PharmaQuality.com
 
PharmaQuality.com Free Subscription: Enter a New Susbcription, Renew, Change Address, Cancel
   Google
 
www.pharmaquality.com Web
 
   
   
   
   
   
   
   
   
   
  Current Issue
  Media Kit
  Archive
  Industry Events
  Advertiser Index
  Contact Us
  eNewsletter
  Buyer´s Guide
   
   
   
   
   
   
 
 
 
Control or be Controlled: The time is now to take a hard, careful look at your record retention policy.
By Tamar M. June
 

When it comes to electronic record retention, there’s good and bad news. The good news is that electronic record retention tools and technologies give firms of all types and sizes unprecedented opportunities to improve their operational efficiencies, speed products to market, make regulators happy, and send black ink straight to the bottom-line.

The bad news is that electronic record retention tools and technologies are arguably more advanced than some of the strategies and best practices employed by companies to try and ensure all of those benefits. Worse, some firms commit the well-meaning mistake of trying to be safe by hanging onto every electronic record until their systems are so slowed down and clogged that it is hard to find the electronic records when they need them.

“FDA leaves it to the regulated company’s discretion to determine how long they should retain records and documents,” says Eric June, chief software architect at AssurX. “The FDA does not expect records to be retained forever.”

Develop a Well-Reasoned Program

Many firms have learned that the best way to approach record retention and compliance policies is to develop a well-reasoned program that balances the relative importance of an electronic record with the reality that saving everything all the time will actually make your records more cumbersome and less secure.

“Electronic record management is very important to our organization,” says Paul J. Fricke, senior quality scientist, compliance QA with Access Business Group (ABG), who uses Assurx’s CATSWeb for internal and external audit information among other workflow processes.

“Once an audit process has been completed and records have reached a certain age, our record retention policy requires the records/information to be discarded,” Fricke explains. “Without this ability, records would be retained past their business use and not be in alignment with our corporate policy.”

This way, ABG avoids wasting valuable database space and unnecessary exceptions to its retention policy. Bottom-line, firms can choose either to control or to be controlled by their records, experts agree.

“The impact of getting it right goes straight to the heart of the integrity and security of your operation,” says John McKenney, president of SEC Associates and co-author of “The ‘New’ Part 11 and Drug Development: A Q&A Reference Guide.”

The Bar Gets Higher

And the legal and regulatory bar for getting it right continues to get higher. In the financial arena, for example, the Securities and Exchange Commission (SEC) recently issued rules under the overarching Sarbanes-Oxley Act (SOX) that require accountants who audit or review an issuer’s financial statements to retain certain records relevant to that audit or review.

Looking at the huge healthcare industry, while the FDAs 21 CFR Part 11 electronic record requirements have eased the agency’s demands on electronic record retention, the agency has made it clear that if the electronic record has a direct impact on patient safety or product efficacy, that electronic record had better be accurate, defensible and accessible in a timely manner.

SOX has perhaps raised the most awareness of the importance of wise electronic record retention policies.

“It is very important for senior managers to understand the new implications of SOX, says attorney Guy Lander, author of “What is Sarbanes-Oxley?

He notes that current and future requirements of the Act mandate that the company gathers information, evaluates it and reports it in a timely manner to the SEC and financial markets.

The importance of document retention and management programs will continue to grow at least as fast as the use of technologies including BlackBerrys, instant messaging and countless others expand.

Firms in most industries must consider the following electronic record-related issues:

• The importance of developing and adopting electronic record retention policies given the growing scrutiny of e-mail trails and files of information as potential electronic evidence.

• Sensible policies and plans regarding electronic evidence issues should be commonplace and yet still aren’t even in many Fortune 500 companies. However, you can learn from other corporations that are taking this seriously. For example, Lander applauds Pfizer’s leading-edge compliance work, including its decision to put a detailed corporate governance document on its Web page. 1

• Intermingling of important and unimportant documents. At too many companies, little distinction is made between confidential and non-confidential information. When attorneys are trying to determine what is considered privileged information in high-stakes litigation, the computer forensics team needs to sift through information with a fine tooth comb to ensure that privileged information is not inadvertently handed over to the opposing team of attorneys.

• Intermingling of business and private use. Employees often use business computers for private use; a trend most analysts and HR experts suggest is only going to increase. In the same way that privileged information is intermixed with regular information and needs to be sifted out, so too does private information.

• Lack of distinction between disaster recovery back up and business archiving. Disaster recovery is meant to enable a corporation to get up and running in the two or three days after the disaster occurs. Business archiving is for the long-term and is important for regulatory obligations (e.g. broker-dealers must keep all client communications for seven years). Most corporations save absolutely everything, to cover for disaster recovery, and then regard that same mountain of information as their long term business archive.

• Back-up systems that cannot easily be restored. All too often, corporations update software and hardware with little regard to their existing back-up collection. Once faced with litigation, corporations are then obligated to pay for the cost of restoring and/or recreating data from an old legacy system.

Be Proactive

Don’t wait any longer, say compliance attorneys Laurie Miller, Scott O’Connell and J.P. Ellison with Nixon Peabody LLP. If you haven’t already done so, they say now is the time to re-evaluate your company’s document retention policy.

Be prepared. You may not like what you find, many experts suggest.

“Companies in highly litigious and/or regulated industries are generally aware of the importance of strong electronic record retention programs,” says Mark R. Kindy, senior managing director of the forensic and litigation consulting practice with FTI Consulting. “Those companies are looking at this on a proactive basis.”

But companies in other industries – perhaps because they have no regulators or laws breathing down their necks – have generally given their record retention programs short-shrift in terms of budget and personnel.

“Getting it right transcends any regulatory climate,” says McKenney. In FDA-land, the old joke is that you don’t have to worry about electronic record retention as long as you don’t care about the security and integrity of your records. Even if your industry does not have such strict laws or rules, do you want to operate in a way that minimizes your performance and leaves you vulnerable to lawsuits or other charges of negligence?

“Document retention plans are no longer safely delegated to file clerks or facilities managers,” say Miller, O’Connell and Ellison. “Untimely document destruction can have serious consequences for individuals and corporations, including, but not limited to criminal liability.”

Attorney Robert H. Feigenbaum, managing director of the forensic and litigation consulting practice with FTI Consulting, and founder and former president of U.S. Legal Solutions, a pioneer in delivering proactive solutions for corporate counsel to manage e-mail, electronic records and other e-discovery issues, says leading edge firms “understand the value of having quick access to their electronic records, including backing up tapes for archive purposes.”

Ironically, the relative inexpensiveness of some electronic record storage solutions might end up costing companies more money and worry in the future.

“Storage is so cheap that for some firms it adds to their inertia,” Feigenbaum says. “Lacking a clear policy, these firms are afraid to get rid of anything. Consequently, they keep more electronic records than necessary and make it next to impossible to find and utilize those electronic records they truly need.”

The time is now to take a hard, careful look at your record retention policy. The good news is that you don’t need to save everything. Instead, if you ask the right questions and make the technology work for you, you’ll save money and many headaches by keeping the records you need and confidently getting rid of those you can more efficiently do without. n

References:

1. http://www.pfizer.com/are/mn_investors.cfm.

Tamar M. June is vice president of Strategic Marketing at AssurX, Inc. (Morgan Hill, Calif.). Reach her at 408-778-1376, ext. 705 or tamar@assurx.com.
 
 
     
     
 
 
   
 
 
 
 
 
 
 
 
   
Visit our other publications:
www.foodquality.com www.contamination-control.com
           
  Contact Us Archives For Advertisers Privacy Policy Subscribe    
Carpe Diem-A Wiley Co., 111 River Street, Hoboken, NJ 07030