The first article in this five-part series on addressing unique device identifier compliance provided an overview of unique device identification. We discussed the four core compliance requirements along with the anticipated benefits of regulation, from the primary objective of improved patient safety and care to the numerous business benefits to be gained by many in the medical devices industry. Then we identified data challenges likely to be faced by organizations required to comply and we introduced enterprise information management as a valuable approach for tackling those data challenges.
This article starts with a discussion of why EIM should be employed by organizations tasked with UDI compliance. We then dig deeper into an essential foundational element in any EIM program — data governance — and apply this discipline to the specific data challenges associated with compliance.
The Importance of EIM to UDI Compliance
Recalling some of the data challenges an organization may be faced with in preparing for and achieving UDI readiness, we have:
- Initial gathering of required device and packaging attribute data, which will likely originate from multiple information systems and sources with some data possibly still only available in hardcopy form.
- Integrating UDI data into existing information systems.
- Cleansing and rationalizing UDI data to ensure accuracy, completeness and consistency.
- Creating a streamlined and efficient data submission process.
- Maintaining UDI data and GUDID records on an ongoing basis.
- Establishing, implementing and training employees on UDI data policies, processes and standards.
To address these and other UDI challenges, organizations need to create and implement an EIM strategy. Employing an EIM strategy ensures that device and packaging data needed for compliance is available, accurate, complete, consistent and secure and that it both conforms to standards and is properly consumed by other systems . Such a strategy guarantees that device data is managed and governed based on having the right organizational participants, technology and data policies, processes and procedures in place. It also guarantees that there is control over the structure, processing, delivery and usage of that data. And, it ensures that stakeholders all along the supply chain — from partners and distributors down to end-users — can trust the data.
With respect to UDI compliance, the components of EIM that are most relevant, and that will be the focus of the remainder of this and the subsequent articles, are:
- Data governance
- Data quality management
- Master data management
The Role of Data Governance in UDI Compliance
As depicted in Figure 1, data governance is the organizing framework for establishing the strategy, objectives and policy for effectively managing corporate data. It consists of the people, processes and technologies required to manage and ensure the quality, availability, usability, integrity, consistency, auditability and security of data.
In the context of UDI compliance, where it is important for required device and packaging data to be accurate, complete, rationalized, accessible and, as needed, properly formatted, it is clear that data governance can and should play a key supportive role. In fact, the potential impact it can have on compliance is evident within each element comprising the data governance framework.
Strategy: Data governance strategy encompasses the vision, mission, objectives and guiding principles of the data governance program. Most importantly, it articulates how governance aligns with and supports the business strategy. When UDI compliance is an organizational priority, data governance strategy explicitly and proactively focuses on governing the data elements needed to facilitate compliance.
Organization: Data governance employs a centralized, yet virtual, structure to manage and execute data standards and controls. It leverages collaborative decision-making across business departments and IT to create and set the policies that ensure data availability, accuracy and security. This collaborative, cross-functional approach also creates an enterprise-wide culture of accountability with respect to data quality and usage that is essential as an organization addresses UDI compliance.
Policies, Processes and Standards: Data governance can play an important role in the creation, implementation and enforcement of policies, process and standards. It can, for example, drive the adoption of data standards such as GS1 or HIBCC within an organization. In the context of UDI compliance, data governance can:
- Assist in reaching agreement on device data definitions and associated attributes.
- Help in managing changes to device data and how data changes are proliferated across systems and departments.
- Encourage accountability for the accuracy of device data needed for device classification and required for submission to the GUDID.
Measurement and Monitoring: Commonly, data governance establishes processes and requirements for measuring data quality, usage and accountability. This measurement can extend to UDI compliance as well. The data governance program can serve as the data monitoring function for the UDI compliance team to ensure data accuracy, completeness, auditability, traceability and continuous process improvement.
Technology: The same technology functions and deliverables important to any data governance program can be extended to assist with UDI compliance. For example:
- Data flow diagrams produced by the governance team can help the UDI team understand where the necessary data is located, transformed and updated.
- Established audit trails can be leveraged for security and proof of compliance for UDI.
- Existing (or the creation of) master data programs for product data consolidation can optimize submission of device data to the GUDID.
Communication: Just like a well-executed communication plan is a critical success factor for data governance, it is also extremely important to the efficient and effective implementation of a UDI program. The UDI program can piggyback on the governance plan, leveraging the communication channels and structures to educate employees on the priorities, accomplishments and importance of UDI. UDI data requirements can be incorporated into the training created for data management and governance to ensure every employee understands their involvement in compliance.
Change Management: With any new program comes some level of change. Similar to the way a UDI program can annex the communication components of governance, it can also take advantage of the plan, approaches and implementation process involved in change management to ensure that adherence to UDI becomes a new operational norm.
Data governance provides a structured approach to managing changes to core, shared business data. Without a governance program in place, the organization runs the risk that the changes initiated during the course of UDI compliance will negatively impact the quality, accuracy, usability or availability of the data used by the rest of the organization. Conversely, a solid governance program can facilitate the data, process and application changes needed to comply with unique device identification. It can also accelerate an existing UDI initiative.
If your organization already has a data governance program in place, it can be leveraged and a similar approach taken in addressing UDI compliance. If your organization currently lacks a data governance program, establishing such a program for UDI compliance can serve as the launchpad to an enterprise-wide data governance initiative.
The next article will reveal the critical importance of not just maintaining but proactively managing data quality on the path to successful UDI readiness.