Corporate Responsibility

Policy

This code has been adopted in recognition of our responsibility as information managers to protect the privacy of individuals and to preserve the confidentiality and integrity of the information IMS Health collects.

IMS will:

I. Strive to maintain the highest standards of data accuracy.

II. Take all reasonable measures to provide data security by:

• Safeguarding data against unauthorized access, use and disclosure.
• Providing access only to employees with a legitimate need for the data and to customers who agree to our use and disclosure restrictions.
• Implementing administrative, physical and technical safeguards to protect the data

III. Respect the individual’s privacy by:

• Explaining to data suppliers the purposes to which we will put the data and under what circumstances their identity will be disclosed;
• Collecting medical information on personally identifiable patients, only with their consent, which can be withdrawn at any time.
• Allowing all such patients to, upon reasonable request, examine the data that pertain to them
• Complying with the confidentiality and information security requirements of our data suppliers

IV. Assure that our data are used appropriately — that is, for making strategic and tactical decisions in advancing health care — by:

• Retaining only that information that is germane to our data services
• Requiring that our customers’ usage be consistent with the above purpose
• Prohibiting our customers from passing the information to an outside party, except as specified in our contracts

V. Ensure compliance with this Code by:

• Routinely auditing our information practices
• Requiring a non-disclosure agreement from each IMS employee with access to data
• Securing appropriate confidentiality and information security agreements from clients