

“WELL’s security program is particularly impressive, and security has clearly been a primary focus since the company’s beginning. WELL has made sure to consider the end-to-end data flow process, and they’ve conscientiously deployed all the necessary controls to best address safety, privacy, and potential risk.”
User Data and Privacy
WELL values the trust that our customers place in us to handle their data in a secure, respectful, transparent, and appropriate way. All of your data is hosted on WELL’s servers, housed in on-shore, SOC 2 accredited data centers, and accessed through your web browser (or our application). WELL enables covered entities to automate and communicate with patients in a way that permits compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
As a business associate to covered entities, WELL has adopted measures to ensure that we remain HIPAA compliant as does any business associate we work with. WELL allows our customers to collect PHI in secure conversations over WELL only if terms of use are followed and a business associate agreement is in place.


“Through the establishment and maintenance of a management system aligned to both the ISO 27001 and ISO 27701 standards, WELL has committed to a process that will perpetuate a virtuous cycle of continual improvement within the organization. The dedication and rigor with which WELL operates its management system ensure it will continue to excel as its compliance program grows and evolves.”
Data Security Features
WELL is built with your security in mind.