Over the last 3 years, I have come across several initiatives from life sciences companies to revisit their Drug Safety system strategy, in line with the trend of evaluating their options with other IT systems, on whether they should continue to host and support these systems on-premise or move to cloud. We all have witnessed a major shift towards Cloud Computing and Software-as-a-Service (SaaS) model, Drug Safety is no exception. The challenge with this strategy is that it needs a dramatic shift in the traditional thinking that prevails in the industry in terms of people, process and technology. What I mean by that is:
- People should understand that once the system is hosted by an external partner, the way the business and IT teams within the sponsor organization interact with the support teams will change dramatically. For example, they may not be able to pick up the phone and call a Mr. John Doe at the last minute to get their product/license configured in the safety system to support the launch of a new study.
- Processes, both business and support, should be changed to reflect the new model and ensure seamless transition and steady state support to ensure the business operations are not impacted. For example, if you are engaging a new partner in a new market to support your clinical study you have to engage the service provider so you plan and support the onboarding process in time.
- Technology should be brought in to accommodate such change and ensure business continuity, system performance and transparency in service delivery. For example, tools should be made available to not only monitor the performance of the system and process but also to continually review and improve the performance.
You may argue that these are required for any transition from “On-Premise” model to “SaaS/Hosted” model. My answer would be YES, but the regulated clinical research world adds additional emphasis on getting it right the first time and ensuring that every aspect is validated and in compliance with the regulatory requirements of various agencies across the sponsors markets. I want to list some key items that would be useful to sponsors, in evaluating Drug Safety System hosting partners.
- Domain Expertise: The first and foremost criterion is “how much does the partner know about Drug Safety?” You cannot go to run-of-the-mill hosting partner and expect them to understand your business processes and host the system in compliance with the regulatory requirements
- Hosting Expertise: Have they hosted a safety system for any other customers? If not, have they hosted a system that requires validation and should comply with regulatory requirements? Will it be a “Multi-tenant” environment? If so, do they have experience facing audit for such a setup as my data may be hosted along with my competitors? How do they ensure Data Privacy and Security? Does their system support Single Sign On (SSO) or do my users need a separate login to access the system, which could be disruptive to business
- Hosting Location: Where are they hosting my data? Some countries do not allow safety data of patients to reside on foreign soil for obvious reasons. What arrangements do they have from a Disaster Recovery and Business Continuity perspective? How do they staff in case disaster strikes the main site? Do they move people or do they maintain minimal staff to support the secondary site?
- A-Team: Do they have the right people? If so, what are their qualifications? In my experience many sponsors look for references of the partner. That may not always be the right way to evaluate the partner because the staff that delivered the project for that referenced customer may not be with the organization anymore. Most service providers in drug safety space have small teams. Not all of them have bench strength to fully staff the engagement. However, it is critical that they have senior staff to seed the team and bring on additional staff as needed
- Processes: Do they have SOPs and WIs to get the new environment up and running faster but with little risk? Can they also provide case processing and aggregate reporting services? If so, what processes do they have in place? Do those processes meet our requirements? If not, how do we harmonize the processes?
- Total Cost of Ownership (TCO): It is essential that a decision of this criticality is financially viable too. Also, it is required to have a long term view of the cost associated with such a move. It is highly impractical to change your decision in short intervals of 1 to 2 years. You should be committed to a term of 3 to 5 years. If you are, then what is the total cost of ownership for such a commitment? Is the vendor transparent about all the hidden costs? If there would be increase in pricing, how predictable is it? Can we lock-in to a price now for 5 years? What discounts are offered? Can we tie in the payments to service performance? How about service credits?
- Viability: It is critical that the partner has a viable business model. Not just to fulfill your current needs, but your future needs as well. If you expand to new markets, would the partner have ability to support such a change? Do they have teams spread across multiple geographies?
- Cultural Fitment: You need a partner that fits, not just from a strategic and operational perspective but also from a cultural perspective. This arrangement is long term and both parties should look at it as a win-win proposition and should be committed to make it a success.
- Executive Commitment: Last but not least is the commitment the partner has to this business and more importantly to your service. What is their governance model? How does the escalation process work? Where is the executive team located? Are they a phone call away, if disaster strikes?
These are some of the aspects that I thought would be useful for some sponsors and vendors alike, to consider when selecting a partner for a drug safety hosted service. As always, appreciate your feedback and comments.
Building native applications for mobile devices is like building a ‘Client-Server’ application which was popularized in the 90’s and 00’s with the explosion of personal computers. While this trend leveraged the fact that an application can use the computing power of the client device and provide better user experience and performance. However, from a maintenance perspective this was a nightmare. I still remember the “DLL Compatibility” issues driving me and my team crazy when we were deploying these applications in an enterprise environment and having to update/upgrade the application frequently. It generated a lot of call volume to the support teams. Combine that with the lack of good collaboration tools and you have a perfect storm whenever there is a new release.
The reason I bring this up is that the web has changed this whole ‘Client-Server’ paradigm and drove the application development model to adopt web-based architectures. With respect to Mobile Application Development we are looking at another such paradigm shift where there should be more and more applications built using ‘HTML5’ based app development for mobile devices. Just as in the case of Client-Server apps, ‘Native Apps’ for mobile devices provide a lot of power for developers to build apps that provide better user experience and performance, but it is a maintenance nightmare and also tend to increase the deployment cycles. A ‘HTML5’ application that follows the “80-20” rule and uses 20% native code will provide greater flexibility by delivering almost all the advantages that a ‘Native App’ would. Plus, it also fits into the “Build Once Deploy Anywhere” model where the app can be deployed to multiple mobile devices (iOS, Andriod, Blackberry, Windows Mobile etc.) with minimal changes (to the 20%) of the native code (all the HTML5 code doesn’t need any platform specific changes).
This approach is being recommended by many analysts, thought leaders and vendors. It would be interesting to see how many developers adopt this approach and accelerate the shift in Mobile Application Development paradigm.
Apple has sold millions of iPads in the past 18 months. The adoption of the device in the market is phenomenal. This trend is reflected in Life Sciences & Healthcare industry as well. A mobile Health News article (2012: About 62 percent of physicians use tablets) puts the adoption of tablets by the physicians at 62%. Another report by IDC puts the Smart Devices sales exceeding the combined sales of laptops and desktops. All these trends are indicative of the rate of adoption of mobile and smart devices by the population in general. The healthcare and life sciences industries are no exception to this.
While the adoption is growing in general, the challenges and bottlenecks are numerous for adoption of the devices in an Enterprise/Business setting. To make this even more complex, consider using the tablets and smart phones in a validated environment to capture and manage personal health information of patients.
Some key questions to be asked while considering adoption of Mobile devices in a validated environment are:
- Will the device and application be considered a Mobile Medical Device?
- If so, what should we do to validate the application?
- What are the regulatory requirements and guidance from the agencies?
- Should we consider a native application vs. a web based application?
- If so, how does the validation activities and artifacts differ?
- Would the data be stored on the device or would it be transferred to the server as soon as it is captured?
- Should we make it available offline to enable usage without internet connectivity?
- What are the synchronization challenges?
- How do we handle identity management?
- How do we ensure data security?
While some of these questions are applicable to any enterprise mobile application, they are even more important to consider if the Mobile device is slated to be used in a regulated environment. For customers in the US, one key document to be considered as input, to answer some of the questions, is FDA’s DRAFT Guidance for Mobile Medical Applications.
mHIMSS Policy & Regulatory Implications Workgroup has provided a very good summary of how the guidance should be interpreted with respect to Mobile Medical Applications. You can read the summary here (needs registration).
FDA also provides more useful information on Mobile Medical Applications here.
I look forward to comments and insights into any specific experiences that you might have had with respect to developing Enterprise Mobile Applications in a regulated environment. These applications may or may not be companion applications to devices, but may fall under the MMA purview as defined in the guidance.