Six Questions to Ask Before Investing in a Digital Identity or Digital Signature Solution

By Mollie Shields-Uehling, President & CEO,
SAFE-BioPharma Association

Some people say that the answer to life is in the nature of the questions we ask. I believe the same is true when it comes to making good business decisions.

In a world that is going digital faster than it knows how to control the technology and its endless uses, asking the right questions can help avoid the kinds of decisions that deliver less than optimal results.

This is especially true when selecting digital identity and signature solutions.

We need to inquire about regulatory acceptance and the ability for a digital identity to be used in the world at large – not merely within the confined space of an individual company or the closed world of a slightly larger community.

The reality is that each of us and our respective employers exists in an ever-expanding cyber-community of other companies, government agencies, academia, CROs, etc. We need to be able to exchange and sign electronic information securely, seamlessly, and with full knowledge that the identity on the other end of the screen is truly who he or she asserts to be.

Digital identities and digital signing solutions that are compliant with the SAFE-BioPharma digital identity and digital signature standard provide distinct advantages over other commercially available digital signature solutions.

When evaluating any digital identity or digital signature solution, ask these questions. The answers will help determine if you’re about to get full value for this important decision

1.   Does it allow a single identity credential to replace multiple credentials (and user names and passwords)?

Many solutions will add yet another user name and password to the multitude of user name and password combinations that executives, clinicians and others are burdened with across the globe. The option is a universal credential that can be used in any context. Think of it as the universal remote control that replaces the ones for the TV, the DVD, radio, etc., etc. Credentials compliant with the SAFE-BioPharma standard are becoming universal. One highly secure and totally versatile SAFE-BioPharma credential allows every user to clean out his or her cluttered credential closet.

2. Is it interoperable with digital identity credentials used by other organizations, including FDA, NIH, EMA, etc?

Identity credentials based on the SAFE-BioPharma standard are interoperable with US government regulatory and other agencies and with other organizations across the life sciences and other industries. That means that the credentials are trusted by an ever-expanding global trust community incorporating both public and private sectors.

If the credential is not interoperable, a) its use will be limited in its ability to authenticate the identities of external collaborators, such as clinicians accessing clinical portals, and b)it also will be limited in its ability to apply legally binding signatures.

3. Is it linked to an actual, vetted individual identity?

Many identity credentials are issued in a manner that does not tie the user’s identity to the credential. Among the disadvantages is that you don’t really know if the identity is valid – a problem when dealing with legal and regulatory compliance. A digital identity based on the SAFE-BioPharma standard is tightly bound to the closely examined identity of the individual to whom the digital credential is assigned.  This procedure and the legal agreements the individual signs provide the ability to manage who can have access to what.

If the credential is not tightly bound to the user’s identity it cannot be used to manage access to portals, health and other confidential records, physical facilities, etc.

4. Is it legally-binding and non-repudiable?

Identity credentials based on the SAFE-BioPharma standard allow the user to apply legally binding digital signatures to a wide variety of electronic documents including laboratory notebooks, submissions, contracts, forms, etc.

Signature solutions not based on the SAFE-BioPharma standard may allow electronic signatures to be applied by someone other than its authorized user. The signature will not be non-repudiable (a unique consideration that prevents a signatory from denying a signature was applied).

5. Does it have widespread regulatory compliance?

Many digital identity and digital signature solutions are not. The SAFE-BioPharma standard is 21 CFR Part 11 compliant. It was developed with participation from the US Food and Drug Administration and the European Medicines Agency. The SAFE-BioPharma privacy policy is compliant with the US Department of Commerce and EU Safe Harbor requirements for protection of personal data.

6. Is it DEA compliant?

Digital signatures based on the SAFE-BioPharma standard have been cited by the US Drug Enforcement Agency as acceptable for applying electronic signatures to ePrescriptions for controlled substances. This capability is critically important for the rapidly changing world of ePrescribing.

Most of the world’s most successful biopharmaceutical companies have asked the right questions about their choice of digital identity and digital signature solutions. They have concluded that compliancy with the SAFE-BioPharma standard is the most important answer.

Reprinted with permission from Pharma IQ, a division of IQPC 2011 All rights reserved. 
www.pharma-iq.com/informatics/columns/six-questions-to-ask-before-investing-in-a-digital/

Nobody Knows You’re a Dog

By Mollie Shields-Uehling, President & CEO,
SAFE-BioPharma Association

A few years ago, The New Yorker magazine published a cartoon of two dogs sitting in front of a computer monitor. One was explaining to the other: “On the Internet, nobody knows you’re a dog.”

Given the regulated nature of the global biopharmaceutical industry, the explosion in global collaboration, and our reliance on the Internet, it is absolutely essential that we know and trust the identity of people on the other side of the screen.

Basically, faith in electronic processes is a function of trusting identities of people we don’t know – a serious complication in the regulated, highly collaborative, global biopharmaceutical industry. 

Additionally,  to make our dealings truly electronic – and to eliminate the excessive cost and time associated with handling, shipping, storing and accessing paper documents –  the people who possess those identities need a way to sign electronic documents in a manner that can be trusted and that will stand up to legal review.

Several years ago, a group of IT visionaries from the world’s largest biopharmaceutical companies foresaw these needs.  They reasoned that a standardized way to establish digital identities and to apply digital signatures to electronic documents would discourage development of a patchwork of costly systems unable to communicate with each other. They also reasoned that if the standard were interoperable with similar systems used by government agencies and in other industries, it would facilitate collaboration and ease communications with global regulatory agencies.

The result of this pan-industry effort – including cooperation from the US Food and Drug Administration and the European Medicines Agency.– is the SAFE-BioPharma digital standard, designed specifically for the life sciences to mitigate the risks inherent in electronic transactions.

The group also created a non-profit organization – SAFE-BioPharma Association — to manage the standard’s development. The association’s vision is to help catalyze the transformation of the biopharmaceutical and healthcare communities to a fully electronic business environment by 2015, and in the six years it has been functioning, it has progressed steadily toward that goal.

While the technology behind the standard is complex, the way it is used is quite simple – increasingly in the form of a password in some combination with software in the cloud and an existing device such as a cellphone.

Part of the standard’s unique characteristic is that it provides each user with a digital identity that is closely linked to that user’s carefully vetted, actual identity. This allows the individual to be identified every time a signature is applied to an electronic document. The result, unlike common electronic signatures, is a signed document that is legally-binding and non-repudiable.

No canines pretending to be something they aren’t.

Among numerous other unique aspects of the standard is that it meets the EU Advanced Electronic Signature Directive. Documents and transactions shared with external parties in Europe or within the US federal government need the strength of a digital signature that is tightly bound to the identity of the signer. Because of this requirement, SAFE-BioPharma digital signatures are the only solution for European submissions.

Separately, but of equal importance, SAFE-BioPharma is the only solution cited by the US DEA as suitable for electronically signing prescriptions for controlled substances. The signatures also are compliant with (US) HIPAA regulations

The standard is used for a broad range of applications by large and small biopharmaceutical companies. Among the most common are signing electronic laboratory notebooks, contracts, and a spectrum of regulatory submissions.

But the application that currently is attracting the greatest interest is clinical trial management. It makes a lot of sense, given the global expansion of clinical development, the need to track many participants in many sites, and use of the Web as an alternative to relying on hard copies and moving them around using FedEx, DHL and fax.

This relevance is being demonstrated in an ongoing pilot program involving scientists in the National Cancer Institute (the world’s largest sponsor of cancer treatment clinical trials) and scientists in Bristol-Myers Squibb and sanofi-aventis.

The numerous documents associated with the start up process have been placed in the cloud where the scientists are able to access, amend and sign them using their interoperable digital identities. The industry scientists use SAFE-BioPharma digital identities, and the NCI scientists use their U.S. government-issued digital identities.

Because the two types of digital identities are interoperable (an identity asserted by SAFE-BioPharma will be trusted by US federal agencies, among other inter-connected cyber communities), the scientists have been able to greatly reduce the time and costs associated with starting a clinical trial.

Many who have reviewed the pilot feel it is an important milestone in the use of secure cloud computing to streamline the future of the clinical trial process. They see how interoperable digital identities allow sponsors and CROs  to transition safely and easily to fully electronic processes in efficient and cost-effective on-line collaborations with vendors, suppliers and regulatory agencies.

SAFE-BioPharma is a standard with widespread buy-in. Many biopharma lawyers, researchers, and managers rely on it. Many are in the process of learning about the benefits. In the United States digital identity credentials compliant with the SAFE-BioPharma standard soon will be in use by hundreds of thousands of clinical investigators and other practicing physicians.

The minds that created SAFE-BioPharma developed a digital identity and digital signature standard that would improve operations wherever it was put to work. That has been demonstrated repeatedly.

Even those two dogs in front of the computer screen would consider the SAFE-BioPharma standard to be best of class.

In future columns, I’ll explain new ways the biopharmaceutical industry is using the SAFE-BioPharma standard to improve efficiencies and reduce costs.

Reprinted with permission from Pharma IQ, a division of IQPC 2011 All rights reserved.
www.pharma-iq.com/informatics/columns/nobody-knows-you-re-a-dog

From Mesopotamia to Cyberspace

By Mollie Shields-Uehling, President & CEO,
SAFE-BioPharma Association

Cylinder seals used in Mesopotamia are one of the earliest known forms of authenticating identity. Dating to 3000 BC, cylinder seals were used to make documents legally binding and to assure the owner’s identity. They were hand engraved, and, when rolled on wet clay, left a unique and often elegant picture. Each imprint was associated with an individual and became a sign of trust. Collections of these tiny works of art can be seen in New York’s Morgan Library, the British Museum and the Louvre.

Authentication has taken a new meaning in our cyber-centric business culture – especially in regulated industries like biopharmaceuticals and healthcare.

To benefit from our new web-based interconnectivity, we must know – beyond doubt – the identities of each and every person with whom we’re conducting business.

That’s where the SAFE-BioPharma digital identity standard plays its critical role.  The standard requires each digital identity to be closely linked to the user’s proven identity. That information is used in a digital credential — a form of software installed on a computer, cell phone or other device. The digital credential asserts the user’s identity and can be used to apply digital signatures to electronic documents

These are not simple electronic signatures. SAFE-BioPharma digital signatures cryptographically guarantee the integrity of every bit of information contained in the document.

The identities also are interoperable, meaning that they can be trusted by people in governments, in other companies and in other industries.

This combination of factors – trust, interoperability and the ability to sign electronic documents in a legally-binding way – has made identity credentials based on the SAFE-BioPharma standard critical where used.

But use of these digital credentials needs to expand for the biopharmaceutical and healthcare communities to realize greater time and cost savings.

The clinical trial start-up process is one of many areas that can benefit. To prove the point, SAFE-BioPharma member company, Bristol-Myers Squibb (BMS) and the National Cancer Institute’s Cancer Therapy Evaluation Program (NCI/CTEP).are well along in a pilot study demonstrating the elimination of paper forms and letters used when initiating clinical trials.

NCI/CTEP is the world’s largest sponsor of cancer treatment clinical trials. In 2010, it generated documents comprising almost 100,000 pages to develop and correspond in its clinical trials.

While the unit does not track the time involved in scanning, organizing and sending these paper documents to the FDA, it reports that it is extremely labor intensive.

The pilot study was started in July, 2010 to demonstrate the ability of both public and private sectors to sign and exchange documents digitally in the cloud, thus eliminating any need for wet signatures and, therefore, any need for paper.

BMS researchers used their SAFE-BioPharma digital identity credentials. NCI researchers used digital identity credentials issued by the federal government. Both types of credential are interoperable.

There were dramatic time savings for all document flows that require multiple signatures or signatures from signatories working off-site. There were no lost or misplaced documents. Because cloud-based digital signatures were used, there was an audit trail of when the document was uploaded, of the email that was sent to alert the signatory that the document is available for signature, and when the document was actually signed.

By eliminating paper-reliance, BMS and NCI saw the possibility of reducing environmental impact associated with use of paper and ink, document shipment, storage and retrieval.

What is the future bottom line of this improved business process flow? NCI and its collaborators can speed up research and be more responsive to public health needs.

Recently, researchers from sanofi-aventis, another SAFE-BioPharma member, joined the pilot and are signing and exchanging electronic documents with NCI, using their SAFE-BioPharma digital credentials. Before long, researchers at several university-based cancer centers will participate, as well.

Just consider what this will mean when lessons from this study migrate to other companies and to the CRO community.

We’ve come a long way since the days of authenticating identity with cylinder seals and wet clay. Today, interoperable digital credentials allow electronic documents to be signed anywhere there’s an Internet connection and to be exchanged with trust.

Finally we can become paperless.  Come to think of it, the Mesopotamians didn’t use paper either. Paper wasn’t invented until 105 AD.