore, no client's Social Security Number should be
taken from CMIS and shared outside of those who have access to CMIS and are
using it to provide services to a specific client.
As the CMIS Lead Agency, Housing Alliance Delaware does not
provide client PII for reasons outside of what is outlined in the CMIS
Privacy Policies & Procedures. If PII is shared, it is always:
- To a specific recipient (most likely, the agency working directly with the requested client/clients or their funder) through a report that was requested for a specific, approved purpose, and
- Through safe electronic means, such as encrypted emails. Physical documents with CMIS information are never used, especially when PII is included (with exception to the Point in Time Count, during surveying).
- Physical documents with SSNs (such as PIT surveys) are
stored in locked areas for a set number of years, per law, and then are
shredded.
PII is only used locally, and for the purposes mentioned in
this article so far. Federal reports that Housing Alliance Delaware
submits to HUD (the US Department of Housing and Urban Development),
only aggregate data is sent. This means that no PII and no client-level data is
sent to the federal government. The federal government also does not have
access to CMIS or cannot get access to the client-level files within the
system.
DATA QUALITY
While Housing Alliance Delaware is aware of providers'
desire to have data with as little Data Quality issues as possible, there are
some important things to note about some of the "shortcuts" being
used to address Social Security Number data quality issues.
- Client
files with identical SSNs are flagged on back-end reports and cause
several issues down the line with the administration of CMIS. Housing
Alliance Delaware spends hours every month reviewing these cases.
- Since
CoC-, ESG-, and PATH-funded programs only require the last four digits of
a client's SSN, this has increased the amount of time Housing Alliance
Delaware needs to review SSNs.
- Do
not use "dummy"/fake SSNs, as it is the main reason
for clients having identical SSNs in CMIS.
- Avoid
using SSNs like 000-00-0000, 123-45-6789, XXX-XX-1234, or 999-99-9999 to
"work around" CMIS guidelines. Multiple providers do this, leading
to an increasing number of clients being flagged as potentially
identical.
- Do
not use a Head of Household's SSN for other household members to work
around not having their own SSNs. In many families' cases, names
are close enough where CMIS will actually merge two clients with
near-identical information into one in reports, making data inaccurate
for the provider who needs their information, as well as HAD for
system-wide reports. Housing Alliance Delaware has seen this situation
arise on multiple occasions.
- EXAMPLE
1: Twins Carina Smith and Carter Smith, being born on the same
date, and a provider entered their mother's SSN as theirs. CMIS will count both twins (and potentially the mother) as one client since they have the same SSN entered
into CMIS. This is because their Dates of Birth are identical, their
Last Names are identical, and their First Names are spelled similarly.
- EXAMPLE
2: A father and son are both named Trevor Smith, and a provider
entered the father's SSN as the son's as well, to avoid a Data Quality
issue. However, since their names are identical (CMIS does not pull name
suffixes on reports) and their Social Security Numbers are identical,
CMIS reports will count these two profiles as one.
- While
clients may provide fake SSNs to receive services, end users should not do
the same. End users have signed that they will not falsify any data in
CMIS for the sake of avoiding blanks in CMIS. Blank assessment responses
are preferred over faked client information.
- Being
a 12+ year old system, CMIS has multiple profiles where clients have
different SSNs. As the Lead Agency, Housing Alliance Delaware will have
no way to confirm which SSN is correct for a client, so profiles cannot
be merged. This also results in an overcount of clients in our system.