Post on 18-Jan-2016
Data Liquidity: Creating a Safer Ocean That We
Can All Swim in Together
Data Liquidity: Creating a Safer Ocean That We
Can All Swim in Together
Tuesday, November 17th, 2015
Washington, DC
SAFE-BioPharma Association1
SAFE-BioPharma Association
Trusted Identities And Patient-Centered Compliance: Breaking The Health Information Sharing
Logjam
Trusted Identities And Patient-Centered Compliance: Breaking The Health Information Sharing
Logjam
Mollie Shields Uehling
SAFE-BioPharma Association
2
The Challenge
Revolution underway in medicines and the treatment of patients
Life sciences and healthcare industries characterized by disruption: innovative and challenging science, payer pressure, patient-centricity, personal medicine, new collaborative ways of working, integration of research into on-going clinical treatment
But business processes are mired in the last century
Trying to move from current models of working to a new model that reflects the consumer world (Amazon, Google, Uber, Waze)
Seeking outside-in approaches in digitizing regulated business processes
But industry operates in highly regulated environment
One of fundamental issues in movement to cloud is protection of IP, PII, protection of infrastructure, and reputation while moving huge amounts of protected info around the web
4
Why the Need for Standardized Identity Trust On-Line?
In 2015, Gartner estimates $77b will be spent on cybersecurity — only 4% or $3.3b on identity trust – tall walls, deep moats, open front doors
2 out of every 3 breaches comes through exploited passwords.
OPM (21m), IRS (104K), Anthem (80m) breaches caused by hijacked administrator user name/passwords.
52% of all breaches could have been prevented by strong authentication.
YET: Most enterprises are managing identities for employees and external partners on an enterprise and project-by-project basis – industrial age approach
Users plagued with many, many digital identities – usually user names and passwords – what you know and what can easily be shared or hijacked. Often no identity trust standard behind internet identities.
SAFE-BioPharma Association
5
The SAFE-BioPharma Digital Identity and Signature Standard
Created by leading biopharmaceutical firms in 2005
SAFE-BioPharma standard encompasses two trust frameworks:
– High assurance authentication credentials using multiple
technologies that satisfy four levels of trust
– High assurance digital signing credentials that meet US and EU
regulatory requirements
SAFE-BioPharma Association
Vision: To facilitate business and regulatory processes to fully
electronic in a secure, trusted, regulatory and legally
compliant manner that allows a user to have a single digital
identity recognized across all stakeholders
6
The SAFE-BioPharma Digital Identity and Signature Standard
Both trust frameworks provide:
– Strong identity trust thru standardized ID proofing requirements
– Utilizing EU and US Federal government technical standards
– Contract-based governance, legal and risk mitigation framework
– Mapped to laws at US state & Federal levels, EU & MS levels
– Secure and meets US, EU and other data privacy requirements
– Compliant with FDA, EMA, DEA requirements
– Single interoperable identity
Only standard that meets global requirements
Provides a tool for companies, vendors, regulators and others to standardize trust for authentication and signing.
Allows users and vendors to have standards around which to work knowing that the products will be acceptable across industry and can be confidently used by industry.
SAFE-BioPharma Association
7
SAFE-BioPharma Association
Non-profit managed by Board of Directors from Member Firms
Association functions:– Maintains and evolves standard– Certifies commercial providers, applications and products– Works with Regulators and Policy Authorities– Provides a forum for best practices and shared use cases– Operates a “Bridge” (for interoperability) – Represents the industry in national and international standards-
development and global identity management policy-setting organizations
SAFE-BioPharma Association
8
SAFE-BioPharma Members2015
AbbVie
Actavis
Alkermes
Allergy & Asthma Inst.
ArenaPharma
Arxspan
Astellas*
AstraZeneca*
Bayer
Bellepheron
Bristol-Myers Squibb
CareKinesis
Cerecor
Collaborativ
Dart NeuroSciences
Eli Lilly
Evolution Scientific
GlaxoSmithKline*
Ikaria
Imaging Endpoints
Incyte
IPS Research
Merck*
McDougall Scientific
MWB Consulting (now ICON)
National Notary Assn.
NewCropRx
Omnicare
Opthotech
Oxford Outcomes
PDC Biotech
Pfizer*
Premier Purchasing
RegenX*
Sanofi-Aventis*
Savara Pharma
Sinclair Pharma
SNAP Diagnostics
St. Renatus
TransPerfect
Veroha
Wuxi
SAFE-BioPharma Association*Board members
9
SAFE-BioPharma Partners
SAFE-BioPharma Association
Digital Signature Providers:• Exostar• IdenTrust• TransSped• Verizon
Identity Proofing and Digital Credentials:• AYIN International• Doximity• Exostar• LexisNexis• TransUnion• Verizon
Non-Profit Collaborations• ACRES• CareLex• CDISC• HL7• IDESG• Kantara • NCPDP• NH-ISAC• OASIS• TSCP
Assessors:• Cygnacom Solutions• Electrosoft• Kimble Assocs• Lydia LLC• Zygma
Partners:• Acelrys*• Adobe*• Arxspan• Cegedim*• Cognizant• DocuSign*• Electrosoft• Exostar*• 10Pearls• Hitachi• IDBS*• Innovo Commerce• LSCP• Medversant• Microsoft• Mt. Airey• SIGNiX• Taigle• Verified Clinical Trials• Verizon*• Waters*
*Offer SAFE-BioPharma certified products or services
Fed Common Policy Root CA
Entrust
CertiPath Bridge CA
SAFE Bridge CA
Federal Bridge CA
Boeing
Northrop Grumman SITA
Lockheed Martin
CertiPath Common Policy Root CA
Exostar
VDoT
GSA MSO
VeriSign SSP
DoTHUD
Verizon Bus SSP
EOP
VA
HHS
US Treasury SSP
NASA
SSA
State of Illinois
DoE
Dept. of State
US PTO
GPO
DHSDoJ E-Commerce
DoJ
DEA
ARINC
DoD
SA
Exostar
AZ
Merck
ORC
ACES
EADSRaytheon
VeriSign
GPO SSP
USPS
NRCDoD Interoperability Root
DoL
EPA
STRAC
Network of Cyber-Communities
TranSpeddentrust
PharmasVerizon
AbbVie
11
SAFE-BioPharma and the Regulators
FDA and European Medicines Agency (EMA) helped write the Standard– FDA Office of the CIO, 21CFR11 Council, CDER, CBER– EMA Office of the Head of Communications and Networking
EMA and FDA are on paths to requiring fully electronic submissions
EMA requiring digital signatures for most electronic submissions as of June 2015
FDA has accepted millions of SAFE-BioPharma digital signatures on submissions since 2007
DEA recognizes SAFE-BioPharma digital signatures as compliant for ePrescribing of Controlled Substances (EPCS)
SAFE-BioPharma digital signatures satisfy ESMD requirements.
SAFE-BioPharma Association
12
Leading Use Cases
Regulatory submissions
Electronic Lab Notebooks
High Value Contracts, SOWs
Toxicology and imaging reports
IRB reviews and approvals
Physician signatures on diagnostics
Safety reporting
ePrescribing (EPCS)
ESMD
Study start up
Clinical trial applications
Access to clinical and other portals
Access to eHRs
SAFE-BioPharma Association
13
Mobile Credential for Authentication and Signing ePrescribing, Global ELNs
SAFE-BioPharma Association
Two Integration Methods• Signing Request delivered to
mobile device• Integrated Cloud-based PKI
credential for digital signing
14
Merck’s Engage Zone
Engage Zone is on the life sciences hub. Partners authenticate through SAM and then access Engage Zone.Partners benefit from streamlined
access for working with Merck and
fewer login credentials.
University Users
Investigator UsersCRO Users Contractors
Major Pharma Companies connected as IdPs with an SSO
experience
Non Federated
Partner User
Partner Identity
Federated
Partner Org
(Charles River Labs)
Secure Access
Manager
(SAM)ID linked to
SAM IDSAM ID used for
SSO
SAFE Certified IDP
15Copyright 2014 Exostar LLC.| All Rights Reserved.| Proprietary and Confidential
Cognizant Portal for TransCelerate – industry members gain access to multiple partner applications
Life Science industry members gain access to multiple partner applications
through single credential VIA SAM
University Users
Investigator Users
CRO Users
Application providers can make their
applications available to the entire community
Partner User
SAFE Certified IDP
Collaboration Space
Tools / Software
Data / Information
authenticate user
User ID linked to SAM ID
SaaS for Merck
Cloud Service
Applications
Future Applications
& Portals
Partner Identity
Exostar Secure Share
Standard/Sensitive
Merck UsersSingle Sign-on
Merck Network
SWMS
SAM ID used for SSO
Secure Access
Manager(SAM)
SWMS AccessMerck Services
Exostar Community Cloud
16Copyright 2014 Exostar LLC.| All Rights Reserved.| Proprietary and Confidential
Alliance For Clinical Research Excellence and Safety Platform
Overview
17
Mobile Website
ACRES Hosted Apps
3rd Party / Cloud Apps
Customer Hosted Apps
IoT Apps
Hybrid/Native Mobile
Cloud
ID Authenticator
• ID/Password • 2 Factor
• Policy Enforcement• Self-service tools
Cloud
ID Provisioner
• Password Management • Provisioning
• Profile Management • Authorization Management
• Role Management• Workflow Engine
Cloud
ID Broker
• Security Token Service • Federation Protocols
• Translations & Mapping
HealthIDx
privacybrokerprivacy
proxyprivacyproxy
discoveryservice
privacyproxy privacy
proxy
authentication
fax receipt
phone
finger-printfacial biometric
voice print
password
device fingerprint
point-of-sale
hardware token
1
1 2
privacybroker
LDAP
SAMLopenID OAuth
Security Directory
HR
XML
SQL
CRM PracticeManagement
enterprise authorities CSV
EHR
privacyproxy
FICAM:
FISMA:3233
discoveryservice
eligibilityconfirmed
insurance exchange
access point
user context: Frank.Moore@gmail.com
Banking Records
ObfuscatedAccess Audit Log
create opaque access audit log
privacynetwork
privacyserver
authorize release of tax records.
privacyproxy
Nationwidecredential syndicate
discover qualifying credentials required to earn Nationwide.Taxpayer-AAA-ID:
3-factors authentication 3 authorities identity matching 3 authorities identity proofing
(at least 1 biometric)zero-knowledge
eligibility verification
credential requirement:{Nationwide.Taxpayer-AAA-ID}AND {CMS.FISMA-AccessAudit}
nationwide authorities
18 WebShield Confidential
privacybroker
obfuscatedlog
Webshield Trust Model
19
The Evolving Standard
2015: Ecosystem in place:– Multiple identity trust levels meeting US/EU requirements– Multiple identity proofing options– Multiple technologies, applications, and vendors – Network of linked cyber-communities– All based on a set of standards that allow multiple vendors, technologies
to interoperate and to allow user a Single Digital Identity
Future:– Growth of the network and ecosystem– Expansion of the standard to meet needs of the healthcare and life
sciences community around robust identity trust as the threat environment and technology evolve.
SAFE-BioPharma Association
20
Today’s Discussion
Personalization versus privacy
Grand strategy and design for healthcare liquidity
Ability to leverage lots of sensitive information across the web while meeting privacy, security, and intellectual property requirements
SAFE-BioPharma pleased to sponsor this discussion looking at innovative and disruptive ways to improve the cost and quality of medicines research and healthcare delivery
Fundamental to the system design is trust in the identities of those accessing information
Today will hear some very intriguing examples of what the privacy network could contribute
SAFE-BioPharma Association
21
Please visit the SAFE-BioPharma website: http://safe-biopharma.org/
Please visit the 4BF website: http://www.the4bf.com/
Watch the SAFE-BioPharma introductory video: http://www.safe-biopharma.org/video.htm
Contact us for more information:
Mollie Shields UehlingCEO
mollie@safe-biopharma.org(703) 821-7927
(201) 925-2173 (cell)Gary Wilson
Prog. Mgr
(781) 962-3172
Gwilson@safe-
biopharma.org
Jon Weisberg
Communications
801-359-9977 o
801-860-9977 m
jweisberg@safe-biopharma.org
Gary Secrest, CTOGsecrest@safe-biopharma.org(609) 306-5560
Peter Alterman, COOPalterman@safe-
biopharma.org(301) 943-7452
Betsy Fallen
Global Programs and Marketing
(610) 716-3271Bfallen@SAFE-BioPharma.org