Topic: Data Security and eUCI

Agencies that collect client data, either on paper or electronically, are responsible for protecting the data. Data security is defined by Public Health Data Standards as “physical, technological, or administrative safeguards or tools used to protect identifiable health information from unwarranted access or disclosure."  

Data security entails attention to security and also requires attention to protecting the privacy of client information in accordance with HIPAA and other requirements. Ryan White data collection systems use the eUCI (Unique Client Identifier), an algorithm that meets the highest privacy and security standards.

Filter resources by:

Guidelines and Manuals

Webinars and Training

Tools and Job Aids

  • HRSA HIV/AIDS Bureau, Data and Reporting TA Team
    December 2014

    This user guide explains how the eUCI is constructed, how to generate it using the eUCI application if using a data system that does not generate it automatically, and steps for developers who want to generate eUCIs within their data systems. Systems that generate eUCIs automatically are listed.

  • HRSA HIV/AIDS Bureau
    October 2012

    Toolbox explains health IT issues that are unique to HIV/AIDS care. Modules include an introduction to Health IT issues unique to HIV/AIDS,
    selecting Health IT tools, financing Health IT, improving quality and efficiency, and security and privacy issues.

  • LaCAN
    April 2011

    Sample agreement from the Louisiana CAREWare Access Network (“LaCAN”), shared via the CAREWare listserv.

  • Mecklenberg County
    January 2011

    Sample agreement addressing HIPAA and data security, submitted via the CAREWare listserv.

  • Hartford Department of Health and Human Services
    January 2010

    Sample agreement submitted via the CAREWare listserv.

  • Hartford Department of Health and Human Services
    January 2010

    Sample consent submitted via the CAREWare listserv.

  • Hartford Department of Health and Human Services
    January 2010

    Sample user agreement submitted via the CAREWare listserv.

  • HRSA
    January 2009

    Several online training modules (adoption of technology, rural, children) are available to help agencies understand and implement health information technologies, particularly in dealing with issues like electronic medical records and privacy of records.

Reports and Best Practices

  • Data and Reporting TA Team
    December 2014

    The RSR requires that providers submit client-level data for each client who received a Ryan White-funded service during the reporting period.

  • Data and Reporting TA Team
    October 2014

    Since RSR data are used to present information about the Ryan White Program to Congress, the HIV/AIDS community, and the public, it is crucial that your data reflect the reality of your program as closely as possible.

  • Data and Reporting TA Team
    May 2014

    When you upload  your client level data report, the data passes through a series of validation checks. This document provides a summary of the RSR validation checks, including detail on what triggers an Error, Warning, or Alert during the data validation process.