How does WellSky keep patient/member data safe?
Given the highly-regulated nature of healthcare, this is a common question. Because WellSky Social Care Coordination is a SaaS product (rather than an on-prem software), all of our users have access to the same patient data protections—they’re universal across our app and database.
Our protections fall into three categories: technical controls in the app (including outside certifications and penetration tests), user controls (controlling who can log in and how), and personnel controls (monitoring around employee behavior as well as background checks on current and former employees.
Technical controls
All data in WellSky Social Care Coordination is encrypted in transit and at rest. Encryption in transit means that if a user is accessing the site on a wifi network with other users, no one can set up a packet sniffer and read the data that’s coming to and from the site. Encryption at rest means that if someone was to access the database somehow, they would still need access to a secret key (stored by Aptible) to read the data.
WellSky undergoes yearly penetration tests (where we pay someone to try to hack the app) with a third party. Additionally, WellSky performs monthly scans of its production systems using a tool called Tinfoil Security to identify vulnerabilities. WellSky undergoes an annual third-party audit as part of its HITRUST certification (and WellSky is HITRUST certified). WellSky PaaS tool, Aptible, is HITRUST certified as well.
All WellSky Social Care Coordination data is stored in the US, in Amazon Web Services data centers (in Northern Virginia, with daily backups to Northern California). AWS manages physical security of the data, and is regarded as a best-in-breed cloud hosting provider. PHI and PII are never stored on employee workstations.
WellSky employs a host-level Intrusion Detection system, combined with a SIEM, SumoLogic. Network-level monitoring is managed by Aptible.
User controls
WellSky employs logical controls based on team and company structures to manage user access to data. All users are required to have their own accounts; WellSky does not allowed shared accounts. All actions taken within the application are logged.
WellSky requires all users to change their passwords every 180 days. Passwords cannot be the same as the last 5 passwords used, and require an uppercase character, a lowercase character, and a special character. WellSky logs users out from the application after an hour of inactivity.
Company admins are able to provision and deprovision users within the application, allowing clients to manage offboarding on their own (without needing to request this from WellSky).
Personnel Controls
WellSky has two systems in place to protect against rouge employees who might access PHI. The first is our HIDS, a host-level Intrusion Detection System (HIDS) on our server instances. We use this to monitor and periodically generate reports. This lets us know, for example, if an unusual sudo
(admin-level) command or apt-get
is run on the host level. Second, we have SumoLogic in place as our SIEM, which can alert to unusual behavior at the application layer.
WellSky practices a principle of least access. Employees are given access to the least sensitive systems required to do their jobs, rather than global access to all employees for all systems. All employees undergo HIPAA compliance training annually, with an assessment that they must complete. Developers receive additional training through the same system, focused on secure software development and subject to assessment.
All employees are run through a list of appropriate background check lists before being hired, and on an ongoing basis once hired. These background checks include SSN and address history verification, criminal history checks at the county, state, and national level, sex offender registry check, a global watchlist check, HHS OIG exclusion list check, EPL check, State exclusion lists check, and GSA SAM exclusion list check.