By: Ravi Shankar
February 5th, 2010
Medical device companies should consider critical technologies for compliance and risk management.
Under such circumstances, medical device manufacturers must prepare to ensure compliance with stricter regulations and manage risk appropriately. To do so, decision makers should seek technology investments to help establish good governance models that maintain regulatory compliance and lower operational risk.
For example, master data management (MDM) offers the potential to advance device manufacturers’ compliance efforts. MDM ensures that critical enterprise data are validated as correct, consistent, and complete when they are circulated for consumption by internal or external business processes, applications, or users. An integrated, model-driven, and flexible MDM platform that is easily configurable can provide the functionality needed to meet compliance requirements and lower risk.
Compliance Challenges in the Medical Device Industry
Medical device manufacturing is one of the most highly regulated industries, with strict federal and state government oversight in R&D, manufacturing, sales, marketing, and device recall activities. Complying with opt-out and recall regulations are two of the most difficult challenges faced by medical device manufacturing companies.
Opt-Out Compliance. Device manufacturers frequently use direct marketing techniques to communicate important product announcements, to cross-sell or up-sell other products, or to announce special offers. However, as with the retail industry, device manufacturers need to be mindful of the regulations governing direct marketing practices. The Federal Trade Commission (FTC) mandates the collection and maintenance of consumer preferences for mailing marketing literature. Failure to respect a consumer’s request to not receive marketing literature can result in an $11,000-per-incident fine for the company. To ensure that the manufacturer respects its customers’ privacy, it is important to provide different channels for the customer to opt out of receiving communication, including: mail, phone, fax, e-mail, and Web site. FTC has primarily gone after spammers with hefty fines, but has not specifically pursued medical device companies. However, the CAN-SPAM Act applies to all commercial firms engaging in “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service.”2
Often, companies in the medical device industry use different systems for each of the various communication channels. Customer service representatives use customer relationship management (CRM) applications to capture customer preferences, but opt-out preferences for mail or fax might be entered into a different database. Also, manufacturers might use a separate Web content management system for online interactions. As a result, multiple copies of the same customer’s record are duplicated across different systems. If customers communicate by phone that they do not want to be contacted, this information may be updated in the CRM application, but perhaps not in the other two systems. Without a holistic view of the opt-out preference, a marketing campaign targeting device users who have contacted the company through its Web site would totally ignore the opt-out preference phoned in by the customer and updated in the CRM system. As a result, the company would continue mailing its marketing literature to the customer who has already communicated the choice to totally opt out. Such incidents can result in the company being fined by FTC. Continuation of such practices could result in customer dissatisfaction leading to attrition and brand dilution.
Recall Compliance Challenge. Certain devices manufactured by medical device companies—blood glucose monitors, for example—are subject to the strictest FDA regulations. One such regulation governs the recall of these devices when a malfunction is detected. FDA mandates that in a medical device recall, the manufacturer should reach 100% of the device users as part of Level-A Effectiveness Check. If the users cannot be reached or do not respond, the manufacturer must contact the users by telephone. Usually, medical device companies use low-cost media such as e-mails and traditional mail to reach users, instead of direct phone calls, which are labor intensive and expensive.
Despite the importance of accurate and reliable data, it is not uncommon among medical device companies to capture customer information in different systems. In the event of a critical incident such as a recall, the resulting lack of correct contact information can be problematic. When these companies try to reach their consumers via mail, they might get 20–30% returns due to incorrect addresses, prompting an expensive calling campaign.
10 Steps to Getting the Most Out of MDM Platforms
MDM can provide medical device manufacturers with consistent, complete, and accurate consumer contact, opt-out preference, and communication preference information—even when it is captured and stored in different systems. Companies can use this information to reach customers rapidly and avoid ineffective or costly device recall campaigns. With MDM, if opt-out information is entered into the CRM system, that information is reflected in the Web content management system and other customer-facing systems. This means that any campaign using data from the central MDM system would always use the correct preference setting, regardless of the system of origin.
However, not all MDM systems provide the necessary functionality to meet the compliance requirements. If the MDM system is rigid in its functionality (i.e., if it has a fixed data model), then it may end up compromising compliance initiatives. Further, such systems make it difficult to extend the compliance efforts to other lines of business or geographies. Doing so requires costly and extensive custom coding.
To avoid such costly pitfalls, and to reduce the risk of choosing the wrong system, it is important to include key business data requirements across several critical business functions. These functions should include sales, marketing, customer support, and, of course, compliance. Building an effective system means having the ability to evolve and address unforeseen future requirements across the organization. In general, MDM technology should support ten requirements, outlined here.
1. Manages multiple business data entities within a single MDM platform. By using an MDM platform that can handle multiple data types, an organization can ensure compliance within a single business division, and thereby demonstrate a rapid return on investment. The system can later be extended to accommodate other business divisions for even greater enterprise value.
2. Permits data governance at both the project and enterprise level. It is critical that the underlying MDM platform is able to support the compliance-related data governance policies and processes defined by a company’s organization.
3. Works with a company’s standard workflow tool. Workflow is an important component of both MDM and data governance. It can be used to monitor compliance in real time and automatically alert the appropriate personnel of any potential violations.
4. Handles complex relationships and hierarchies. Certain compliance initiatives require the ability to manage complex hierarchies. Make sure the MDM request for proposal requires a system that is capable of modeling complex business-to-business and business-to-consumer hierarchies within the same MDM platform.
5. Provides support for service-oriented architecture (SOA) systems. Because MDM is the foundation technology that provides reliable data, any changes made to the MDM environment ultimately result in changes to the dependent SOA services, and consequently to the SOA applications. The MDM platform must automatically generate changes to the SOA services whenever its data model is updated with new attributes, entities, or sources. This key requirement protects the higher-level compliance applications from any changes made to the underlying MDM system.
6. Allows for data to be cleansed inside of the MDM platform. Data cleansing needs to be centralized within the MDM system to provide clean data for compliance reporting. If a company has already standardized on a cleansing tool, then it is important to ensure the MDM system provides out-of-the-box integration with it so that the existing investment is leveraged.
7. Enables both deterministic and probabilistic matching. To achieve the most reliable and consolidated view of master data for compliance purposes, the MDM platform should support a combination of these matching techniques, with each being able to address a particular class of data matching. A single technique, such as probabilistic, will not likely be able to find all valid match candidates, or worse, may generate false matches.
8. Creates a golden master record with the best field-level information and stores it centrally. It is important that the MDM system is able to automatically create a golden record for any master data type (e.g. customer, product, asset, etc.) to enable compliance monitoring and reporting. In addition, the MDM system should provide a robust unmerge functionality to roll back any manual errors or exceptions.
9. Stores history and lineage. The ability to store history of all changes and the lineage of how the duplicate has merged is a very important requirement to support compliance. Any compliance initiative will require the ability to audit such data changes over several years.
10. Supports both analytical and operational usage. Compliance monitoring is performed within an operational system, while compliance reporting is performed using a business intelligence tool or data warehouse.
Regulatory Compliance on an MDM Platform
Taking the time to build the foundation for a sound MDM program is critical to the success of any compliance effort. The 10 requirements listed earlier enable OEMs to identify and evaluate a suitable technology platform. These steps are prerequisite to managing an organization’s master data assets and critical to establishing a consistent master data foundation.
Once an organization starts to make its departmental compliance projects operational, it is likely that larger compliance requirements will expand to include other lines of business or geographies. For example, recalling medical devices might first become operational within United States and then be expanded to include European countries. Therefore, it is important to carefully evaluate all MDM options and assess the MDM platform’s ability to support the 10 core capabilities right away; they should be integrated components of a complete enterprise-wide MDM platform. Doing so mitigates technology risk and improves return on investment because additional integration and customization become unnecessary to make the system operational.
Another benefit gained by having these 10 MDM components integrated within the same MDM platform is that software deployment is much faster and easier to migrate over time. Finally, it is wise to check vendor references to evaluate the enterprise-wide deployments of their customers and to ensure that the vendor’s MDM product is both proven and includes all 10 enterprise MDM platform capabilities.
As medical device manufacturers work to increase communications directly to the consumer, they must have a system in place to mitigate risks. MDM systems offer a way to keep track of opt-out compliance and recall compliance, two significant challenges for direct communications with users. However, such platforms must have certain attributes out of the box to support flexibility with the OEM’s organization as it grows and changes.
1. William H Maisel, “Semper Fidelis—Consumer Protection for Patients with Implanted Medical Devices,” The New England Journal of Medicine 358, no. 10 (March 6, 2008): 985–987.
2. The CANSPAM Act: A Compliance Guide for Business, Federal Trade Commission (2009); available from Internet: www.ftc.gov/bcp/edu/pubs/business/ecommerce/bus61.shtm.