Compliance tools help ease regulatory burden

Within the medical and pharmaceutical industries, one of the most daunting compliance challenges is dealing with Medicaid. In 1990 the federal government created a mandatory Medicaid drug rebate program requiring pharmaceutical manufacturers to reimburse states for purchases of prescription drugs. A complicated formula determines the "best price" per prescription unit, similar to negotiated rates for other major purchasers. Actually, different formulas must be used to calculate the price for different drugs, making management of the program intricate. Using those formulas, pharmaceutical companies determine how much money to refund states.

Relief for mandatory rebate headaches

Further burdening the system, manufacturers are required to process all state-submitted Medicaid rebate claims within 37 days of submission or face hefty fines. The difficulty lies in the fact that claims often arrive within a very short time frame. Typically, each of those claims may take from a few hours to almost two days to process. Often disputes arise, which can amount to millions of dollars of uncollected revenues for the pharmaceutical companies.

Capitalizing on that process, Systems Consulting Company (SCC, www.scc .com) developed CARS/Medicaid. The application helps pharmaceutical manufacturers comply with FDA regulations in processing Medicaid claims submitted by states.

In addition to guiding the manufacturer through the rebate requirements, SCC's software provides an auditing tool.

"This gives a way to do checks and balances," said Lucette DeMichele, a senior business analyst with SCC. "Manufacturers can compare the rebate amounts to rebates made in previous quarters, catch generic drug substitutions or any unit measure discrepancies. Still, the onus is on manufacturers to ensure the accounting is correct."

In creating the software, SCC started by walking prospective pharmaceutical clients through the paper rebate system. With each product formula creating a different set of pricing guidelines, the process soon became bogged down.

"We took the paper prototype and discovered all sorts of roadblocks," said DeMichele. "They weren't thinking technology-wise how to track things, they were thinking paper."

The key for compliance-assisting software is to stay up to date with changing legislation. "The government. passes a law, and HCFA oversees it and comes out with mandates," DeMichele said. "We'll keep them in compliance. If a major federal legislation changes, we'll build it into our system. We learned to be flexible so we don't need to do a rewrite every time legislation changes."

Ignorance is still no excuse

Recognizing what laws govern an industry is the first step in obeying them. Dakota Software (www.dakotasoft.com) is another vendor providing compliance guidance. Dakota offers 13 regulatory modules that ensure an organization is working with the latest environmental, health and safety regulations.

"A productive auditor must command a range of basic skills including a working knowledge of applicable regulatory requirements," says Reg Shiverick, president of Dakota. "Our auditing services consultant, together with a company's own personnel, provides an effective team for assessing a company's environmental risks and liabilities."

The company's Dakota Auditor is an expert system combining regularly updated regulatory information with an auditing tool. It enables users to build a regulatory "profile" of a facility and produce checklists that are specifically applicable to individual facilities. The program covers federal and state requirements with regular updates, Responsible Care Codes and ISO 14000 changes.

"Using a tool like Dakota Auditor can make a regulatory compliance specialist out of anyone," said Arlene Davidson, marketing manager at Dakota. "It relieves the burden of having to learn the regulations, narrows the scope of regulations to specifically what applies to that operation and keeps track of constant regulatory changes."

Mistakes can be costly. "Just last week an article reported a company fined for $100,000 because it didn't label a hazardous waste drum properly, and it was shipped to the wrong place," said Davidson. "Companies should have a procedure in place to label hazardous waste drums as they're filled, not after they're moved to the perimeter of the property."

Parts is parts-until they fail

The FDA, which regulates the medical device industry, requires any company using electronic records or electronic signatures to comply with certain regulations. Specifically, the FDA is concerned with the traceability of medical device components.

Direct Radiography (www.directradiograpy.com), a division of Sterling Diagnostics (www.sterlingdi.com), has automated its device manufacturing process to ensure FDA compliance on its component tracking. Historically, that has been a paper-based process with identifying documents shipping with each component.

According to Sherry PiŽ, a systems specialist at Direct Radiography, the company has been making a technological shift from analog medical images to digital images. A conscious decision was made to digitize the tracking process as well. "Traditionally paper traveled with the device-hence name 'travelers,'" said PiŽ. "But being in an electronic imaging industry, we didn't want to keep records in a traditional way-on paper."

Toward that goal, Direct Radiography has installed a development management system to control access to manufacturing data for its X-ray capture image systems. The company uses MatrixOne's (www.matrixone.com) Matrix Global Advantage software to electronically associate signatures and track history log files electronically.

By transferring all records from its previous paper-based system, Direct Radiography can set up a query to find a faulty component if necessary and locate the component data in seconds rather than hours.

"If you want to do data analysis or recall, it becomes a painful process to go through paper records," said PiŽ. "Any medical device industry is required to keep that data."

KISS of approval

In the manufacturing sector, compliance efforts often revolve around obtaining and maintaining ISO certification. The Belgian imaging systems giant Agfa-Gevaert (www.agfa.com), which is in the process of purchasing Sterling Diagnostics, finds that many of its customers require ISO 9001 certification.

"ISO 9001 is the most comprehensive of five international quality assurance standards," said Chester Holleran, an engineering manager at Agfa's product development group.

Agfa uses the Intra.doc management system from IntraNet Solutions (www.intranetsol.com) in its Electronic Pre-press Systems (EPS) Division. Holleran said the system has streamlined the compliance process for periodic audits.

The document management system stores procedure and product information in a central repository, which is accessed by a Web browser. According to Holleran, the company is now rolling out the system to more than 2,000 employees. "All of the content is accessible from the corporate intranet," he said. "Users are not really aware of the distinction.

"Our motto is to keep it simple, " said Holleran. "The EPS Division has intentionally adopted a simple model for tracking multiple versions of documents. We want to make sure that the most recent version is accessible and correct, and to keep the older documents for reference. Most document management systems are over-engineered, or the Web interfaces are awkward, hindering progress."

Holleran reports that the time an average employee spends tracking documents has dropped from hours to minutes a week. "Now we can find documents in seconds, instead of digging through file cabinets or interviewing several different people to locate a file," he said.

"Previously a department administered our documents and procedures, but with Intra.doc, no one is assigned-individuals are in charge of managing and publishing their own documents so that they are accessible to everyone," Holleran added.

Pssst, hot tip: Monitor that E-mail

The Securities Exchange Commission (SEC) regulates that E-mail must be treated like other forms of written communication and meet compliance guidelines. The easy answer for brokerages was to not allow the use of E-mail, but that has become a less realistic option. The opportunity for niche software has emerged in the form of E-mail compliance tools. In fact, the Tower Group (www.towergroup.com) expects the $12 million market for E-mail compliance tools to grow at 45% for the next three years.

Those tools are used by brokerage houses in the financial services industry to monitor E- mail for things like illegal stock hyping, insider trading, high-pressure sales tactics.

One such search software is Assentor from SRA International (www.assentor .com). Rather than use a keyword search technology, Assentor uses natural language-matching techniques. The software can distinguish between a sentence stating, "This is the tip of the iceberg," which would not warrant a red flag, and a sentence stating, "I've got a stock tip for you," which could denote insider trading or a high-pressure sales pitch.

SRA sifted through 20 million E-mails from brokerages as they designed the program. Sample phrases the software will flag include: "When I tell you to sell a stock and buy another, you must do it;" "Snooze, you lose;" "opportunity of a lifetime;" and "Any purchases you make will help drive up the stock price."

Calling for help

Few vendors offer a complete package to meet all the records handling, document management, storage and retention issues related to regulatory compliance. That is where systems integrators and consultants can be brought in. By being vendor-neutral, consultants can analyze the existing IT architecture and match it against specific regulatory requirements before making recommendations. Organizations might find that they need that outside help to ensure consistent retention and reporting compliance. Consultants, such as Archer Management Services (www. archermgt.com), offer facility management services and can recommend solutions.

"Too often clients will look for vendors for turnkey solutions," said Fred Diers, VP of document management services with Archer Management. "That's well and good, but it's not an integrated approach-clients may be saddled with something that doesn't fit or is proprietary."

Consultants advise clients to look at both paper and electronic records, as well as how documents flow internally and between subsidiaries. "Organizations forget about the paper side or vice versa," said Diers. "You need a skilled professional inside the organization at a high enough level to bring the pieces together."

Toyota Motor Sales has enlisted Archer to develop indexing and terminology standards for its documents and records. Services include researching regulatory guidelines and applying the standards to system directories, paper files, microfilm applications and imaging systems at the point of data and document creation or capture. That provides consistent regulatory compliance for the preservation and disposition of the company's information, regardless of data type.

Diers insists on participation from IT managers due to the likely changes in technology required when designing a compliance system.

"It's like building a skyscraper." he said. "You can't just add on the top; you've got to work on the bottom as well."

Paper and electronic are similar strains

Document management keeps regulatory infection from spreading

The Hyland Immuno Division of Baxter Healthcare (www.baxter.com) develops therapies to treat hemophilia and immune disorders and is a leader in the development of blood therapies, infectious disease research and related biologics and vaccines. The division manages all of the documentation submitted to regulatory agencies worldwide including clinical trial protocols, standard operating procedures, and research and development study reports.

"Creation, management, storage and destruction of many of our documents are regulated by regulatory agencies like the FDA," said Kathryn Davidson, a project manager with Immuno. "We are responsible for maintaining compliance with all the rules, regulations and guidelines that these agencies issue."

Davidson described the increased demands that came with the implementation of a new network in 1992. "It soon became clear that there needed to be a system to control our electronic information," she said.

Wanting to include version control and records retention, Immuno selected DocsOpen from PC DOCS/Fulcrum (www.pcdocs.com) to manage submissions.

"We were specifically interested in better managing our electronic regulatory submission files," said Davidson. "Since we are regulated by the government, we are required to keep a paper copy. In addition, the government was beginning a push to provide an electronic copy as well as paper. With the increased use of teams and networking technologies, it was vital that we have the ability to share information in a common, controlled manner," Davidson said.

As with many regulated industries, different documents demand varying retention times. In addition to state and federal guidelines, an organization's own policies often dictate different archival requirements for different data types. Such is the case at Immuno. "There is a divisional policy that is set for records retention," Davidson explained. "Compliance rests on the individual departments."

That process can be automated with an EDMS in which multiple versions can be tracked. Davidson called that a vital concern. "We must know what is the latest approved version and what is the latest draft version if we are to be effective," she said.

Davidson praises the DocOpen system for significantly decreasing the amount of time that is spent searching for documents. "It enables us to make documents available electronically, allowing us to share information that would not previously have been shared," she said. "It has also enabled us to meet our electronic submission goals."