The Well Family of Solutions (the "Apps") allows consumers to mange their health by downloading their existing medical records and helping them actively manage their health. The Apps acts as a medical records browser using the open standards of the Internet to connect to the patient portals where medical records exist.
Well and HIPAA
daVinci follows HIPAA regulations in the treatment of all Personally Identifiable Health Data. HIPAA’s Standards for Security of Electronic Protected Health Information (the "Security Rule") requires certain administrative, physical, and technical safeguards with respect to electronic PHI ("ePHI") to reasonably ensure the confidentiality, integrity, and availability of such information. Because the Well creates, receives, maintains, and shares ePHI on the User’s mobile device, we follow the HIPAA regulations regarding::
· Audit Controls and System Activity Review
· Security Official and Training
· Safeguarding Passwords
· Physical Security
· Disposal, Reuse, and Inventory of Device
· Automatic Time-Out
· Integrity Control
Our goal for Well is to help you, the consumer, manage your health. To that end, we do not intend to nor do we have the mechanism to share your data with anyone other than the registered users and the users they care to share this data with.
Our business model does not depend on selling or sharing the data with any third parties, in fact we feel it is critical that anyone using Well are able to feel secure that their data is not being used for anything other than their own purposes. As far as we are concerned, your data is your data. You have the option to share it with other Well users, but we have security measures in place to keep anyone else from seeing your data.
daVinci follows HIPAA Regulations daVinci realizes the importance of sharing your data securely and precisely, two issues that HIPAA addresses. We follow all HIPAA regulations in order to protect the dissemination and privacy of your data. Our privacy statement is available online here as is our terms of service.
Well and Data Ownership
The Well family of products are all centered around the patient. The data in Well is your data, we follow HIPAA regulations to keep your data safe and to give you the control you choose to share that data with. Connecting with your doctors in both directions can by making sure that everyone knows what's going on. However it's still your choice to include doctors, or caregivers. You can revoke your consent at any time.
Your Data Your Security
Securing your data is of the utmost important to us. We have to make sure that the wrong people don't get your data, but also that you can get to your data. We have designed the system with state of the art encryption, PKI server security and security measures that we learned during our time working at the DoD and TSA. We regularly conduct 3rd party security assessments to identify any potential flaws before they are exploited. We will recommend industry best practices and give you the tools to both secure the data and to share the data.
Well saves your health data your mobile device. You should protect your device accordingly. The more you are concerned about security of your data you should use more strict security controls. We recommend that you pick a short inactivity screen lock time (60 seconds) and you pick a difficult device unlock password, not just a 4 digit pin. Using any device password automatically encrypts all data on the iPhone and Android phones at rest. Having a difficult password will keep someone from guessing your PIN, which will significantly increase security. iOS and Android use applicaiton sandboxing which keeps applications from being able to read information from other applications without explicitely user permission to do so..