How Technology Enhancesthe Effectiveness of Compliance Programs
For global life science companies, the challenge of maintaining effective oversight and control over dozens of activities taking place simultaneously across multiple jurisdictions can be daunting— especially when such companies rely on paper processes. As anyone who has been audited or investigated knows painfully well, if you can’t prove oversight and control through documentation, then such oversight and control didn’t happen. This underscores the vital importance of documentation and the weakness of paper processes. When it comes time for non-automated compliance programs to demonstrate effectiveness, documentation is often missing because compliance officers across multiple jurisdictions are saving their documentation onto different computer systems or servers, forgetting to scan and upload required documentation, and/or are unable to demonstrate version control. This is where technology can save the day.
At Amicus, we use a single, global, compliance approval system to review and approve activities taking place around the world. So, regardless of whether the activity involves the French business team hiring a physician in France, the Japanese business team conducting an advisory board in Japan, or the US business team sponsoring medical education in the US, all requests for approval are submitted using the exact same online compliance approval system, which we’ve called the Amicus Compliance Engine (ACE). ACE is powered by an out-of-the-box, yet highly configurable, compliance automation software provided by Lextegrity, a leading software firm started by former in-house life sciences compliance and audit professionals. When new submissions are entered into ACE by the business, Amicus compliance officers receive immediate email notifications and can log-on at any time to review those submissions. But the great advantage of this system is that it serves as a single point of control and documentation for the vast majority of global activities requiring compliance approval. Regardless of geographic location, the business must upload into ACE all information regarding the activity and complete the relevant ACE approval form, which means all information related to the submission gets documented in ACE. Likewise, all information related to approval also gets documented in ACE, including compliance officer activities like follow-up questions to submitters, due diligence, and final approval.
“In pharmaceuticals, the corporate compliance function typically oversees the activities of the commercial, medical, patient advocacy, and clinical departments”
But compliance approval systems with an open architecture that are highly customizable are even more valuable. In pharmaceuticals, the corporate compliance function typically oversees the activities of the commercial, medical, patient advocacy, and clinical departments. As such, many compliance approval systems focus on controls related to those departments. However, compliance departments are evolving and at many companies are tasked with responsibilities that extend beyond the traditional areas of oversight. For example, a compliance department may be responsible for managing employee-reported conflicts of interest, for conducting due diligence on third parties, for reviewing patient-related activities, and/or for driving the company’s privacy program, including the review of privacy impact assessments under the GDPR. So, the more a compliance approval system can be customized to cover all areas, both traditional and non-traditional, the more valuable it will be as a single point of control and documentation.
Yet most valuable of all are compliance approval systems that also allow for real-time integration and key data transfer to other systems. For example, at Amicus, ACE is connected to our contract management system.So, once data related to an activity is entered by the business into ACE,the business doesn’t need to re-enter that same information into the contract management system in order to get a contract. Rather, after the activity has been approved in ACE, the data related to that activity is automatically transferred to the contract management system, and out pops a contract, leading to a happy business partner. Not only is this process efficient and user-friendly for the business, but it also serves as an additional compliance control, because the only way for the business to get a contract is to submit the activity in ACE and have it approved by the compliance department.
In sum, technology-based compliance approval systems offer not only a single point of global control and documentation, which is key from a compliance program perspective, but also permit an efficient and userfriendly experience for the business. A true win-win for all.