Updated October 8, 2021
WPS contracts with the Centers for Medicare & Medicaid Services (CMS) and is a CMS contractor under the authority granted in Sections 1842, 1862 (b) and 1874 of Title XVIII of the Social Security Act (the Act) (42 United States Code (U.S.C.) §§1395u, 1395y (b), and 1395kk).
WPS has a public website, www.wpsgha.com and a private website for providers, also at www.wpsgha.com. The authentication requirement for providers differentiates between public/nonpublic. WPS is providing this notice to you concerning (i) how WPS may use or disclose personally identifiable information (PII) that you may provide while visiting our public website, and (ii) how we may use or disclose PII or protected health information (PHI) that a health care provider may provide when using the non-public provider portal.
PII means any information that alone, or in combination with other data elements, could be used to identify you, such as a name, address, telephone number, Social Security number (SSN), or other personal identifier unique to you (e.g., Medicare provider number). PHI means protected health information that is created by a health care provider or other covered entity (e.g., insurance company, clearinghouse) that relates to the health or condition of an individual.
At WPS we take our customers' privacy very seriously and understand that visitors of our website need to be in control of their information. More detailed information is provided below regarding how we collect, use and/or disclose information.
Data Collection, Use and Disclosure
The WPS public website does not collect any PII about you during your visit unless you specifically and knowingly choose to provide it to us. We do, however, collect information from visitors who read, browse, and/or download information from our websites. WPS uses this information to measure the number of visitors to its sites and to distinguish between new and returning visitors to help make the site more useful. The WPS website does not collect information for commercial marketing or any purpose unrelated to our work as a CMS contractor.
If you choose to provide us with PII, we will maintain the information you provide only if needed to respond to your question, grant access, or to fulfill the stated purpose of the communication. Groups of records that contain PII about an individual and are designed to be retrieved by the individual's name or other personal identifier linked to the individual will be safeguarded in accordance with the Privacy Act of 1974, Health Insurance Portability and Accountability Act of 1996 (HIPAA), CMS' Information Security Acceptable Risks Safeguards (ARS) and other CMS contract requirements. PII collected by the WPS website is kept on secure servers and is accessed only by staff members with a business need to use it. When no longer needed, this information is disposed of in accordance with the WPS Records Retention policies. On occasion, PII collected is requested by, and shared with the CMS for use in contract activities. WPS will ensure the data is encrypted according to CMS standards if WPS transmits your protected data to CMS or any CMS-contracted entities.
Non-Public Provider Portal
As a CMS contractor, WPS will collect PII from health care providers using the non-public provider portal if they choose to provide it to us. WPS will use the PII only in connection with our services as a CMS contractor. For example, health care providers might submit PII to enroll to use the WPS secure provider portal. In such a case, WPS will safeguard any PII provided and will not disclose, give, sell, or transfer any such personal information to third parties. If we share demographic information with third parties, we will give them aggregate information only.
WPS also collects PII to track those users registering for portal access. For health care providers to become users, they are required to enter in personal information (For example, name, work phone, email address, the provider/supplier's Tax Identification Number (TIN) or Social Security number (SSN), organization name, trading partner ID, NPI, and PTAN). This information is used to permit them continued access to the provider portal.
WPS also collects PII to track those users who register for educational events. Users are required to enter in personal information (For example, name, email address, and company name) when registering for most educational events, such as webinars and in-person seminars. This information is then used for continued communication with the user regarding their event registration and participation.
Users also have the option when registering on our List Serve Email newsletter to receive Medicare news and information. To complete this request, they need only supply their email address and name.
WPS also uses an online survey to collect opinions and feedback. This online survey will appear at random to users. Survey respondents have the option of not including any PII in their comments. However, if the user has a question, there is an option to leave their email address. WPS analyzes and uses this information to improve the operation and content of our website.
In addition to PII, health care providers might submit PHI in connection with the functionality provided through the WPS secure non-public provider portal. We use and disclose such PHI only in connection with our role as a CMS contractor and then only as permitted or required under the HIPAA Privacy Rules and under our contract with CMS. Please see the Notice of Privacy Practices applicable to CMS contractors that is published by CMS on its website for a full description of all uses and disclosures of such PHI under the HIPAA Privacy Rule.
The Office of Management and Budget Memo M-10-22, Guidance for Online Use of Web Measurement and Customization Technologies allows Federal agencies to use session and persistent cookies. As a subcontractor to one of those agencies -- the Centers for Medicare & Medicaid Services (CMS) - WPS is permitted to utilize the same technology.
When you visit a website, its server may generate a piece of text known as a "cookie" to place on your computer. The cookie allows the server to "remember" specific information about your visit while you are connected. The cookie makes it easier for you to use the dynamic features of web pages. Requests to send cookies from WPS' web pages are designed to collect information about your browser session only; they do not collect personal information about you. Note that regardless of the uses for cookies on our website, we will not share any cookie information with any third parties.
There are two types of cookies: "Temporary session cookies" (single session) and "persistent cookies" (multi-session). Temporary session cookies will last only if your browser is open. Once you close your browser, the temporary session cookie will disappear. Persistent cookies are stored on your computer for longer periods.
How WPS uses temporary session cookies
WPS uses temporary session cookies for technical purposes such as improving navigation through our site. These cookies let WPS servers know that you are continuing to visit its site. The temporary cookie is not permanently stored on your computer. The cookie and the information about your visit are automatically deleted shortly after you close your browser to end the session.
How WPS uses persistent cookies
WPS uses persistent cookies to help recognize new and returning visitors to WPS' provider websites. Persistent cookies remain on your computer between visits to the provider websites until they expire. WPS does not use this technology to identify you or any other individual site visitor.
WPS' feedback survey tool uses persistent cookies to block repeated invitations to take the Results survey. WPS also uses persistent cookies to enable its Web analytics program to measure how new and returning visitors use its provider websites over time.
How to "opt out" or disable cookies
If you do not wish to have temporary or persistent cookies placed on your computer, you may disable them using your browser. If you decide to "opt out" of cookies, you will still have access to all information and resources the WPS provider websites provide.
You can remove any cookies that have been created in the cookie folder of the most popular Internet browsers. Simply click the "Help" function on your browser and enter "cookies" to search for information on how to remove all or individual cookies.
WPS is committed to ensuring that our customer's information is properly collected, used, and maintained. We will not disclose, give, sell, or transfer any personally identifiable information that you provide through our website to third parties except in response to a valid subpoena, warrant, or court order or as otherwise required by law.
WPS will protect any personal information you share with us in compliance with the Federal Privacy Act of 1974, 5 U.S.C. Section 522a, Health Insurance Portability and Accountability Act of 1996 (HIPAA), and CMS Contract requirements. For example, WPS will only allow its employees or contractors to access your personal information if they need such information to perform their job. Additionally, WPS will require any employee or contractor who accesses your personal information to comply with all CMS information privacy and security requirements including, but not limited to, signing confidentiality agreements, and completing annual information privacy and security training.
Access, Amendment, Maintenance & Disposal
WPS retains the data from the web analytics tool and feedback survey results only if required by law or needed to support the WPS provider websites.
Personal information entered for the Non-Public Provider Portal will be maintained on the "My Profile" profile page after access has been granted in the portal. WPS requires you to use a username and password to access the Non-Public Provider Portal. You are responsible for keeping your password secure.
Personal information may be corrected by you on the “My Profile” page after you have signed into the portal. To obtain a copy of PII you provided us, or if you need assistance with updating or correcting your information, please Contact Us.
WPS will maintain and dispose of your personal information in accordance with WPS record retention policies.
Electronic mail is not necessarily secure, so we do not recommend sending confidential or personal information via email.
If you send us an email with questions or comments, we may use your personally identifiable information to respond to your questions or comments, and we may save your questions or comments for future reference.
For site security purposes and to ensure that this service remains available to all users, WPS uses software programs to monitor traffic to identify unauthorized attempts to upload or change information or otherwise cause damage. In the event of authorized law enforcement investigations, and pursuant to any required legal process, information from these sources may be used to help identify an individual.
Contacting the WPS Medicare Privacy Official
WPS has a designated Medicare Privacy Official who is available to answer privacy questions or for reporting privacy issues. You may contact the Medicare Privacy Official by calling the phone number or by writing to the following address:
WPS Government Health Administrators
Attention: Mary Evans, Medicare Privacy Official
1717 W. Broadway
P.O. Box 8190
Madison, WI 53708-8190