Roche’s commitment to data privacy and protection in healthcare
A commitment to privacy and protection
Roche upholds the highest standards of ethics, ensuring integrity, transparency and respect in all our practices.
Data privacy
The right to privacy is a fundamental human right. Protecting and responsibly using personal data is central to Roche's daily operations. Viewing data as vital for innovation in treatments and diagnostics, Roche strives to be a preferred partner. We are committed to collecting and using data lawfully, ethically and fairly, respecting individuals' privacy to earn their trust.
Data minimization
Roche recognizes that a core-tenant of data privacy is to minimize the amount of data that is collected, processed and stored. Elements of our data minimization strategy include:
Collecting, processing, sharing and storing data securely and for well defined legitimate purposes
Data will only be used as intended and as described in contracts, data privacy notices, etc.
Retaining data for only as long as legally necessary and with compliance to laws, regulations and industry standards
Data classification
Many Roche solutions handle sensitive data (PII/PHI). To ensure effective and compliant protection, Roche classifies and categorizes this data as part of our data protection approach. This approach:
Allows for risk assessments to be conducted
Enables the creation and enforcement of data availability rules like “need to know”, or right to access
Enables the creation and enforcement of rules that protect the integrity of data
Enables the proper identification of sensitive information
Enables compliant data management throughout the lifecycle of the data
Privacy enhancing technologies
Roche protects sensitive personal health data using advanced privacy-enhancing technologies like anonymization, pseudonymization and confidential computing. These measures safeguard data throughout its lifecycle, reducing risks during processing, research and sharing while preserving privacy and enabling innovation.
Importance of protecting personal health data
Roche recognizes the sensitivity of personal health data collected throughout the patient journey. We protect this data through both cybersecurity and privacy-enhancing technologies, reducing risks in legitimate processing, research and data sharing.
Core principles of data protection
Our data protection principles aim to minimize exposure, restrict access and control data processing duration. These measures, supported by advanced technologies, safeguard patient data throughout its lifecycle, even during research or controlled sharing.
Anonymization and pseudonymization
Roche employs anonymization and pseudonymization techniques to protect individual privacy. These methods safeguard personal data, ensuring it remains secure and enabling valuable insights for research while preserving privacy.
Confidential computing
Confidential computing enhances security by protecting data during active processing. This technology ensures sensitive information is kept private, even during complex data analysis and machine learning operations.
Commitment to research and innovation
Roche is dedicated to advancing privacy-enhancing technologies through ongoing research and collaboration with the academic community. Our commitment to pioneering data protection tools reflects our dedication to maintaining high privacy standards in healthcare.
- Not every digital product is available in all markets. The use of any third-party app is subject to a separate license agreement with the respective third-party app developer. Roche gives no warranties (express or implied) with regard to any third-party app. Third-party apps might not be available in your country. This website and its content may be accessible worldwide, Roche assumes no liability with regard to the access to the information, which may not be compatible with legislations or regulations in force in your country.
- MC--19702