Ok this forum seems a bit dead so I thought I would offer up some advice. I have spent the last 3 years of my professional life hip deep in compliance (HIPPA and SO). This is one area that finding an IT job is relatively easy (not that the job is easy just the demand is high). Compliance for IT for these new laws is mostly document based and basically boils down to these points.

Documents must be secure (no unauthorized access)
they must be readily available (if I want it right now I can get it)
revision control (you know who changed it and when.)

the systems that have the documents on them must be secure, with strong change control or anything that goes on them. This generally means SQ's (software qualification documents, if how to install a bit of software) and OQ's (operational qualification documents, ie dose it work as intended) for ANYTHING installed on the system

All documents need to be signed either in a paper copy or by a digital signature of some sort.


Now you can do a lot of the document storage and security with source control type software (true change, source safe, CSS) but it needs some custom changes to cover all of the bases and well the FDA wants all of the bases covered a better option would be purpose built applications, of which Documentum is the most popular for HIPPA companies (the FDA uses it). If you are trying to break into the IT feild and can get your hands on Documentum, learn it you will basically be guaranteed a job, every big pharma in the country use it and none of them have enough people, our Documentum admins are constantly getting called by headhunters with offers to head else where.

If there is any interest and after I verify copy right issues I will post a whitepage I co-wrote on this topic for HP.