WellCentive´s applications and databases are all housed on HIPAA compliant servers.

Our servers are co-located with the largest privately held provider of HIPAA compliant hosting services in the United States where they are housed in a SAS 70 certified, TIA Tier 3-4 HIPAA compliant facility.

Security measures controlling physical access to this facility utilize biometric, keyfob, and PIN code controls.

In addition to dual power supplies and dual power distribution paths, the server facility is served by two separate power grids and has a backup generator with at least 2 weeks of fuel on-site. 100% uptime is guaranteed from 7 am to midnight EST.

Our servers are also protected by network monitoring and PIX 501 Firewalls with management services.

Further information regarding this facility´s fire suppression, environmental monitoring, UPS systems, cooling systems, and grounding layout is available upon request.

WellCentive addresses hardware failure risks by using RAID 1 (mirroring) for hardware fail-safety and addresses data loss risks by using full weekly backups and daily incremental backups. Backup media is stored in an offsite vault.

Access to the WellCentive applications is via HTTPS protocol, and our servers are configured to use Sun´s implementation of SSL (JSSE).

We use 128-bit data encryption, certified by VeriSign, for all data that are transmitted from or received by our applications. VeriSign is the only leading SSL Certificate provider to offer SGC-enabled SSL Certificates (the strongest type of SSL encryption) and is the SSL Certificate provider for the 10 largest U.S. banks and for over 90% of Fortune 500 companies. VeriSign guarantees that our clients´ users and their data will benefit from this advanced data encryption method regardless of which operating systems or Web browsers are in use.

Management access to our applications requires authentication and is allowed only from previously determined IP addresses and only via secure protocols. These measures ensure that only authorized individuals can perform application management actions and that these actions can only be performed from specific locations.

Our applications use a J2EE role-based security model, and each role has a predefined set of allowed operations.