Security

Last updated: Jan 9, 2023

We at FOLX Health are honored to be taking care of you, and we treat the responsibility of handling your data securely as a top priority. Read on below for our security policies and protocols.

Security Statement

  • FOLX Health is dedicated to maintaining the safety of our users and members. We at FOLX Health understand the importance of safeguarding your PHI and do everything we can to keep it that way.
  • The security safeguards FOLX Health employs to safeguard your information vary depending on the nature and level of sensitivity of the data.  We use technology that meets or exceeds industry standards.
  • We have put in place sufficient information security controls, processes, and procedures across our infrastructure and products to ensure the safety of FOLX members' health data.
  • The Information Security team at FOLX Health consists of a diverse team of experts with many years of experience in information security, security infrastructure, secure development, privacy, and related regulations.
  • Engineers and developers at FOLX Health come from many walks of life, including the communities they serve. Therefore, our staff has an inherent advantage in addressing the privacy and security issues that matter most to our members. To that end, we're constantly researching privacy-enhancing technologies (PETs) that may be tailored to the specific requirements of our members.
  • Certifications and degrees held by the FOLX Health security team include, but are not limited to, the CISSP, CySA+, and a Master of Science in Information Security and Assurance.

Secure Development

  • The staff at FOLX Health is highly adaptable. It has developed a process for creating software that can adjust to the dynamic and competitive modern business landscape.
  • All new hired employees receive training on the best methods for implementing the Secure Software Development LifeCycle (SSDLC).
  • Security personnel evaluate new product efforts with an eye toward SbD (Security by Design) and PbD (Privacy by Design) principles.
  • System source code is scanned for security flaws (e.g, OWASP top 10).
  • On a regular basis, we conduct scans of our existing critical systems and infrastructure to look for security flaws.
  • At least annually, we employ automated scanners and manually penetration tests by external independent parties.

Encryption

  • FOLX Health uses encryption to safeguard sensitive data, which helps meet legal, regulatory, and contractual obligations.
  • Before being implemented, all cryptographic algorithms, key lengths, and strength used by FOLX Health must be reviewed and authorized by the security team to ensure they meet industry standards for data protection.
  • Internet security is prioritized on FOLX Health, hence the website operates via HTTPS.
  • AES-256 encryption is used to safeguard our database.

Access Control

  • Only authorized individuals are allowed access to the FOLX Health production environment.
  • A user ID, password, and secondary authentication factor are used to verify the identities of authorized personnel.
  • FOLX Health staff use single sign-on (SSO) services to increase data security across many platforms.

Availability & Continuity

  • FOLX Health uses encryption to safeguard sensitive data, which helps meet legal, regulatory, and contractual obligations.
  • We have disaster response procedures in place and personnel available to handle any unforeseen issues within our technology stack.
  • FOLX Health uses advanced monitoring systems to keep a close eye on all its services.  Our approach to monitoring is designed to identify potential causes of service disruptions and address them before they impact our customers.