Glooko Earns Privacy Shield Certification for Policies to Safeguard Diabetes Patient Data

Recognition of a Significant Milestone in Larger Data Protection Program of Diabetes Data Management Pioneer
MOUNTAIN VIEW, Calif., Dec. 11, 2019 /PRNewswire/ — Glooko®, the global leader in diabetes data management, today announced it has received Privacy Shield certification from the U.S. Department of Commerce. This official recognition verifies the company has taken specific steps to ensure the protection of consumers’ personal data when transferring it from Europe to the U.S. and has committed to the Privacy Shield Principles, which are intended to protect against the misuse and unwarranted collection of personally-identifying patient information.

In an era of well-publicized consumer data breaches, data privacy and security is a major concern for internet users and has become a growing problem across the board in business. The healthcare industry, in fact, has become particularly susceptible to cyberattacks, and at an average cost of $6.45 million per breach of patient data, health care has the highest average cost per breach of all U.S. business sectors, according to this year’s “Cost of a Data Breach Report” from IBM and the Ponemon Institute. Recent U.S. healthcare data breaches have been attributed to a range of causes, including hacking, IT incidents, and theft, loss, improper disposal, and unauthorized access or disclosure of patient records.

To add to it, the number of breaches in health care continues to increase. After reaching a record high once in 2018 and twice more early this year for the number of data breaches in a single month, U.S. healthcare organizations reached an all-time high yet again in July, reporting a total of 50 data breaches, the most reported in a single month since the HHS Office for Civil Rights established its online database of healthcare breaches in 2010.

That’s why Glooko is especially pleased to have the chance to help lead the way in Privacy Shield certification for diabetes device and data management companies, as only about 10 percent of such companies have pursued and achieved the certification to date.i Even still, the company believes certification must be about more than compliance.

“We’re grateful for Privacy Shield certification and that the mechanism is there to help with compliance. Nevertheless, Glooko has set an internal standard that goes beyond just meeting the minimum requirements regarding data laws,” said Russ Johannesson, CEO of Glooko. “Managing diabetes requires gathering and handling a lot of personal data, and because we believe people with diabetes own their data and protecting their privacy comes first, earning their trust and that of their healthcare providers is our real objective. That far surpasses simply staying inside the lines.”

Privacy Shield was created by the Commerce Department, the European Commission, and the Swiss Administration, and it was activated in 2016. To earn certification, a U.S. company is required to conduct a self-certification process for the Commerce Department and publicly commit to comply with the Privacy Shield Principles. And while Privacy Shield certification is voluntary for U.S. companies, once an eligible company commits to comply with the requirements, the commitment becomes enforceable under U.S. law.

Glooko is proud to have earned the Privacy Shield certification, but it’s a milestone that supports just one part of the larger three-part data protection program that the company is implementing and has made a focus of how it operates. First, Glooko has made a formal declaration of its values regarding data ethics and patient rights via the development and adoption of its Data Ethics Policy, which serves as a guiding light for how the company and its employees will handle health data. It has also gone to great lengths to author and establish its data privacy policies, formalizing them through official certifications like Privacy Shield. And the most rigorous part of Glooko’s program is its actual safeguarding of the data managed on its platform through installing strong security controls, a demanding process being validated by Glooko’s pursuit of the industry-driven seal of approval known as HITRUST Certification.

“As people with diabetes and clinics are managing billions of data points on the Glooko platform, we’re at ‘center stage’ in today’s digital diabetes landscape,” said Melissa Liu, Glooko’s Senior Director of Operations, Privacy & Security. “In light of that pivotal role in handling so much sensitive data, our uncompromising efforts should reassure anyone working with us that Glooko is trustworthy and committed to data protection, from patients and providers to healthcare systems and the device companies with whom we partner.”

About Glooko
Glooko’s universal diabetes software products provide insights to improve outcomes for people with diabetes and their care teams. The Glooko product suite contains the Glooko and diasend® diabetes management solutions, which integrate with many of the leading EHR systems used today. Both systems synchronize data from more than 190 diabetes devices and activity trackers, and they deliver integrated, timely and useful patient data, including glucose levels, blood pressure, weight, and food, insulin and medication intake. Trusted by the world’s leaders in diabetes care, our solutions cover more than 2.2 million people with diabetes and are used in 9,000+ clinic locations in 24 countries across 15 languages. Learn more by visiting

Media Contacts:

Holly McGarraugh




Jeff Christensen

SignalWest Public Relations

+1 831-566-0275

[email protected]


Press Releases

Glooko in the News

Awards and Recognition