New SAFE-BioPharma Standards Create Identity Trust Ecosystem

April 21, 2017
Mollie Shields-Uehling

Mollie Shields-Uehling, President & CEO,
SAFE-BioPharma Association

Trust is the most valuable currency in business– most importantly in Internet interactions. It’s essential to be able to trust that the identity on screen truly represents who that person is. Usernames and passwords do little to assure true identity. When used by health care providers to access applications and electronic health records, they compromise what should be secure and leave it open to hacking and cyber theft.

Recently announced standards protect against cyber theft and hacking.  They support an Identity Trust Ecosystem in which all participants – relying parties, federation gateways, credential issuers, and solutions providers – meet common interoperable standards of identity trust aligned with US, EU, and other global technical and policy standards.

The Identity Trust Ecosystem standards were created by SAFE-BioPharma Association. They allow — for the first time — use of a single cyber identity that can access a broad range of partners and applications in health care and the life sciences without compromising security or patient data.

Here’s how it works: The single identity credential authenticates to participating applications. Every time the credential is used to access the application, the credential service provider verifies the identity of the credential holder and informs the other organizations involved in the process.

Participants in the new Identity Trust Ecosystem will have confidence that the identity of each individual requesting access to their applications has been strongly authenticated before access is provided. Importantly, this automated process eliminates inefficiencies and costs typically associated with identity authentication.


Global Regulatory Leadership from European Medicines Agency

September 30, 2014

By Mollie Shields-Uehling, President & CEO,
SAFE-BioPharma Association
as posted on Pharma iQ 09/29/2014

Mollie Shields-Uehling

Mollie Shields-Uehling, President & CEO,
SAFE-BioPharma Association

I’m an American who has lived in Paris, London, and numerous other countries around the globe. It’s atypical for my generation. The experience has helped me appreciate the best ideas and policies, wherever they originate.

When it comes to greater efficiencies and cost savings in filing electronic submissions, the European Medicines Agency is well ahead of any other regulatory agency on the planet. They’re on record stating…

The Agency expects the exchange of digitally signed electronic documents to increase the efficiency of procedures and eliminate the need to archive paper documents. It may also bring about cost savings for companies, by removing the need to print documentation and reducing courier charges.

EMA uses digital signatures “systematically” in its outgoing documents that require a legally binding signature. Currently these are documents related to scientific advice for human medicines, to orphan medicines and to paediatric medicine procedures. The Agency also provides certified PDF electronic application forms to allow companies to sign these forms digitally using a PDF reader application.

It’s all part of EMA’s “strategy to increase electronic-document-only exchanges between the Agency and the pharmaceutical industry.”

I put digital signatures in bold because it’s an important detail in EMA’s policy that people in industry need to understand. By European Union definition, an electronic signature is “digital” when it is uniquely linked to the signatory; capable of identifying the signatory; created using data that the signatory can use under his/her sole control with a high level of confidence, and linked to the signed document in such a way that subsequent change in the document is detectable.

EMA also requires that the digital signature comes from a Certification Authority (CA) listed on an EU member state trust list.

These requirements provide high assurance of the individual’s identity, allowing the credential to be used for a multitude of purposes including applying legally binding, non-repudiable digital signatures to electronic documents.

Importantly, all EU/EMA requirements for a digital signature are consistent with those used in the SAFE-BioPharma® standard, and credentials obtained through Verizon Business UIS, a credential service provider under the SAFE-BioPharma Trust Framework, can be used to sign EMA submissions.

Why is this important? Drug development is now a global collaborative activity relying heavily on working with people and entities via Internet. This requires technologies that deliver greater trust in cyber-transactions. The SAFE-BioPharma standard was created toward that end.

Several widely available signing engines (e.g. DocuSign and Taigle’s MySignatureBook) have become compliant with the SAFE-BioPharma standard.

And not long ago, Adobe added SAFE-BioPharma to its Adobe Approved Trust List. This means that anyone with a SAFE-BioPharma® identity credential is able to sign a PDF document in Adobe® Acrobat®, or Reader® that will be automatically trusted globally by any other user of Adobe Acrobat, or Reader. The Adobe Approved Trust List (AATL) comprises almost 50 member organizations from around the world, including the US government, Japanese government, and members of the European Union Trust List.

Digital signatures based on the SAFE-BioPharma standard are used to sign electronic laboratory notebooks, regulatory submissions, clinical trial documents, and routine day-to-day business documents. This is what the signature looks like:


 

Digital identity credentials based on the SAFE-BioPharma standard are used to manage access across firewalls and to portals and to access protected information, such as electronic health records.

By embracing, using, and requiring digital signatures, EMA “…expects to increase the efficiency of procedures and eliminate the need to archive paper documents.” The new policy will advance cost savings for companies by removing the need to print documentation and reducing courier charges.

In the big picture of drug development and submissions, these may seem like minor savings. If you think that, consider the hidden costs of printing, scanning, copying, archiving/locating, shipping paper documents and/or the CDs and other media on which they’re stored.

EMA is improving it’s own operations and coaxing industry to do the same. I hope other regulatory bodies take note.


The Power of One

September 30, 2014

By Mollie Shields-Uehling, President & CEO,
SAFE-BioPharma Association
as posted on Pharma iQ 08/19/2014

Mollie Shields-Uehling

Mollie Shields-Uehling, President & CEO,
SAFE-BioPharma Association

 

There is elegance in the apparently simple solution to the complex problem.

I say “apparently” because so many solutions are complicated in their detail and the people responsible for them struggle to tell their stories in simple terms — in ways that decision-makers and end-users can understand and appreciate.

That’s why we at SAFE-BioPharma have been on a quest to make the standard easier to understand for those concerned with improving digital workflows, systems, and business processes, in general.

The standard addresses many technical and regulatory details. We’re always available to lift the hood and take those who are interested or need to know on a thorough and detailed tour of how the SAFE-BioPharma standard for managing digital identities and applying digital signatures operates.

But how to get the message to a point where it can be understood by the many?

We recently decided to focus our message around benefits and the Number 1.

• First, readers should know that SAFE-BioPharma is the one industry collaboration helping to improve productivity, reduce costs, and lower time to market by protecting information assets, moving business processes online, and becoming paperless.

• SAFE-BioPharma also is the only identity standard created by the biopharmaceutical industry and its regulators to provide high-assurance identity trust for cyber-transactions across the biopharmaceutical and healthcare sectors. Identity credentials compliant with the standard are regulatory complaint and will be trusted by all US Government agencies, other companies in the SAFE-BioPharma systems and with companies in other industries with similar systems.

• Identity credentials based on the SAFE-BioPharma standard are like a single, trusted, interoperable Internet passport used to authenticate and manage identity and to apply secure digital signatures in electronic transactions. Signatures are linked to the individual’s identity. They are legally enforceable and non-repudiable. They ensure an eDocument’s integrity for as long as the document exists.

• They also are part of one global ecosystem, a rapidly expanding network of users, credential issuers, applications, services and solutions governed by the SAFE-BioPharma Standard. This means that all compliant products can be confidently used by industry with the knowledge they are acceptable to industry and regulators in the United States, Europe and around the globe.

For a more thorough look at how we’re explaining what we do and why we do it, please visit our new homepage at www.safe-biopharma.org.

I hope you see the value of the Standard’s benefits and agree with our use of the power of One.


Six Questions to Ask Before Investing in a Digital Identity or Digital Signature Solution

November 9, 2011

 

Mollie Shields-Uehling

Mollie Shields-Uehling, President & CEO,
SAFE-BioPharma Association

By Mollie Shields-Uehling, President & CEO,
SAFE-BioPharma Association

Some people say that the answer to life is in the nature of the questions we ask. I believe the same is true when it comes to making good business decisions.

In a world that is going digital faster than it knows how to control the technology and its endless uses, asking the right questions can help avoid the kinds of decisions that deliver less than optimal results.

This is especially true when selecting digital identity and signature solutions.

We need to inquire about regulatory acceptance and the ability for a digital identity to be used in the world at large – not merely within the confined space of an individual company or the closed world of a slightly larger community.

The reality is that each of us and our respective employers exists in an ever-expanding cyber-community of other companies, government agencies, academia, CROs, etc. We need to be able to exchange and sign electronic information securely, seamlessly, and with full knowledge that the identity on the other end of the screen is truly who he or she asserts to be.

Digital identities and digital signing solutions that are compliant with the SAFE-BioPharma digital identity and digital signature standard provide distinct advantages over other commercially available digital signature solutions.

When evaluating any digital identity or digital signature solution, ask these questions. The answers will help determine if you’re about to get full value for this important decision

1.   Does it allow a single identity credential to replace multiple credentials (and user names and passwords)?

Many solutions will add yet another user name and password to the multitude of user name and password combinations that executives, clinicians and others are burdened with across the globe. The option is a universal credential that can be used in any context. Think of it as the universal remote control that replaces the ones for the TV, the DVD, radio, etc., etc. Credentials compliant with the SAFE-BioPharma standard are becoming universal. One highly secure and totally versatile SAFE-BioPharma credential allows every user to clean out his or her cluttered credential closet.

2. Is it interoperable with digital identity credentials used by other organizations, including FDA, NIH, EMA, etc?

Identity credentials based on the SAFE-BioPharma standard are interoperable with US government regulatory and other agencies and with other organizations across the life sciences and other industries. That means that the credentials are trusted by an ever-expanding global trust community incorporating both public and private sectors.

If the credential is not interoperable, a) its use will be limited in its ability to authenticate the identities of external collaborators, such as clinicians accessing clinical portals, and b)it also will be limited in its ability to apply legally binding signatures.

3. Is it linked to an actual, vetted individual identity?

Many identity credentials are issued in a manner that does not tie the user’s identity to the credential. Among the disadvantages is that you don’t really know if the identity is valid – a problem when dealing with legal and regulatory compliance. A digital identity based on the SAFE-BioPharma standard is tightly bound to the closely examined identity of the individual to whom the digital credential is assigned.  This procedure and the legal agreements the individual signs provide the ability to manage who can have access to what.

If the credential is not tightly bound to the user’s identity it cannot be used to manage access to portals, health and other confidential records, physical facilities, etc.

4. Is it legally-binding and non-repudiable?

Identity credentials based on the SAFE-BioPharma standard allow the user to apply legally binding digital signatures to a wide variety of electronic documents including laboratory notebooks, submissions, contracts, forms, etc.

Signature solutions not based on the SAFE-BioPharma standard may allow electronic signatures to be applied by someone other than its authorized user. The signature will not be non-repudiable (a unique consideration that prevents a signatory from denying a signature was applied).

5. Does it have widespread regulatory compliance?

Many digital identity and digital signature solutions are not. The SAFE-BioPharma standard is 21 CFR Part 11 compliant. It was developed with participation from the US Food and Drug Administration and the European Medicines Agency. The SAFE-BioPharma privacy policy is compliant with the US Department of Commerce and EU Safe Harbor requirements for protection of personal data.

6. Is it DEA compliant?

Digital signatures based on the SAFE-BioPharma standard have been cited by the US Drug Enforcement Agency as acceptable for applying electronic signatures to ePrescriptions for controlled substances. This capability is critically important for the rapidly changing world of ePrescribing.

Most of the world’s most successful biopharmaceutical companies have asked the right questions about their choice of digital identity and digital signature solutions. They have concluded that compliancy with the SAFE-BioPharma standard is the most important answer.

Reprinted with permission from Pharma IQ, a division of IQPC 2011 All rights reserved. 
www.pharma-iq.com/informatics/columns/six-questions-to-ask-before-investing-in-a-digital/


Nobody Knows You’re a Dog

October 27, 2011

By Mollie Shields-Uehling, President & CEO,
SAFE-BioPharma Association

A few years ago, The New Yorker magazine published a cartoon of two dogs sitting in front of a computer monitor. One was explaining to the other: “On the Internet, nobody knows you’re a dog.”

Given the regulated nature of the global biopharmaceutical industry, the explosion in global collaboration, and our reliance on the Internet, it is absolutely essential that we know and trust the identity of people on the other side of the screen.

Basically, faith in electronic processes is a function of trusting identities of people we don’t know – a serious complication in the regulated, highly collaborative, global biopharmaceutical industry. 

Additionally,  to make our dealings truly electronic – and to eliminate the excessive cost and time associated with handling, shipping, storing and accessing paper documents –  the people who possess those identities need a way to sign electronic documents in a manner that can be trusted and that will stand up to legal review.

Several years ago, a group of IT visionaries from the world’s largest biopharmaceutical companies foresaw these needs.  They reasoned that a standardized way to establish digital identities and to apply digital signatures to electronic documents would discourage development of a patchwork of costly systems unable to communicate with each other. They also reasoned that if the standard were interoperable with similar systems used by government agencies and in other industries, it would facilitate collaboration and ease communications with global regulatory agencies.

The result of this pan-industry effort – including cooperation from the US Food and Drug Administration and the European Medicines Agency.– is the SAFE-BioPharma digital standard, designed specifically for the life sciences to mitigate the risks inherent in electronic transactions.

The group also created a non-profit organization – SAFE-BioPharma Association — to manage the standard’s development. The association’s vision is to help catalyze the transformation of the biopharmaceutical and healthcare communities to a fully electronic business environment by 2015, and in the six years it has been functioning, it has progressed steadily toward that goal.

While the technology behind the standard is complex, the way it is used is quite simple – increasingly in the form of a password in some combination with software in the cloud and an existing device such as a cellphone.

Part of the standard’s unique characteristic is that it provides each user with a digital identity that is closely linked to that user’s carefully vetted, actual identity. This allows the individual to be identified every time a signature is applied to an electronic document. The result, unlike common electronic signatures, is a signed document that is legally-binding and non-repudiable.

No canines pretending to be something they aren’t.

Among numerous other unique aspects of the standard is that it meets the EU Advanced Electronic Signature Directive. Documents and transactions shared with external parties in Europe or within the US federal government need the strength of a digital signature that is tightly bound to the identity of the signer. Because of this requirement, SAFE-BioPharma digital signatures are the only solution for European submissions.

Separately, but of equal importance, SAFE-BioPharma is the only solution cited by the US DEA as suitable for electronically signing prescriptions for controlled substances. The signatures also are compliant with (US) HIPAA regulations

The standard is used for a broad range of applications by large and small biopharmaceutical companies. Among the most common are signing electronic laboratory notebooks, contracts, and a spectrum of regulatory submissions.

But the application that currently is attracting the greatest interest is clinical trial management. It makes a lot of sense, given the global expansion of clinical development, the need to track many participants in many sites, and use of the Web as an alternative to relying on hard copies and moving them around using FedEx, DHL and fax.

This relevance is being demonstrated in an ongoing pilot program involving scientists in the National Cancer Institute (the world’s largest sponsor of cancer treatment clinical trials) and scientists in Bristol-Myers Squibb and sanofi-aventis.

The numerous documents associated with the start up process have been placed in the cloud where the scientists are able to access, amend and sign them using their interoperable digital identities. The industry scientists use SAFE-BioPharma digital identities, and the NCI scientists use their U.S. government-issued digital identities.

Because the two types of digital identities are interoperable (an identity asserted by SAFE-BioPharma will be trusted by US federal agencies, among other inter-connected cyber communities), the scientists have been able to greatly reduce the time and costs associated with starting a clinical trial.

Many who have reviewed the pilot feel it is an important milestone in the use of secure cloud computing to streamline the future of the clinical trial process. They see how interoperable digital identities allow sponsors and CROs  to transition safely and easily to fully electronic processes in efficient and cost-effective on-line collaborations with vendors, suppliers and regulatory agencies.

SAFE-BioPharma is a standard with widespread buy-in. Many biopharma lawyers, researchers, and managers rely on it. Many are in the process of learning about the benefits. In the United States digital identity credentials compliant with the SAFE-BioPharma standard soon will be in use by hundreds of thousands of clinical investigators and other practicing physicians.

The minds that created SAFE-BioPharma developed a digital identity and digital signature standard that would improve operations wherever it was put to work. That has been demonstrated repeatedly.

Even those two dogs in front of the computer screen would consider the SAFE-BioPharma standard to be best of class.

In future columns, I’ll explain new ways the biopharmaceutical industry is using the SAFE-BioPharma standard to improve efficiencies and reduce costs.

Reprinted with permission from Pharma IQ, a division of IQPC 2011 All rights reserved.
www.pharma-iq.com/informatics/columns/nobody-knows-you-re-a-dog


From Mesopotamia to Cyberspace

February 21, 2011

By Mollie Shields-Uehling, President & CEO,
SAFE-BioPharma Association

Cylinder seals used in Mesopotamia are one of the earliest known forms of authenticating identity. Dating to 3000 BC, cylinder seals were used to make documents legally binding and to assure the owner’s identity. They were hand engraved, and, when rolled on wet clay, left a unique and often elegant picture. Each imprint was associated with an individual and became a sign of trust. Collections of these tiny works of art can be seen in New York’s Morgan Library, the British Museum and the Louvre.

Authentication has taken a new meaning in our cyber-centric business culture – especially in regulated industries like biopharmaceuticals and healthcare.

To benefit from our new web-based interconnectivity, we must know – beyond doubt – the identities of each and every person with whom we’re conducting business.

That’s where the SAFE-BioPharma digital identity standard plays its critical role.  The standard requires each digital identity to be closely linked to the user’s proven identity. That information is used in a digital credential — a form of software installed on a computer, cell phone or other device. The digital credential asserts the user’s identity and can be used to apply digital signatures to electronic documents

These are not simple electronic signatures. SAFE-BioPharma digital signatures cryptographically guarantee the integrity of every bit of information contained in the document.

The identities also are interoperable, meaning that they can be trusted by people in governments, in other companies and in other industries.

This combination of factors – trust, interoperability and the ability to sign electronic documents in a legally-binding way – has made identity credentials based on the SAFE-BioPharma standard critical where used.

But use of these digital credentials needs to expand for the biopharmaceutical and healthcare communities to realize greater time and cost savings.

The clinical trial start-up process is one of many areas that can benefit. To prove the point, SAFE-BioPharma member company, Bristol-Myers Squibb (BMS) and the National Cancer Institute’s Cancer Therapy Evaluation Program (NCI/CTEP).are well along in a pilot study demonstrating the elimination of paper forms and letters used when initiating clinical trials.

NCI/CTEP is the world’s largest sponsor of cancer treatment clinical trials. In 2010, it generated documents comprising almost 100,000 pages to develop and correspond in its clinical trials.

While the unit does not track the time involved in scanning, organizing and sending these paper documents to the FDA, it reports that it is extremely labor intensive.

The pilot study was started in July, 2010 to demonstrate the ability of both public and private sectors to sign and exchange documents digitally in the cloud, thus eliminating any need for wet signatures and, therefore, any need for paper.

BMS researchers used their SAFE-BioPharma digital identity credentials. NCI researchers used digital identity credentials issued by the federal government. Both types of credential are interoperable.

There were dramatic time savings for all document flows that require multiple signatures or signatures from signatories working off-site. There were no lost or misplaced documents. Because cloud-based digital signatures were used, there was an audit trail of when the document was uploaded, of the email that was sent to alert the signatory that the document is available for signature, and when the document was actually signed.

By eliminating paper-reliance, BMS and NCI saw the possibility of reducing environmental impact associated with use of paper and ink, document shipment, storage and retrieval.

What is the future bottom line of this improved business process flow? NCI and its collaborators can speed up research and be more responsive to public health needs.

Recently, researchers from sanofi-aventis, another SAFE-BioPharma member, joined the pilot and are signing and exchanging electronic documents with NCI, using their SAFE-BioPharma digital credentials. Before long, researchers at several university-based cancer centers will participate, as well.

Just consider what this will mean when lessons from this study migrate to other companies and to the CRO community.

We’ve come a long way since the days of authenticating identity with cylinder seals and wet clay. Today, interoperable digital credentials allow electronic documents to be signed anywhere there’s an Internet connection and to be exchanged with trust.

Finally we can become paperless.  Come to think of it, the Mesopotamians didn’t use paper either. Paper wasn’t invented until 105 AD.


%d bloggers like this: