Case Study: Making Compliance Comprehensible
By Joseph A. Horvath
A pharmaceutical company finds ways to turn required documentation into tools for improving how work gets done.
Because of their potential to affect human health, biopharmaceutical companies are highly regulated. Among the regulations with which they must comply are those that set standards for conducting laboratory studies, clinical trials, manufacturing, and associated processes. These regulations are often referred to as good practices.
A hallmark of compliance, in any field, is control. By demonstrating control of its good-practice operations, a company shows that it is able to comply with applicable regulations in a systematic way. This requires that they document their processes and standards, train qualified people to carry them out, monitor performance continuously, and take corrective action when needed. It also requires that a company document that all these things took place. These dual imperatives are captured in two, oft-quoted maxims:
- Say what you do, then do what you say.
- If it wasn't documented, it didn't happen.
In response to these imperatives, biopharmaceutical companies have created information bureaucracies to ensure that the creation, revision, and dissemination of good-practice information is tightly controlled. New procedures are reviewed, approved, published, incorporated into training, periodically re-reviewed, expired, and archived. When those procedures are revised—as they frequently are—the process repeats. New employees are trained in the procedures in which they will participate, assessed on their knowledge of those procedures, and retrained at set intervals or for cause. When their responsibilities change—as they frequently do—the process repeats. Everything is documented and "inspection ready." Paper records are signed, dated, versioned, and stored in access-controlled archives. Electronic records are stored in validated software systems that capture electronic signatures and maintain "audit trails" of every addition, deletion, or change. With respect to control of compliance information, the biopharmaceutical industry has truly built a better mousetrap.
In principle, the mechanisms that confer control and demonstrate compliance should also help workers perform their jobs correctly and efficiently. Well-documented processes carried out by well-trained workers should ensure high performance. In practice, however, the manner in which compliance information is controlled can interfere with its effective access and use, a paradoxical and potentially dangerous situation. Managing procedures in highly controlled document repositories can discourage workers from consulting them frequently. Writing procedures in a way that addresses all possible regulatory objections can make them complex and difficult to read. Holding workers accountable to train (and retrain) in a large and frequently changing list of procedures can engender a "boxchecking" mentality in which learning is subordinated to simply staying caught up.
At Millennium: The Takeda Oncology Company, we believe that well-controlled information will not ensure product quality if it is not readily understood and used by employees. We are not satisfied with building a better mousetrap—we insist on actually catching mice (figuratively speaking, of course). To this end, we have undertaken a series of projects to simplify access to compliance information, to make that information clearer and more useful to workers, and to improve the quality of compliance training so our workers' training time is well spent.
Making Documents Accessible
As any quality-assurance professional will attest, it can be challenging to get employees (particularly experienced ones) to consult documented procedures regularly. As humans, we are prone to cognitive biases and may overestimate our own level of comprehension or fail to notice shortcuts and errors as they creep into our well-worn routines. These biases are at play in the workplace and can lead workers to neglect written procedures in favor of their own memories or memory aids. A classic example is the manufacturing operator who writes machine settings on his or her glove instead of walking across the suite to consult the standard operating procedures.
The challenge of getting workers to consult procedures is compounded by the loss of accessibility that can accompany strict document control. This loss of accessibility is subtle but cumulative in its effects. Controlled documents are more likely to be managed by a central group in a central repository, so paper documents are not as close at hand. Electronic documents are likely to be embedded in a more complex directory structure and within software systems that require separate user authentication. The printing and distribution of documents may be discouraged in order to minimize the availability of non-current versions. These impediments to access, when combined with employees' natural disinclination to consult procedures, can form a recipe for error.
At Millennium, we have moved aggressively to ease access to controlled documents while maintaining a high standard of control and compliance. We pressed our document management software vendor to make significant improvements to the user interface and have served as early adopters of the resulting product. This product features familiar and intuitive screen conventions, a Google-like search function, and a list of "Recent" and "Favorites" documents to allow users to quickly and directly access their documents of interest. With respect to paper documents managed in file rooms, we have enhanced our document-scanning capability so more documents can be accessed online. We are in the process of streamlining file-room records management. And we are actively looking at how the organization of information in our central, controlled document repository can be optimized to better suit the needs of multiple departments.
These changes to our document-control program have been well received but are really just the beginning. The potential of currently available technologies to deliver information at precisely the moment of need is largely untapped within the compliance space.
Making Documents Useful
Being able to access documents more easily will hold little value if those documents are not themselves helpful—both for learning and for ongoing reference. Unfortunately, many compliance documents fail to meet this standard, owing in part to the goals that led them to be created in the first place:
- To instruct employees on how to perform their work
- To demonstrate to regulatory agencies that a process is well thought out, under control, and compliant
In practice, the latter of these purposes often tends to dominate; controlled documents are written more for inspectors than for those who will be required to use them. Documents are often written in a formal style that values explicitness and exhaustive description over clarity and readability. They may be structured and formatted in ways that are not conducive to firstpass comprehension or rapid visual search. And they are often written by subject-matter experts who lack technical writing skills and are prone to overestimating the appropriate level of detail. In this light, it is somewhat vexing to hear the common lament that "people don't consult the standard operating procedures" as it seems to beg an obvious question: were they even written for them?
In 2009, we conducted an evaluation of our own documentation practices, focusing on their usefulness for purposes of learning and performance support. We reviewed research and best practices in the area of document design and readability. We conducted a close-reading and critical review of a sample of our controlled documents. And we interviewed employees regarding their experience with controlled documents and solicited suggestions for improvement. Our evaluation identified a number of opportunities for improvement that we are currently addressing:
- Improvements to our document templates to de-clutter, enhance readability, and provide embedded guidance for authors
- Establishment of a style guide along with writing-center support for document authors
- Allowance of employees to rate the value and readability of controlled documents via the company's learning management system
These improvements are still in progress, but feedback on prototypes has been very positive and has reinforced our commitment to reconciling the dual purpose of our documentation: to record how we do things and to actually do them that way.
Making Training Meaningful
Access to useful documents is not enough, of course. Employees need to understand them and, often, to acquire new concepts and skills. This is the realm of training, and its objective, from a compliance standpoint, is clear. Training must be sufficient to ensure all employees are qualified for the work they do.
Because employees in our industry work in a highly complex and interdisciplinary environment, there is a lot of training. Employees must be trained on companywide policies and on the use of enterprise systems. They must be kept abreast of regulatory expectations and current good practices in their areas of specialization. And they must be trained on the particular systems, procedures, specifications, and other concerns to which their jobs expose them.
To these are added several other drivers of training volume. Procedures are created and revised frequently, and each new or revised procedure must be incorporated in training. Healthauthority regulations require sufficient training to ensure ongoing qualification. This has conventionally been interpreted as a requirement for periodic retraining on all procedures (typically, every two years). Finally, it can be difficult to effectively target training below the department or group level, so training is sometimes assigned very broadly.
Given the sheer volume of training to be produced, companies struggle to deliver high-quality, meaningful training at the required rate. In the worst-case scenario, high training volume results in low training quality, and something has to give. Unfortunately, that something is learning. Employees may plow through a mountain of assigned training that delivers little value, and training becomes an exercise in "signing them off" on the relevant documents. The literature on good-practice training includes numerous examples—usually uncovered during inspection or audit—of employees who were trained on thirty or more standard operating procedures in a single day. Such cases demonstrate that learning has failed and that training has degenerated into a documentation exercise—a troubling and unacceptable state of affairs.
At Millennium, we place a high priority on training effectiveness and are working along multiple lines to both improve the value and lessen the burden of required training for our employees. We have developed a process of ongoing curriculum review to ensure that employees are assigned the training their role requires—neither more nor less. We have implemented a risk-based model to ensure the design of training materials and assessments is appropriate to the difficulty and risk inherent in a given procedure or subject matter. We are moving away from training employees on individual standard operating procedures and toward qualification-based training in which the procedures relevant to a given competency are taught via a single, tailored course. And we are increasing our use of job aids and other adjuncts to training. In interviews, our employees have expressed a strong preference for accessing information at the moment of need—rather than training on every detail then being expected to recall it months later.
These and other initiatives have begun to enable us to simultaneously reduce the volume of training and improve its effectiveness.
Beyond the Better Mousetrap
With the safety of their patients at stake, biopharmaceutical companies cannot be satisfied with building a better mousetrap. Validated repositories, process controls, and inspection readiness are not ends in themselves. Rather, they are means of ensuring that employees perform well: that they follow procedures, report problems, make good decisions. To do this, they must
- Truly understand the company's procedures and their quality-related obligations
- Have ready access to the information they need at the moment they need it
- Find that information to be useful to their purpose
The particular requirements of the compliance arena can make this a challenging standard to meet, but they certainly do not make it impossible. Unless we do so, as an industry, we will fail to satisfy the true intent of the regulations and, more important, we will fail to satisfy our obligations to the patient.
Joseph A. Horvath is the senior director of training and documentation at Millennium: The Takeda Oncology Company.