Take concrete steps to strengthen compliance

Beefing up compliance P&Ps

There are two major fears when it comes to a research organization having a potential compliance breach, and these are unpleasant findings during a regulatory audit and bad publicity.

Clinical research directors who wish to avoid both of these outcomes need to beef up their compliance programs, starting with a hard sell to institutional leaders, an expert suggests.

"Before you can get somebody to go along with your program and follow rules, you need to show them what is the added value for them," says Kristin West, JD, an associate vice president for research administration and the director of the office of research compliance at Emory University in Atlanta, GA.

"Show them the names reported in the paper, and show them how you have policies in place to deal with these problems," she adds.

Here are some suggestions for improving your compliance program:

1. Freshen up, improve standard operating procedures (SOPs).

Solid SOPs will help immensely with audits, monitoring visits, and compliance issues.

"Show FDA inspectors or monitors your SOP, saying 'This is our SOP, and this is how we handled the case,'" West says.

Then when the auditors or monitors respond positively to the site's SOP, share this outcome with staff, she suggests.

"So people understand why we wrote the SOPs and included these items in it," West adds. "They'll see that people actually do care about this."

Writing practical and strong SOPs is a first step.

"Take concrete steps to improve your compliance program, and once you have those steps in place, and they're successful then the next round is easier," West says.

2. Do a risk assessment.

CR directors and compliance officers should identify their biggest risk area and the probability of a problem happening in connection with this risk, West advises.

"Consider damages, including reputational damages, if something goes wrong in that area," she says. "After you pick one of these areas and say this is a huge area of risk, then you have to determine the concrete steps the organization can take to eliminate the risk."

West gives an example of an issue at Emory of having employees who were minors working in the laboratories.

"A lot of folks want to come here to get experience through a mentorship, or they have a friend who works in the lab, and they also want to pursue a career in science," West explains.

"This obviously is a huge risk area – having young people in high school working in the lab," she adds. "We want to encourage it because this is an educational institution, and we want young people interested in these careers."

But it's the university's responsibility to make certain these underage staff/students are safe while they're at the institution.

This required a concerted effort to improve policies and procedures involving both the lab and handling minors who are working for the institution.

3. Have a group assist in identifying risk.

A thorough risk assessment might require a group effort.

For instance, an organization could form an oversight committee or a forum to discuss research risks.

"Fortunately at Emory we have a very nice forum for doing that, an enterprise risk management forum," West says. "Each year we look at the various risks to the institution across the board, and we prioritize those risks and have risk process [managers] who come up with corrective action plans to address those risks."

Emory's forum is well attended by institutional presidents, executive vice presidents, risk management staff, and general counsel, West says.

Risk process managers are responsible for reporting back to the forum whether a particular action worked, she adds.

"It's so high level, and you have vice presidents taking time out of their day attending these meetings, so people realize it's important and put it at the top of their to-do list," West says.

4. Include all stakeholders in developing a corrective action plan.

Look at the whole area and think about who should be involved, West advises.

For the laboratory and minors example, stakeholders would include the environmental and safety unit staff, as well as academic units that run programs for high school students and mentoring programs, West says.

The environmental and safety unit staff, for instance, are responsible for getting lab staff their personal protective equipment and training in using it.

"We have insurance and risk management folks who are big stakeholders, and we have a general counsel office there because you need a certain amount of legal language," West says.

For a risk that involves university students, another stakeholder might be staff from the campus' student union or campus life program.

5. Delegate and ask for help.

"If you have a group working on this you can delegate tasks, asking if anyone is hooked up with any groups or list serves where they could email people for ideas of how to handle the risk area," West suggests.

Also, an Internet search might reveal ideas and solutions.

"You should delegate this to different members of a stakeholder group, and then have a meeting and come back to develop policies and procedures," West says.

One strategy is to appoint one person to be the draft person who will take the information collected and then write a draft to be shared for feedback, she says.

"You take ideas from the meeting, and a lot of times at our university, we have a template we use for all standard university policies, so you know if you want a policy adopted that it has to have these particular elements," West explains.

When a policy is created or another type of solution is found then it will need to be approved by upper level administration, she says.

Since all stakeholders were included in discussion of the risk and solutions, the top administrators will know that all necessary staff buy-in already has been obtained, she adds.

6. Communicate and train staff on new policies and procedures.

"You will need to communicate policies to staff and train people on what they need to do," West says. "This could be done in a meeting with administrators at different departments, through posting information on Web sites, and by going to faculty meetings."

The key is to make sure all staff involved with handling issues related to the risk area are aware of how they should handle the situation under the new policies, she adds.

Typically, a new policy will include a follow-up protocol that lists who is responsible for this policy.

"That owner is responsible to make sure the policy is working, and the owner should come up with an auditing and monitoring plan," West says.

In the example of how the institution could handle having minors in the lab, the owner of the policy was the environmental health and safety department, she notes.

"They provide follow-up on questions regarding the policy, looking at various protocols to see who is working on them," West says. "They also conduct physical lab inspections and see first-hand who is working in that lab and whether lab employees are wearing personal protective equipment."