Spotlight on Compliance and Operations
Interview with Lindsey Cotterill:
Operations Director at Purdie Pascoe
An introduction to Lindsey
Lindsey, tell us a bit about yourself?
I started my career in the NHS, where I gained a deep understanding of different therapy areas and learned about the needs of healthcare professionals and patients. I then transitioned into healthcare market research, acquiring hands-on experience in both quantitative and qualitative research, which deepened my understanding of client and panel needs.
In my current role as Operations Director, I oversee and continuously improve our quality management processes, tighten up our GDPR and data protection and develop systems to ensure we provide the best solutions to our clients.
Outside of all things quality and compliance, what do you enjoy doing?
I enjoy walking my dog, Peggy, working on improving my Rubik’s cube time, and being ultra-competitive with ClueBox puzzles, Lego and Book Nook builds.
If you could have one superpower, what would it be, and why?
Universal Communication! The ability to communicate fluently with anyone and anything (humans and animals). It would be amazing to travel to any country and deeply understand different cultures. Plus, I’d love to know what my dog is thinking sometimes.
Lindsey’s Perspective - Deep Dive
Can you briefly tell us about the operations and compliance function at Purdie Pascoe?
Purdie Pascoe operates across two divisions: Primary Market Research (PMR) and Post Market Clinical Follow-Up (PMCF), each with distinct yet similar operational and compliance needs.
For both teams, it’s crucial to trust our panel suppliers and ensure we get the best respondents for our clients, focusing on respondent verification and data authenticity. We’ve developed stringent processes to protect data throughout the project lifecycle, adhering to GDPR regulations, market-specific guidelines, and governing body codes of conduct.
Our internal processes ensure smooth and efficient project management, aligned with ISO 9001 for Quality Management Systems. In the PMR team, which includes both quantitative and qualitative research, we’re expanding our artificial intelligence (AI) capabilities, bringing several key compliance considerations.
PMCF is vital in the medical device lifecycle, requiring alignment with the European Medical Device Regulation (EU MDR). As our PMCF data requires approval from Notified Bodies to maintain the device’s CE mark, it’s imperative that every phase of our process meets the highest regulatory standards.
Can you explain the key compliance regulations that impact healthcare market research and device regulation?
GDPR compliance is a top priority, especially when healthcare research involves personal data. We ensure all data is collected and processed lawfully, with explicit consent from participants. Our team adheres to British Healthcare Business Intelligence Association (BHBIA) guidelines, including Adverse Event Reporting, and complies with pharmacovigilance obligations.
For PMCF studies, we focus on EU MDR compliance, working closely with clients to align with MDR standards for Notified Body submissions. Several of our PMCF studies also adhere to the Physician Payments Sunshine Act for transparent reporting of payments to US physicians.
Additionally, Purdie Pascoe complies with HIPAA, GCP, EphMRA, ESOMAR guidelines, and relevant ISO standards. We also adhere to Loi Bertrand and Anti-Cadeaux regulations in France, ensuring transparency and ethical interactions with healthcare professionals.
What strategies do you use to ensure the security and confidentiality of data?
We work with an IT partner to ensure GDPR compliance and protection against security threats, including regular scans, patching, and proactive defences. We are certified under the Cyber Essentials scheme. All systems go thorough security vetting, with client data fully encrypted at rest and in transit, and respondent survey data anonymized where applicable.
Our comprehensive information security policies, including the Information Security Management Policy, GDPR Policy, and Data Loss Prevention Policy, are reviewed annually. Team members complete annual GDPR training and regularly review these policies. Suppliers undergo a stringent Security Assessment to demonstrate their data protection measures.
We also have two in-house Data Protection Officers overseeing data security and regulatory compliance.
As a company, how do you identify and assess compliance risks for projects?
For both market research and PMCF projects, our compliance assessment focuses on the type of data collected, determining if it will be anonymized or if respondents will be identifiable. We evaluate the markets from which data is collected, considering specific regional regulations (e.g., U.S. Sunshine Reporting, Loi Bertrand in France), and assess where data will be processed and transferred, ensuring EU/UK data is stored within the EU/UK. If personal information is collected from EU/UK respondents by clients based in the US or third countries, specific data agreements are required.
Each project includes a comprehensive GDPR checklist to address these considerations and identify any specific needs, such as a Data Protection Impact Assessment (DPIA).
How do you train employees and researchers on compliance issues and best practices?
All Purdie Pascoe team members are trained in compliance and best practices, including annual GDPR training from our Data Protection Officers to ensure compliance. We also complete annual BHBIA training on Legal and Ethical Guidelines in Market Research and Adverse Event Reporting. Our company security policies are reviewed annually to keep the team updated on current practices and standards. Additionally, we undergo client-specific pharmacovigilance training to meet unique requirements and adhere to relevant regulations.
What are the biggest compliance challenges in the industry?
The rapid advancement of AI in the industry presents significant compliance challenges. While AI can greatly enhance our work, it often involves handling personal information, making it difficult to align with GDPR. Ensuring data is collected and processed correctly is crucial. AI holds great potential, but we must carefully navigate compliance challenges to maintain trust and integrity in our work.
How do you manage quality control across the business?
Quality control is a top priority, guided by ISO 9001 principles. Our in-house Quality Assurance Officer reviews questionnaires, data, and deliverables to ensure accuracy and consistency. Panel suppliers also conduct Quality Assurance checks on respondents and collected data, maintaining reliable research outcomes.
We have established Standard Operating Procedures (SOPs) that standardise each stage of our research process, providing clear guidelines to ensure consistent methodologies across projects.
What most excites you about the work you do?
I love collaborating with every team member to ensure our projects stay compliant and well-organized. I genuinely enjoy organizing everything – not just at work!
Being involved in the ever-changing landscape of compliance is very rewarding. It allows me to help teams achieve their goals and ensure our clients receive the highest standards. Plus, there’s a certain satisfaction in a good checklist, and being in this line of work means I get to use a lot of them!