Leading the Sector on Social Care Data Security: Protecting the Most Vulnerable

Photo: Unite Us community engagement team member training a new network partner in a demo environment.

“Normally we are not able to use any other platforms, and we were completely siloed in that way. This is the first community-based referral connector system that we’ve ever seen that would meet our qualifications and ensure survivor safety.”

—Erin Richardson, Health Programs Advocate, Tides of Change

We know that people seeking social care services are often going through a vulnerable moment in their lives. We built the Unite Us Platform to acknowledge this vulnerability and support clients so they don’t have to repeat their story and the challenges they’re facing over and over again to the health and social care providers serving their needs. The Unite Us Platform is also built to prioritize security for all client data shared on the platform, to provide a trusted means of sharing information during these vulnerable moments.

Our commitment to robust data security is reflected at every level of the Unite Us Platform and products. Unite Us has always configured access controls and viewing permissions at the user level, based on the types of services each user provides. This ensures the privacy and protection of any person being connected to services through our platform.

Building upon this foundation, Unite Us has worked closely with partner organizations to develop, test, and deploy a new feature called Sensitive Organizations, now available to all of our partners nationwide.

Expanding existing permissions with a focus on sensitive populations

Sensitive Organizations is the latest development to enhance privacy and client information security. The feature provides additional privacy protections for organizations that provide services to vulnerable individuals.

Unite Us automatically classifies as sensitive any organization that is subject to 42 CFR Part 2, offers HIV/AIDS support, serves survivors of domestic violence or sexual violence, or provides legal services. We also recognize that an organization exclusively or primarily serving other sensitive populations may be interested in the Sensitive Organizations feature. Unite Us works directly with organizations to configure them in a way that best supports the organization and the population they serve.

How the Sensitive Organizations feature protects individual privacy

Any referral sent by or to a Sensitive Organization, as well as any records associated with or resulting from the referral, is only visible to the sender and recipient organizations directly involved in the service episode, and subject to the individual user’s assigned viewing permissions.

This feature is vital for any organization serving sensitive populations. At the community-based organization, Tides of Change in Tillamook, Oregon, Executive Director Valerie Bundy says that since the agency works with survivors of domestic and sexual violence, it must meet all confidentiality requirements outlined in the Violence Against Women Act. In Oregon, there are additional statutory requirements at the state level, which include even stricter privacy guidelines for organizations serving survivors.

“We can’t confirm or deny that we work with anyone without their written consent,” Bundy says. Since Tides of Change is classified as a Sensitive Organization in the Connect Oregon network, any referral they send—regardless of its service type—will be protected as sensitive and visible only to the recipient of that referral.

Addressing our partners’ specific needs

The Sensitive Organizations feature was born out of direct feedback from our partners serving sensitive populations. These partners wanted their organizations and clients to benefit from the coordination and closed-loop referral capabilities that Unite Us could provide, but also needed to ensure that these referrals would protect the identity and privacy of an individual seeking sensitive services.

As part of our extensive research and development phase, which began in mid-2019, Unite Us held a series of focus groups to better understand the specific challenges our partners face in protecting the information of their clients.

“It was helpful that the folks we worked with from Unite Us were former advocates who used to work in the domestic violence field. They instantly knew what our concerns were going to be and they took action to make the platform work for us.”

—Valerie Bundy, Executive Director, Tides of Change, a community-based organization in Tillamook, Oregon that serves survivors of domestic violence, sexual violence, trafficking and stalking.

In developing Sensitive Organizations, Unite Us worked with partners serving special populations, specifically:

• People at risk of or living with HIV
• Children and families
• Individuals seeking substance use support and recovery services
• People affected by acts of violence

The focus group structure allowed us to explore challenges more deeply and understand each organization’s needs, goals, and concerns. For example, in our focus group for organizations serving people at risk of or living with HIV, we heard from advocacy leaders that within their communities, an HIV+ status—or even simply a request to be tested—still carries a stigma that can deter people from seeking help. This underscores the importance of an organization being able to assure a client that their information will remain private in all communications related to the service. This assurance is contingent upon the organization’s ability to send and receive appropriately protected referrals. Understanding these needs and others from our partners directly informed the development of the Sensitive Organizations feature.

“I am especially proud of the way our technology team integrated the community’s feedback into the Sensitive Organizations feature. It was vital for us to really understand the challenges they face so that we could tool our solution to address those needs.”

—Molly Harris, Unite Us Senior Director of Compliance

Leading data security for social care data

Within the Unite Us Platform, all personally identifiable information is protected using the same security standards required to shield protected health information. Community partners, health systems, plans, and governments across the country rely on Unite Us’ secure and HIPAA-compliant platform to coordinate care. With robust protections aligned with industry-leading privacy and security frameworks, Unite Us makes it possible for providers to improve the health of their clients and community while maintaining privacy and trust.

*Authors Molly Harris and Emilia Toro are members of the Unite Us team. Molly is our Senior Director of Compliance and Emilia is our Senior Director of Product.

Request a Demo