“Privacy and compliance are not constraints. They are catalysts for trusted innovation,” says Anubha Gaur, a seasoned technology leader with deep expertise in DevSecOps, SRE, API ecosystems, and cloud-native architecture. With decades of experience across industries and currently serving as Executive Director at Quest Diagnostics, she brings a pragmatic and forward-thinking lens to one of the most critical issues facing enterprises today: safeguarding sensitive data.
With this conviction, Anubha Gaur is helping redefine how enterprises approach sensitive data in an increasingly complex digital landscape. As Executive Director at Quest Diagnostics, Gaur leads major digital transformation efforts that embed data privacy into the foundation of cloud-native systems, DevSecOps practices, and enterprise engineering cultures.
The Healthcare Mandate for Privacy
For Gaur, safeguarding patient data isn’t just a technical requirement, it’s a core responsibility. “Being a part of the healthcare industry, it is our responsibility to protect patient data.” she says. “It’s crucial to ensure that data doesn’t slip into the wrong environments or travel beyond jurisdictional boundaries, especially in non-production spaces.”
Working at the intersection of platform engineering and regulatory compliance, Gaur recognized that legacy methods of protecting data were no longer sufficient. Manual, siloed processes slowed down innovation and left room for gaps in protection. “We started seeing that traditional approaches to data privacy were slowing down speed to market,” she explains. “We needed a better way to make privacy part of the engineering mindset.” Rather than viewing data masking and deidentification as obligations, Gaur positions them as integral tools for innovation. Her goal is to make privacy and compliance an inseparable part of the build process.
Navigating Regulatory Complexity in a Multi-Cloud World
Global companies face a tangled web of privacy regulations. From HIPAA and CCPA in the United States to GDPR in Europe, the requirements differ widely but carry similar weight. “Each region demands data minimization and anonymization,” says Gaur. “The regulatory mandates are increasing and they’re evolving. That complexity impacts how we architect systems.”
Cloud adoption further complicates the picture. “Cloud platforms increase the attack surface. As data becomes more distributed across hybrid environments, the risk of exposure grows,” she explains. “But cloud also offers the tools to help solve these challenges, if used right.” The key, Gaur says, lies in adopting a mindset of strategic governance rather than reactive compliance. It’s not enough to just know how data is protected. “It’s about asking where the data lives, who can access it, and why,” she emphasizes.
The OSAMI™ Framework: Privacy with Purpose
To address these challenges methodically, Gaur created the OSAMI™ framework. Designed to integrate privacy into every layer of digital strategy, OSAMI™ provides a blueprint for data deidentification and governance at scale. It stands for:
Observe: Map out where sensitive data resides and understand access points
Strategize: Define objectives that link privacy to business goals
Architect: Build automation into cloud-native infrastructure
Mobilize: Engage cross-functional teams and promote a culture of shared responsibility
Improve: Continuously measure, monitor, and adapt based on results and feedback
“Privacy is not just a task for security teams. It’s everyone’s job,” Gaur says. The OSAMI™ framework ensures that compliance and innovation move together. Her teams use modern techniques like tokenization, synthetic data generation, and data loss prevention tools from providers such as AWS and Azure to tailor solutions based on context. “My goal was to make data deidentification a part of our pipelines,” she says. “APIs, automation, and cloud-native tooling make it possible to secure data from development to deployment.”
Building Culture, Not Just Code
Gaur’s strategy extends beyond architecture. She champions a strong culture of collaboration and education across engineering, QA, operations, security, and compliance teams. “It’s not one team’s job,” she says. “It requires everyone to understand data sensitivity, tokenization, masking, and what to expose and when.” She also places emphasis on continuous learning. Upskilling through training programs ensures her teams understand not just how to protect data, but why it matters. “With AI initiatives gaining speed, ethical data handling is more important than ever,” she says.
Gaur doesn’t stop at implementation. Success must be measured and shared. “Establishing KPIs helps show the impact,” she explains. “Month over month, we measure PHI and PII exposure and track how mitigation is progressing. It’s a way to communicate value and keep improving.” Feedback loops are embedded into the process. Regular surveys help teams evaluate the effectiveness of current methods and stay aligned with shifting business needs and regulatory updates.
Looking Ahead: Privacy as Innovation
As healthcare becomes increasingly digital and patients demand more integrated, seamless experiences, Gaur believes data privacy will emerge as a true differentiator. “Patient expectations have changed. They want access to their information in real time, but they also want to know it’s protected,” she says.
She urges enterprise leaders to stop treating privacy as a legal necessity and start embracing it as a competitive asset. “When privacy is built into every layer of your system, you gain customer trust, protect your brand, and unlock real business value.” Gaur’s leadership shows that data deidentification is not just a technical solution. It’s a cultural shift, a strategic imperative, and a critical foundation for innovation in cloud-first enterprises.
To follow Anubha Gaur’s insights on data privacy and digital transformation, connect with her on LinkedIn or visit her website.
