Back to Genome Link Articles main page

New Regulatory Requirements Are Changing the Way Pharmaceutical Companies Do Business and Creating a New Market for Informatics Systems:
An Interview with Bernard P. Wess, Jr., of PERSEID

Informatics will be one of the keys to success for companies applying high-throughput genomic tools to drug discovery and development. A range of new tools is becoming available to researchers seeking to collect, analyze, integrate, and archive data across all R&D activities. A particularly unique need for life sciences companies is the need to document and authenticate data and create audit trails for regulatory submission. Here, Bernard P. Wess, Jr., President of PERSEID Software Ltd., discusses the growing demand for information systems to accommodate the regulatory demands faced by pharmaceutical and biotech companies. This commentary was excerpted from an upcoming Cambridge Healthtech Institute (CHI) report, Advances in Informatics Fueling Drug Discovery and Development. For more information about this report, visit www.chireports.com/content/reports/nfd252.ASP.

Regulated Information Systems
Regulatory demands are changing the way information systems will be designed and implemented in the life sciences industry. With the introduction of 21 CFR Part 11 and HIPAA in the U.S., and new requirements from EMEA, CEOs and CIOs are paying much more attention to security, access and control issues.

These requirements are causing the development of a new information systems market-the regulated systems market. The regulated systems market requires the use of information systems that can protect personal health information and ensure that every document and data set has been secured, audited for changes, and authenticated with respect to signature authorities.

HIPPA and 21 CFR 11
For business and technology architects like ourselves, we see a continuum of needs generated out of the convergence of healthcare and the life sciences. HIPAA tends to focus on creating an auditable chain of control over healthcare information through the entities that touch and manage healthcare data. 21 CFR 11 focuses on the controls and authentication required to ensure ownership and the integrity of documents and datasets created in a regulated systems environment.

We see a convergence of requirements and needs because all of these regulations are designed to protect consumers and patients. Essentially, we expect the regulatory process to converge on solutions for healthcare and the life sciences much like those seen in financial services. This means that the consumers and parties to transactions are known, the transactions are discoverable and verifiable, and they are audited so that every day one can see the results accurately online. This would be beneficial to all parties. The problem with paper is not that it can't be managed well in large volumes; it's that the piece you need when you need to make a critical decision is not readily available, or it is lost. The problem with regulated electronic data and documents is authenticating the person who claims (or disputes) ownership of a document or dataset, and validating and verifying each modification.

We think that the combination of HIPAA, 21 CFR 11 and the Electronic Common Technical Document or Dossier (eCTD), for example, will mandate common solutions for regulated data storage, analysis and exchange.

PERSEID is seeing the demand for regulated systems, from electronic signatures to fully documented audit trails of patient and life sciences data emerge from the early development of Public Key Infrastructure (PKI).

Suppliers to the life sciences, particularly systems integrators, are seeing increasing demands for security, access and control systems to manage life sciences data and the intellectual property exchanged in a regulated systems environment.

The big issue seems to be the need to know who has seen what data, to know who has "signed off" on the data, and to track each version and change-all electronically. Also, regulatory and manufacturing departments in big healthcare organizations and pharmaceutical enterprises are demanding electronic drug submissions and application processing in electronic formats. The eCTD seems to be a driving force in this process.

This electronic data exchange market, or RDEx, is driving the need to develop business, IT, and product plans that can work in an RDEx. Our clients are some of the largest systems integration and computer manufacturers, so one would expect us to see the emergence of this market early in the process. As a result, we are developing very interesting business and IT plans to support this emerging market for and with our customers.

The RDEx Market is Global
Because the next generation of PKI and workflow software for enterprises is so much more powerful, easy to use and less expensive, there is a global market for RDEx products and services that can realistically be addressed now. Earlier generations of PKI software, for example, required one administrator for each 20 users; now that number is down to two for the entire enterprise.

We expect the RDEx market to become a significant IT and services market as organizations and regulators respond to the already immense and growing need to securely manage intellectual property. Healthcare organizations that work with pharmaceutical companies, academic medical centers, national health services, and life sciences enterprises appear to represent those entities that have the greatest needs.

Example of an RDEx Solution
One of our largest customers is an international systems integration firm that specializes in regulated information systems-HIPAA, 21 CFR11, device certification, EMEA, eCTD, etc. They are building a global RDEx solution with one of the world's largest pharmaceutical companies.

Our solution is composed of PKI software for authentication of signatures and individuals, enterprise directory software services to keep track of users, and workflow software to manage the flow of documents and data. This is applied at the enterprise level. Each application added to the RDEx is then provided with a security, access, and control software "wrapper". This wrapper is used to ensure that an application is now managed (opened and closed) within the RDEx and all data is automatically authenticated and audited within the RDEx.

We are planning to add solutions for enterprise applications, for example, Peoplesoft, Oracle, SAP, etc. and to provide an open source software development kit for engineering organizations.

Our responsibility is to develop business, engineering, sales, marketing, partnership and support plans with our clients and with large pharmaceutical companies. We are very excited by both our solution and the emerging RDEx marketplace because our extensive experience in healthcare and the life sciences indicates that there is an overwhelming need for healthcare and life sciences companies to improve cost- and speed-to-market.

I have been one of those who has criticized the paper and process load of the clinical trials processes. But to criticize we also need to offer solutions as the market and technology matures. The RDEx solutions we are developing with our clients are a realistic way of introducing enormous improvements in regulated systems data and process management. If we are going to criticize the current processes we need to offer our clients and customers solutions that can scale from the small enterprise to the large.

A very attractive aspect of the RDEx solutions that are under development is that for most of the healthcare and life sciences enterprises in the world, that is, the thousands of companies subject to regulatory review and processes, the opportunity exists to create ASP services around an RDEx. An RDEx is essentially an audited and highly secure subnet within the Internet, a secure world among cooperating applications and firewalls where people's identities are truly known. This means that the RDEx can be hosted and sold to life sciences and healthcare companies at a small fraction of the cost associated with its original construction costs.

Managing Regulated Data is a Significant Feature of an RDEx
One of our clients is one of the world's largest auditors and consultants and they have had a major healthcare focus for decades. With them, we are building a regulated database solution that will provide a means of storing and managing not only regulated data exchange interactions among data and people, but also the actual regulated data that is identified under HIPAA 1996.

Most people don't realize that HIPAA is more than mandating standard transactions. HIPAA outlines for U.S. "covered entities" (basically individuals or organizations that touch personal healthcare information [PHI] electronically), the requirements for tracking and exchanging PHI. As of April, 2003, patients can request from any covered entity their medical information in electronic form. HIPAA is like the Fair Credit Act for healthcare; it outlines the requirements for storing, changing, appealing to covered entities and distributing PHI.

We are designing a database solution with our consulting partner that systems integrators and life sciences and healthcare organizations can use to manage regulated data and the associated "chain of evidence," so to speak, associated with regulated data in a regulated systems environment. This database product will allow each change to regulated data to be audited. The database possesses the unique ability to associate "attributes" or variables with regulated entities, such as people, organizations, claims, medical data, and intellectual property. These attributes can be designed "on the fly" as a vocabulary used to describe regulated data and data exchange.

For example, one can store information about a patient or healthcare plan member and the documents associated with that person. These documents can be "owned" by the person and "changed" by another and linked to attributes such as "PKI relevant" or "subject to 21 CFR11." We think that the ability to describe the 21 CFR 11 and HIPAA PHI data and processes as a vocabulary and store the vocabulary in a database is a very powerful advantage because it will enable data to be linked in a database to people and the healthcare processes that affect them without constant reorganization of the database. Our partner in the development plans to apply the solution to large healthcare plans, but I don't see any reason why this solution would not also be very valuable to life sciences companies in managing secure, audited regulated data associated with 21 CFR 11 and clinical trials, for example.

What We Do
PERSEID Software Limited is a consulting and specialized technology firm that aids clients and customers in the development of life sciences business, technology, marketing and partnership planning. Our clients are some of the largest (and smallest) innovative enterprises in the world of regulated systems and supply high technology services and solutions to the healthcare and life sciences industry exclusively.

With decades of business, technology and strategic planning expertise, PERSEID Software is in the business of ensuring that technology solutions, particularly software solutions, are introduced into new markets successfully.

For more information about this report, contact Cindy Ohlman at 617-630-1334, or cohlman@healthtech.com.

http://www.chireports.com/