Trust & Security at WELL

The WELL Security Program exceeds industry standards for protecting the integrity, confidentiality, and availability of the data we store and transmit. We hold ourselves to the highest standards for safeguarding your organization and the patients you serve.

Certifications & Regulations

We have implemented security best practices and employ the services of independent third parties to evaluate and audit our practices against best-in-class security frameworks. 

User Data and Privacy

WELL values the trust that our customers place in us to handle their data in a secure, respectful, transparent, and appropriate way. All of your data is hosted on WELL’s servers, housed in on-shore, SOC 2-accredited data centers, and accessed through your web browser (or our application). WELL enables covered entities to automate and communicate with patients in a way that permits compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). 

As a business associate to covered entities, WELL has adopted measures to ensure that we remain HIPAA compliant as does any business associate we work with. WELL allows our customers to collect PHI in secure conversations over WELL only if terms of use are followed and a business associate agreement is in place. 

Data Security Features

WELL is built with your security in mind.

Secure Messaging

info
Secure Messaging
Scanning, identification, and remediation of security vulnerabilities on servers, workstations, network equipment, applications, and all other key assets. We participate in both manual and automated independent third-party penetration testing.

Static Code Scanning

info
Static Code Scanning
We scan our code base (applying OWASP and SANS security principles) on a quarterly basis at a minimum.

Disaster Recovery

info
Disaster Recovery
Infrastructure is maintained across two geographically separate availability zones with full technical recovery tests to ensure established recovery timelines can be met.

Intrusion Detection and Web Application Firewall

info
Intrusion Detection and Web Application Firewall
Firewalls are utilized to restrict access to systems and scan all transmissions into our network.

Real-Time Error Monitoring

info
Real-Time Error Monitoring
Best-in-breed monitoring tools for both performance and security monitoring across our environment.

SOC 2 Accredited Data Centers

info
SOC 2 Accredited Data Centers
WELL’s information systems and technical infrastructure are hosted within world-class, SOC 2 accredited data centers in the United States.

Third-Party Risk Assessments and Audits

info
Third-Party Risk Assessments and Audits
Periodic, independent, third-party audits to evaluate and audit our practices against best-in-class security frameworks.

Security Development Lifecycle (SDLC)

info
Security Development Lifecycle (SDLC)
Established, secure coding practices with security tooling and automation to ensure a secure software build and deployment.

Scans, Testing, and Patching

info
Scans, Testing, and Patching
Scanning, identification, and remediation of security vulnerabilities on servers, workstations, network equipment, applications, and all other key assets. We participate in both manual and automated independent third-party penetration testing.

WELL Security White Paper

Understand the security layers that ensure BAA

HITRUST Evaluation of WELL

The WELL platform has been evaluated for 19 HITRUST CSF security domains.

Related Resources

More Like This
Get Started

Find out how WELL’s enterprise communication hub can make it easy to engage patients for world-class clinical and administrative experience.