1 / 62

Welcome to Your Housing Help Session!

Welcome to Your Housing Help Session!. Today’s Topics: EIV Update Recent webcasts EIV Security New requirements HUD training. Welcome to Housing Help!. Upcoming topics for the management series: 4/10/09: Creating & managing a housing nonprofit (PH) 4/17/09: Managing your HCV funding.

bess
Download Presentation

Welcome to Your Housing Help Session!

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Welcome to Your Housing Help Session! • Today’s Topics: • EIV Update • Recent webcasts • EIV Security • New requirements • HUD training

  2. Welcome to Housing Help! • Upcoming topics for the management series: • 4/10/09: Creating & managing a housing nonprofit (PH) • 4/17/09: Managing your HCV funding

  3. EIV Update

  4. HUD’s EIV Web Page • http://www.hud.gov/offices/pih/programs/ph/rhiip/uivsystem.cfm • EIV User Manual (Version 8.0, December 2007) • Privacy and Security Requirements • Security Procedures Guide

  5. EIV Update • HUD training webcasts on EIV • 1/16/08 • 8/26/08 • 2/11/09 – 2/12/09

  6. EIV Update • 2/09 webcasts are archived at: http://www.hud.gov/webcasts/archives/ph.cfm • 2008 webcasts are archived at: http://www.hud.gov/webcasts/archives/iv.cfm

  7. EIV Update • Training materials from webcasts • PowerPoints • Case studies & solutions • Handouts • http://www.hud.gov/offices/pih/programs/ph/rhiip/training.cfm

  8. January 2008 Webcast • HUD webcast 1/16/08 contained revised guidance on use of EIV • Previous guidance is obsolete and has been removed from EIV website • $2400 discrepancy • Instructions on anticipating income with EIV

  9. HUD Guidance on EIV • EIV is sufficient as third-party verification when: • The family does not dispute the data, and • Current tenant-provided documents (i.e. paystubs) are available

  10. HUD Guidance on EIV • The PHA MUST obtain additional third-party verification when the family disputes EIV employer data

  11. HUD Guidance on EIV • The PHA MAY obtain additional third-party verification when the PHA determines that additional information is necessary, such as: • Effective dates of employment • Pay rate, hours worked for new jobs • Confirmation of a change in circumstances (reduced hours, reduced rate of pay)

  12. HUD Guidance on EIV • Use tenant-provided documents to project annual income, unless: • The family disputes EIV employer data, OR • The PHA determines that additional information is necessary

  13. HUD Guidance on EIV • HUD recommends that tenant-provided documents should be dated within 60 days of interview date • Current and consecutive

  14. HUD Guidance on EIV • Quote from webcast: • “The PHA will use tenant-provided documents or most current information to calculate anticipated annual income.” • EIV quarterly wages are NOT used to project annual income

  15. HUD Guidance on EIV:File Documentation • If the family does not dispute EIV employer data, and the PHA determines that additional information is not necessary: • EIV income details report • ICN in FL • Tenant-provided documents

  16. HUD Guidance on EIV:File Documentation • If the family disputes, or PHA requires additional information: • EIV printout (except in FL) • Tenant-provided documents • Third-party written verification

  17. August 2008 Webcast • Comprehensive training on “Effective Use of EIV” • Extensive discussion of EIV reports and their usage • New reports • Added functionality

  18. August 2008 Webcast • EIV sign-on now includes certification of EIV & security training • HUD webcast training is sufficient • EIV training and annual EIV security training are separate requirements • Staff members may view webcast(s) and obtain certification from HUD

  19. August 2008 Webcast • Clarification that EIV is sufficient verification of SS/SSI iffamily agrees • Discussion of identity theft • Guidance on use of income discrepancy report

  20. 2008 Webcasts • Both 2008 webcasts include case studies of unreported income • Calculation method for overpaid subsidies • First written guidance from HUD on this issue

  21. 2/09 Webcasts • Day 1: First 2 hours on rent refinement final rule • FR notice 1/27/09 • HUD has proposed delay of effective date for further review

  22. 2/09 Webcasts • Deceased tenant report: single-member households now marked with red asterisk • User ID masked per PHA requests • PH flat rent families are now excluded from the income discrepancy reports • Additional planned improvements for 2009 & 2010

  23. HUD Consolidated Reviews • Program areas under review: • RIM • UIV • SEMAP • PHAS Management Assessment (MASS) • Civil rights

  24. HUD Consolidated Reviews • HUD UIV Monitoring Report • Implementation review • Security assessment • Income discrepancy review • 5 highest dollar discrepancies per program • Link in your HHS e-mail

  25. EIV Data Security

  26. Introduction • HUD has published an EIV Security Procedures manual for PHAs • Available on HUD’s EIV web page • See workbook references tab • EIV security requirements are mandatory • Violations may result in civil and/or criminal penalties

  27. Introduction • The information in this session is adapted from 2 sources: • HUD’s EIV Security Procedures manual • HUD’s EIV webcasts • “Includes security awareness training”

  28. Introduction • In this session, we will cover: • Privacy Act requirements • Overview of policies and controls for securing UIV data • Administrative • Technical • Physical

  29. Privacy Act Requirements • Whenever HUD or a PHA requests information about a tenant they should ensure the following: • The data is only used for verification of tenant income to determine: • a tenant’s eligibility for participation in a rental assistance program • the level of assistance that they are entitled to receive

  30. Privacy Act Requirements • Whenever HUD or a PHA requests information about a tenant they should ensure the following: • It is not disclosed in any way that would violate the privacy of the individuals represented in the system

  31. Privacy Act Requirements • The tenant is notified of the following: • HUD or the PHA’s authorization and purpose for collecting the information • the uses that may be made of the data collected, and • the consequences to the individual for failing to provide the information

  32. Privacy Act Requirements • On request, the tenant is provided with access to records pertaining to them and an opportunity to correct or challenge the contents of the records

  33. Civil Penalties Associated with the Privacy Act • A tenant may take legal action against HUD or a PHA for the following agency actions: • Refusal to grant access to a record • Refusal to amend or correct a record

  34. Civil Penalties Associated with the Privacy Act • If found liable, HUD or the PHA will be required pay the tenant: • Damages sustained as a result of the agency’s action • The costs of the lawsuit, including reasonable attorney fees

  35. Criminal Penalties Associated with the Privacy Act • A PHA employee can be found guilty of a misdemeanor or a felony if that employee, knowingly and willfully: • Discloses a tenant’s records to an unauthorized party • Fraudulently represents him/herself to obtain another individual’s record

  36. Security Safeguards • HUD describes 3 types of safeguards: • Administrative • PHA access policies • Technical • Part of EIV system • Physical • Barriers to unauthorized access

  37. Administrative Safeguards • PHAs should implement administrative safeguards to address the following: • Assigning and monitoring access rights • Determine which users should have access to UIV information • Maintain a record of all users who have approved access to UIV data

  38. Administrative Safeguards • Assigning and monitoring access rights • Conduct a quarterly review of all user IDs to determine if the user still has a valid need to access the UIV data • Ensure that access rights are modified or revoked as appropriate • More information: Day 1 of 2/09 webcast

  39. Administrative Safeguards • Keeping records and monitoring security issues • Assure that a copy of Form HUD-9886 has been signed by each adult member of the household and is kept in the household file • Maintain a key control log to track the inventory of keys available, the number of keys issued and to whom the keys are issued

  40. Administrative Safeguards • Keeping records and monitoring security issues • Ensure that all employees and contractors who have been issued keys to secure areas complete a form acknowledging the receipt of the key • Maintain a log of all users who access designated secure areas including the date and time of entry and exit and the purpose of the access

  41. Administrative Safeguards • Keeping records and monitoring security issues • Ensure that combination locks are reset regularly, including whenever an employee leaves the PHA • Ensure that UIV information is disposed of in an appropriate manner and maintain a log of all documents that have been burned or shredded • Or may follow written records retention policy

  42. Administrative Safeguards • Conducting security awareness training • Ensure that all users of UIV data receive training in UIV security policies and procedures at the time of employment and at least annually afterwards • Maintain a record of all personnel who have attended training sessions • Train on individual PHA policies as well as HUD or third-party training

  43. Administrative Safeguards • Conducting security awareness training • Communicate security information and requirements to appropriate personnel • Distribute all user guides and security procedures to personnel using UIV data

  44. Administrative Safeguards • Reporting improper disclosures • Report any evidence of unauthorized access or known security breaches to the PHA executive director • Document all improper disclosures in writing • Report all security violations regardless of whether the security violation was intentional or unintentional

  45. Technical Safeguards • Purposes of the technical safeguards: • Reduce the risk of a security violation related to the EIV systems’ software, network, or applications • Identify and authenticate all users seeking access to the UIV data • Deter and detect attempts to access the system without authorization • Monitor the user activity on the EIV system

  46. Technical Safeguards • The technical controls that have been built into the EIV systems address the following: • User identification and authentication • Each user is required to have their own user ID and password • The user ID identifies the PHA(s) and tenant information that the user is authorized to access

  47. Technical Safeguards • User identification and authentication • Passwords are encrypted and the password file is protected from unauthorized access • The system forces all users to change their password every 21 days and limits the reuse of previous passwords

  48. Technical Safeguards • User identification and authentication • After three unsuccessful attempts to log into PIC, the user ID is locked. All PIC password resets are handled by the security administrators at the PHA or in the local HUD Field Office. Additional information and assistance can be obtained from pichelp@hud.gov. In using the EIV system, the log on restrictions do not apply.

  49. Technical Safeguards • Online user alerts • Online warning messages that inform the user of the civil and criminal penalties associated with unauthorized use of the UIV data

More Related