Transcription
ComparableDatabasefor VictimServicesProviders
Every day, victim servicesorganizations are faced withimmense pressure to providerapid aid, uphold strict clientconfidentiality, and maintaincompliance with stringentgovernment oversight.At the moment when people are most vulnerable andin need of immediate help, when their safety is on theline, it is critical to have the tools to respond quicklyand efficiently. ClientTrack for Victim Service Providershelps address these needs and provides organizationswith the software necessary for secure and effectivecase management, program management, comparabledatabase administration, HUD compliance, and reporting,allowing service providers to free up time and resourcesto reinvest in what matters most—the people they serve.At the moment when people are most vulnerable and in need of immediatehelp, when their safety is on the line, it is critical to have the tools to respondquickly and efficiently.RegulatoryComplianceClientTrack meets all HUD checklistrequirementsClientTrack can be used by Victim Service Providers inneed of a HUD-compliant Comparable Database thatadheres to all privacy and security guidelines whileoffering the necessary reporting for HUD-funded projects.9HMIS (Out of the Box Compliance)9HMIS CSV Import and Export Functionality9Violence Against Women Act (VAWA) Reporting9Victims of Crime Assistance (VOCA) Reporting9Family Violence Prevention and Services Act(FVPSA)* – Coming Soon!9Community Services Block Grant (CSBG) – ComingSoon!Page 2 Comparable Database for Victim Service ProvidersPowerful Pushbutton andAd Hoc ReportingIn addition to standard reports, ClientTrack’s DataExplorer enables you to build custom reports to querywhatever data you need. Showcase your outcomeswith reports, graphs, and charts to help prove theeffectiveness of your programs to your community forstakeholders and funding sources, and identify areaswhere improvement is most needed.
Case ManagerClientTrack offersa full suite of casemanagement tools9999Program EnrollmentReferralsFile UploadGoals99Case NotesLocation Services(Addresses)With ClientTrack, casemanagers can maintain acomprehensiveclient profile9Add or remove individuals froma client’s householdAccount for children9Generate ID cards and bar codescanningProvide critical services likeprotection order management.ClientTrack for VictimService Providers offersessential assessments9HUD and Federal PartnerAgency AssessmentsCOVID ScreeningCOVID VaccinationCrimes9999999999EmploymentExpanded Domestic ViolenceLegalLethalityTransportationProgram ManagerClientTrackfacilitates programmanagement to helpour clients keep theirprogram referrals,enrollment, andfunding organized.9Fund Management and Multiple Funding SourcesClientTrack allows projects to be associated with multiple different funding sources.The project workflow data collection will adjust automatically based on the projectsassociated funding sources.9Coordinated Entry and Customizable Prioritization ListClientTrack supports coordinated entry systems across the country and offers a rangeof features that allow for prioritization of clients, including out-of-the-box wait listfeatures, configurable housing queues for coordinated entry, and query/dashboardfeatures for more advanced presentation of prioritization data.9Referral In and OutClientTrack provides a single system from which referrals can be made out of anyorganization into any other participating organization in the network.9EnrollmentClientTrack facilitates prioritization and enrollment, offering both triage and housingassessments, including all SPDAT assessments (org code compliant).9ServicesIn ClientTrack, services can be provided with geolocation. Our system also provides theability to set a “fee” for services.9De-identification of ClientsClient IDs are generated by the system, allowing clients to be de-identified as they areenrolled in programs.Comparable Database AdministratorClientTrackempowers databaseadministrators9999999User ManagementCustomization of ProgramsCustomization of ServicesProvider Management forReferralsEmployer ManagementDuplicate Client PreventionClient Record Merge9999Client Historical DataMaintainedTraining videos anddocumentation built into thesystemInternal ticketing systemWorkflows that allowconditional logicComparable Database for Victim Service Providers Page 3
Robust SecurityModelMaintaining aLayered Defense SystemJust as a building might have locked doors, securityguards, keypads, alarm systems, and cameras to protectthe business and equipment, data should have manylayers of defense against electronic intrusions. Even if aweakness should manifest in one aspect of the defensesystem, ClientTrack’s redundant coverage remains intact,along with protocols to remediate.Secure & Reliable Cloud HostingEccovia uses industry best practices for hosting andpartners with companies that meet stringent standardsfor uptime, security, and performance.ClientTrack is hosted in Microsoft Azure, which has aFedRamp High classification, ensuring the highest levelsof security and privacy in a hosting environment. Theredundant hosting environment also allows for very littleunplanned downtime. ClientTrack has had better than a99.5% uptime over the past several years.Data is protected across physical data centers,infrastructure, and operations, with state-of-the-artsecurity controls integrated into the hardware andfirmware components, as well as added protectionsagainst threats such as distributed denial of service(DDoS). Microsoft has a team of more than 3,500global cybersecurity experts who work together to helpsafeguard the ClientTrack databases and client-level data.Azure has enabled the physical, technical, andadministrative safeguards required by HIPAA and theHITECH Act on their cloud hosting infrastructure, and isVAWA/VOCA compliant.Maintaining a LayeredDefense SystemSecure, ReliableCloud HostingCustomizedUserManagementControl Accessto Data at theDatabase andRecord LevelEccovia’s DataAccess andRestrictionsDatabaseSecuritySecuring Datain TransitEccovia’sSecurity CulturePage 4 Comparable Database for Victim Service Providers
Database SecurityThe underlying database layer plays a significant role inClientTrack’s platform security. For example, the databaseprotects passwords by storing and using a 256-bitencryption. Databases are configured in accordance withsecurity benchmarks provided by industry best practicesand required standards for government markets. Eccoviapays third parties to complete periodic vulnerabilityassessments and penetration tests.Securing Data in TransitData is vulnerable to unauthorized access as it travelsacross the Internet or within networks. For this reason,Eccovia makes securing data in transit a top priority. TheClientTrack platform supports strong encryption protocolssuch as TLS to secure the connections between Eccoviacustomers and ClientTrack’s Integration Platform.Eccovia’s Security CultureEmployee Background Checks. For each prospective hire,Eccovia verifies an individual’s previous employment,performs internal and external reference checks, andconducts criminal background checks.Security Training for All Employees. All Eccovia employeesundergo security training as part of the orientation processand receive ongoing security training throughout theircareers. During orientation, new employees agree to ourCode of Conduct, which highlights our commitment to keepclient information safe and secure. Depending on theirjob role, additional security training may be required—forinstance, new engineers learn about secure coding practicesand vulnerability testing practices.UsersConfiguration and Change Management. System changesand maintenance are documented in Eccovia’s changemanagement system as a routine process. Changesrequire review and approval by a Change Advisory Board,testing, and security impact analysis prior to deployment.Significant changes require additional analysis todetermine impact to client environments.Eccovia’s Data Access andRestrictionsEccovia enforces strict control over access to client data:An individual must have business justification to beallowed access; after business justification, authorizedusers are granted production access only after managerapproval and passing an ability test. Terminated users areremoved within one hour of termination.ClientTrack enforces segregation of duties and limitingemployee access to only the data needed to performassigned job functions based on role. Infrastructurelogging is enabled to capture system activity; logs areforwarded to a central logging system.Control Access to Data at theDatabase and Record LevelAccess to functionality and data within the ClientTracksystem is highly configurable and all data in a victimservice provider organization is restricted to just thatorganization. The data is not shared with and cannot beseen by any other organization, even if there are severalorganizations that share a single account and utilize thesame programs and services.Community EcosystemServicesNon-SegregatedService OrganizationsVictim Service ProviderComparable Database for Victim Service Providers Page 5
All data created or imported into ClientTrack by your organization isowned and controlled by you.Access to the data is controlled by the Administratorof the victim service provider organization. Only usersthat have been invited by the Administrator can seethe client level data, and even that data access can belimited.If desired, you can further restrict access to anindividual client record to only the user who created therecord.Customized User ManagementAlong with controlling access to the data, anAdministrator can also create and manage users in thesystem. An Administrator can:9Establish roles and grant access based on roles9Grant or revoke access to specific tools9Grant or revoke access to the organization9Grant or revoke access to workgroups9Force a user password change at the next login9Review user login history9Remove a user from the systemConcurrent user logins are prevented, meaning multiplelogins from a single account are not allowed andusernames and passwords remain uniquely assignedto each user. Users are automatically logged out of thesystem after a period of inactivity.Audit Trail Loggingfor ComplianceFor auditing purposes, ClientTrack captures and storesuser activity. This includes record views, record updatesand other interactions with the system. The followingaudit trail information (and more) is stored:9Username9Date9Time9ActivityThis feature supports investigations of a possible internaldata breach or unlawful viewing of client information. ForVictim Service Providers, audit logging can be maintainedfor seven years, with the ability to archive after sevenyears.Page 6 Comparable Database for Victim Service ProvidersDisaster Recoveryand BusinessContinuityWe protect all our production servers against disasterusing Azure Site Recovery. We host our servers in thetwo separate geographic locations in the Western UnitedStates. The disaster recovery site is a secondary, warmsite intended to contain equal capacity of the primaryproduction site (host, network, storage, data). Data istransmitted between the primary and disaster recoverydata centers across encrypted links. Additionally, backups of data are performed, and data is retained onbackups at the geographically separated disaster recoverydata center location. Critical services that cannot bereplicated this way are hosted in both regions.Backup TypeFrequencyRetentionFull DatabaseOnce per weekSix WeeksPiTREvery 5 to 30minutesTwo WeeksAll production databases are configured for automaticfull backup as part of the agreement. A full backup of thedatabase is taken weekly and in between the full backupof the database, the transaction log or point in timerecovery (PiTR) backups are completed frequently.All your backed-up data is encrypted at rest using 256bit AES encryption, one of the strongest block ciphersavailable, and hosted in a HIPAA-compliant environment.In addition to encryption at rest, all your backup datain transit is transferred over HTTPS. It always remainson the Azure backbone network. The backups areredundant and secured with 256-bit encryption via theAzure Managed Backups feature. Keys for encryption aremanaged on the Azure platform.
ClientTrack’s interface is designed to comply with industry-best design standards for accessibility and ease of use, helping optimize your case managementexperience, facilitate your work, and ensure you are able to find what you need when you need it.Design Standardsfor AccessibilityEccovia is committed to providing an accessible platformthat enables access to information and usability of features.To Eccovia, Web accessibility encompasses all disabilitiesthat affect access to the Web, including visual, auditory,physical, speech, cognitive, and neurological disabilities.Eccovia makes every reasonable effort to accommodateusers by following the W3C recommendations and 508guidelines. The following is a list of these Design Standards:9Straightforward DesignPersistent navigation and breadcrumbs to provideconsistency to the user and an easy way to navigateback to the home page regardless of location9Images With Alternative Texttext to provide further detail for an image ordestination of a hyperlinked image, typically for screenreaders9Relative Font SizingFont size of ClientTrack can be modified to small,medium, or large9NavigationNavigation, located on the far left, uses lists for theuse of screen readers9Style SheetsCascading Style Sheets (CSS) centralize the styleinformation for the website9LayoutThe use of a flexible layout to accommodate anyscreen resolution, mobile, or tablet device9Accessibility ValidationOur design work is checked using tools, checklists, andguidelines at WebAim: Web Accessibility in Mind9Use of ColorFor those with limited vision or color blindness, coloris not the only indicator of information and thereis sufficient contrast between the color of text andbackground9Keyboard NavigationAbility to use keyboard shortcuts for use with assistivedevicesComparable Database for Victim Service Providers Page 7
SupportSupport is available through two different channels: viaphone and our online ticketing system. Both optionsare supported by Eccovia’s expert Software SupportEngineers.The Support Engineers are ready to help you via phoneduring our regular business hours (Monday throughFriday, 7:00 am–7:00 pm Mountain Time). Emergency24/7 support is available at no additional cost for thefollowing rare issues:1.2.Unplanned server outages including inability toaccess the ClientTrack platform.Perceived security breach where data may havebeen accessed by unauthorized users.In addition to accessing help desk staff via phone,ClientTrack includes an internal support ticketingsystem to enable end users to submit tickets tothe local administrator as well as the tickets to besubmitted to Eccovia technical support when a systemissue is confirmed. Tickets are submitted by selectingHelp on the form in which the error is occurring toinclude metadata to aid in resolution of the ticket.Support enables the ability to search, edit, add notes,and update status.ClientTrack’s internal ticketing system automatically captures salientmetadata to help our technical support team provide quick resolution.Whenever the legal team asks me about security, I know I have theconfidence to say “We’ve tested this five different ways; no one is seeinglegal center data. The only team who can see everything is my teamand we have no client contact. It’s specifically designed that way.”Jeanne-Marie HaganDirector of Evaluation and LearningWomen Against AbuseLearnMoreClientTrack for Victim Service Providers is the solution tohelp you deliver and advocate for life changing services.At Eccovia, Respect for the privacy and security of datayou store in ClientTrack remains our priority. To learnmore about how ClientTrack has supported victim serviceprovider organizations, feel free to review our case studywith our client Women Against Abuse, or request moreinformation at sales@eccovia.com or contact our Head ofCommunity Engagement at dlewis@eccovia.com.Page 8 Comparable Database for Victim Service Providers
ClientTrack meetsall requirementsof the ComparableDatabase VendorChecklistHUD has released a set of guidelines for VictimService Providers to use in evaluating a ComparableDatabase vendor to ensure that the software “meetsthe minimum privacy standards and data collection/reporting requirements in addition to meeting theneeds of the community.” These guidelines includeboth a checklist of requirements, mostly pertainingto stringent privacy and security compliance, as wellas a list of common helpful features that simplify andsupport the work of Victim Service Providers.ClientTrack’s robust security and privacy capabilitiesnot only fulfill every requirement of HUD’s guidelines,but also every one of the common helpful features(the sole exception is the documented data dictionary;however, this is expected to be added to ClientTrackby 2022). With ClientTrack, Victim Service Providerscan rest assured that they will be able to protect thepeople they serve, and with ClientTrack’s powerfulcase management and reporting tools, the challengeof their task can be that much lighter.ClientTrack can be used by Victim Service Providers in need of a HUD-compliant Comparable Database thatadheres to all privacy and security guidelines while offering the necessary reporting for HUD-funded projects.ClientTrack’s robust security and privacycapabilities not only fulfill every requirementof HUD’s guidelines, but also every one of thecommon helpful features.ClientTrack’s intake workflow is designed to capture all required data for assessments and reporting according to HUD’s Comparable Database Vendor Checklist.
Address:Eccovia, Inc.2150 W. Parkway Blvde., Suite A-101Salt Lake City, Utah 84119United StatesPhone:(888) 449-6328 Online:eccovia.com
both a checklist of requirements, mostly pertaining to stringent privacy and security compliance, as well as a list of common helpful features that simplify and support the work of Victim Service Providers. ClientTrack's robust security and privacy capabilities not only fulfill every requirement of HUD's guidelines,
