HITech and HIPAA Security and Compliance

Wellsource products comply with the latest standards and laws concerning security, privacy, and health literacy.


Wellsource servers are hosted at an SSAE 16 SOC 1 type II and SOC 2 audited, carrier-class data center provided by Atmosera in Beaverton, OR.

This data center meets the requirements under Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) which comprises a robust set of security requirements and controls designed and maintained to keep confidential data safe and secure. The controls addressed in SSAE 16 (Statement on Standards for Attestation Engagements No. 16, Reporting on Controls at a Service Organization) are those that a service organization implements to prevent, or detect and correct, errors or omissions in the information it provides to user entities. A type II audit is a report on policies and procedures placed in operation and tests of operating effectiveness for a period of at least 6 consecutive months.

The controls addressed in SOC (service organization controls) 2 bring confidentiality and security measures of the service organization in line with current security and privacy best practices. SOC 2 includes the Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (TSP) Section 100. A SOC 2 audit is a report on the data-center facilities and the suitability of the design of controls to meet the criteria set forth in TSP Section 100 that have been placed in operation as of a specific date.


Health Insurance Portability and Accountability Act


Our family of WellSuite® IV products are also compliant with the latest privacy requirements of the Health Insurance Portability & Accountability Act (HIPAA), including the HITECH amendments, and the Genetic Information Nondiscrimination Act (GINA). We also adhere to country-specific certifications and requirements as needed.


National CLAS Standards and Health Literacy

Our family of WellSuite® IV products and health education tools

adhere to the National Standards for Culturally and Linguistically Appropriate Services (CLAS). Our WellSuite® IV health risk assessments for Medicaid and for Medicare and complementary self-management tools are written at an engaging 4th grade reading level.
Recognizing health literacy as a public health issue, the Department of Health and Human Services (HHS) developed a national action plan to improve health literacy. The plan outlines large-scale goals for creating health literacy in the U.S. The Office of Minority, HHS developed National Standards for Culturally and Linguistically Appropriate Services (CLAS). CLAS standards are intended to advance health equity, improve quality and help eliminate health care disparities by providing a blueprint for individuals and healthcare organizations to implement culturally and linguistically appropriate services.
In addition, 45 states and the District of Columbia have instituted grade-level minimums for written health information and education materials. These grade levels range from third grade in Arkansas up to eighth grade in North Carolina. Each state in the U.S. sets its own literacy standards for information being consumed by its Medicaid population. It is critical to keep state guidelines in mind when providing written health information.