NAVIFY

Cloud Security with the NAVIFY Tumor Board solutionCompliant. Secure. Dependable.

Trust that your oncology patients’healthcare information stays protected.

In the era of precision medicine, you can keep patient data secure and accessible to the right specialists.

Security breaches are on the riseIn 2017, huge data breaches in systems such as Indiana Medicaid (1.1 million enrolled patients) and Molina Healthcare (4.8 million patient records compromised) continue to affect the integrity of healthcare systems and expose major vulnerabilities in their security protocols.1,2

HIPAA privacy and security breaches are on the rise,

costing the U.S. healthcare industry an estimated

One recent survey found that nearly one-third of patients would change caregivers if their protected healthcare information was breached.1

The NAVIFY Tumor Board solution is built to keep healthcare data safeHealthcare organizations face many unique challenges when it comes to their technology, which is why adopting purpose-built cloud-based solutions is becoming an industry-wide best practice. Cloud deployment allows access to expansive resources and expertise, is fl exible enough to scale or integrate with other hospitals’ systems, and most importantly, runs regular, fully-tested system safety checks for protection against the latest cybersecurity threats.

Roche built the NAVIFY Tumor Board solution from the ground up to be deployed and hosted in the cloud, partnering with industry leader ClearDATA to ensure protected health information (PHI) remains secure. The NAVIFY Tumor Board solution is built around safeguarding all the different kinds of sensitive data being entered into it, including patient data from EMRs, imaging data from PACS, laboratory results, etc.

PatientData

Delivering best practices—securing data in the cloudWhen moving computer systems and data to the cloud, security becomes shared between the software and the cloud service provider. This shared model can reduce operational burden and assure data is only accessible by authorized users.4

As the diagram below shows, ClearDATA provides a managed service to host the NAVIFY Tumor Board solution on the Amazon Web Services (AWS) infrastructure. AWS takes responsibility for securing the underlying infrastructure that supports the cloud, and the actual physical hardware needed to do so. ClearDATA then controls what gets deployed into the infrastructure, audits who accesses the infrastructure, and monitors what is happening in the infrastructure. The multi-tier authentication established by its cloud service providers help the NAVIFY Tumor Board solution add layers of protection on top of the traditional username and password.

THREE LEVELS OF CLOUD-BASED SECURITY TO PROTECT PATIENT DATA

The NAVIFY Tumor Board solution: Application

ClearDATA: Operating SystemNetwork & Firewall Confi guration Encryption

AWS:Compute & StorageGlobal Networking ServicesOn-site Surveillance

Certifi cation/Compliance

Infrastructure(ClearDATA)

The NAVIFY Tumor Board solution

(Roche)

HIPAA

HITRUST 2018*

ISO 27001 2018*

Certifi ed and dependable cloud partnersAmazon Web Services (AWS) serves several of the world’s largest healthcare companies with their cloud infrastructure. Roche chose to partner with AWS to leverage their experience with meeting security and privacy requirements that help safely manage PHI in the cloud. In addition, Roche has also partnered with ClearDATA, who builds their capabilities on top of AWS. More than 350,000 healthcare professionals trust ClearDATA to protect their patient data and power the back end of their critical applications.5

ClearDATA is certifi ed by the Health Information Trust Alliance (HITRUST)6 to be fl exible and effi cient enough to rationalize the industry’s mandatory regulations and standards within its security framework. And its ISO 27001 certifi cation6 can help assure that any changing security needs in the future are managed on an ongoing basis in a holistic, comprehensive manner.

ROBUST CERTIFICATION

*Estimated.

Why the cloud overon-premise systems?While some IT healthcare professionals worry that the cloud is not as secure as on-premise IT resources and servers, investigations into the highest-profi le and most costly data breaches have found that the entry points existed within on-premise company fi rewalls, rather than at cloud infrastructure points.7

Cloud platforms not only undergo rigorous penetration testing and allow for a more rapid response to security issues, but also offer various operational advantages that help healthcare IT systems run more smoothly. Systems built using cloud services can support rapid development and innovation to help prepare IT systems for growth and the future needs of care teams.8

For example, the ability to share healthcare information between care specialists easily and securely is crucial for optimal care, and cloud services are good enablers of streamlined communication. Unlike on-premise systems, the cloud offers users remote access to applications and data at anytime from anywhere, introducing global collaboration possibilities for multidisciplinary teams.

HEALTHCARE DATA IN THE CLOUD

Over 75% of surveyed healthcare organizations either have their PHI data in the cloud, or anticipate migrating to the cloud in the near future.9

Moving to the cloud provides more expansive resources for collaboration to help improve outcomes, and protects against the latest, ever-evolving threats of a data breach.

References1. Javelin Strategy and Research. Avoidable Collateral Damage from Corporate Data Breaches: Assessing the Effects of

Data Breach Remediation on Financial Institutions, Healthcare Providers, and Merchants. https://s3.amazonaws.com/images.chaptermanager.com/chapters/6c046b1c-5056-8960-3e72-8ca01ebbaf7c/fi les/javelin-avoidable-collateral-damage-from-corporate-data-breaches-1470584165143.pdf. Published April 2014. Accessed August 15, 2017.

2. HealthcareITNews. The biggest healthcare breaches of 2017 (so far). http://www.healthcareitnews.com/slideshow/biggest-healthcare-breaches-2017-so-far?page=19. Accessed August 15, 2017.

3. Ponemon Institute LLC. Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data. http://lpa.idexpertscorp.com/acton/attachment/6200/f-04aa/1/-/-/-/-/Resources%20-%20Sixth%20Annual%20Benchmark%20Study%20on%20Privacy%20and%20Security%20of%20Healthcare%20Data%20.pdf?cm_mmc=Act-On%20Software-_-email-_-ID%20Experts%20Download%20-%20Sixth%20Annual%20Benchmark%20Study%20on%20Privacy%20%26%20Security%20of%20Healthcare%20Data-_-Download%20Now&sid=TV2:9jSw7ddN2. Published May 2016. Accessed August 15, 2017.

4. AWS Security Best Practices whitepaper. https://d0.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf. Published August 2016. Accessed August 15, 2017.

5. Data on fi le. ClearDATA Web site homepage. https://www.cleardata.com/. Accessed August 15, 2017.6. ClearDATA. Amazon Web Services Partner Network Web site: http://www.aws-partner-directory.com/PartnerDirectory/

PartnerDetail?Name=ClearDATA. Accessed August 25, 2017.7. Where is your data safer? In the cloud or on premise? InfoSec Institute Website. http://resources.infosecinstitute.com/

where-is-your-data-safer-in-the-cloud-or-on-premise/#gref. Published October 11, 2016. Accessed September 1, 2017.8. Cloud Standards Customer Council. Impact of Cloud Computing on Healthcare. Version 2.0. http://www.cloud-council.org/

deliverables/CSCC-Impact-of-Cloud-Computing-on-Healthcare.pdf. Published February 2017. Accessed August 15, 2017.9. Level 3 Communications. The Cloud Evolution in Healthcare: HIMSS Analytics Survey Sheds Light on Where We’ve Been,

Where We Stand--And Where We’re Headed. Produced in partnership with HIMSS Media, 2016. http://www.level3.com/-/media/fi les/ebooks/en_cloud_eb_healthcare.pdf. Accessed August 15, 2017.

To learn more, visit us at NAVIFY.com/tumorboard.

Diagnostics Information Solutions (DIS)Roche Molecular Systems, Inc. 1301 Shoreway Road, Suite 300Belmont, CA 94002

NAVIFY.com/tumorboard

© 2017 Roche Molecular Systems, Inc.