Trust & Security
Our Approach to Privacy
At HealthJoy, we believe that privacy is your fundamental right. We design our technical systems, processes, and services to protect your information. We understand that your healthcare data is the most personal information possible and take extreme care when working with it. We never share a member's data with their employer, spouse, or any other third party without consent.
We are compliant with applicable federal privacy laws including the Health Insurance Portability and Accountability Act (HIPAA), which has strict guidelines on how to handle health data.
Only You Can Access Your HealthJoy Account
You can secure your HealthJoy account with a password that meets best practices — at least eight characters long, containing digits, alphanumeric, and standard characters. You can also use advanced security technologies such as Touch ID or Face ID to log in.
Your employer may also enable two-step authentication for an added level of security. We monitor your account setup and notify you if your password is ever compromised.
Your Healthcare Data Belongs to You
We will not share your protected health data with your employer without your consent. Any data shared with an employer is fully anonymized and aggregated across the entire employee population — an employer will never see your individual health record.
For example, an employer might see how many online medical consultations occurred company-wide in a given month, but they will never know your personal activity. HealthJoy does not gather personal information to sell to advertisers or other organizations.
Our Approach to Data
We take cybersecurity seriously. All data transmitted and stored by our app is encrypted using the latest encryption standards. HealthJoy has achieved the Type II SOC 2 attestation — an annual third-party audit that affirms how securely we manage and process your data.
Robust Employee Training
Our employees are trained to provide confidential, one-on-one help navigating the complex healthcare system — working with providers, facilities, insurance companies, and other health-related organizations to resolve complex issues.
Every employee undergoes extensive HIPAA training. If a HealthJoyer ever needs to work with a third party on your behalf using sensitive information, we obtain your consent first. We take the trust our members place in us seriously.
Your Transactions Are Safe
Your peace of mind is our highest priority. Our app connects with third-party financial accounts including 401k, HSA, FSA, HRA, and more, using cutting-edge encryption to keep your personal information fully secure.
For members with high-deductible health plans, medical consultation fees are processed through Stripe, a PCI Service Provider Level 1 that handles billions of dollars in transactions annually for the world's largest companies. HealthJoy never stores your financial information on our servers.
Only the Best Partners in the Business
Your mother was right — people judge you by who you associate with, and we take that to heart. We only work with companies that handle your data with care, ensuring through both process and technology that all information is treated correctly. We require our partners to maintain data security and full HIPAA compliance.