Security, Privacy, and Compliance

Trustworthy Technology to Gather Quality HRA Data 

At Wellsource, we take privacy and security concerns seriously, because the individuals using our products are trusting us to safeguard and protect their most sensitive health and lifestyle data. Having rigorous controls for security, compliance, and privacy is a cornerstone of our development process, and a signal of our dedication to keeping participant data safe. 

HIPAA

Privacy Standards

Wellsource products are compliant with privacy requirements, including HIPAA/HITECH, the Genetic Information Nondiscrimination Act (GINA), and country-specific certifications and requirements as needed.

SOC-AICPA

Security standards

Security is foundational to our product development. Our SOC 2 Type II report is a testament to an effective and rigorous approach to our security, availability, and confidentiality controls.

We needed a partner with the ability to integrate with our data and platform. Working through this complicated launch with Wellsource was a positive experience for us. It’s given us the ability to expand in the way that we were looking for.​
We needed a partner with the ability to integrate with our data and platform. Working through this complicated launch with Wellsource was a positive experience for us. It’s given us the ability to expand in the way that we were looking for.​

Elastic Scalability, High Reliability

There’s no limit within our products as to how many participants our clients can take on, or how much participant data an administrator can process. Wellsource products expand on demand so administrators can take on more assessments with very little effort.

Wellsource products are deployed and maintained by Wellsource, so our customers never need to worry about applying updates or patches. And redundant hardware infrastructure reduces the need for lengthy maintenance windows.

Single Sign-on (SSO)

Wellsource customers use SSO to authenticate participants, giving our clients greater security and control over who can access Wellsource HRAs, while still relying on Wellsource to handle under the hood participant and HRA validation processes.

NCQA Certified

Wellsource is a certified vendor with the National Committee for Quality Assurance (NCQA).

Almost there! How Wellactivate collects and stores phi or personal health information for patient acquisition health assessments

Cloud-based, Around-the-clock data acess

Wellsource Commitment to Secure, Reliable Software

Wellsource products are cloud-based software applications, designed to deliver stable and reliable access. Our clients always own their data, and can access flexible reporting 24/7/365. Other examples of the controls we put in place to ensure our software solutions are secure and reliable: 

  • Server-driven screen timeout to protect privacy
  • All participant data is 100% encrypted within the database, and when transmitted between clients and Wellsource
  • Data is stored in SQL Server databases protected with infrastructure limited access
  • Sensitive data is protected with salted AES256 encryption for HIPAA compliance

Wellcomplete™ Compliance Measures

Wellsource HRAs for population health are developed with population-specific regulations in mind, including careful consideration for patient-centered care elements defined by CMS, accommodations for different levels of health literacy at a state or federal level, and National Standards for Culturally and Linguistically Appropriate Services (CLAS).