Our Commitment to Health Data Security for Consumers

Who we are

b.well’s mission is to transform healthcare into a simple, on-demand experience that puts you at the center of the equation. By providing a delightful consumer experience and comprehensive data interoperability, b.well makes it easier for companies to deliver hyper-personalized healthcare programs that meet consumers’ unique needs, while improving outcomes across the industry.

Why we do what we do

Today’s consumers are struggling to navigate a confusing jumble of apps, portals, and logins from their physician, their insurance company, and their employer. For the family health navigator, all of these access points need to be managed for each family member, often including elderly parents.

It’s time we simplified things to provide a consumer-friendly health experience. Rather than more apps and portals, consumers need a single, persistent, portable, and easy-to-use solution that adds value to the healthcare experience by making fragmented pieces work better together.

Building on the patient’s HIPAA right of access, b.well is creating an environment where you have the ability to access and connect your health data from multiple sources to build a unified, digital health record for you and your family members.

How we help you access your data and keep it private and secure

b.well’s goal is to help you access your health data from any provider, health system, pharmacy, lab or other healthcare office which may hold your records, and bring it into a central digital location to create one health record for you and your healthcare team, such as your primary care provider, other specialists you may see, and any caregivers who help you.

Our product not only helps you gather your data, but also offers proactive, personalized insights about your health based on the data you’ve connected. At times, we deliver our services through applications that our customers make available to you. Whether you use a b.well branded application or our services through a different application, our commitments to protect your health data and privacy remain the same.

We are not a medical device, nor a replacement for your doctor. Instead, we’re an additional source of support as you navigate the healthcare system. We take this role, and your privacy and security, very seriously.

Our privacy policy and terms of service are written to protect you

  • We keep our data policies transparent and consumer friendly. It’s important to us that you know how we operate, and that you can make informed decisions about how to use your data. 
  • We help you select permissions for who can see your data – and you can change your mind on your permissions anytime – so you stay in control.
  • Except when sharing is required by law, to deliver our services, or to protect our interests, your data will never be shared without your permission, and we apply safeguards to limit access and keep your data protected.
  • If we change our privacy policy or terms of service, we let you know what’s been revised.
  • We will never sell your data. 
  • If you ever want to use your “right to be forgotten”, you are free to do so anytime by contacting Support through your user account and asking that your account be deleted and to exercise your right to be forgotten. 
    • Right to be forgotten means that we delete your information from our current databases.
    • If you already gave permission for someone else to access the data, we will stop sharing, but you may need to contact them separately to delete your data.

We’re leaders in consumer health data access and privacy

To confirm our commitment to safeguarding your health data, b.well voluntarily follows the CARIN Alliance Trust Framework and Code of Conduct, an industry-leading set of best practices for protecting the confidentiality of your health data and your privacy rights. This promise is made public on MyHealthApplication.com, which is maintained by CARIN.

By promising to follow the CARIN Code of Conduct, we hold ourselves accountable to you and to the U.S. Federal Trade Commission (FTC). If we fail to live up to this promise, complaints can be made to the FTC.

The Code of Conduct covers such items as:

  • Plain language privacy policy
  • Clear options for consents to retrieve and/or share your data
  • Right to change your consents at any time
  • Right to request the deletion of your account and health data
  • Data security safeguards to protect your private information
  • Requirements for notifying you if and when breach occurs that compromises your data or privacy

We follow the highest industry standards in data security

We work to meet and/or exceed HIPAA requirements and other industry data practice standards.

Our systems are subject to annual security reviews and have achieved HITRUST and US NIST cybersecurity framework (CSF) certification, which require independent verification of our security-related policies, procedures, and implemented controls by external auditors on at least a biennial (2 year) basis.

Your data is encrypted in secure servers, not stored on your local device; and always encrypted during transmissions.

It’s impossible to eliminate all risk in a cyber environment, but we believe we are following industry best practices for minimizing data breach risk to a reasonable level.

Have questions? Connect with our team to learn more.