employees-banner
SecurityPage

KEEPING YOUR DATA SECURE IS OUR HIGHEST PRIORITY

Our customers and their participants can rest assured that their information is always protected

employees-banner
Security Page

KEEPING YOUR DATA SECURE IS OUR HIGHEST PRIORITY

Our customers and their participants can rest assured that their information is always protected

employees-banner
Security Page

KEEPING YOUR DATA SECURE IS OUR HIGHEST PRIORITY

Our customers and their participants can rest assured that their information is always protected

Built to Support the Highest Level of Security and Compliance

Wellocity ensures the highest level of security for all customer and participant data by storing it in a HIPAA-compliant and HITRUST certified data environment maintained by industry experts.

CyberGRX ExchMember_TPCRM- Badge

CyberGRX provides a third-party validated cyber risk assessment of Wellocity’s security posture. This assessment details our compliance with industry standards and the security protocols built into our infrastructure.

CyberGRX ExchMember_TPCRM- Badge

CyberGRX provides a third-party validated cyber risk assessment of Wellocity’s security posture. This assessment details our compliance with industry standards and the security protocols built into our infrastructure.

Strong Encryption for Data in Transit and at Rest

Our platform incorporates secure, encryption standards and protocols to guarantee maximum data protection for customers and participants. All platform data is encrypted in transit using TLS 1.2 and at rest using 256-bit AES encryption.

Data Locality

All Customer Data, Participant Data, and Wellocity Data is stored and processed exclusively within the United States.

Access Control

User access to Wellocity systems and applications is configured with role-based access using the least privilege policy

  • All Wellocity employees and contractors use unique user accounts and passwords to access all Wellocity systems
  • All participants register directly for a program and are assigned a unique user account on the Wellocity platform
  • Participants can use their credentials to access the participant app and portal
  • Participants are limited to viewing a subset of their own data
  • Customer users are privileged at an organization level using one to many roles with configurable permissions
  • A customer user’s access to participant PHI data is controlled by explicit permission to each program's participants
  • Access to program-specific data requires explicit permission and can be controlled at the user level

Strong User Authentication Mechanisms

  • Wellocity follows NIST recommended best practices for passwords for all users
  • Accounts are automatically locked after multiple retries
  • All Wellocity systems require two-factor authentication for all Wellocity users and customer users
  • All users are automatically logged off due to inactivity
  • Accounts for dormant users are automatically locked out
  • All Wellocity users accounts are disabled or deleted immediately on their termination date

Operational Security

Our commitment to data security has led us to create mandates to keep sensitive data safe and secure which include:

  • The use of strong passwords
  • Multi-factor authentication on all applicable internal and 3rd party systems
  • All end-user computers have an Anti-Virus utility installed
  • All company laptops require FileVault encryption
  • Encrypt internal company passwords, SSH keys, and secure notes using a password manager and 256-bit encryption
  • Staff training, all Wellocity employees are trained annually on HIPAA and best practices

Third Party Service Providers

Wellocity uses third-party service providers that provide us with services for our day-to-day business operations. Wellocity has executed a BAA with all service providers that provide in-scope services that are part of our HIPAA compliant business offerings.