All life sciences businesses have to comply with stringent regulations. This isn’t surprising. Patients are right to demand that treatments should be safe and rigorously tested. From an industry perspective, looking beyond the possibility of reputational damage or fines, nobody wants to be responsible for a compliance failure that physically harms patients.
To look at this more positively, for all there’s a financial cost, regulations help protect the life sciences sector against such problems as:
- Device and drug counterfeiting
- Exposure to legal action
- Malicious data mining
- Systems hacking
- Other criminal activity, including corruption
For the life sciences sector, this represents a huge opportunity. To understand why, it helps to remember, as we’ve already discussed in previous blogs, that the sector is undergoing technologically driven change. Businesses can use a review of issues around compliance to deal with potential risks, but also simultaneously to review business models and processes. This can ask such key questions as:
- Is the business efficient and customer-focused?
- Is it agile enough to respond both to changing patient expectations and potential regulatory changes?
- Does it have the insight into operations to improve efficiencies and competitive advantages
To answer these questions, businesses need to focus in great part on business data management.
Risk factors and regulations
To understand in more detail why business data management is so important here, let’s first deal with the kinds of risks we’ve already identified by briefly considering the scandal that engulfed French company Poly Implant Prothèse (PIP). In 2001, PIP decided to improve profit margins by using industrial-grade rather than medical-grade silicone in the breast implants it manufactured. The cost-cutting finally came to light in 2009, but only after numerous implants had ruptured.
Although senior members of PIP’s management were prosecuted and the company was bankrupted, the case revealed a profound problem related to traceability and accountability. Simply, many patients had no way of knowing whether they had received faulty implants.
It’s no coincidence that, in the wake of this case, European medical device regulation now covers everything from small items such as contact lenses and dental fillings through to pacemakers and MRI machines. A Unique Device Identification (UDI) system ensures that all of these devices can be tracked back to the point of manufacture, offering supply chain traceability down to the level of production batches and individual items.
Other regulation is following a similar pattern. America’s Health Insurance Portability and Accountability Act (HIPAA) and the European Medicines Agency’s (EMA) Identification of Medicinal Products (IDMP) both address the collection, use and secure storage of health data. In addition, the EU’s General Data Protection Regulation (GDPR) also governs data protection issues across all industry sectors, including healthcare.
The direction of travel in all this regulation is consistent, towards helping all organisations manage and protect their data, towards avoiding the kind of problems that engulfed PIP. At the same time, there’s an emphasis on these organisations being accountable to both the regulators and, specifically within the life sciences sector, patients.
Regulation as a catalyst for change
But as we’ve already noted, from an industry perspective, addressing issues about regulatory compliance can be about much more than managing risk. To return squarely to the importance of business data management, companies that can trust their data are better able to react to changing market conditions because they’re operating from reliable information, data that can be shared across the company and with trusted partners.
More than this, companies that trust and understand their data are better able to drive change and gain competitive advantage, to use this information to help implement new business models such as the product-as-a-service offerings we discuss in The Value of Data
In this context, while it’s sometimes tempting to see issues around global regulatory compliance purely through the lens of mitigating risks, this risks framing an opportunity as a drudge-like housekeeping exercise. Better to remember that, by employing systems capable of handling and managing data in the ways required to meet emerging regulatory frameworks, organisations can build efficiencies into their practices, future-proof themselves and develop new business models.