Document database considerations

hackforla / HomeUniteUs

We're working with community non-profits who have a Host Home or empty bedrooms initiative to develop a workflow management tool to make the process scalable (across all providers), reduce institutional bias, and effectively capture data.

https://homeunite.us/

GNU General Public License v2.0

37 stars 21 forks source link

Document database considerations #492

Open randelbrot opened 1 year ago

randelbrot commented 1 year ago

Overview

We need to document considerations for data hosting and relevant privacy regulations so that we can build do a make or buy decision on hosting that is legally compliant with our partners and jurisdictions

Action Items

[ ] Document considerations for data hosting and relevant privacy regulations

Resources/Instructions

Assume Jurisdiction is USA not state, possibly we will only make MVP compliant with Los Angeles/California and any over arching Federal. And future versions will have to comply on a state by state basis.
HUU Database Requirements

randelbrot commented 1 year ago

Created this Google doc for documentation

randelbrot commented 1 year ago

Hey @ju1es , picking up the HMIS conversation from earlier, I created this issue to track database considerations and assumptions.

One of the assumptions in the doc is that Host Home orgs want to integrate with HMIS by default. This would make sense because Host Homes need to integrate to receive funding from HUD and for data security + sharing purposes.

I have come across a few articles expressing concern about HMIS integration, specifically regarding data privacy and positioning host homes as "non-institutional" services, "outside the system", and inconsistent usage of HMIS across host home programs.

tldr my take on the way forward here is to 1) For Engineering: continue learning about how to integrate with HMIS as this is the expected path, and 2) For PM: get validation from some host home orgs to get a gutcheck on any concerns to be mindful of with respect to HMIS.

Let me know what you think,

Bryce

ju1es commented 1 year ago

@brycelednar , thank you for creating this! before jumping into researching more about HMIS, I want to verify that we're actually required to integrate. I just read Service providers that receive Federal funding and some State funding are required to participate in local HMIS here.

Same thing applies to the other privacy frameworks in the doc. I'm thinking that once we know which frameworks we need to use, you get validation from stakeholders, then I can go ahead and look up the architectural and design requirements for each framework. We'd also have a clear goal of how we can be privacy compliant? This is all new to me but just my initial thoughts.

I guess my question is how did y'all derive the list of compliance frameworks?