“Compliance success is a journey, not a destination,” said Emily Luvison during her presentation at the HIMSS conference in Orlando on February 14. Luvison, Senior Manager Compliance Programs at Roche Diagnostics Information Solutions, discussed the compliance landscape surrounding the NAVIFY portfolio, and Roche’s commitment to protecting personal data in the cloud.
Compliance is an all-consuming endeavor for Luvison and her team. And if the legal requirements enacted by HIPAA and GDPR are the signposts, the commitment to data security is the highway on which Luvison navigates.
It is everyone’s right and freedom to have their data protected, she says. The damage to a patient from a breach of their personal data can be significant: sensitive data, including patient records, can be sold on the dark web, causing personal and financial harm. The impact to Roche from such an incident may be multifold: not just financial penalties, but harm to the company’s reputation and a breach of the patient’s trust.
What makes security and privacy in the cloud challenging? Rapidly changing technology and new security threats are top concerns. So is the constantly changing global regulatory environment Luvison operates in. Different countries and regions impose their own regulations and restrictions. Staying on top of the data types and requirements for data localization and transfer requires constant diligence.
How does Luvison navigate the journey to compliance? “We take a phased approach,” she said during her presentation. Phase one involves a baseline analysis of the privacy and security requirements. In phase two, procedures and technical controls are put in place to prevent and detect risks; and processes such as incident response and recovery activities are disseminated, tested and updated. The third phase measures adherence through internal and external audits and certifications.
Luvison admits that the complexity of all this keeps her up at night. “We’re always striving to do better,” she says. “At Roche, we are diligent about meeting all our commitments. At the same time, we seek to make things better for our clients and patients everywhere in the world.”