Wellola takes the care of our customers'- and their clients'- data very seriously. We believe that the Digitisation of any business process must be matched with proportionately sophisticated Cybersecurity measures to guard such sensitive data as protected health information. 

Secure By Design

Secure Facility & System Access

We take the care of our clients' data very seriously. Wellola stores all data in secured, state-of-the-art facilities Amazon Web Services (AWS) data centers within the EU, which are HIPAA compliant, fully-secured, state-of-the-art facilities.We can set up a data centre in your specific region should your organisation so require. 

Wellola uses two-factor authentication when logging into AWS. When using Secure Shell (SSH) to gain access to our servers 

Wellola uses private keys. 


Wellola uses Hyper Text Transfer Protocol Secure (HTTPS)- the secure version

of HTTP, using a 256-bit Secure Socket Layer (SSL) certificate all throughout the site ensuring a 2048-bit encryption in transit so that data is always safe when being transferred from your device to our servers. 

Wellola uses Real-Time Communications (WebRTC} for all video and voice calls made within its platform. WebRTC is often described by the industry professionals as the most secure VoIP solution. VoIP is the technology that converts your voice into a digital signal, allowing you to make a call directly from a computer, a VoIP phone, or other 

data-driven devices.

Data Processing

As a Data Processor, our operations are acted upon only by documented instructions from the Controller and under Article 28 (3). Wellola as a Data processor will:

  • Commit to confidentiality
  • Take all security measures as prescribed by Article 32
  • Abide by the rules for engaging a sub-processor (DPA in place with AWS) 
  • Furthermore, with the support of DNM Group we can assist customer Data Controllers in complying with rights of data subjects (That are hosted on the AWS platform)
  • Assist customer Data Controller with security requirements and/or breach notifications
  • Delete or return personal data to the Controller where requested
  • Demonstrate compliance with the above (through audits and inspections AWS, ISM 27001)

Business As Usual

Continuity of Service

Critical to Wellola is ensuring a 24x7x365 service without interruption delivered in a manner that minimises unplanned interruptions for our customers.

We aim for business continuity for our clients; any pre-planned interruptions are kept to a minimum and effectively devised to ensure the least possible impact on service users during agreed maintenance or software updates.

You can see our uptime status page here.

Maintenance & Updates

  Wellola offers regularly scheduled maintenance to maintain hosting service levels and compatibility with any incumbent software (including revisions) and/or interfaces. Any technical refreshes as required to meet business requirements and management of refreshes are timed, where possible to minimise business disruption; to include planning, procurement, change management, and implementation.

Wellola aims to maintain compatibility of the services and software with all hosting hardware, hosting software, operating system versions, database versions, third-party software, and configurations. To include quality assurance processes, testing and corrective action, in collaboration with other providers as required, to ensure software and revisions to the software are suitable for release.

Disaster Recovery

At Wellola, we understand that a solid disaster recovery (DR) plan should be a critical part of every hospital's data management strategy. 

Wellola works with on-site in-house IT teams to implement an organisations DR strategy in alignment with that of each hospital & community-based site. 

This DR plans aims to achieve a recovery point objective (RPO) of less than 24 hours and a recovery time objective (RTO) of minutes. Wellola is a cloud-based solution, 

therefore our DR plan has

been architected with the cloud in mind, leveraging the advantages of the public cloud in terms of instant availability and long-term retention, while being optimized for bandwidth reduction and minimizing the impact on


Monitoring & Backing Up

24/7/365 Monitoring & Backing Up

Wellola offers an extensible, scalable, redundant, and resilient infrastructure with pro­ active monitoring for mutually agreed upon events, alerts, alert thresholds, monitoring event reports, and the management and reporting of monitoring related incidents. 

Wellola takes backups of data daily on Amazon Web Services servers for maximum physical security. Wellola uses several monitoring systems so that our IT team would instantly be made aware of any faults should they need to be addressed. We also monitor our servers is using AWS Cloud Watch.

Website uptime/downtime is currently monitored by Pingdom.com.

Our back-up services include installation and configuration of backup system and supporting software; failure/fix management for the backup environment; monitoring and maintenance of backup processes; and scheduled backups, restores from backups and management of backup media.

Additional Third Party Monitoring

Wellola avails of third party 24/7 monitoring that takes advantage of the latest statistical mechanisms and machine learning to provide a premium quality control & risk management service. As such, we are able to identify abnormal patterns of behaviour quickly and take the appropriate action, thanks to our heterogeneous monitoring and logging systems.

With regards our technological quality management system (OMS) control, Wellola is proud to work with DNM Group, who are certified to ISO27001:2013 and have been accredited as AWS Well-Architected Premier Partners. This is in recognition of their

deep AWS knowledge and hands-on experience in architecting, building, migrating, and optimising architectures that follow the AWS Well-Architected Framework.

Architected Reviews

This also enables DNM to carry out Well-Architected Reviews of Wellola on behalf of AWS and our customers.This allows us to prove to our customers and other stakeholders that we are carefully managing the security of their information. This standard adopts a process based approach for establishing, implementing, operating, monitoring, maintaining, and improving our customers Information Security Management Systems.

Integration As A Given

Secure Data Migration

Our solution is designed to synthesize and integrate data securely from multiple sources and across multiples areas of the health service in a way that makes sense of data in one portal. 

Wellola is fully interoperable and would be considered a key enabler to the provision of the right information and data seamlessly integrated within defined clinical workflows

Application Interface

The system is healthcare standards based

(HL7, FHIR) and can provide FHIR endpoints open to third party developers. All modularity has the capacity to integrate with all national integrations. With access to APls and/or permission from incumbent providers, Wellola can allow for bi­ directional (read/write) interfaces between our proposed solution and each of the systems currently in use by the 

Interfacing With Third Party Systems

Wellola currently interfaces with several software systems on behalf of our customers requirement's. Wellola has data processing agreements in place with all third party providers, ensuring clarity around roles and responsibilities and protection of our client's information.

When implementing any change or upgrade, customers are given notice of timing and any changes are made at intervals to minimise disruption to our clients' working day. The same method has applied to any system upgrades with interfaces to other third- party systems.

Contact Us

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.