At knownwell, we believe that your health journey is personal and sacred. Protecting your personal and health information is fundamental to earning and maintaining your trust. Because we care deeply about your well-being, we are committed to upholding the highest standards of security and privacy.
We promise to provide comprehensive, patient-centered, and expert-led care, treating you and your whole body with compassion and respect. Your privacy, security, and trust are our top priority, and we are here to support you at every step of your wellness journey.
We promise to provide comprehensive, patient-centered, and expert-led care, treating you and your whole body with compassion and respect. Your privacy, security, and trust are our top priority, and we are here to support you at every step of your wellness journey.
Overview of Security Practices
We recognize the critical importance of safeguarding your Protected Health Information (PHI) and employ robust security measures to ensure it remains secure. Our security safeguards vary depending on the nature and sensitivity of the data. We utilize industry-leading technology to protect your information. This includes the implementation of comprehensive information security controls, processes, and procedures across our infrastructure and products to maintain the safety of your health data.
Security Expertise
Our Information Security team comprises a diverse group of experts with extensive experience in information security, security infrastructure, secure development, privacy, and related regulations. This team is equipped with advanced certifications such as CISSP (Certified Information Systems Security Professional), master's degrees in Cybersecurity, and decades of healthcare technology governance experience.
Our engineers, developers, and associates come from various backgrounds, including the communities they serve, providing a unique advantage in addressing the privacy and security issues that matter most to our patients. We are committed to researching and implementing privacy-enhancing technologies tailored to the specific needs of our patients.
Our engineers, developers, and associates come from various backgrounds, including the communities they serve, providing a unique advantage in addressing the privacy and security issues that matter most to our patients. We are committed to researching and implementing privacy-enhancing technologies tailored to the specific needs of our patients.
Secure Development
knownwell is highly adaptable, employing a process for developing software that meets the dynamic demands of the modern healthcare landscape. All new employees receive training on the best practices for implementing a Secure Software Development Lifecycle.
Security personnel evaluate new product initiatives with a focus on Security by Design and Privacy by Design principles. Our system source code is regularly scanned for security vulnerabilities, including those identified by industry standards and organizations, such as the OWASP Top 10.
We conduct regular scans of our critical systems and infrastructure for security flaws, including automated scans.
Security personnel evaluate new product initiatives with a focus on Security by Design and Privacy by Design principles. Our system source code is regularly scanned for security vulnerabilities, including those identified by industry standards and organizations, such as the OWASP Top 10.
We conduct regular scans of our critical systems and infrastructure for security flaws, including automated scans.
Data Encryption
We use robust encryption methods to protect sensitive data, establishing compliance with legal, regulatory, and contractual obligations. Cryptographic algorithms, key lengths, and strengths are reviewed and approved by our security team before implementation to meet industry standards for data protection.
Our website operates via HTTPS, prioritizing internet security, and our databases are safeguarded using AES-256 encryption.
Our website operates via HTTPS, prioritizing internet security, and our databases are safeguarded using AES-256 encryption.
Access Control
Access to the knownwell production environment is restricted to authorized individuals only. Authentication is verified through user IDs, passwords, and secondary authentication factors. Our staff uses single sign-on (SSO) services to enhance data security across multiple platforms.
Incident Response
At knownwell, we take potential security breaches or data leaks very seriously. Our Incident Response Plan ensures that we can quickly and effectively respond to any security incidents to minimize impact and restore normal operations.
Response Strategies
Response Strategies
- Identification: We have systems in place to detect and identify security incidents promptly. Our monitoring tools and security personnel are trained to recognize unusual activity and potential threats.
- Containment: Once an incident is identified, our immediate priority is to contain the threat to prevent further damage. This may involve isolating affected systems and disabling compromised accounts.
- Eradication: After containment, we work to eliminate the root cause of the incident. This includes removing malware, closing vulnerabilities, and taking corrective measures to prevent recurrence.
- Recovery: We restore and validate system functionality to resume normal operations as quickly as possible. This step includes restoring data from backups and ensuring that all systems are secure and fully operational.
- Lessons Learned: Post-incident, we conduct a thorough analysis to understand how the breach occurred and what can be done to prevent future incidents. This includes updating our security policies and procedures based on the insights gained.
Contact Information
If you have any security concerns or need to report a security incident, please contact us immediately via email at security@knownwell.health
Our dedicated security team is available to address your concerns and respond to incidents promptly. Your vigilance and prompt reporting help us maintain the highest level of security for all our patients.
Our dedicated security team is available to address your concerns and respond to incidents promptly. Your vigilance and prompt reporting help us maintain the highest level of security for all our patients.
Availability & Continuity
To ensure the availability and continuity of our services, knownwell has disaster response procedures in place and personnel ready to address unforeseen issues within our technology stack. We utilize advanced monitoring systems to continuously oversee our services, identifying potential causes of service disruptions and addressing them proactively to prevent customer impact.
By implementing these comprehensive security practices, knownwell demonstrates a strong commitment to protecting your personal and health information, ensuring that your trust in our services is well-placed and safeguarded.
By implementing these comprehensive security practices, knownwell demonstrates a strong commitment to protecting your personal and health information, ensuring that your trust in our services is well-placed and safeguarded.
HIPAA Compliance
At knownwell, we are fully compliant with the Health Insurance Portability and Accountability Act (HIPAA). This federal law mandates the protection and confidential handling of protected health information (PHI). Our commitment to HIPAA compliance ensures that all personal health data is safeguarded through stringent administrative, physical, and technical security measures. We continuously monitor and update our practices to remain aligned with HIPAA regulations, ensuring your information is always protected.