Compliance tools help ease regulatory burden
Within the medical and pharmaceutical industries, one of the most daunting compliance
challenges is dealing with Medicaid. In 1990 the federal government created a mandatory
Medicaid drug rebate program requiring pharmaceutical manufacturers to reimburse states
for purchases of prescription drugs. A complicated formula determines the "best price" per
prescription unit, similar to negotiated rates for other major purchasers. Actually, different
formulas must be used to calculate the price for different drugs, making management of the
program intricate. Using those formulas, pharmaceutical companies determine how much
money to refund states.
Relief for mandatory rebate headaches
Further burdening the system, manufacturers are required to process all state-submitted
Medicaid rebate claims within 37 days of submission or face hefty fines. The difficulty lies
in the fact that claims often arrive within a very short time frame. Typically, each of those
claims may take from a few hours to almost two days to process. Often disputes arise,
which can amount to millions of dollars of uncollected revenues for the pharmaceutical
Capitalizing on that process, Systems Consulting Company (SCC, www.scc .com)
developed CARS/Medicaid. The application helps pharmaceutical manufacturers comply
with FDA regulations in processing Medicaid claims submitted by states.
In addition to guiding the manufacturer through the rebate requirements, SCC's software
provides an auditing tool.
"This gives a way to do checks and balances," said Lucette DeMichele, a senior business
analyst with SCC. "Manufacturers can compare the rebate amounts to rebates made in
previous quarters, catch generic drug substitutions or any unit measure discrepancies. Still,
the onus is on manufacturers to ensure the accounting is correct."
In creating the software, SCC started by walking prospective pharmaceutical clients
through the paper rebate system. With each product formula creating a different set of
pricing guidelines, the process soon became bogged down.
"We took the paper prototype and discovered all sorts of roadblocks," said DeMichele.
"They weren't thinking technology-wise how to track things, they were thinking paper."
The key for compliance-assisting software is to stay up to date with changing legislation.
"The government. passes a law, and HCFA oversees it and comes out with mandates,"
DeMichele said. "We'll keep them in compliance. If a major federal legislation changes,
we'll build it into our system. We learned to be flexible so we don't need to do a rewrite
every time legislation changes."
Ignorance is still no excuse
Recognizing what laws govern an industry is the first step in obeying them. Dakota
Software (www.dakotasoft.com) is another vendor providing compliance guidance.
Dakota offers 13 regulatory modules that ensure an organization is working with the latest
environmental, health and safety regulations.
"A productive auditor must command a range of basic skills including a working
knowledge of applicable regulatory requirements," says Reg Shiverick, president of
Dakota. "Our auditing services consultant, together with a company's own personnel,
provides an effective team for assessing a company's environmental risks and liabilities."
The company's Dakota Auditor is an expert system combining regularly updated regulatory
information with an auditing tool. It enables users to build a regulatory "profile" of a
facility and produce checklists that are specifically applicable to individual facilities. The
program covers federal and state requirements with regular updates, Responsible Care
Codes and ISO 14000 changes.
"Using a tool like Dakota Auditor can make a regulatory compliance specialist out of
anyone," said Arlene Davidson, marketing manager at Dakota. "It relieves the burden of
having to learn the regulations, narrows the scope of regulations to specifically what
applies to that operation and keeps track of constant regulatory changes."
Mistakes can be costly. "Just last week an article reported a company fined for $100,000
because it didn't label a hazardous waste drum properly, and it was shipped to the wrong
place," said Davidson. "Companies should have a procedure in place to label hazardous
waste drums as they're filled, not after they're moved to the perimeter of the property."
Parts is parts-until they fail
The FDA, which regulates the medical device industry, requires any company using
electronic records or electronic signatures to comply with certain regulations. Specifically,
the FDA is concerned with the traceability of medical device components.
Direct Radiography (www.directradiograpy.com), a division of Sterling Diagnostics
(www.sterlingdi.com), has automated its device manufacturing process to ensure FDA
compliance on its component tracking. Historically, that has been a paper-based process
with identifying documents shipping with each component.
According to Sherry PiŽ, a systems specialist at Direct Radiography, the company has been
making a technological shift from analog medical images to digital images. A conscious
decision was made to digitize the tracking process as well. "Traditionally paper traveled
with the device-hence name 'travelers,'" said PiŽ. "But being in an electronic imaging
industry, we didn't want to keep records in a traditional way-on paper."
Toward that goal, Direct Radiography has installed a development management system to
control access to manufacturing data for its X-ray capture image systems. The company
uses MatrixOne's (www.matrixone.com) Matrix Global Advantage software to
electronically associate signatures and track history log files electronically.
By transferring all records from its previous paper-based system, Direct Radiography can
set up a query to find a faulty component if necessary and locate the component data in
seconds rather than hours.
"If you want to do data analysis or recall, it becomes a painful process to go through paper
records," said PiŽ. "Any medical device industry is required to keep that data."
KISS of approval
In the manufacturing sector, compliance efforts often revolve around obtaining and
maintaining ISO certification. The Belgian imaging systems giant Agfa-Gevaert
(www.agfa.com), which is in the process of purchasing Sterling Diagnostics, finds that
many of its customers require ISO 9001 certification.
"ISO 9001 is the most comprehensive of five international quality assurance standards,"
said Chester Holleran, an engineering manager at Agfa's product development group.
Agfa uses the Intra.doc management system from IntraNet Solutions (www.intranetsol.com) in its Electronic Pre-press Systems (EPS) Division. Holleran said
the system has streamlined the compliance process for periodic audits.
The document management system stores procedure and product information in a central
repository, which is accessed by a Web browser. According to Holleran, the company is
now rolling out the system to more than 2,000 employees. "All of the content is accessible
from the corporate intranet," he said. "Users are not really aware of the distinction.
"Our motto is to keep it simple, " said Holleran. "The EPS Division has intentionally
adopted a simple model for tracking multiple versions of documents. We want to make sure
that the most recent version is accessible and correct, and to keep the older documents for
reference. Most document management systems are over-engineered, or the Web interfaces
are awkward, hindering progress."
Holleran reports that the time an average employee spends tracking documents has dropped
from hours to minutes a week. "Now we can find documents in seconds, instead of
digging through file cabinets or interviewing several different people to locate a file," he
"Previously a department administered our documents and procedures, but with Intra.doc,
no one is assigned-individuals are in charge of managing and publishing their own
documents so that they are accessible to everyone," Holleran added.
Pssst, hot tip: Monitor that E-mail
The Securities Exchange Commission (SEC) regulates that E-mail must be treated like other
forms of written communication and meet compliance guidelines. The easy answer for
brokerages was to not allow the use of E-mail, but that has become a less realistic option.
The opportunity for niche software has emerged in the form of E-mail compliance tools. In
fact, the Tower Group (www.towergroup.com) expects the $12 million market for E-mail
compliance tools to grow at 45% for the next three years.
Those tools are used by brokerage houses in the financial services industry to monitor E-
mail for things like illegal stock hyping, insider trading, high-pressure sales tactics.
One such search software is Assentor from SRA International (www.assentor .com).
Rather than use a keyword search technology, Assentor uses natural language-matching
techniques. The software can distinguish between a sentence stating, "This is the tip of the
iceberg," which would not warrant a red flag, and a sentence stating, "I've got a stock tip
for you," which could denote insider trading or a high-pressure sales pitch.
SRA sifted through 20 million E-mails from brokerages as they designed the program.
Sample phrases the software will flag include: "When I tell you to sell a stock and buy
another, you must do it;" "Snooze, you lose;" "opportunity of a lifetime;" and "Any
purchases you make will help drive up the stock price."
Calling for help
Few vendors offer a complete package to meet all the records handling, document
management, storage and retention issues related to regulatory compliance. That is where
systems integrators and consultants can be brought in. By being vendor-neutral,
consultants can analyze the existing IT architecture and match it against specific regulatory
requirements before making recommendations. Organizations might find that they need that
outside help to ensure consistent retention and reporting compliance. Consultants, such as
Archer Management Services (www. archermgt.com), offer facility management services
and can recommend solutions.
"Too often clients will look for vendors for turnkey solutions," said Fred Diers, VP of
document management services with Archer Management. "That's well and good, but it's
not an integrated approach-clients may be saddled with something that doesn't fit or is
Consultants advise clients to look at both paper and electronic records, as well as how
documents flow internally and between subsidiaries. "Organizations forget about the paper
side or vice versa," said Diers. "You need a skilled professional inside the organization at a
high enough level to bring the pieces together."
Toyota Motor Sales has enlisted Archer to develop indexing and terminology standards for
its documents and records. Services include researching regulatory guidelines and applying
the standards to system directories, paper files, microfilm applications and imaging systems
at the point of data and document creation or capture. That provides consistent regulatory
compliance for the preservation and disposition of the company's information, regardless
of data type.
Diers insists on participation from IT managers due to the likely changes in technology
required when designing a compliance system.
"It's like building a skyscraper." he said. "You can't just add on the top; you've got to
work on the bottom as well."
Paper and electronic are similar strains
Document management keeps regulatory infection from spreading
The Hyland Immuno Division of Baxter Healthcare (www.baxter.com) develops therapies
to treat hemophilia and immune disorders and is a leader in the development of blood
therapies, infectious disease research and related biologics and vaccines. The division
manages all of the documentation submitted to regulatory agencies worldwide including
clinical trial protocols, standard operating procedures, and research and development study
"Creation, management, storage and destruction of many of our documents are regulated
by regulatory agencies like the FDA," said Kathryn Davidson, a project manager with
Immuno. "We are responsible for maintaining compliance with all the rules, regulations
and guidelines that these agencies issue."
Davidson described the increased demands that came with the implementation of a new
network in 1992. "It soon became clear that there needed to be a system to control our
electronic information," she said.
Wanting to include version control and records retention, Immuno selected DocsOpen from
PC DOCS/Fulcrum (www.pcdocs.com) to manage submissions.
"We were specifically interested in better managing our electronic regulatory submission
files," said Davidson. "Since we are regulated by the government, we are required to keep
a paper copy. In addition, the government was beginning a push to provide an electronic
copy as well as paper. With the increased use of teams and networking technologies, it was
vital that we have the ability to share information in a common, controlled manner,"
As with many regulated industries, different documents demand varying retention times. In
addition to state and federal guidelines, an organization's own policies often dictate
different archival requirements for different data types. Such is the case at Immuno. "There
is a divisional policy that is set for records retention," Davidson explained. "Compliance
rests on the individual departments."
That process can be automated with an EDMS in which multiple versions can be tracked.
Davidson called that a vital concern. "We must know what is the latest approved version
and what is the latest draft version if we are to be effective," she said.
Davidson praises the DocOpen system for significantly decreasing the amount of time that
is spent searching for documents. "It enables us to make documents available
electronically, allowing us to share information that would not previously have been
shared," she said. "It has also enabled us to meet our electronic submission goals."