Trust & Security at WELL

The WELL Security Program exceeds industry standards for protecting the integrity, confidentiality, and availability of the data we store and transmit. We hold ourselves to the highest standards for safeguarding your organization and the patients you serve.

Certifications & Regulations

We have implemented security best practices and employ the services of independent third parties to evaluate and audit our practices against best-in-class security frameworks. 

“WELL’s security program is particularly impressive, and security has clearly been a primary focus since the company’s beginning. WELL has made sure to consider the end-to-end data flow process, and they’ve conscientiously deployed all the necessary controls to best address safety, privacy, and potential risk.”

Deepak Chaudhry
BDO, National Health IT & HITRUST Leader, President of Houston HIMSS Chapter

User Data and Privacy

WELL values the trust that our customers place in us to handle their data in a secure, respectful, transparent, and appropriate way. All of your data is hosted on WELL’s servers, housed in on-shore, SOC 2-accredited data centers, and accessed through your web browser (or our application). WELL enables covered entities to automate and communicate with patients in a way that permits compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). 

As a business associate to covered entities, WELL has adopted measures to ensure that we remain HIPAA compliant as does any business associate we work with. WELL allows our customers to collect PHI in secure conversations over WELL only if terms of use are followed and a business associate agreement is in place. 

“Through the establishment and maintenance of a management system aligned to both the ISO 27001 and ISO 27701 standards, WELL has committed to a process that will perpetuate a virtuous cycle of continual improvement within the organization. The dedication and rigor with which WELL operates its management system ensure it will continue to excel as its compliance program grows and evolves.”

Will Dunphy
Coalfire, Senior Manager – Privacy & International Assurance

Data Security Features

WELL is built with your security in mind.

Secure Messaging

info
Secure Messaging
Scanning, identification, and remediation of security vulnerabilities on servers, workstations, network equipment, applications, and all other key assets. We participate in both manual and automated independent third-party penetration testing.

Static Code Scanning

info
Static Code Scanning
We scan our code base (applying OWASP and SANS security principles) on a quarterly basis at a minimum.

Disaster Recovery

info
Disaster Recovery
Infrastructure is maintained across two geographically separate availability zones with full technical recovery tests to ensure established recovery timelines can be met.

Intrusion Detection and Web Application Firewall

info
Intrusion Detection and Web Application Firewall
Firewalls are utilized to restrict access to systems and scan all transmissions into our network.

Real-Time Error Monitoring

info
Real-Time Error Monitoring
Best-in-breed monitoring tools for both performance and security monitoring across our environment.

SOC 2 Accredited Data Centers

info
SOC 2 Accredited Data Centers
WELL’s information systems and technical infrastructure are hosted within world-class, SOC 2 accredited data centers in the United States.

Third-Party Risk Assessments and Audits

info
Third-Party Risk Assessments and Audits
Periodic, independent, third-party audits to evaluate and audit our practices against best-in-class security frameworks.

Security Development Lifecycle (SDLC)

info
Security Development Lifecycle (SDLC)
Established, secure coding practices with security tooling and automation to ensure a secure software build and deployment.

Scans, Testing, and Patching

info
Scans, Testing, and Patching
Scanning, identification, and remediation of security vulnerabilities on servers, workstations, network equipment, applications, and all other key assets. We participate in both manual and automated independent third-party penetration testing.

WELL Security White Paper

Understand the security layers that ensure BAA

HITRUST and ISO Certifications

The WELL platform has achieved compliance with HITRUST, ISO 27001, ISO 27017, ISO 27018, and ISO 27701.

Related Resources

More Like This
Get Started

Find out how the WELL enterprise communication hub can make it easy to engage patients for a world-class clinical and administrative experience.