Internationally recognized for ground-breaking research in transfusion and transplantation medicine, Puget Sound Blood Center is a nonprofit organization helping patients in Washington State who need blood, tissue, and specialized medical and laboratory services. Founded in 1944, The Blood Center has a long and unique tradition of blending community volunteerism, medical science, and research to improve patients' lives. The Blood Center serves patients in more than 70 hospitals and clinics in 14 counties with blood services, and provides tissue and transplantation support to 185 hospitals across the Northwest U.S.

IT and Regulatory Compliance

Puget Sound Blood Center's computer systems must be available 24 hours a day, 365 days a year — lives depend on it. Its critical Blood Banking system is considered a medical device that must comply with U.S. Food and Drug Administration (FDA) regulations. The FDA requires stringent application development and change control practices surrounding software registration, phlebotomy (drawing of blood), component processing, testing, and application distribution.

Because of these legal restrictions, Puget Sound Blood Center must always consider the FDA's 21 Code of Federal Regulations (CFR), Part 11 (which concerns electronic records and electronic signatures) in the design of software development processes and evaluation of supporting tools. The organization must also adhere to U.S. Health Insurance Portability and Accountability (HIPAA) regulations concerning the electronic exchange of confidential patient information. Other applications developed and maintained by the IT organization include a predictive dialing system for telerecruiting, blood- and tissue-bank administration programs, a test-results Web application, interfaces to many lab instruments, and standard accounting, payroll, human resources, and materials management applications.

Managing the Development Process

Puget Sound Blood Center has been a long time user of MKS, Inc.'s, Implementer for iSeries software configuration management (SCM) and deployment solution. Implementer manages changes to software applications developed in RPG and controls movement of programs to the Quality Assurance department for validation. Once validation is complete, Implementer securely deploys each program to the production environment. Implementer also replicates the executable portions of the applications to a mirrored server, while Lakeview Technology's MIMIX handles realtime data replication. Should a system failure occur in production, MIMIX and Implementer have ensured the high availability of Puget Sound Blood Center's critical applications.

The Blood Center uses two model 820s for applications; one is the production machine and the other is a high-availability backup machine to which all objects are replicated. The Blood Center also uses a model 810 for application development and a model 270 that serves a Web application used by its client hospitals. Besides RPG, the IT organization is also programming in Java and developing a lab information system in Visual Basic 6 and Visual Basic .NET.

IT Challenges

Puget Sound Blood Center has traditionally developed and maintained most of its own applications on the iSeries. In the future, the organization plans to adopt distributed development platforms such as Windows NT, driven by end- user demand for more user-friendly GUIs and Web-based front ends for applications. Eventually, the IT organization anticipates moving iSeries applications into the back office, with more and more applications having an attractive GUI front end.

In light of the need to comply with external regulations while adopting new technologies on distributed platforms, Puget Sound Blood Center was faced with numerous challenges:

• A need for better auditing of the software development and change process
• A need for greater security to ensure that only authorized users could submit change requests
• A need to modernize and audit its application change approval cycle, which used paper forms and required all change requests be routed to the IT Director for assessment, approval, and assignment to the appropriate programming group before work could begin
• A need for better coordination and tracking of program design, code review, technical design review, and validation change request documents
• A need to coordinate change management control between Puget Sound Blood Center's iSeries, Java, and HTML developers, who were using different change management systems and methods, thus hindering change-process visibility, reducing change-tracking capabilities, and increasing risk exposure because of the manual nature of some processes
• A need for an automated system to move objects or programs to distributed servers, thus reducing the chance of application failure
• A need for an automated, reliable method of notifying application change requesters of task status and completion
• A lack of realtime status reporting on programming project tasks
• An inability to enforce mandatory data capture because sometimes users didn't fill out all of the required information

The Solution

The Blood Center needed a solution that could support multiplatform development, automate and enforce the change request and approval process, and provide a complete and automated audit trail to aid with FDA compliance. Facing new IT challenges, the organization began gathering requirements for its ideal multiplatform SCM solution. The most important requirements included

• the ability to enforce multiple workflows
• the ability to attach documents to a change request
• support for different types of change requests, capturing relevant data according to type
• automatic e-mail notification for changes in the status of a request
• security enforcement that would ensure only authorized staff could submit change requests

Puget Sound Blood Center began looking for SCM tools in 1999 but didn't find any suitable products. It considered developing a solution in-house, but the project was put on hold for lack of time and resources. The organization particularly wanted to find tools for managing workflow in addition to meeting the other FDA and business requirements.

In 2002, Peggy Dunn, Puget Sound Blood Center's IT director, saw a demonstration of MKS Integrity Manager and realized it met most of the requirements the Blood Center had defined for a change-management system. The Blood Center had used MKS's Implementer to manage software development and deployment on the iSeries and AS/400 since 1993, so it was confident of Integrity Manager's reliability. The organization ended up buying MKS's Integrity Manager and MKS Source Integrity (the MKS Integrity Solution) products in November 2002.

"We chose MKS's products because they work together across the iSeries and other platforms to provide a total solution rather than a piecemeal approach," Dunn recalls. "We looked at other workflow management systems, but they were complex and difficult to administer."

The Blood Center uses MKS Integrity Manager to control processes and workflow and MKS Source Integrity Enterprise for SCM, a seamlessly integrated solution to manage change across its various platforms. After successfully rolling out MKS Integrity Manager to its 27-person IT staff in September 2003, the Blood Center released the product to its 800 end users the following month. The implementation was a success, and the Blood Center's processes for creating and deploying new applications work well.

A Better System

With the MKS Integrity Manager Web interface, authorized users can directly submit requests for changes and enhancements. Users receive automatic e-mail notification regarding changes in the status of their requests throughout the development lifecycle.

The Blood Center enforces six different workflows within MKS Integrity Manager. Mandatory fields ensure that relevant data is captured in the initial change request, and then the request is routed through a strict approval process. The IT director receives an e-mail message when a new request is submitted and can assess and then assign the task to the appropriate group. The approval process mandates that users, after being notified of task completion, must complete the workflow by signing off on the task. All related documentation can be attached to an issue (change request), and only authenticated users can view issues.

Since adopting MKS's enterprise SCM solution, Puget Sound Blood Center has realized numerous improvements:

• Enhanced assurance of compliance with FDA regulations because of a fully automated approval cycle and audit trail for all software change gives management a window into the change process across all development environments.
• Improved security ensures only authorized users can submit change requests and lets administrators define permissions at the project, role, and user levels.
• Automation and enforcement of multiple processes and routine tasks increases productivity and repeatability.
• Realtime reporting capabilities enables better decision making, because it's easier for users to create and manage queries and reports.
• Communication improved with end users because of their ability to submit requests and get realtime updates on project status.
• Faster development cycles occur because the bottleneck of task assignment is gone.
• Training costs are reduced because of MKS Integrity Manager's ease of use.

Peggy Dunn estimates that she has personally saved five hours per week since moving from a manual to an automated approval process for change requests, which translates to an approximate savings of $13,000 per year. The administrative burden associated with filing paper documents and manually creating reports for various user groups has been drastically reduced, and project lifecycles have shortened. The Blood Center has benefited from an annual cost savings of $30,000 to $40,000 and quickly achieved a positive ROI on its investment in MKS. In addition, the Blood Center's IT department discovered unexpectedly that it can use MKS Integrity Manager to handle changes in procedures and processes, as well as software changes.

Future Plans

Use of MKS solutions has also affected the Blood Center's plans for streamlining future software projects. Using integration between the MKS Integrity Solution and IBM WebSphere Development Studio Client (WDSc) for the iSeries, the entire development staff will work from a common WDSc interface. Users can associate all projects with an issue in MKS Integrity Manager. Developers can check out and promote to all platforms objects and programs via the integration between MKS Source Integrity Enterprise, Implementer, and WDSc. Administrators can deploy these changes in unison to distributed servers. The iSeries will function as a data repository for more visual programming (Java and Visual Basic .NET) projects, and MKS Integrity Manager will be able to support additional workflows.

"When we saw MKS Integrity Manager, we realized it met the majority of our requirements for a 'dream' change-control system," Dunn concludes.

Peggy Dunn is IT director for the Puget Sound Blood Center. She would like to thank a team of writers from MKS, Inc.'s marketing department for their help in preparing this article.