Member Privacy and HIPAA Compliance

 

At ContinuUs, we take the privacy of our members very seriously, and we require our providers to do the same.

  • As a ContinuUs provider, you must maintain confidentiality of all ContinuUs member information you generate or receive.
  • You must also be in compliance with all state and federal confidentiality requirements. This includes compliance with the federal regulations implementing the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to the extent those regulations apply to the services you provide or purchase with funds provided under contract with ContinuUs.
  • You must immediately report all allegations of confidentiality violations to ContinuUs Provider Services and include your plan of action to address the violation if substantiated. ContinuUs Provider Services will work with you in investigating any instances of alleged violation of confidentiality, and will work with you to resolve substantiated violations.

Below are resources to assist you in maintaining member privacy.

Reporting HIPAA Breaches

Providers are required to report all HIPAA breaches to HHS as follows:

All HIPAA breaches involving less than 500 people must be reported no later than 60 days after the end of the year in which the breach occurred. Any breach over 500 people must be reported immediately or at least within 60 days of breach confirmation.

  • Instructions for submitting notice of a breach are available at HHS.gov, Submitting Notice of a Breach to the Secretary
  • You can also go directly to the HHS Breach Portal at to submit notice of a breach.
  • If you have any questions please contact the ContinuUs Director of Compliance at 608-647-1536 or tring@ContinuUs.org. 

HIPAA Information

Wisconsin Dept. of Health Services HIPAA Site HIPAA news, options to consider when developing solutions, Wisconsin DHS program information specific to HIPAA

HIPAA COW (Health Insurance Portability and Accountability Act Collaborative of Wisconsin)
HIPAA resources and education, identification of best practices, opportunities for partnering and collaboarting, and more

HIPAA Mitigation - Protecting Against Identity Theft Steps to take in response to a breach of protected health information 

HHS Fact Sheet: Ransomware and HIPAA  Information about HIPAA security measures, breach reporting, and other ransomware impacts

Privacy When Using Email

Email is a business communication tool and ContinuUs associates and business partners are obliged to use this tool in a responsible, effective and lawful manner. The ContinuUs Business Partner Email Use Policy contains details about legal risks and requirements, best practices, confidentiality, and system monitoring when using email to communicate with ContinuUs. In particular, providers should be careful not to use any personal identification information about a member within the subject line or body of an email message sent via regular email. This includes but is not limited to social security number, full member name or initials of member name, member address or phone number, and Medicaid or Medicare numbers. See below for information about our secure (encrypted) email system.

Secure Email Communication with ContinuUs

ContinuUs uses a system called ZixCorp for secure (encrypted) email communication. Once you register at the ContinuUs Secure Email Message Center, you will be able to securely compose, receive, view sent messages, and more. When a ContinuUs staff member sends you a secure message, you receive a notification email with instructions on how to open the message. The notification message arrives in your regular email inbox. You select Open Message in the notification message to go to the ContinuUs Secure Email Message Center and view your email. If you have not yet registered, you will be able to do so when you select Open Message.

Note: Our previous secure email system, MailSafe, will still be active until all messages have expired. You may still reply to communications you have received from us via MailSafe using that system. However, we encourage you to use our new Secure Email Message Center whenever possible to continue those conversations.

Social Media and Privacy

HIPAAcow Social Media Whitepaper - Considerations on social media in the healthcare workplace
Centers for Disease Control and Prevention - Social Media Tools, Guidelines & Best Practices
Online Database of Social Media Policies - Sample policies and guidelines for various industries, links to general guidelines and templates