Regulatory compliance

qointa is acutely aware of the evolving regulations pertaining data collection and has strict standard operating procedures, quality systems and controls to meet worldwide regulatory expectations and scrutiny.

All our solutions comply with ICH Good Clinical Practice guidelines.

1.Clinical Research Regulations

qointa technologies collect electronic patient data and electronic patient diary data that qualify as ICH-GCP Source Data & Documents.
Accordingly all our solutions are developed in compliance with US, EU and other applicable regulatory rules and guidelines including, but not limited to:

  • CFR Title 21 the Code of Federal Regulations that governs food and drugs within the United States for the Food and Drug Administration (FDA), the Drug Enforcement Administration (DEA), and the Office of National Drug Control Policy (ONDCP)
  • 21 CFR Part 11 electronic records and electronic signature related
  • PIC/S Guidance good practices for computerised systems in regulated GXP environments
  • EudraLex Rules Governing Medicinal Products in the European Union Volume 4, EU Guidelines to Good Manufacturing Practice, Medicinal Products for Human and Veterinary Use, Draft Annex 11, Computerised Systems
  • 21 CFR Parts 312 regulations pertaining to pharmaceuticals, requirements for new drugs, investigational new drug application
  • 21 CFR Part 314 regulations pertaining to pharmaceuticals, requirements for new drugs, applications for FDA approval to market a new drug
  • CSUCT (Guidance for Industry: Computerised Systems Used in Clinical Trials)
  • Directive 2001/20/EC 


2.Data Privacy & Confidentiality


qointa's solutions have been developed to comply with industry guidelines, the EU Data Protection Act and the US Safe Harbor guidelines for data protection:

  • Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data
  • COMMISSION DECISION 2002/16/EC on standard contractual clauses for the transfer of personal data to processors established in third countries, under Directive 95/46/EC
  • Directive 2002/58/EC on data protection and privacy on privacy and electronic communications translates the principles set out in Directive 95/46/EC into specific rules for the telecommunications sector with adaptation to developments in the markets and technologies for electronic communications services in order to provide an equal level of protection of personal data and privacy for users of publicly available electronic communications services, regardless of the technologies used
  • 45 CFR Parts 160/164 HHS Standards for Privacy of Individually Identifiable Health Information, Health Information Security Standards for the Protection of Electronic Protected Health Information & General Administrative Requirements Including, Civil Money Penalties: Procedures for Investigations, Imposition of Penalties, and Hearings
  • HIPAA Our technologies assure patient confidentiality whilst allowing sponsor access to necessary data via limited, authorised login/registration features.