In compliance with HIPAA regulations, in-flight data is 128 bit encrypted. Data at rest is also HIPAA compliant with 256 bit encryption. Your login occurs over SSL (https) and is thereby also secure.
In keeping with Open Authentication Standards (2.0), we allow for sign in to occur through AppleId, Facebook, Google, Yahoo, or LiveID. FollowMyHealth™ does not store your username/password. Your credentials will continue to be maintained by those companies. An authentication token is given to FollowMyHealth after your successful login with them in order to verify your identity and to grant you access to your universal health record. This is stored only as a session cookie and will remove itself from your system the moment you close the browsing window (the entire window/program; not just the existing tab).
If you would like to add an additional security step to your authentication, please visit this article.