What are some of the key challenges your digital health clients come to you to tackle?
Clients come to us to assist with challenges at all stages of their experience operating in the digital health industry. We help companies tackle the intricacies of collecting and using safeguarding data, ensuring platform security, financing growth and expansion, managing sales-related considerations, meeting FDA requirements, licensing intellectual property assets, and meeting corporate governance requirements and expectations. I most frequently advise clients on privacy laws and best practices surrounding the collection, handling, and disclosure of personal and health information.
Because privacy is such a timely topic, can you explain some of the roadblocks to staying compliant in protecting users’ health data?
I would say that the top roadblocks in protecting users’ health data include:
- Not having the right people involved in project planning from the beginning. Privacy, IT, and other functions are often separated out and working largely independently of one another, so it is harder to bring everyone together from the get go to attempt “privacy by design,” and to think proactively about what information is being collected, from where, how, and why, and how it is being used, safeguarded, and disclosed.
- Approaching incident readiness and incident response in a piecemeal or after-the-fact way. If different business functions don’t communicate or collaborate well, it becomes harder to formulate smart incident response plans and test them out in meaningful ways. It is also harder to understand, in an interdisciplinary and cross-organization way, what the real privacy and security issues are, what the workable solutions are, and how to achieve those solutions.
- Not having the right “tone from the top.” If leadership views privacy and information security as secondary in importance, everyone else follows suit. If leadership recognizes these as things to tackle at all levels and in all departments, and in all projects from beginning to end, then that thinking permeates an organization and changes how things get done.
What piece of advice would you give a startup when thinking about launching a digital health product/service?
I always tell my startups to think about privacy and information security from the beginning. Everyone – customers, regulators, potential investors –is asking more questions about how information is being gathered and why, what is being done with it, and how it is being safeguarded. If you have thought through these questions from the beginning, and have been guided by these questions throughout your product development, you will be much better off as you advance your product.