Data Confidentiality Commitments
Flatiron Health Commitments to Confidentiality
Flatiron Health (“Flatiron”) believes that learning from the experience of every person with cancer is imperative to improving quality of care and accelerating research. As part of our work towards that mission, Flatiron is routinely entrusted with confidential information from our customers, business partners and the patients that they serve. To be a good steward of this information, Flatiron has established and maintains robust standards for the communication and protection of confidential information.
As an autonomous, independent subsidiary of Roche Holding Ltd. and as a member of the Roche Group of companies (collectively, “Roche”), Flatiron takes its commitment to protect confidential information seriously.
What does Flatiron consider confidential information?
Flatiron defines confidential information as personal, sensitive or proprietary information that is not generally publicly available or known, and which is made available to Flatiron in the course of business. Contracts with our customers and business partners may also incorporate additional specific definitions.
How does Flatiron handle confidential information?
We handle confidential information consistent with three core commitments designed to protect our partners, customers and the patients that they serve.
Commitment #1: Flatiron is committed to the appropriate handling of patient information
Flatiron is committed to ensuring that identifiable patient-level information is handled in accordance with applicable privacy laws, the terms of agreements with our customers and business partners, and internal policies.
Commitment #2: Flatiron is committed to the appropriate handling of our partners’ confidential information
Flatiron works with numerous partners who are critical to our mission. During the course of these relationships, confidential information may be shared with Flatiron. Flatiron is committed to ensuring that confidential information is handled in accordance with applicable laws, relevant legal agreements and Flatiron policies. Unless permitted, Flatiron will not share:
-
Any physician-identifying or practice-identifying information
-
Any information identifying specific clinical trials underway at a given Flatiron practice
-
Any confidential details concerning a Flatiron customer or business partner
Commitment #3: Flatiron is committed to restricting access and disclosure of confidential information to and within the Roche Group
With respect to handling of confidential information between Flatiron and other members of the Roche Group (e.g., Roche Pharma, Roche Diagnostics), commitments #1 and #2 continue to apply. We have also implemented the following additional safeguards and firewalls with respect to the Roche Group:
-
Flatiron will maintain separate data and documentation systems from Roche
-
Roche personnel will not have access to Flatiron’s systems that contain confidential information
-
Flatiron’s service offerings will remain independent of Roche’s Pharmaceutical and Diagnostics product offerings
-
Flatiron and Roche will maintain independent teams to develop and implement sales and marketing strategies
-
Flatiron and Roche will maintain separate sales forces and will not engage in cross-selling activities with the exception of Flatiron and Foundation Medicine’s jointly-offered products
-
Flatiron and Roche will maintain an arm’s length commercial relationship
To uphold these commitments, Flatiron has created a Confidentiality Committee, Confidentiality Policy and corresponding safeguards, which will continue to be evaluated and strengthened over time.
Have additional questions? Let us know.
If you would like additional detail on our commitment to protecting confidential information, please reach out to your primary Flatiron contact. If you don’t know who to contact, email us at Confidentiality-Committee@flatiron.com.
To comply with Flatiron’s legal, regulatory, audit, financial, and/or reporting responsibilities, Flatiron may be obligated to disclose certain customer and business partner information to respective Roche functions or relevant service providers. Efforts will be made to limit sharing to the least detailed information required for the purpose. The further use of this information is restricted, including for any Roche commercial purpose. For example, such sharing may arise in the context of preparing or auditing Flatiron’s accounting statements (e.g., revenue associated with a specific product or service) or in the event of litigation or government investigation.