Atlanticbt.com

Search Get in Touch Menu
October 27, 2016

How to Innovate in a Highly-Regulated Environment

capabilities covered
eCommerce Integrations BigCommerce Shopify Magento Software Development

ABT helped Mutual Drug navigate a highly-regulated environment to provide a modern, user-friendly application which met and exceeded industry standards. Here’s how.

Needed: A Secure and Streamlined Ordering System

Pharmacists and pharmacy managers must maintain an inventory and order replenishment stock, just as any business selling physical products. However, pharmacies have the additional challenge of meeting the regulatory requirements of dealing with controlled substances (drugs that require a doctor’s permission to use). Specifically, any electronic ordering system they build or use must be compliant with the Controlled Substances Ordering System (CSOS) requirements of the Drug Enforcement Administration (DEA). This basically requires pharmacists to digitally sign orders for controlled substances in order to verify the authenticity of the order.

Atlantic BT’s client, NC Mutual Drug, is a pharmaceutical distributor with $1.2B+ in B2B volume. Their existing system, while CSOS-compliant, was cumbersome to use and required logging in and navigating two different systems. The client tasked us with designing and building a new system that was secure, highly available, fault tolerant, fully compliant with CSOS requirements and, most importantly, simpler and faster to use than their previous system. Achieving these objectives made it easier for the client’s customers to place small orders more frequently, thus reducing the need for bulk orders and product stockpiling.  

Performing 11 Validations without Losing Your Mind

Conceptually, the technical challenge was straightforward: enable the standard required use of Public Key Infrastructure (PKI) to manage a system of digital signatures which could then be used to encrypt and ensure the authenticity and security of orders for controlled substances. This kind of technology is often integrated with web applications to facilitate the secure electronic transfer of information for a range of activities such as e-commerce, internet banking and confidential email.

Straightforward, however, did not mean simple—we had to design, build, and test a robust, scalable, secure system that would perform eleven validations for each transaction, yet be simple and efficient for the user. After working closely with the client to understand all the usability and functional requirements, we proposed a design to meet their needs.

Following the Rules, Even When They’re Old

The real challenge was to implement this standard in a way that was efficient and intuitive yet compliant with standards written over a decade ago (and hence technologically outdated).

Making matters even more complicated, the detailed requirements of implementing a CSOS-compliant system are scattered over 300+ pages of over a half-dozen government documents. On top of that, the final system would have to be certified by a 3rd-party auditor. Given the dispersed requirements and 3rd-party verification, development of a compliant CSOS system could become a very long, expensive process if not managed carefully.

We needed to design a more modern web application which would perform both the client and server actions on a consolidated platform—while satisfying standards written more than 10 years ago. 

Solution: Communicate, Iterate, and Evaluate

To resolve any open questions, early in the process we contracted with an established 3rd party CSOS auditor to evaluate the application. Atlantic BT worked closely with the auditor to share documents and information so they could provide feedback on the development direction. Atlantic BT then performed multiple internal audits and tests to save our client the significant costs of multiple official audits.

After extensive back-and-forth discussion with the client and the auditor, including a couple of challenges both to the requirements and to the proposed solution, all parties agreed a slight modification to ABT’s original design would meet both the client’s requirements and the standard. We built the system to the agreed-upon design, tested it, and had it evaluated by the auditors, who approved and certified the application as compliant.

Result: Elegant Compliance Meets Streamlined Usability

NC Mutual Drug now has a state-of-the-art solution for their customers to easily, securely place orders for their pharmaceuticals, including controlled substances. They can now rest assured they have a much more robust, fault-tolerant, scalable system that can easily grow with them into the future.

Beyond stability and compliance, a validation process that formerly took 3+ minutes and multiple systems can now be completed in 30 seconds on a single interface. Considering NC Mutual Drug’s  operation runs hundreds of these processes every day, this exceptional boost in efficiency frees up member pharmacists to perform more important tasks to protect customer health.

Get a more detailed look at the system Atlantic BT delivered by reading our in-depth writeup of Mutual Drug’s new CSOS system.

capabilities covered
eCommerce Integrations BigCommerce Shopify Magento Software Development

The Atlantic BT Manifesto

The Ultimate Guide To Planning A Complex Web Project

Partner With Us

Ready for modern web technology and a sharp, user-friendly design? We want to give you exactly that. Contact us to get started.

Contact
  • This field is for validation purposes and should be left unchanged.

We’re Coming in Hot

We’ll be reaching out to you shortly, as in, one of our amazing team members is in the middle of reaching out to you right now. In the meantime we have a collection of insights you may want to dig into.

View Insights