At Quintiles, given the nature of our work, the protection of personal data, particularly patients’ personal health information, and customer confidential data, is critical for our company and our customers. With regard to personal data and customer confidential data, Quintiles has been widely acknowledged for our long-established and robust global data protection program that follows the “Privacy by Design” concept.
Global Council on Data Protection (CODP)
The Council was charted by Quintiles to monitor implementation of Quintiles corporate policy for the protection of Individually Identifiable Information and to serve as Quintiles’ internal privacy board with respect to standard practices and procedures designed to oversee our global data protection program. The Council’s membership includes worldwide representatives from the varied functions and lines of business as well as consultants and independent participants. The Global Chief Privacy Officer chairs the Council.
Privacy Incident Response Team
The CODP has designated a Privacy Incident Response Team (“PIRT”) to serve as a primary contact point for privacy and confidentiality inquiries and “information incidents”. The PIRT follows the company’s “Information Incident Response Plan”, particularly with respect to compliance with applicable security breach notification laws and for investigating, tracking and appropriate notification regarding customer confidentiality.
International Privacy Laws
Quintiles intends that its corporate privacy and confidentiality policies and standard practices and procedures meet or exceed the requirements of all applicable local and international privacy laws and regulations and customer contract provisions.
Though Quintiles is not a covered entity under HIPAA, the U.S. law that sets privacy and security standards for Protected Health Information, the company has put into place robust technical, organizational and security measures that, in fact, meet or exceed the HIPAA standards.
EU Data Protection Directive
With respect to “adequacy” for the transfer of personal data from the EU to Quintiles sites in countries other than the U.S., Quintiles has executed EU “Model Contracts”, that is, Data Transfer Agreements (DTAs).
The Council has developed a global “Privacy Awareness Basic Training” course through “Learning Curve”, mandated for all Quintiles’ employees on the company’s privacy and confidentiality policies and procedures. This course is part of Quintiles’ CORE Compliance Curriculum and is implemented and tracked through the Ethics and Compliance Office.