Skip to content

WELL Health is now Artera | Learn More

Certifications and Regulations

The Artera Security Program maintains robust security standards for protecting the integrity, confidentiality, availability, and privacy of the data we store and transmit. We hold ourselves to the highest standards for safeguarding your organization and the patients you serve.

HITRUST-CSF-Certified-Logo-2
27001Asset 1
ISO27701Mark-2
CoalfireISO27018-Cert_Logo-Reg_Color
TCPA-White-Logo-2

"[Artera]'s security program is particularly impressive, and security has clearly been a primary focus since the company’s beginning. [Artera] has made sure to consider the end-to-end data flow process, and they’ve conscientiously deployed all the necessary controls to best address safety, privacy, and potential risk."

Deepak Chaudhry

BDO, National Health IT & HITRUST Leader, President of Houston HIMSS Chapter

More Information

We have implemented security best practices and employ the services of independent third parties to evaluate and audit our practices against best-in-class security frameworks.

HITRUST

As the gold standard for organizations in healthcare, WELL has been HITRUST certified since 2019. The HITRUST CSF is a rigorous set of controls that covers, among other sources, all the requirements of HIPAA. At WELL, we’ve mapped our security controls to ensure we’re compliant with both HITRUST and HIPAA.

ISO 27001

Used by more than 60,000 companies worldwide, establishes requirements for forming, implementing, maintaining, and continually improving an ISMS. This standard serves as the foundation upon which the other ISO 27000 standards are built.

ISO 27017

Extends supplementary requirements for the implementation of information security controls for cloud services.

ISO 27701

Establishes requirements for the formation, implementation, maintenance, and continuous improvement of a PIMS to protect the privacy and processing of personal data. WELL has been certified against the ISO 27701 standard as a data processor.

ISO 27018

Provides further requirements beyond ISO 27701 for the protection of personally identifiable information (PII) within cloud environments.