Your Health Information, Protected.

Protecting your private health information is a serious matter. WLT strictly adheres to HIPAA Privacy Rule standards, keeping your data and information secure while utilizing the most reliable and multi-faceted protective measures and security partners.

System Security

We take data security seriously.

Access to WLT’s Oracle Cloud solution is via Microsoft’s Remote Desktop service, utilizing a secure desktop gateway. Secure RDP credentials are required for server accessibility. Further security enhancement can be set up using a VPN, allowing traffic only from specific addresses. In addition, repeated failed login attempts are monitored by our network security team.

Data is stored in Oracle tables, encrypted in Oracle’s Cloud, and nightly backups are moved offsite to a secure location. When quarterly system updates are released, systems are tested in multiple environments with different database versions, different operating systems, and different updates. If a conflict is identified, we work to resolve the conflict with either a programming or environment update.

Oracle Cloud logo

Oracle Cloud

Meet our trusted security partner.

Oracle Cloud is a cloud computing service offered by Oracle Corporation providing servers, storage, network, applications, and services through a global network of Oracle Corporation-managed data centers. The company allows these services to be provisioned on-demand over the Internet.

Discover more

Questions About
Keeping Your
Information Protected?

System and Organization Control (SOC) 2 Type 2 Report

Overview

lock

Overview

WLT implements policies and procedures that ensure periodic assessments and evaluations are performed, considering all elements of security as it applies to AICPA trust services criteria. We communicate findings, remediation options and recommendations, and remediation decisions to those charged with management and oversight of key processes and systems. WLT engages a third-party auditor to perform a SOC 2 examination annually. The SOC 2 examination includes trust services criteria related to security, and the report, prepared by an independent auditor, is available for distribution to clients.

Findings of the SOC 2 report include:

  • Risk Management
  • Monitoring Activities
  • Incident Response Plan
  • Business Continuity Plan

Risk Management

Shield with warning inside

Risk Management

Formally documented policies and procedures are identified to govern risk management. Policies outline formal risk management practices to gain an accurate and thorough understanding of the potential risks to and vulnerabilities of the confidentiality, integrity, availability, and safety of information and information systems.

Monitoring Activities

Eye with corners around

Monitoring Activities

Internal controls are reviewed on at least an annual basis. The effectiveness of internal controls is monitored to ensure that relevant issues or nonconformities to internal controls are accurately identified, documented, and tracked through remediation. WLT’s management team meets bi-weekly to review any significant incidents related to security. WLT’s security team also holds periodic meetings to ensure issues are promptly reviewed and actively tracked through resolution. WLT uses a variety of specialized tools and capabilities deployed in the Oracle-hosted infrastructure to monitor system capacity and availability, detect and track security events, and act on them as quickly and efficiently as possible.

Incident Response Plan

Form with warning triangle

Incident Response Plan

WLT has a documented Incident Response Plan (IRP) which establishes the procedures to be undertaken in response to information security incidents. The IRP is communicated to appropriate personnel and includes the following:

  • Incident identification and classification (events, vulnerabilities, incidents, unknowns)
  • Roles, responsibilities, and communication protocols
  • Incident reporting procedures
  • Containment and eradication strategies
  • Postmortem analysis and post-recovery reporting

The IRP is updated annually, or more frequently, based on incident outcomes. In years that security incidents do not occur, WLT conducts a test of the IRP and the ability of the Incident Response Team to execute the plan on an annual basis, documenting test procedures and test results. Gaps, areas of improvement and lessons learned are utilized to modify the plan, as needed. WLT monitors the production system for potential security vulnerabilities and maintains a detailed record of security incidents.

Business Continuity Plan

Form with briefcase

Business Continuity Plan

WLT has documented and implemented a business continuity plan to be activated and followed if damage and/or disruption to a system environment is of sufficient magnitude to warrant activation of the plan. The plan documents preparations and actions required for recovering essential corporate and IT operations, as well as maintaining business operations. Production data is cross replicated on the cloud and onsite to protect sensitive data from loss in the event of a system failure.