Digitization continues to be a catalyst for change and growth in life sciences. Frost & Sullivan’s recent report, “Global Life Sciences Industry Outlook, 2018,” states that the life sciences industry is nearing the $1.5 trillion milestone largely due to innovations in various technologies. But how can business leaders tasked with transforming their organizations into innovation centers also maintain tight regulatory compliance with governmental guidelines?

By improving information governance, organizations can take the important first step to understand requirements and limit regulatory risk. But it doesn’t stop there. While digital transformation in life sciences starts with digitization for compliance, it should be seen as a key lever of competitive advantage and success.

A world at odds: compliance drivers

For legacy life sciences companies, scrutiny has only increased as price pressures and clinical trial data have moved from business decisions to part of the public persona of life science companies. This has created a business environment where securing information is at direct odds with calls for greater transparency.

Medical device and services companies are also facing greater scrutiny over their ability to effectively manage patient privacy as they push the envelope of data generation and interconnectivity. The sometimes cavalier attitude that many of the new technological entrants to the medical device and services sector have shown towards user privacy and their own information security practices have forced key regulators such as the FDA and the US department of Health and Human Services (HHS) to increase oversight across the whole of life science.

These key compliance drivers are happening at a time when many companies attempt to streamline processes in order to increase efficiency. Life sciences as an industry has historically worked as a collection of islands of productivity. As long as a group was productive, their methods were never challenged. In the face of stiffer penalties and an increased likelihood of an audit, companies can no longer gamble that their research group(s) will not be audited. The move to digital means that documents are “easily accessible” by compliance and audit trails.

As with all compliance issues, many of the core problems that plague life sciences are due to poor information governance practices that rely on a mix of technologies that range from digital analysis stations to networked fileshares-with a healthy amount of paper notebooks included in the mix. This leads to department and group level processes and audit trails that are cumbersome for companies to maintain regardless of size or product.

HIPAA and linking health data to personal identifiers

HIPAA, as it impacts information management strategy, has two mandates: protect patient or consumer personal health care data and ensure accessibility by the individual who owns the data. But what isn’t clear from either FDA or HIPAA, is the line between consumer personal improvement (e.g. Fitbit’s steps goal) and medical advice (e.g. a linkage between step goals and diabetes risk). Life science companies that collect an individual’s information directly should ensure that their information security processes can stand up to a HIPAA audit.

If you manage or simply have access to personally identifiable information including insurance numbers, medical history, or drug trials as part of your organization’s business, or as part of a service that you provide to organizations, then you must be able to provide auditable processes and be able to confirm that all access to that information conforms to standardized operating procedures (SOPs).

Going digital: following the FDA’s lead

For life science companies, approval by regulators is a key step in ensuring long term health of the company. For companies of all kinds, but particularly medical device and diagnostics companies, an important step in this process is gaining approval to market your product and the time to gain this approval is crucial.

Yet, time to approval has increased significantly. Why? This is likely due to tight budgets, working with third party reviewers and an increasing number and type of products to approve. Another factor to consider is the number of new (i.e. naïve) entrants into the regulated markets who don’t understand the role that regulatory submissions play in their ability to generate revenue over the long term. Two notorious examples are 23andme and Theranos, both of which ran afoul of FDA by simply not meeting their agreed upon regulatory responsibilities to either communicate or provide appropriate audit logs.

The increase in time to approval has coincided with a surge in the number of drug recalls by FDA as seen by the Regulatory Affairs Professionals society. This surge could be due to a small number, albeit very public, outbreaks of drug contamination. Life science companies should expect tighter scrutiny of their audit logs, procedures and record keeping practices throughout their whole life cycle. Regulation is no longer limited to big pharma-it is going to encompass all companies with products that fall within the FDA’s purview.

The positive news is that the FDA is moving quickly to adopt new technology as well as streamlining its approval methods. The move by FDA to introduce electronic forms submissions has the potential to ease regulatory burdens and provide a competitive edge to organizations that have moved to digital first records management systems. The bottom line for ensuring FDA compliance is understanding that each organization will have multiple forms, audit trails, exception requests, and protocol submissions to compile, submit, update, revise, and maintain. Organizations need to understand and operationalize these parts of their electronic content management system through automated process building.

Information management systems to meet FDA and HIPAA requirements

In a perfect world, a single enterprise-wide system would have the flexibility to manage multiple products for various use cases. Unfortunately, this simply is not cost effective. Instead, organizations should focus on aligning products they already own with business use. The key to success in a multi-product model is ensuring the information capture mechanisms are aligned across physical and electronic entry points to the system. The case for ECM as a high value system comes from the ability to enable cross department processes, particularly those that span the areas of clinical to compliance, finance to clinical, and human resources.

Organizations should build out process automation to ensure all pieces of information contain some metadata even if it is just the author name, filename, and date of last accessed or created. It’s also important to have a robust enough classification and permissions control system that allows departmental workers to access any document they may need without signing in again or using different credentials.

The value of information management systems goes beyond compliance. Emerging technologies like artificial intelligence (AI), have transformed traditional information governance technologies into key enablers of the intelligent connected enterprise. Organizations can now put their massive amounts of data to work and gain unique insights that improve processes, optimize engagement, and automate operations.

By bringing together elements such as content collaboration, security, and process automation in a stable environment, life science companies can navigate the complex realm of compliance and regulations while still fostering innovation.

Jaleel Shujath, Director, Industry Strategy in Life Sciences at OpenText