Is Master Data a Controlled Substance?

By on

Click to learn more about author Frank Cerwin.

I recently engaged on a project to design a Master Data Management (MDM) solution for pharmaceutical products.  As my knowledge of the subject area developed, I began to see how the degree of Data Governance applied to pharmaceutical products is also applicable to all types of Master Data domains.  Prescription drugs are used to treat diagnosed illnesses and debilities.

Strong governance is put in place to ensure the drug is safe, administered properly for the correct indication (purpose), and is not abused.  A MDM program is often prescribed as a treatment for defective data that resulted in debilitated business processes.   Data defects can be caused by poor quality or from an inappropriate fit to the business purpose that it was applied to.  Additionally, like a drug, Master Data can be abused.  Government entities, industry organizations, and corporations create governance policies, standards, procedures, and adjudication for drugs as well as Master Data to avoid or remediate these issues.

Achieving Master Data Quality can be a challenge since it is often sourced from a number of enterprise applications and third parties outside the direct management of the MDM program.  A lesson can be adopted from the pharmaceutical industry where the U.S. Food and Drug Administration (FDA) has well-documented procedures to ensure uniformity and consistency of inspections of a drug manufacturer’s data, procedures, and methods.

Procedures include performing sampling to detect inferior product.  This degree of inspection can be applied to Master Data when it’s being selected as a MDM program source as well as on a continuous basis to ensure that it maintains the required level of quality.  A respected MDM program will detect problematic data, immediately engage with the source to remediate the issues, and notify the MDM downstream subscribers about the data issues and the action plan.  Traceability, accomplished through documented lineage, and adjudication procedures from data creation to disposal provides assurance to MDM subscribers that the data they receive can be trusted and safe for use.

Additionally, drugs are tested for their efficacy in the U.S. as part of the responsibility of the FDA Drug Efficacy Study Implementation (DESI).  DESI rates drugs on a scale from safe and effective to less than effective for their intended medical indications.  A MDM program must accomplish the same objective.  Prior to a MDM program being in place, I’ve observed Master Data sources being chosen based entirely on XML tag names without any other metadata being scrutinized.  Master Data, like a drug, must be appropriate for the purpose to which it is applied to truly be effective even when all other quality dimensions are satisfied.

Therefore, well-defined and accurate metadata is a critical component for both Master Data and drug production.  In addition to an enterprise’s MDM program, industry organizations can improve effectiveness, such as GS1 which provides standards to reliably recognize and share supply chain product and location Master Data across organizations.

In the U.S., specific drugs are categorized by the Drug Enforcement Administration (DEA) into five categories or “schedules” according to their recognized health benefits, risks to users and likelihood for non-medical use.  Categories range from Schedule I drugs that are defined as drugs with no currently accepted medical use and a high potential for abuse to Schedule V drugs with the lowest level of dependence.  Obviously, schedule I drugs must have the strictest controls.

Master Data classifications are similarly based on the levels of benefits, risk, and likelihood of misuse.  Typical classifications assigned to Master Data from highest to lowest risk are “highly restricted”, “internal confidential”, “personal”, and “public”.  The U.S. government’s Health Insurance Portability and Accountability Act (HIPPA) and the European Union’s General Data Protect Act (GDPR) are two examples of governance established to protect Master Data from abuse of personal health information (PHI) and personally identifiable information (PII) respectively.  Based on its risk rating, Master Data is protected using technologies such as encryption, masking, access restrictions, and usage agreements.

Should Master Data be governed as a controlled substance?  Absolutely.  That is the purpose of the MDM program.  To ensure quality, fitness for the purpose where it is applied, and prevent it from being intentionally or inadvertently misused.  Maybe Master Data should come with its own warning label – “May cause rash business decisions and severe financial discomfort if not managed and used as directed.”

Leave a Reply