Data Liquidity: Creating a Safer Ocean That We Can All Swim in Together Tuesday, November 17 th, 2015 Washington, DC SAFE-BioPharma Association 1
Trusted Identities And Patient- Centered Compliance: Breaking The Health Information Sharing Logjam Mollie Shields Uehling SAFE-BioPharma Association
2 The Challenge Revolution underway in medicines and the treatment of patients Life sciences and healthcare industries characterized by disruption: innovative and challenging science, payer pressure, patient-centricity, personal medicine, new collaborative ways of working, integration of research into on-going clinical treatment But business processes are mired in the last century Trying to move from current models of working to a new model that reflects the consumer world (Amazon, Google, Uber, Waze) Seeking outside-in approaches in digitizing regulated business processes But industry operates in highly regulated environment One of fundamental issues in movement to cloud is protection of IP, PII, protection of infrastructure, and reputation while moving huge amounts of protected info around the web
Why the Need for Standardized Identity Trust On-Line? In 2015, Gartner estimates $77b will be spent on cybersecurity — only 4% or $3.3b on identity trust – tall walls, deep moats, open front doors 2 out of every 3 breaches comes through exploited passwords. OPM (21m), IRS (104K), Anthem (80m) breaches caused by hijacked administrator user name/passwords. 52% of all breaches could have been prevented by strong authentication. YET: Most enterprises are managing identities for employees and external partners on an enterprise and project-by-project basis – industrial age approach Users plagued with many, many digital identities – usually user names and passwords – what you know and what can easily be shared or hijacked. Often no identity trust standard behind internet identities. 4 SAFE-BioPharma Association
The SAFE-BioPharma Digital Identity and Signature Standard Created by leading biopharmaceutical firms in 2005 SAFE-BioPharma standard encompasses two trust frameworks: –High assurance authentication credentials using multiple technologies that satisfy four levels of trust –High assurance digital signing credentials that meet US and EU regulatory requirements 5 SAFE-BioPharma Association Vision : To facilitate business and regulatory processes to fully electronic in a secure, trusted, regulatory and legally compliant manner that allows a user to have a single digital identity recognized across all stakeholders Vision : To facilitate business and regulatory processes to fully electronic in a secure, trusted, regulatory and legally compliant manner that allows a user to have a single digital identity recognized across all stakeholders
The SAFE-BioPharma Digital Identity and Signature Standard Both trust frameworks provide: –Strong identity trust thru standardized ID proofing requirements –Utilizing EU and US Federal government technical standards –Contract-based governance, legal and risk mitigation framework –Mapped to laws at US state & Federal levels, EU & MS levels –Secure and meets US, EU and other data privacy requirements –Compliant with FDA, EMA, DEA requirements –Single interoperable identity Only standard that meets global requirements Provides a tool for companies, vendors, regulators and others to standardize trust for authentication and signing. Allows users and vendors to have standards around which to work knowing that the products will be acceptable across industry and can be confidently used by industry. 6 SAFE-BioPharma Association
Non-profit managed by Board of Directors from Member Firms Association functions: –Maintains and evolves standard –Certifies commercial providers, applications and products –Works with Regulators and Policy Authorities –Provides a forum for best practices and shared use cases –Operates a “Bridge” (for interoperability) –Represents the industry in national and international standards- development and global identity management policy-setting organizations 7 SAFE-BioPharma Association
SAFE-BioPharma Members 2015 AbbVie Actavis Alkermes Allergy & Asthma Inst. ArenaPharma Arxspan Astellas* AstraZeneca* Bayer Bellepheron Bristol-Myers Squibb CareKinesis Cerecor Collaborativ Dart NeuroSciences Eli Lilly Evolution Scientific GlaxoSmithKline* Ikaria Imaging Endpoints Incyte IPS Research Merck* McDougall Scientific MWB Consulting (now ICON) National Notary Assn. NewCropRx Omnicare Opthotech Oxford Outcomes PDC Biotech Pfizer* Premier Purchasing RegenX* Sanofi-Aventis* Savara Pharma Sinclair Pharma SNAP Diagnostics St. Renatus TransPerfect Veroha Wuxi 8 SAFE-BioPharma Association *Board members
SAFE-BioPharma Partners 9 SAFE-BioPharma Association Digital Signature Providers: Exostar IdenTrust TransSped Verizon Identity Proofing and Digital Credentials: AYIN International Doximity Exostar LexisNexis TransUnion Verizon Non-Profit Collaborations ACRES CareLex CDISC HL7 IDESG Kantara NCPDP NH-ISAC OASIS TSCP Assessors: Cygnacom Solutions Electrosoft Kimble Assocs Lydia LLC Zygma Partners: Acelrys* Adobe* Arxspan Cegedim* Cognizant DocuSign* Electrosoft Exostar* 10Pearls Hitachi IDBS* Innovo Commerce LSCP Medversant Microsoft Mt. Airey SIGNiX Taigle Verified Clinical Trials Verizon* Waters* *Offer SAFE-BioPharma certified products or services
Fed Common Policy Root CA Entrust CertiPath Bridge CA SAFE Bridge CA Federal Bridge CA Boeing Northrop Grumman SITA Lockhee d Martin CertiPath Common Policy Root CA Exostar VDoT GSA MSO VeriSign SSP DoTHUD Verizon Bus SSP EOP VA HHS US Treasury SSP NASA SSA State of Illinois DoE Dept. of State US PTO GPO DHS DoJ E-Commerce DoJ DEA ARINC DoD SA Exostar AZ Merck ORC ACES EADS Raytheon VeriSign GPO SSP USPS NRC DoD Interoperability Root DoL EPA STRAC Network of Cyber-Communities TranSpeddentrust Pharmas Verizon AbbVie
SAFE-BioPharma and the Regulators SAFE-BioPharma and the Regulators FDA and European Medicines Agency (EMA) helped write the Standard –FDA Office of the CIO, 21CFR11 Council, CDER, CBER –EMA Office of the Head of Communications and Networking EMA and FDA are on paths to requiring fully electronic submissions EMA requiring digital signatures for most electronic submissions as of June 2015 FDA has accepted millions of SAFE-BioPharma digital signatures on submissions since 2007 DEA recognizes SAFE-BioPharma digital signatures as compliant for ePrescribing of Controlled Substances (EPCS) SAFE-BioPharma digital signatures satisfy ESMD requirements. 11 SAFE-BioPharma Association
Leading Use Cases Regulatory submissions Electronic Lab Notebooks High Value Contracts, SOWs Toxicology and imaging reports IRB reviews and approvals Physician signatures on diagnostics Safety reporting ePrescribing (EPCS) ESMD Study start up Clinical trial applications Access to clinical and other portals Access to eHRs 12 SAFE-BioPharma Association
Mobile Credential for Authentication and Signing ePrescribing, Global ELNs 13 SAFE-BioPharma Association Two Integration Methods Signing Request delivered to mobile device Integrated Cloud-based PKI credential for digital signing
14
Merck’s Engage Zone Engage Zone is on the life sciences hub. Partners authenticate through SAM and then access Engage Zone. Partners benefit from streamlined access for working with Merck and fewer login credentials. University Users Investigator Users CRO Users Contractors Major Pharma Companies connected as IdPs with an SSO experience Non Federated Partner User Partner Identity Federated Partner Org (Charles River Labs) Secure Access Manager (SAM) Secure Access Manager (SAM) ID linked to SAM ID SAM ID used for SSO SAFE Certified IDP 15 Copyright 2014 Exostar LLC.| All Rights Reserved.| Proprietary and Confidential
Cognizant Portal for TransCelerate – industry members gain access to multiple partner applications Life Science industry members gain access to multiple partner applications through single credential VIA SAM University Users Investigator Users CRO Users Application providers can make their applications available to the entire community Partner User SAFE Certified IDP Collaboration Space Tools / Software Data / Information authenticate user User ID linked to SAM ID SaaS for Merck Cloud Service Applications Future Applications & Portals Partner Identity Exostar Secure Share Standard/Sensitive Merck Users Single Sign-on Merck Network SWMS SAM ID used for SSO Secure Access Manager (SAM) Secure Access Manager (SAM) SWMS Access Merck Services Exostar Community Cloud 16 Copyright 2014 Exostar LLC.| All Rights Reserved.| Proprietary and Confidential
Alliance For Clinical Research Excellence and Safety Platform Overview 17 Mobile Website ACRES Hosted Apps 3 rd Party / Cloud Apps Customer Hosted Apps IoT Apps Hybrid/Native Mobile Cloud ID Authenticator ID/Password 2 Factor Policy Enforcement Self-service tools Cloud ID Provisioner Password Management Provisioning Profile Management Authorization Management Role Management Workflow Engine Cloud ID Broker Security Token Service Federation Protocols Translations & Mapping HealthIDx
authentication fax receipt phone finger-print facial biometric voice print password device fingerprint point-of-sale hardware token Security Directory HR CRM Practice Management enterprise authorities EHR FICAM: FISMA: user context: Banking Records create opaque access audit log privacy network authorize release of tax records. discover qualifying credentials required to earn Nationwide.Taxpayer-AAA-ID: 3-factors authentication 3 authorities identity matching 3 authorities identity proofing (at least 1 biometric) discover qualifying credentials required to earn Nationwide.Taxpayer-AAA-ID: 3-factors authentication 3 authorities identity matching 3 authorities identity proofing (at least 1 biometric) zero-knowledge eligibility verification credential requirement: {Nationwide.Taxpayer-AAA-ID} AND {CMS.FISMA-AccessAudit} credential requirement: {Nationwide.Taxpayer-AAA-ID} AND {CMS.FISMA-AccessAudit} nationwide authorities 18 WebShield Confidential Webshield Trust Model
The Evolving Standard 2015 : Ecosystem in place: –Multiple identity trust levels meeting US/EU requirements –Multiple identity proofing options –Multiple technologies, applications, and vendors –Network of linked cyber-communities –All based on a set of standards that allow multiple vendors, technologies to interoperate and to allow user a Single Digital Identity Future: –Growth of the network and ecosystem –Expansion of the standard to meet needs of the healthcare and life sciences community around robust identity trust as the threat environment and technology evolve. 19 SAFE-BioPharma Association
Today’s Discussion Personalization versus privacy Grand strategy and design for healthcare liquidity Ability to leverage lots of sensitive information across the web while meeting privacy, security, and intellectual property requirements SAFE-BioPharma pleased to sponsor this discussion looking at innovative and disruptive ways to improve the cost and quality of medicines research and healthcare delivery Fundamental to the system design is trust in the identities of those accessing information Today will hear some very intriguing examples of what the privacy network could contribute 20 SAFE-BioPharma Association
21 Please visit the SAFE-BioPharma website: Please visit the 4BF website: Watch the SAFE-BioPharma introductory video: Contact us for more information: Mollie Shields Uehling CEO (703) (201) (cell) Gary Wilson Prog. Mgr (781) biopharma.org Jon Weisberg Communications o m Gary Secrest, CTO biopharma.org (609) Peter Alterman, COO biopharma.org (301) Betsy Fallen Global Programs and Marketing (610)