Last updated: January 7, 2026

Information Security & Data Protection

BeWell Grace Medical, LLC is committed to protecting personal information and maintaining the confidentiality, integrity, and availability of information systems used to support our Florida telehealth-only services.

Important Privacy Notice (No PHI on WordPress)

This public website does not collect or store protected health information (PHI). Do not submit symptoms, diagnoses, medications, test results, or any PHI through website forms or email. Clinical communications and PHI are handled through the CharmHealth Patient Portal → .

Scope

This page describes our security practices at a high level. We maintain internal policies, procedures, and training to help protect: (1) personal information provided to us, (2) business information, and (3) payment-related information used in our operations.

Public summary vs. internal policy

For security reasons, we do not publish our full internal security policy or technical standards on this website. A comprehensive Information Security Policy is maintained internally and may be made available upon request to appropriate parties (for example, auditors, payors, or business partners), subject to verification and/or confidentiality requirements.

Key security practices

Access control and least privilege

Access to sensitive information is restricted to authorized personnel with a legitimate business need.
Role-based access and least-privilege principles are used to limit access to systems and data.
Administrative access is controlled and protected using stronger authentication where appropriate.

Data protection and encryption

We use safeguards designed to protect sensitive information at rest and in transit.
Where encryption is used, we follow recognized strong cryptography practices and key-handling controls.
We prohibit storing or sharing sensitive payment authentication data where not permitted or not required for business use.

Secure handling and transmission

Personnel are trained not to transmit sensitive data via insecure or end-user messaging channels.
When sensitive information must be transmitted, secure methods are used consistent with our internal standards.

Monitoring, logging, and vulnerability management

Logging and monitoring are used to help detect suspicious activity and support investigations.
We maintain a vulnerability management program, including regular scanning and remediation processes.
Security updates and patches are applied using a controlled change process.

Security awareness and training

Security awareness training is provided to personnel and updated periodically, including phishing awareness.
Personnel are expected to follow documented security procedures and report suspected security incidents promptly.

Incident response

We maintain an incident response process to triage, contain, investigate, and remediate security events.
We coordinate with appropriate parties as needed when a confirmed incident impacts regulated data.

Vendor and third-party risk

Third parties that may impact the security of sensitive data are evaluated before engagement.
Where applicable, written agreements require appropriate safeguards and responsibilities.
We monitor relevant compliance expectations for applicable service providers.

Data retention and secure disposal

We maintain procedures to retain data only as needed for legitimate business or legal purposes.
When no longer required, data is disposed of using methods designed to make it unrecoverable.

Related policies

Contact

For security, privacy, or compliance-related questions:

Email: [email protected]

Emergency notice

If you believe you are experiencing a medical emergency, call 911 immediately or go to the nearest emergency department. BeWell Grace Medical does not provide emergency care.

If a clinician recommends an in-person evaluation, it means with another provider, clinic, or hospital — not BeWell Grace Medical.