Author: Jeremiah Genest

Quality professional with over 20 years of experience. Gamer and storyteller with forty years of practice.

Brain-Friendly Principles for Document Design

Whether creating Work-as-Prescribed in our documents, or Work-as-Instructed in our training materials, it is important to consider good cognitive practices. If we start from two principles we quickly can start doing some amazing things.

  1. Organize resources so it’s easy to understand. Reduce cognitive load by breaking information down into small, digestible chunks and arranging them into patterns that make sense to the individual. Always start by giving an overview so individuals know how all the smaller chunks fit together.
  2. Use visuals. The brain has an incredible ability to remember visual images so you must exploit that as you look for ways to reinforce key learning points. Create tools that are primarily visual rather than word-based. Use images in place of text (or at least minimize the text). Use videos and animations to help people understand key concepts.

We can drive a lot of effectiveness into our processes by structuring information to make complex documents more transparent and accessible to their users. Visual cues can provide an ‘attention hierarchy’, making sure that what is most important is not overlooked. People tend to find more usable what they find beautiful, and a wall of text simply looks scary, cumbersome, and off-putting for most people. I am a strong advocate of beauty in system design, and I would love to see Quality departments better known for their aesthetic principles and for tying all our documents into good cognitive principles.

Cognitive Load Theory

Cognitive load theory (CLT) can help us understand why people struggle so much in reading and understanding contracts. Developed by John Sweller, while initially studying problem-solving, CLT postulates that learning happens best when information is presented in a way that takes into consideration human cognitive structures. Limited working memory capacity is one of the characteristic aspects of human cognition: thus, comprehension and learning can be facilitated by presenting information in ways minimizing working memory load.

Adapted from Atkinson, R.C. and Shiffrin, R.M. (1968). ‘Human memory: A Proposed System and its Control Processes’. In Spence, K.W. and Spence, J.T. The psychology of learning and motivation, (Volume 2). New York: Academic Press. pp. 89–195

Structure and Display

Information structure (how the content is ordered and organized) and information display (how it is visually presented) play a key role in supporting comprehension and performance. A meaningful information structure helps readers preserve continuity, allowing the formation of a useful and easy-to-process mental model. Visual information display facilitates mental model creation by representing information structures and relationships more explicitly, so readers do not have to use cognitive resources to develop a mental model from scratch.

Leveraging in your process/procedure documents

Much of what is considered necessary SOP structure is not based on how people need to find and utilize information. Many of the parts of a document taken for granted (e.g. reference documents, definitions) are relics from paper-based systems. It is past time to reinvent the procedure.

Adapting and Experimenting – the Role of a New Quality Leader

I think a common challenge is how do we as a new quality professional joining an organization replicate the same success we have had in past roles

Quality requires a support structure, and I think it is easy to underestimate the impact of the absence, or the lack of, that structure. Just parachuting quality professionals into different organizations where they are left without the scaffolding they’ve implicitly grown to expect and depend on can lead to underperformance. Some adapt, of course, but others flounder, especially when hired with daunting short-term expectations, which can often be the case in organizations looking to remediate gaps in a fast way. I think this is only exacerbated as a result of the pandemic.

Culture can have a steep learning curve and being able to execute requires being very well-versed in the culture of an organization. You have to know how your organization works in order to get it to work diligently like a well-oiled machine to execute the higher-level quality vision.

Learning the culture doesn’t mean simply parroting the oft-repeated mantras received during orientation, but truly internalizing it to an extent where it informs every small decision and discussion. At the best of times, that’s difficult and takes time, particularly as there isn’t usually a single monolithic culture to learn, but myriad microcultures in various different parts of the organization. Doesn’t matter the size, this is a challenge.

In the worst case, where an organization has a culture diametrically opposite to that of the previous workplace, “learning the culture” also requires un-learning almost everything that led people to get to their current level in the first place. The humility to strive to turn themselves into the leader the organization truly needs, rather than the leader they’ve grown to be over the past years, is a hard one for many of us. Especially since we are usually brought on board to build and remediate and address deficiencies.

To be a successful agent of change one has to adapt to the current culture, try experiments to accelerate change, and do all the other aspects of our job.

This is hard stuff, and a part of the job I don’t think gets discussed enough.

Metrics Plan

A Metrics Plan describes how an organization intends to establish, implement, fund, collect, analyze, and report metrics. A Metrics Plan:

  • Ensures that the correct metrics are collected
  • Ensures that metric analysis and reporting meet all stakeholder needs
  • Ensures that adequate and appropriate resources (e.g., funding, personnel, tools) are available to properly perform metrics implementation, collection, and ongoing support.
  • Ensures that appropriate change management activities are undertaken

This is one of those that can be done at several levels, and it usually has several cuts, from a top-level strategic document to the process owner level to potentially deeper cuts lower in the organization. I am a big fan of each process owner owning their parts and it passing up.

This plan is a critical feed-in to quality management review.

A typical structure of a Metrics plan includes:

  • Strategy
    • Rationale and Desired Outcomes
    • Metrics Framework
    • Success Criteria
  • Implementation Plan
    • Steps, Timelines & Milestones
    • Resources
    • Governance
    • Communication
    • Training
  • Specific Metrics
    • Outcome Mapping
    • Outcome Action Plan
    • ROI Evaluation
    • Routine Analysis & Improvement Evaluation
    • Retirement Plan
  • Data Collection
    • Data Sources
    • Data Flow
    • Resources
    • Reconciliation
  • System & Technology
    • Data Visualization
    • Support
  • Communication Plan
  • Sustainability Plan

Requirements on Privacy in Clinical Trials

Been thinking a lot recently of privacy in regard to clinical trials. As you do, I started with gathering some requirements together. Here is what I have:

Brief Standard IdentifierDescription of Industry StandardRegulation/Guidance/ Source
Subject Identification in Data SystemsThe business has SOPs to ensure that data collection instruments and databases utilize an unambiguous subject identification code that allows identification and linkage of all the data reported for each subject. Data tools and systems do not contain personally identifiable information, except the unique subject identification code to link data across the study.GCDMP – Data Privacy; ICH 5.5.5
Patient Diaries ReviewThe business has and utilizes SOPs to ensure that the Investigator site personnel review paper-based patient diaries prior to sending the diaries to Data Management to confirm that no personal identification information is present.MHRA 8.2.7
Confidentiality of Subject RecordsThe business utilizes formal procedures and practices to ensure that the confidentiality of records that could identify subjects is protected in accordance with the applicable regulatory requirement(s).ICH 2.11
Informed Consent Prior to Data CollectionThe business has a process to establish expectations with the site and confirm that informed consent is obtained from every subject prior to clinical trial participation and prior to processing clinical data. The process should provide direction for withdrawal and revocation of consents.ICH 2.9, 4.8.8, 6.5.3 21 CFR 50
Privacy and Personal Data Protection PolicyThe business has a Privacy and Personal Data Protection Policy and a Chief Privacy Officer/ Data Protection Officer to ensure compliance with EU GDPR and other country, local, and Independent Ethics Committee-required privacy, and data protection practices.US HIPAA EU 1995 Data Protection Directive 1995/45/EC EU GDPR 2016/679 Japan 2016 Act on the Protection of Personal Information- US Privacy Act
Privacy and Personal Data Protection Documented PracticesThe business has documented procedures, standards, documentation requirements, and responsibilities for defining and ensuring confidentiality, protection, and security of personal data (including but not limited to employee, client, investigator, and patient data) and applying Privacy by Design requirements into procedures that include: definitions of personally-identifying information descriptions of personal information collected the purposes for which it is collected the lawful basis (in the EU) for its collection/use the types of persons to whom it will be released the countries to which it may be transferred privacy and security safeguards the rights of individuals with respect to their personal information compliance monitoringUS HIPAA EU Data Protection Directive 1995/45/EC EU GDPR 2016/679 Japan’s Law Concerning the Protection of Personal Information – 2005; Japan Act on the Protection of Personal Information- 2016
 The business has documented procedures, standards, documentation requirements, and responsibilities for conducting Privacy Impact Assessments, including when they are implemented, or documentation regarding why they are not applicable.EU Data Protection Directive 1995/45/EC EU GDPR 2016/679
Personal Data Processing, De-identification and PseudonymizationThe business has documented procedures, standards, documentation requirements, and responsibilities for enhancing privacy and protecting personal data, both at the time of determining the means for processing data and at the time of actual processing, by adherence to the data minimization principle (i.e., ensuring that only data needed for a clinical trial are collected from clinical trial subjects’ records), encryption at rest and during transit, de-identification and pseudonymization.   Where pseudonymization is deployed, the business has appropriate technical (e.g., encryption, hashing, or tokenization) and organizational (e.g., agreements, policies, privacy by design) measures in place to separate pseudonymous data from identification keys.EU GDPR 2016/679
Personal Data Capture and Data Flow ProceduresThe business has written procedures for documenting the data flow for the organization/for individual projects. The data flow comprises what personal data the organization holds, where it came from, and with whom they share it.EU Data Protection Directive 1995/45/EC EU GDPR 2016/679
Individual Privacy Notice or ConsentEnsuring that individuals are informed of all required privacy provisions in Privacy Notice or Consent, including: their right to confirm if and how their data are processed, including the right to object to (or limit use of) processing and the right of erasure; plans for data retention; the right to receive a copy of their personal data and to have them transmitted to other organizations; and the complaint process.US HIPAA EU Data Protection Directive 1995/45/EC EU GDPR 2016/679
Support for Personal Data Subject RequestsReceiving, processing, and responding to Personal Data Subject Requests submitted by Data Subjects per their rights under GDPR, and/or assisting the Client to fulfill Client’s obligation to do so: right of access right to rectification restriction of processing erasure (“right to be forgotten”)data portability objection to the processing, or the right not to be subject to automated individual decision makingEU GDPR 2016/679 Directive 1995/45/EC
Privacy and Personal Data Breach ProceduresDetecting, reporting, and investigating personal data breaches, and communicating confirmed data breaches to impacted parties within timelines dictated by applicable regulations (72 hours for regulatory authority reporting) and agreements. Sponsor will be notified of any data breach in association with sponsor projects, including breaches at subcontracted vendors, according to pre-defined timing.EU Data Protection Directive 1995/45/EC EU GDPR 2016/679
Privacy and Personal Data Protection TrainingThe business trains all individuals who have access to personal data on the policy and practices that ensure confidentiality, protection, and security of personal data.EU Data Protection Directive 1995/45/EC EU GDPR 2016/679

International Worker’s Day

Sunday is May 1st, International Worker’s Day. Last year I wrote “Drive Out Fear on International Workers Day“, which is definitely as true today as when I wrote it.

Drive Out Fear on International Workers Day
May 1st is International Worker’s Day

This weekend I’m snuggling up with Breaking Things at Work by Gavin Miller, and hope to have a review for Sunday, as well as some thoughts on just why the Luddites were right about why folks hate their jobs, and if there are lessons to learn in this new phase we are entering into of virtual and hybrid work.

Here’s a great interview with Gavin Miller from On The Media

Lessons from the Luddites” from On the Media (10Dec2021)