The CA Quarterly Review (Winter 2020)
THE NEWS AND INFORMATION QUARTERLY FOR OWNERS AND AGENTS OF THE PERFORMANCE BASED CONTRACT ADMINISTRATION FOR NEW YORK STATE
- From the Desk of James Van Loan, State Manager and Director of Operations
Dear Owner/Agent Colleagues,
It seems like a lifetime ago since I wrote my last newsletter forward back in the Spring of 2020. So much has happened since then but there has been one constant from then to now: I continue to remain impressed at the lengths everyone in the assisted housing community has gone to ensure the safety of the tenants during an extremely uncertain time. From instituting enhanced cleaning schedules and maintenance practices, to compliance with many new rules and regulations and, most recently, working to assist tenants in obtaining COVID vaccinations….you’ve done it all!
I am also extremely proud of the PBCA staff who have worked to help you navigate the compliance side of vouchering, MORs, contract renewals and all other HUD requirements. It’s been an outstanding team effort all around.
As we enter 2021, I’m hopeful that we can find a return to some kind of normalcy, post COVID. I look forward to working with you all in your efforts to provide your tenant communities a safe, decent, and sanitary place to live.
My sincere thanks to you all,
- The Coronavirus Response & Relief Supplemental Appropriations Act Relief Bill & the Eviction Moratorium
Last December the new Coronavirus Response & Relief Supplemental Appropriations Act Relief Bill was signed into law. This article aims to explore how the new Coronavirus Relief Act impacts the Multifamily Housing Industry with the availability of new rental assistance and the extension of the federal eviction moratorium.
Nearly $25 billion has been allocated as emergency rental assistance that will be distributed by State and Local governments. Each state is to receive no less than $200 million, which may be used to provide financial assistance for eligible households. Funds can be used for a variety of purposes, including paying current and past-due rent, utilities, home energy costs, and other expenses related to housing incurred because of the COVID-19 pandemic.
Eligible households could receive up to 12 months of assistance, with a possible 3-month extension, subject to the availability of the funds. Eligible households include those that are:
- At or below 50% of the area median income; or
- One or more member of the household have been unemployed for 90 days or longer.
Owners/Agents may apply for financial assistance on behalf of their tenants if they first obtain the tenants signature and provide the tenant with the application documents. Any monies that are received by the landlord must then be used to satisfy the subject tenant’s rental obligations.
The rental eviction moratorium was also extended until March 31, 2021.
RHIIP Listserv Postings #450 and #454
On November 2, 2020, HUD was made aware that a number of EIV users were encountering old or missing data when attempting to view EIV reports for some properties. Per RHIIP Listserv Posting #450, users that were experiencing those issues must refer to Chapter 5-13 of HUD Handbook 4350.3 for the hierarchy of acceptable forms of verification for that affected income data. For compliance monitoring purposes, copies of EIV reports containing outdated or missing data must be retained in accordance with Chapter 9-14 of HUD Handbook 4350.3.
On December 23, 2020, HUD issued RHIIP Listserv Posting #454 notifying users that the EIV data has been resorted. EIV can now be used in accordance with Chapter 9 of HUD Handbook 4350.3. Users that were affected by this problem should retain a copy of RHIIP Listserv #450 message along with RHIIP Listserv #454 for explanatory purposes and file them appropriately.
The Multifamily Help Desk is available for assistance by email at MF_EIV@hud.gov or by phone at 800-767-7588 or 888-297-8689 option five.
- MORs Performed During the COVID-19 Pandemic
This article updates and replaces guidance previously provided on this topic.
On May 22, 2020, HUD lifted the suspension of MORs performed by PBCAs in locations where there are no restrictions by state or local law or ordinance to prevent them from performing these reviews.
HUD released this memo with supplemental guidance that additionally established alternative methods in which a MOR may be conducted. The alternative manner MOR includes the following, updated as of 1/4/2021:
- HUD will, until May 31, 2021 (or such later date as HUD may determine), allow PBCAs to conduct on-site MORs without entering resident units.
- For REAC follow-up, in determining whether EH&S and other deficiencies have been corrected, the PBCA must attempt follow-up on those affected units via contact directly with the resident by way of phone or email and document the results or attempt(s) made on the MOR report. HUD understands that this method will require cooperation from both the Owner/Agent in obtaining a contact number or email for the resident(s) and from the resident(s) when contact is made.
- A physical on-site visit to the property must still occur to document the physical conditions, general appearance, security of the property and should include a visual assessment of each building and grounds of the property but does not require an assessment of resident units.
- An on-site entrance/exit interview should occur except in instances where state or local law or ordinances prevent such meetings. In instances where these interviews are prohibited from occurring on-site, they should be conducted by telephone or email and documented as such in the MOR Report.
- Tenant file reviews may be conducted remotely when owners/agents voluntarily create and transmit electronic tenant files to the PBCA in accordance with all requirement of HUD Notice 2020-04. Personally Identifiable Information (PII) must be encrypted or transmitted and stored in a secure manner to prevent its release. Violations of the Privacy Act may be subject to fines up to $5,000. Owner/agents and reviewers must comply with EIV Data Sharing Agreements to prevent any prohibited use of or access to EIV records. PBCAs/TCAs/HUD staff must continue to conduct MORs in accordance with their approved work plans regardless of owners’ willingness to provide electronic tenant files.
What Changes were made to the MOR Process?
Since HUD has requested the PBCA to move forward with work plans for MORs in locations where there are no restrictions by state or local law or ordinance to prevent them from performing these reviews, below is a list of key changes made to the overall MOR process:
- Addendum C documents are requested electronically and prior to the day of the on-site review.
- Remote Entrance Meetings are permitted and encouraged in place of face-to-face Entrance Meetings. Remote Exit meetings are permitted in place of face-to-face meetings, as necessary.
- The MOR includes an on-site file review and physical inspection but occupied unit inspections will not occur.
- The PBCA may identify files for review in advance. The owner/agent should place those files in a secured location for the PBCA staff’s access on-site prior to the PBCA staff’s arrival.
- Tenant file reviews may also be conducted remotely provided the owner/agents voluntarily adhere to the requirements to transmit and store electronic documents, including encrypting PII, and complying to EIV Data Sharing Agreements.
- The Owner/Agent and the PBCA is expected to follow proper social distancing and use Personal Protective Equipment (PPE) during the on-site MOR to reduce the risk of spreading of COVID19.
MORs performed during the COVID-19 pandemic must be conducted safely and all State and local guidelines must be followed. The Owner/Agent should contact the PBCA as soon as possible after they are made aware of any active COVID-19 cases on-site.
What Should Owner/Agents Expect?
Receipt of Scheduling Letter
In an effort to reduce the amount of time on-site and potential exposure for the PBCA staff, owner/agent’s staff, and the residents, owner/agents are being asked to submit Addendum C documents electronically when the scheduling letter is sent to the owner/agent. At a minimum, the following documents are requested:
- Tenant Selection Plan, including any approved residency preference
- EIV Policies and Procedures
- Current waiting list
- Copy of lease, lease addenda and house rules
- Copy of Pet Policy
- Affirmative Fair Housing Marketing Plan
- Preventive Maintenance Schedules/Procedures
Two Days Prior to On-site Review
Owner/Agents should expect to be contacted by their Reviewer two days prior to the onsite review. The Reviewer will follow up with the owner/agent regarding:
- any submissions of electronic Addendum C documents; and
- confirm that conditions still permit a safe environment to conduct the MOR.
During this call, the Reviewer and the owner/agent will agree on how to execute the Entrance and Exit meetings. Entrance Meetings may be held remotely one day prior to the on-site review to limit the Reviewer’s time on-site. Remote meetings are optional. When using remote Entrance/Exit meetings, the MOR must be scheduled so that the review does not overlap a weekend or holiday.
The Day of the On-site Review
The property must have a secure private area with proper ventilation where two Reviewers can review files and conduct entrance/exit meetings while maintaining proper social distancing.
As an alternate method in determining whether EH&S deficiencies have been corrected, the PBCA must follow-up directly with the resident by way of phone or email. The Owner/Agent should review the property’s most recent REAC Inspection Report and identify all units having EH&S deficiencies.
- Provide the Reviewer with contact information (telephone number and email) of the resident currently residing in the unit. Indicate whether the current resident resided in the unit at the time of the REAC inspection.
- Give resident advance notice that the PBCA will be calling to confirm whether or not the EH&S deficiency has been corrected.
- Gather completed work orders supporting the EH&S deficiency was mitigated in the event the PBCA cannot make contact with the resident.
If a remote Exit Meeting is used, it must be scheduled no later than the morning following the onsite review and must not overlap a weekend or holiday. As the remote Exit Meeting is being held, Owner/Agents are provided the opportunity to refute potential findings or present documents that were identified as missing during the file review.
Reminders and Tips from Reviewers
- “General tips for O/As is reviewing their last MOR report and ensuring there are no repeating findings. A lot of sites, especially now during the pandemic, are experiencing a higher rate of staff turnover. I’m conducting a lot of 2nd and 3rd round MORs where the property manager is different or has never experienced an MOR.”
- I would suggest, “conducting the walk around and visiting the vacant units first thing in the morning before tenants are out and about.”
- Submit the Addendum C documents as soon as possible so the documents can be reviewed prior to the on-site review. “While we only ask for about 8 items specifically to be sent prior, any additional Addendum C documents O/As can send before the on-site review decreases time on site.”
- Reviewers will arrive prepared with PPE (face masks), gloves, hand sanitizer, and disinfectant wipes. Reviewers will not enter any occupied units. Any property walkthroughs and REAC/EH&S follow up will be limited to common areas and exterior areas and vacant units. If O/As are made aware of any active COVID-19 cases on site, please advise the PBCA as soon as possible.
- If your Reviewer includes attachments with a Microsoft Outlook meeting invite, the Addendum C may be attached to the scheduling letter. If so, prior to accepting the meeting, open the attachment to view the Addendum C documents that must be submitted prior to the on-site review.
- “During the remote exit meeting in which we provide the O/As an opportunity to find documents/ information that may have been overlooked in the tenant file. OA’s are interpreting this to mean that if they correct the deficiency that day, the finding will be removed and not affect their MOR score. While there are certain items we can accept to remove a finding (misplaced document), having a tenant sign a document that day or transmit a certification that day may close the finding in advance, but does not remove the finding from the MOR Report.
We encourage Owners and Agents to continue to monitor and reference the Questions and Answers for Office of Multifamily Housing Stakeholders document and distribute the ADDRESSING TENANT CONCERNS DURING THE COVID-19 NATIONAL EMERGENCY brochure. Both documents are available on the Multifamily Housing website.
- Updated HUD COVID-19 FAQ
Updated HUD COVID-19 FAQ
On January 4, 2021 HUD updated the COVID FAQ document.
Updated topics include:
- Eviction moratorium
- Management and Occupancy Reviews
- Unit inspections Residual Receipt offsets
Click here to review the document that highlights the changes.
Highlight on HUD COVID-19 FAQ Regarding Utility Allowance Analysistarget="_blank"
Last April HUD provided an updated COVID-19 FAQ to address the concerns about completing a baseline utility analysis when there is a lack of response from the utility companies (Asset Management, question 14). The FAQs made permissible the application of a 3 rd year UAF (utility allowance factor) in lieu of the baseline. If a property took advantage of the application of the UAF for a third year, they are now required to complete a baseline analysis.
Q14: How can owners complete a Utility Analysis (UA) baseline when utility companies are not responding?
A: For the lack of Utility Analysis (UA) data, owners may obtain the utility data from the tenants, which is currently permitted in Notice H 15-04. Tenants may submit this data via mail or email. Currently, owners use an adjustment factor for two years and a do a full baseline analysis on the third year. As an alternative, in the event tenant data is unable to be obtained during the COVID-19 National Emergency, HUD will allow properties to use an adjustment factor for three years rather than two. For example, if a property did a full baseline analysis in 2017, and is due for a baseline analysis in 2020, the property can adjust using the adjustment factor for a third year in 2020 and perform a new full baseline analysis in 2021. (Added on 4/14/20)
- PBCA Member Spotlight
Erin Sloan (Contract Specialist—Downstate South)
Explain your position with CGI?
My current position at CGI is as a Contract Specialist for the Downstate South Team. As a Contract Specialist, I manage a portfolio of about 60 properties in which I perform several duties, including rent adjust ments, contract renewals, special claims and vouchers. I work closely with my owner/agents to ensure that we have very good communication and work together to get items submitted correctly and accurately.
How long have you been with CGI?
I have been with CGI for 5 years and have worked as a Contract Specialist for all 5 years. I enjoy working at CGI and as a Contract Specialist and especially enjoy working with my amazing team members.
What was your background prior to joining CGI?
Prior to working at CGI, I worked in the education field. I loved working in education and especially working with children but decided on a career change that better met the needs of my family. Working in the education field for many years gave me patience and understanding that also helps me in my current position at CGI in customer service and with working with my clients.
What are your hobbies? Things you enjoy doing after you leave the office?
My hobbies include spending time with my family. I have a wonderful husband and three wonderful boys that keep me very busy when I am not working. When I do have free time I like to complete home projects and do other crafts and creative things. I also like to write and illustrate children’s books with my sister. On the weekends you can find me outdoors with the family hiking, mountain biking, or just enjoying time together; our current favorite thing to do is have a giant sleepover in the living room and snuggle up and watch movies.
What brings you the most satisfaction in your day to day tasks?
What I enjoy most in my day to day tasks is working closely with my amazing team. It is great working with a team that is always willing to help each other out, to ensure not just individual success, but team success as well. I love working with my owner/agents and getting to know them and be there for them, to make sure they have everything they need and can rely on me when needed.
What is the best piece of advice that you could provide to an owner/agent?
The best piece of advice that I would provide owner/agents is to use the pbcany website, www.pbcany.com as it is very useful and answers several of the questions that they may have.
- HUD Notice 2020-10—Electronic Signatures, Transmission & Storage
HUD posted Notice 2020-10 Electronic Signature, Transmission and Storage - Guidance for Multifamily Assisted Housing Industry Partners. The notice updated and replaced HUD Notice 2020-04.
The notice provides guidance to HUD multifamily assisted housing industry partners on electronic signatures, electronic transmission, and electronic storage of documents and forms required by HUD’s Office of Asset Management and Portfolio Oversight (OAMPO) in the Office of Multifamily Housing Programs. The notice permits owners/agents to utilize electronic signatures and to electronically transmit and store files.
Owners/agents choosing to use electronic signatures, electronic transmission, and/or storage of electronic documents must do so in compliance with federal, state, and local laws. Owners/agents must still provide applicants and tenants the option to utilize wet signatures and paper documents upon request. The notice does not change the nature or use of the required documents. The notice pertains to all HUD forms and O/A created documents related to Section-8 contract renewals, rent adjustments and occupancy policies. Forms and documents that comply with HUD guidelines may be signed, transmitted and stored electronically.
Examples of forms and documents:
- Documents transmitted among O/A, HUD, CA, and other service providers;
- Documents submitted by and provided to applicants or tenants;
- Documents submitted to and from third-party verifiers to O/A; and
- Documents used for other HUD Multifamily Housing business purposes
While not required by HUD, some state and local laws or entities may require the use of wet signatures on some forms, such as:
- HUD-50059, “Owner's Certification of Compliance with HUD's Tenant Eligibility and Rent Procedures”;
- HUD-9887 “Document Package for Applicant's/Tenant's Consent” and
- Leases and lease addenda.
O/A are urged to consult with their legal counsel and obtain necessary information about state and local requirements for these types of documents.
Electronic Form of Signature.
In a paper-based transaction, the most used form of signature is a person’s name, written with ink and in his or her own handwriting (i.e., a wet signature). To comply with requirements set forth in the Fair Housing Amendments Act and Section 504 of the Rehabilitation Act, use of alternative methods (e.g., signature stamps) may also be acceptable, as long as such use complies with legal requirements.
The E-Transaction laws similarly recognize that electronic signatures can take many forms and can be created by many different technologies, as long as the signing process satisfies the other requirements identified above and further described below.
Examples of commonly used electronic forms of signature include:
- Symbols such as:
- A typed name (e.g., typed at the end of an e-mail message by the sender or typed into a signature block on a website form by a party);
- A digitized image of a handwritten signature that is attached to an electronic record;
- A shared secret (e.g., a secret code, password or PIN) used by a person to sign the electronic record. (“Shared” means that the secret is known both to the user and to the system);
- A unique biometrics-based identifier (e.g., a fingerprint, voice print or a retinal scan); or
- A digital signature.
2. Sounds such as:
- A sound recording of a person’s voice expressing consent;
- Processes such as using a mouse to click a button (such as clicking an “I Agree” button); and
- Using a private key and applicable software to apply a “digital signature” or scanning and applying a fingerprint.
This is not an exhaustive list, but it illustrates the variety of options available for use as an electronic form of signature. As technology advances, future methods may be adopted.
Intent to Sign.
In electronic transactions, merely applying a person’s name, a digital signature, or any other sound, symbol, or process to an electronic record does not necessarily qualify it as a legally binding signature. For an electronic form of signature to be legally effective as an electronic signature, it must be executed or adopted by the signer with an intent to sign. Intent is the critical component of any legally binding signature. The existence of intent to sign is determined by what a signer would have reasonably believed under the circumstances when the electronic form of signature was applied, assuming that he or she was not being coerced.
Designing a signature process that establishes the intent to sign can be done through a variety of methods that provide a clear and conspicuous indication that a signature is being created and that it will be legally binding. It is important that the record, and/or process by which a person applies an electronic form of signature to the record, be designed to indicate the means by which the signer can indicate his or her intent to sign the record.
Following are some examples:
- “By signing below, I agree to the foregoing contract terms”;
- “Click to agree”;
- “By signing below, I attest that the information provided is true and agree to allow the O/A or HUD to verify such information”, and
- “I hereby certify that…”.
Association of Signature to the Record.
In a paper-based transaction, a document is typically signed by writing one’s name directly on the document to be signed. Writing one’s name on a blank sheet of paper, for example, will not qualify as a signature for any specific document. By its very nature, signing a document requires putting the signature directly on the document. The same requirement is carried over to electronic records.
The E-Transaction laws require that the electronic form of signature be made a part of the record being signed. Specifically, in order to be legally significant, the signature must be attached to or logically associated with the record being signed. “Association” means:
- The process must be clear to the signer as to exactly what it is that he or she is signing;
- The signer must have an opportunity to review the record before signing it and to clearly understand the parameters of the record he or she is signing; and
- The electronic form of the signature applied by the signer must be linked to the record being signed.
The association must be done in a manner that allows someone to later determine that the record has been signed. The data constituting the electronic form of signature must be stored in a way that permanently associates it with the electronic record that was signed.
Identification and Authentication of the Signer.
By definition, a signature must be the act of a specific signer. If the alleged signer denies signing, the signature will usually be unenforceable, unless there is proof that the alleged signer did sign. If it is ever necessary to prove the validity of an electronic signature in court, it will be necessary to prove “who” signed. Meeting this burden of proof requires establishing a link between an identified person and the signature.
While authentication of the signer’s identity is an important part of the signing process, it may or may not be the electronic form of signature that provides proof of identity. As long as the overall signing process addresses identity and authentication, it is acceptable. The E-Transaction laws do not require the use of any method to identify or authenticate a party as long as the method selected satisfies the requirement that it be as reliable as appropriate for the purpose in question. It does not need to be part of the same step or process that indicates the signer’s intent as long as the person’s identity and intent can be reliably correlated to the record he or she is signing.
Integrity of the Signed Record.
The usability, admissibility, and provability of a signed electronic record requires that procedures be undertaken to ensure the continuing integrity of both the electronic record and its electronic signature, following completion of the signing process. It is a matter of providing appropriate data security for both the record and the signature.
Data integrity is concerned with the accuracy and completeness of electronic information communicated over the Internet or stored in an electronic system. Data integrity ensures that no unauthorized alterations are made to such information either intentionally or accidentally. Ensuring integrity requires guarding against information modification or destruction for the full retention period of the record.
Industry partners utilizing e-signatures must ensure that documents signed electronically cannot be altered. If changes to the document are made, the electronic process must be designed to provide an “audit trail”, showing all alterations, the date and time they were made, and the identity of the person who made them.
Requirements for Systems with Digital Signatures.
A digital signature varies from other electronic forms of signature, as it is “Encrypted data produced by a mathematical process applied to a record using a hash algorithm and public key cryptography”. Any computer system or application that uses a username and password or multi-factor authentication would contain digital signatures. A digital signature is a way to ensure that an electronic document or record is authentic. Authentic means that you know who created the document and you know that it has not been altered in any way since that person created it. A username and password are the most common form of authentication.
In their work with HUD programs, many industry partners likely use computer systems or applications that contain digital signatures. For these digital signatures to be considered a legal form of electronic signature, the system or application must conform to the National Institute of Standards and Technology (NIST) Federal Information Processing Standards (FIPS) Digital Signature Standard 186-4 and other Federal Government digital signature regulations and guidance. Compliant software programs will contain a security feature that ensures that the digital signature is unique and protected and that only the “owner” of the signature maintains control of its use.
The notice permits electronic transmission of HUD-approved or required documents when local, state, or federal law permits. It does not provide guidance on documents required by lenders, state or local government agencies, or other private concerns. Note: Relevant program files or information can be transferred in a format that is acceptable to both parties, whether that is electronic or paper.
- Documents Sent to HUD or a CA. HUD and its CA may offer certain electronic transmission methods for documents. O/A should contact their local HUD field office or CA to determine each agency’s submission options and/or transmission preferences.
- Documents Sent to O/A. HUD and CA staff may electronically transmit HUD forms and documents to O/A or to each other as state, local, or federal laws permit. As noted above, adequate security measures and choice of transmission method must ensure the security of sensitive information included in such documents.
Applicants and Tenants.
- Submission to O/A.
If an O/A chooses to utilize electronic communication procedures, Applicants and tenants may also choose to communicate electronically with the O/A. Their choice must be made affirmatively (not assumed with an optout procedure). (See E-SIGN Act, 15 U.S.C. 7001(c)(1)(A)). They may complete most documents online or by hand and then transmit and/or scan and email them electronically to an O/A.
Applicants and tenants may also submit information and documents using other methods, such as online systems, tablet or smart phone apps, email, or other electronic media. O/A may designate specific methods as acceptable for electronic transmission.
However, applicants and tenants must have the opportunity (if they desire) to provide information and documents in paper copy, including both before they have provided any information or documents electronically or after they have done so and wish to discontinue.
2. Transmission to Applicants and Tenants.
O/A may provide documents and notices electronically or make such documents available in an electronic format when state and local laws permit. If an O/A chooses to provide documents electronically, the O/A should inform applicants or tenants of their option to receive such documents in paper form.
If required notices, forms, and brochures are distributed electronically, HUD recommends that O/A request an electronic acknowledgement of receipt. Where HUD does not specifically require applicant or tenant acknowledgement of receipt, O/A should nonetheless maintain records showing that they provided applicants or tenants with the electronic file or the electronic address used to access the document.
When providing documents, forms, or notices electronically, O/A must be sure to comply with tenant notification requirements in Handbook 4350.3, HUD program Notices, and state and local laws, and regulations. When local, state, federal laws or regulations require that specific documents be provided by first class mail, delivered in person, or other specified means, this document must be provided using the stated required procedures and may not be solely transmitted electronically. (Refer to Section VIII of this Notice.)
- When transmitting documents electronically, industry partners must use National Institute of Standards and Technology (NIST) compliant methods. Examples include putting the documents inside an encrypted wrapper, such as a password protected DOC, PDF, or ZIP file. Passwords should not be included in the same transmission as the documents. It is preferable to provide the recipient with the password by calling, texting, or in a separate email. HUD strongly recommends using an encrypted transfer mechanism such as a shared link with an encrypted cloud storage service, an encrypted mail service, or web encrypted transfer tools.
- When transmitting and storing Enterprise Income Verification (EIV) system data, vendors must adhere to NIST compliant standards. Handbook 4350.3 REV-1, Chapter 9-21(C)(1)(a)). EIV data stored electronically must be in a restricted access directory or, if placed on portable media, labeled appropriately and encrypted using a NIST Compliant Cryptographic Module. Similarly, all emails containing EIV data must be encrypted using a NIST compliant cryptographic module.
- Other possible methods for transmitting electronic documents and data must comply with HUD’s security requirements. They may include but are not limited to the following: a. Removable electronic media, such as thumb drives or SD cards; b. Direct access (i.e., providing login information to a system in order to access electronically signed and/or stored documents); and c. Other compliant technology as developed.
Personally Identifiable Information (PII).
- All documents containing or conveying PII must be encrypted or transmitted in a secure manner in order to safeguard this information.
- When faxing sensitive PII, use the date stamp function; confirm the fax number, verify that the intended recipient is available and confirm that he/she has received the fax. Ensure that none of the transmission is stored in memory on the fax machine, and that all paper waste is disposed of properly (shredded). If possible, use a fax machine that uses a secure transmission line.
- If a secure line is not available, contact the recipient’s office prior to faxing to inform them that information is coming. Next, contact the recipient’s office following transmission to ensure they received it. For each event, the best course of action is to limit access of PII only to those individuals authorized to handle it and create a paper trail and verify that information reached its destination.
- When sending sensitive PII via email or via an unsecured information system, make sure the information and any attachments are encrypted.
- Do not place PII on shared drives, multi-access calendars, on Intranet, or the Internet unless they are compliant with the terms of this Notice. Do not let documents with PII sit on a printer, scanner, or fax machine where unauthorized employees or contractors can have access to the information.
2. Privacy Act Violations. The Privacy Act (5 U.S.C. Sec. 552a(g) and (i)) specifically provides civil remedies, including damages, and criminal penalties for violations of the Act. In the case of criminal violations, the Privacy Act limits these penalties to misdemeanors. An officer or employee of an agency may be fined up to $5,000 for, when “knowing that disclosure of the specific material is so prohibited, willfully discloses the material in any manner to any person or agency not entitled to receive it,” as may “[a]ny person who knowingly and willfully requests or obtains any record concerning an individual from an agency under false pretenses.”
File and Document Storage.
HUD forms and O/A created forms or documents used for the management of the property may be stored electronically when state and local laws permit. If industry partners want to utilize e-storage policies, they may do the following:
- Maintain paper files, electronic files, or a combination of both; and
- Convert paper files to electronic format.
Note: O/A are strongly encouraged to consult their legal counsel in determining the requirements for wet signatures for documents required by other federal, state, or local laws and/or agencies. O/A must ensure they maintain documents in appropriate formats.
When information is stored electronically, data must be encrypted using a NIST compliant encryption solution.
- Industry professionals will access documents as required by the function of those documents. (For example, maintenance staff will not have access to tenant certification records. Real Estate Assessment Center (REAC) inspectors will not have access to tenant files.)
- Access to electronic information must comply with the same HUD program requirements that apply to paper files. Industry partners must ensure the security of important electronic records and documents. Access to e-storage systems must be restricted to certain users based on specific HUD program guidance.
- Industry partners must adhere to special rules surrounding EIV or other documents, such as documents disclosing a tenant’s/applicant’s status as a victim of domestic violence, dating violence, sexual assault, or stalking.
- Industry partners will use the stored information only for its intended purpose and must not share any electronic or paper files for purposes other than those strictly related to an appropriate request. Proprietary information must not be shared with another like entity. (For example, a CA would not share rent comparability studies submitted by one O/A with another O/A.)
- This Notice permits Independent Public Auditors (IPA), while conducting HUD financial audits, to have access to O/A electronic records.
Data and information stored electronically must be maintained and used in ways that ensure the security, protection, and confidentiality of any information as required by federal, state, or local law. Data security management is a way to maintain the integrity of electronic data and to make sure that the electronic data are not accessible by unauthorized parties or susceptible to corruption. To ensure appropriate security, industry partners must comply with the following practices: 1. Comply with any specific data security requirements of HUD programs, relating to such activities and media as the following:
- Encryption both at transmission and at rest;
- Use and disclosure of data;
- Passwords for all employees or agents/contractors;
- Using and accessing electronic data and systems, backing up data, and data protection;
- Use of emails, message content, encryption, and file retention;
- Mobile devices - ensure they are secure, used appropriately, and protected from theft;
- Unauthorized access;
- Reporting malicious malware in the event it is inadvertently imported;
- Audit and access logs; and
- Data Destruction.
2. Report any breach to the integrity of any electronic data that contains either sensitive information or information pertaining to electronic signatures to the entity that owns or administers the data. Such security policies should comply with federal, state or local laws, regulations, and guidance.
3. Utilize a method to track electronic activity associated with sensitive documents and information. In the event of a data breach, industry partners should have a method to facilitate disclosure to those affected by the breach. Such tracking methods should also be designed in such a way as to allow security audits of the electronic data when requested by federal or state agencies.
Such audits must be permissible and conducted within the protections of the Privacy Act and other privacy and confidentiality laws and regulations.
A data retention policy, or records retention policy, is an organization's established protocol for retaining electronic data information for operational or regulatory compliance needs. Industry partners must comply with established program-specific document retention requirements. Refer to Multifamily Housing handbooks for record retention requirements.
Retention requirements are the same for both paper and electronic documents and records. Additionally, like paper documents and records, electronically stored and/or signed documents and records must be kept within a document management system where access is limited based on function and need to know. This is also the case when records and documents are stored in a central location using document management software and when a secured version of a form is attached to a specific tenant or O/A record.
Data and File Destruction.
Data destruction is the process of destroying electronic data stored on tapes, hard disks, and other forms of electronic media, so that it is completely unreadable and cannot be accessed or used for unauthorized purposes. Industry partners must have policies and procedures in place to destroy records and data and must document when and how records and data are destroyed.
- Electronic Data. Industry partners must have policies and procedures in place to destroy electronic data and must document when and how records and data are destroyed. Procedures must ensure that records and documents cannot be accessed once they have been destroyed. The type of destruction method used should correlate to the sensitivity of the data and HUD’s or other federal/state/local government requirements.
- Paper File Destruction. O/A must dispose of paper files in a manner that will prevent any unauthorized access to personal information, e.g., burn, pulverize, shred, etc. When converting paper files/documents to electronic format and prior to destroying the paper format, O/A must check local and state laws and practices to determine if hard-copy documents with wet signatures must be retained or whether a print-out of an electronic document with a verifiable electronic signature is acceptable.
HUD Review Impact.
Reviews conducted by HUD or HUD’s agents or reviews conducted in compliance with HUD’s guidelines may involve reading files electronically (when available).
The files must be provided in compliance with HUD’s or other federal/state/local government security access requirements. O/A may continue to furnish documents in paper format if they prefer.
Owners and agents are encouraged to read the entire HUD notice for all electronic signature and storage
- All Residents of HUD Subsidized Properties
CGI provides Project-Based Section 8 Contract Administration services to the NYS Housing Trust Fund Corporation and is responsible for responding to resident concerns. CGI Call Center has a team of Customer Relation Specialists (CRS) that will receive, investigate and document concerns such as, but not limited to the following:
- Questions or concerns regarding work order follow-up.
- Questions regarding the calculation of your rent.
- Address health & safety and HUD Handbook 4350.3 concerns.
Call Center Purpose
- Call Center aids in ensuring HUDs mission of providing Decent, Safe and Sanitary Housing.
- Serves as a neutral third party to residents, owners and the public.
- Assists with clarifying HUD Occupancy Handbook 4350.3 requirements.
Call Center Contact Information and Business
Hours Hours of Operation: 8:30am to 5:30pm
Contact Numbers: 1-866-641-7901 TTY number: 1-800-662-1220 Fax: 518-218-7800
Written Summaries: 100 Great Oaks Blvd. Suite 120, Albany, NY 12203
Concerns can be submitted by the following:
- FOIA- Freedom of Information Act request must be submitted directly to HUD
Required Information to open an inquiry
- Property name
- Caller’s name (anonymous calls accepted)
- Caller’s telephone number with area code
- Caller’s address including apartment number
- A brief, detailed description of the caller’s concern(s)
- Stay Warm and Safe!