Security, Privacy, and Compliance
Trustworthy Technology to Gather Quality HRA Data
At Wellsource, we take privacy and security concerns seriously, because the individuals using our products are trusting us to safeguard and protect their most sensitive health and lifestyle data. Having rigorous controls for security, compliance, and privacy is a cornerstone of our development process, and a signal of our dedication to keeping participant data safe.
Wellsource products are compliant with privacy requirements, including HIPAA/HITECH, the Genetic Information Nondiscrimination Act (GINA), and country-specific certifications and requirements as needed.
Security is foundational to our product development. Our SOC 2 Type II report is a testament to an effective and rigorous approach to our security, availability, and confidentiality controls.
Elastic Scalability, High Reliability
There’s no limit to how many participants our clients can take on, or how much participant data an administrator can process. Wellsource products expand on demand so administrators can take on 10 times—or 100 times—more assessments with very little effort.
Wellsource products are deployed and maintained by Wellsource, so our customers never need to worry about applying updates or patches. And redundant hardware infrastructure reduces the need for lengthy maintenance windows.
Single Sign-on (SSO)
Wellsource customers use SSO to authenticate participants, giving our clients greater security and control over who can access Wellsource HRAs, while still relying on Wellsource to handle under the hood participant and HRA validation processes.
Wellsource is a certified vendor with the National Committee for Quality Assurance (NCQA).
Cloud-based, Around-the-clock data acess
Wellsource Commitment to Secure, Reliable Software
Wellsource products are cloud-based software applications, designed to deliver stable and reliable access. Our clients always own their data, and can access flexible reporting 24/7/365. Other examples of the controls we put in place to ensure our software solutions are secure and reliable:
- Server-driven screen timeout to protect privacy
- All participant data is 100% encrypted within the database, and when transmitted between clients and Wellsource
- Data is stored in SQL Server databases protected with infrastructure limited access
- Sensitive data is protected with salted AES256 encryption for HIPAA compliance
WellSuite® IV Compliance Measures
Wellsource HRAs for population health are developed with population-specific regulations in mind, including careful consideration for patient-centered care elements defined by CMS, accommodations for different levels of health literacy at a state or federal level, and National Standards for Culturally and Linguistically Appropriate Services (CLAS).