At Felt, our seamless flow of information underscores our commitment to privacy, security, and the effective use of technology in healthcare.
First Party and Third Party Data flows
During onboarding, the Felt Clinic collects first-party data through questionnaires, capturing essential health information. This data, alongside device measurements, is securely saved to the Electronic Health Record (EHR) system, ensuring a personalized and informed healthcare service. Consultation notes generated during appointments are then shared back to members, originating directly from Felt’s EHR, to keep them informed and engaged with their health journey.
Secure Software Development Lifecycle
The Felt team adheres to a Secure Software Development Life Cycle (SSDLC) to ensure the security and reliability of our telehealth application. This process integrates security practices at every phase, from planning and design to implementation, testing, and deployment. We conduct regular security assessments, code reviews, and vulnerability scans to identify and mitigate potential threats. Our development team is trained in secure coding practices, and we leverage encryption for data in transit and at rest. By prioritizing security at each step, we aim to protect patient data and maintain trust in our platform.
Penetration Testing
As part of our commitment to security, the Felt team conducts an annual Third-Party Application Penetration Test with an external vendor. This rigorous testing process simulates real-world attacks on our systems to identify and rectify potential security vulnerabilities. By engaging with specialized third-party security experts, we gain valuable insights into our application’s defense mechanisms, ensuring they can withstand sophisticated cyber threats. This proactive approach is crucial for maintaining the integrity and trustworthiness of our telehealth platform, safeguarding patient data and ensuring compliance with industry regulations.
Static Analysis
The Felt team employs both SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) to bolster our application’s security posture. For SAST, we use JavaScript linters and static analysis tools that scrutinize our codebase for security flaws without executing the code. These tools help identify vulnerabilities early in the development process. For DAST, we simulate attacks on our live application to detect runtime vulnerabilities. This comprehensive approach ensures our telehealth platform is robust against security threats, maintaining the integrity and trust of our user data.