Meet the Experienced Compliance Team Behind the BrightInsight Platform

Security experts bi

There’s nothing more important than ensuring security, privacy and regulatory compliance for our customers. That’s why we built a leadership team with a combined 65 years of experience in those domains.

Our BrightInsight Platform regularly undergoes independent verification of security, privacy and compliance controls, achieving certifications against global standards to earn—and keep—your trust. In fact, we’ve completed 13 audits just in the last year.

We have vast experience launching high-risk Class C Software as a Medical Device (SaMD), dosing algorithms, patient support and engagement apps, chronic disease management platforms, connected combination products and diagnostics, across a wide variety of therapy areas including diabetes, respiratory, oncology, ophthalmology, obesity, hematology, immunology and neurology.

When our clients plan their global regulatory roadmaps, we help them consider potential requirements in each market—at launch and as they scale and change risk levels.

How are we different? Before we implement a solution for our clients, we take what is regulated (privacy), then factor in how it is enforced (security) and then bake it in through our architecture by design. We always start with “by design” methodologies. This provides a framework for our privacy-friendly architecture with localized hosting capabilities, partial or full data decentralization, data obfuscation and minimization, as well as different data and process-oriented strategies to ensure privacy compliance and full data protection.

And, to help our biopharma and medtech customers with compliance and reporting, we share information, best practices and easy access to documentation. We’re constantly working to expand our coverage.

In short, we handle global regulatory compliance so you don’t have to.

Meet our Privacy, Security and Regulatory Experts

But it’s the people here at BrightInsight who are really the drivers behind our leadership in digital. The heads of our security, privacy and regulatory operations possess a combined 65 years of experience, covering a wide range of disciplines and expertise.

“At BrightInsight we are continuously working to address the ever-evolving global privacy and security requirements,” says Chief Information Security Officer and Chief Privacy Officer Kyle Becker, who has spent more than twenty years working for Fortune 500 companies in healthcare and finance in information security, M&A IT integration and program delivery. “We’ve developed a novel and turnkey privacy infrastructure to safely store patient identifiable information (PII) in a compliant way, anywhere in the world.”

“Our global data-protection strategy and programs position BrightInsight products for global regulatory readiness,” adds Data Privacy Officer Elena Ames, who leads data privacy for BrightInsight and has more than 20 years of privacy, regulatory, compliance and risk management experience in retail, legal and healthcare. “The BrightInsight platform is HITRUST CSF® Certified; ISO/IEC 27001:2013 Certified; ISO 27701 Privacy Information Management System Certified; NIST Cybersecurity Framework v1.1 Compliant; HDS (Hébergeur de Données de Santé) Certification; APEC Cross-Border Privacy Rules (CBPR) Privacy Recognition for Processors (PRP); and HIPAA and GDPR Compliant.”

“On the regulatory front, our regulatory-compliant digital health infrastructure includes a cutting-edge Quality Management System (QMS) that’s ISO 13485:2016 and Medical Device Single Audit Program (MDSAP) certified. The BrightInsight Platform Master File has been accepted by the FDA, and our Design History File and documentation follows IEC 62304 requirements,” says Mark Tarby, Vice President of Regulatory Affairs and Quality, who has more than 25 years of global quality and regulatory leadership experience at leading digital health and medical device companies.

“EC Certification allows us to run SaMD modules on the BrightInsight Platform, and the BrightInsight QMS complies with the requirements of the EU’s Medical Device Regulation (MDR). We’re compliant with IEC, which establishes best practices for software-only medical device development and software-only product development; and with IEC 82304, which establishes best practices for software-only medical device development and software-only product development,” says Tarby.

When it comes to security, privacy and regulatory compliance, no company providing regulated digital solutions or Software as a Medical Device (SaMD) can match the expertise of the BrightInsight team.

Back to Blog