Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Shop Talk: Leveraging Data Management in Life Sciences

Jaclyn Jaeger | November 13, 2012

The compliance role is difficult enough without also having to be a technology whiz, and yet speaking the language of IT seems to be just one of many skills compliance officers must master these days.


The following executives participated in the Oct. 23, 2012, roundtable on leveraging data management to enable compliance.

Christine Bachrach,
Chief Compliance Officer,
University of Maryland Medical System

Tracy Berns,
VP, Chief Compliance & Regulatory Counsel,

Bret Bissey,
SVP, Chief Ethics and Compliance Officer,
University of Medicine & Dentistry NJ

Michael Clarke,
VP, Ethics & Compliance Officer - Americas,
Actavis Inc.

Dan Dunham,
VP, Chief Compliance Officer,
Aptalis Pharma Inc.

David Hodgson,
Partner, Enterprise Risk Services,
Deloitte & Touche LLP

Lisa Holt,
Senior Director of Compliance,
Stryker Corp.

Phil Munkacsy,
Associate Director of Global Compliance,
Watson Pharmaceuticals

Helen Ong,
Assistant General Counsel,

Mark Stehr,
Deloitte & Touche LLP

Seth Whitelaw,
Director, Enterprise Risk Services,
Deloitte & Touche LLP

For More Information on Compliance Week Roundtables

That's because capturing, storing, and managing data is becoming increasingly important to satisfying regulatory demands and ensuring that a company has an effective and efficient compliance function. Perhaps nowhere is that more the case than in the life sciences industry, where managing sensitive information and regulatory demands for data are de rigueur.

A group of compliance and ethics executives from leading pharmaceutical, medical device, and healthcare providers met last month in Philadelphia to discuss the challenges and opportunities that come with leveraging data management to enable compliance at an executive forum hosted by Compliance Week and Deloitte.

Part of the discussion focused on the difficulties of integrating the various siloed systems that many companies continue to maintain. They are hard at work integrating these systems or at least trying to make them more compatible.  A large part of the process is “still is very manual, very labor intensive—a lot of meetings, a lot of consensus-building,” said Seth Whitelaw, a director of enterprise risk services for Deloitte.

Earlier systems were not designed to gather the granularity of data that companies must now report, said Phil Munkacsy, associate director of global compliance for Watson Pharmaceuticals. As the compliance function has grown increasingly dependent on sophisticated systems, the onus has been placed on compliance officers to know how to speak knowledgeably about systems and technology in order to better convey to the IT department what data they need. “You really do need to become somewhat of an IT expert,” said Munkacsy.

“These are very consistent and very common concerns that we're seeing everywhere,” says David Hodgson, an enterprise risk services partner at Deloitte. He advises companies to take a holistic approach and execute a well thought out data management plan, rather than nibbling around the edges. It starts, said Hodgson, with mapping out the data you have and prioritizing what is important.  Then set parameters for how data is managed going forward. “It's always harder to go back later and try to make sense of it, if the proper controls aren't established up front,” he says.

Common Language

Roundtable participants discussed how to get systems to talk to each other. A few attendees said they are solving this problem by reducing the number of expense categories within various systems. A seemingly simple problem of different people using different terms to enter data can cause cascading data management headaches.

For example, different systems might have different codes for the same travel expenses; what one person enters as a “meal” expense, another might enter as “dinner.”  Create a common language or set of definitions around each expense category, and “build that into all your systems, or at least have your systems link to that master data file” to create a single “source of truth,” said Deloitte's Whitelaw.

Getting systems to talk to each other when it comes to working with foreign countries, however, presents unique risks of its own. “We're in the process of localizing our compliance systems in different languages,” explained one executive. “That's a pretty complex process.”

When you start dealing with different cultures and languages, in particular, capturing that data “becomes very tough,” she said. For example, “what does this really mean in Turkey versus in the United States?”

The regulatory aspect of data protection laws presents additional complexities in driving consistency in the data. Several countries have data protection laws that are far stricter than the United States, so getting consistency out of the data when regulations don't allow you to do that is another challenge, attendees agreed.

Whitelaw said that one approach that seems to work effectively is to “push the terminology and risk discussion from the board level on down to the business units.” Having that common dimension, he said, seems to help drive that consistency.

People Power

Putting systems in place and configuring them to provide in-depth reports is only part of the data management battle, however. A substantial portion of the solution is related to the people that create, handle, and use the information.

Getting the business to buy into the importance of providing the compliance function with the data it needs is still a tough sell, roundtable participants agreed. As one executive put it, a lot of “muscle flexing” goes into breaking down these silos. “Everybody is trying to hold on to their kingdom, and they don't want to share it,” she said. “So to become centralized and get some of the cross-functionality actually working becomes extremely difficult.”

“You have to develop a strong cross-functional team, because they're going to be your key contacts for all sorts of data,” said Munkacsy.

Integrated or not, databases are only as practical as the accuracy of the data that is maintained. So it was of little surprise that another common concern among attendees was how to get people to own accountability for the data they record and how they record it. “It starts with people on the ground in the local marketplace; they have skin in the game, with respect to data integrity” said Mark Stehr, a partner with Deloitte.

Data ownership is the process of “putting accountability around the accuracy and quality of the data,” said Deloitte's Hodgson.  However, because data sits in many places, “data ownership is a really complicated challenge these days,” he added.

The people who are responsible for capturing data need to be told, “‘You own compliance. I'm just here to monitor,'” said Munkacsy.

Earning Business ‘Wins'

Many attendees stressed the importance of promoting data management and system integration not only as a compliance necessity, but rather as a business necessity. In particular, showing senior management the benefits that can arise from integrating systems is one way to get that buy-in from the business units, many attendees agreed.

Watson Pharmaceutical's Phil Munkacsy told the panelists it's essential to become “somewhat of an IT expert.”

Lisa Holt, senior director of compliance for Stryker, and Michael Clarke, ethics & compliance officer-Americas at Actavis Inc.

A great example is what companies are now doing with the systems they have put in place to satisfy the “sunshine provisions” of the healthcare reform act (aka Obamacare). Under the regulations, pharmaceutical and medical device companies must disclose any gifts or payments to physicians and teaching hospitals. The expenses, according to roundtable participants, could be as small as a cup of coffee, running to large honorariums and speaking fees. The systems, which the panelists called “aggregate spend” or “agg-spend” for short, are massive and complex.  “Nobody would go through this if they didn't have to,” said one of the participants.

Still, the new systems are rich in intelligence on expense accounts at pharmacy and medical device companies, and most are now using them to review spending patterns and, if possible, to rein in some of that spending. They are comparing the cost of meals in different cities, for example, and also looking at what types of spending produce the best value. In one case, one of the participants said the new agg-spend system set off alarm bells in the C-suite. The response from management was, “‘I didn't know we were spending this much money on this,'” Whitelaw said. “That started to break down the silos that previously had prevented us from bringing teams and data together, because senior management saw the value that they could get from it.”

These business “wins” can help get managers on board with the importance of the project. As one executive put it: “A company's culture derives from its people and is driven by its leadership.  It is impossible to create a culture of compliance if you do not have the sincere and absolute buy-in of the company's leadership.”

Munkacsy said one approach toward getting support from the business is to promote the compliance function as a resource for other departments. Ask the sales department, “‘What is your biggest roadblock to giving us data we need?' Maybe there is something we can tweak that will make it easier for them.”

Third Parties

Collecting all the data you need from third parties, such as indirect distributors, is an entirely other story. As one executive put it: “How do you get them to utilize your data systems when they're not a part of your company?”

Deloitte Partner David Hodgson and Tracy Berns, chief compliance & regulatory counsel for Covidien, shared a laugh during the forum.

“One of the big issues is the right-to-audit clause—getting that built into the contracts and exercising it,” said one executive. The fear is that those indirect channels will turn to your competitors, who may not require such clauses, she said.

Yet, monitoring and auditing is essential to improving the quality of the data, attendees agreed. The challenge that presents itself is that “in some countries and cultures sales and marketing people aren't used to being followed around,” said Michael Clarke, ethics and compliance officer, Americas, for Actavis. “In my prior position, I had to figure out a way to convince the sales teams to let me into their building.”

The way that was achieved, Clarke said, was by giving the third parties advance notice, alerting them to the issues that would be looked at. “In addition to bodies on the ground,” he said, “you have to have some sort of active, technology-driven and robust data monitoring system that is designed to identify any red flags.