Future perfect: identity security in global collaboration

In 2003, industry, company and regulatory IT experts were concerned with the effects that the internet would have on the global biopharmaceutical business - especially as it related to protecting intellectual property and complying with government regulations.

The big questions were:

• how can the power of the internet be leveraged to improve research and other processes so that medicines reach markets more efficiently?
• how can trust be created in the online identities of those inside and outside company firewalls?
• how can legally binding and regulatory-compliant signatures be applied to electronic documents in a way that would enable organisations to become fully paperless?

The answer came in the form of the SAFE-BioPharma digital identity and digital signature standard - a set of business rules and technical specifications that cover all aspects of identity management.

A distinguishing characteristic of the standard requires each digital identity to be closely bound to its user's proven identity, thus providing a high level of trust in the identity of its user.

Identify-proofing

This process of identity-proofing is at the core of the standard's interoperability - identity credentials based on the SAFE-BioPharma standard are trusted by US Government agencies (such as the FDA, the National Institutes of Health and the Department of Veterans Affairs) and other systems that are directly or indirectly cross-certified with SAFE-BioPharma.

Importantly, at a time when business, research and healthcare personnel are burdened with tracking and
using multiple cyber-identities, a person with a single SAFE-BioPharma identity credential can use it across multiple enterprises. Some like to think of it as a single phone number that stays with its owner, rather than a jumble of numbers that changes from place to place or use to use.

For companies using the standard, it provides high trust assurance between parties engaged in secure web-based transactions. Identity credentials compliant with the SAFE-BioPharma standard are used to authenticate the true identity of the person seeking access to protected information assets. They are also used to improve how all documents are signed by providing digital signature capability, which, among other benefits, protects the document from any future changes and verifies the identity of the signatory. Additionally, digital signatures are non-repudiable. Any person who applies a SAFE-BioPharma digital signature cannot deny it.

The standard became up and running in 2005, managed by the SAFE-BioPharma Association, a non-profit organisation funded primarily by its supporting members - companies such as Abbvie (Abbott), Astellas, AstraZeneca, Bristol-Myers Squibb, GlaxoSmithKline, Eli Lilly, Merck, Pfizer and Sanofi.

Each of these companies, and many others, use identity credentials based on the SAFE-BioPharma standard for a variety of purposes: to authenticate portals, access intellectual property assets, read electronic health record data, and sign all sorts of electronic documents including laboratory notebooks, regulatory submissions, contracts, and ePrescriptions.

Widespread adoption

In what can be viewed as confirmation and validation of the concept, the European Medicines Agency (EMA) recently announced that it requires digital signatures on eSubmissions. This follows multiple studies with the agency involving documents signed with SAFE-BioPharma digital signatures and, consequently, the understanding that the standard meets all of EMA's digital signing requirements.

EMA also announced that it now uses digital signatures to sign all outgoing documents that require legally binding signatures. EMA's acceptance and use of digital signatures is in keeping with its strategy to create a "future electronic-only workflow" between the agency and the pharmaceutical industry by eliminating the need for, and costs associated with, printing, sending and archiving paper documents. It's just a matter of time before other regulatory bodies follow.

Input from SAFE-BioPharma policy-makers and advisers is centred on R&D, the engine driving future growth and revenues, for which there are three general categories: streamlining electronic workflows, enabling use of clinical portals and assuring trial data integrity.

Each area requires a high degree of trust assurance in internet identities, and in the association's ability to apply legally binding and regulatory-compliant digital signatures to electronic documents.

With that understanding, SAFE-BioPharma pursued strategic relationships with industry suppliers of which the products and services would be enhanced by the security inherent in the standard. These relationships leverage SAFE-BioPharma mobile, which delivers all of the identity authentication and digital signing capabilities of the standard through any mobile device, anywhere in the world.

Streamlining electronic workflows

Paper processes encumber operating efficiencies, and many of those processes are linked to the way that documents are signed. Companies such as Pfizer, where scientists use SAFE-BioPharma-compliant digital signatures to sign electronic laboratory and other notebooks, understand the efficiencies of being fully paperless. They are able to file, access and audit documents with a series of keystrokes. Their cost and time savings have been significant.

Also significant are the savings recorded by the National Cancer Institute (NCI) during a trial study that it conducted with scientists at Bristol-Myers Squibb and Sanofi. NCI and company researchers were provisioned with digital identities; NCI scientists used government-issued identity credentials while the company scientists used SAFE-BioPharma identity credentials. Both are interoperable - trusted by the public and private sectors. The start-up forms, letters, contracts and other documents were placed in the cloud where, in real time, they could be accessed, reviewed, signed and exchanged. The usual delays and costs associated with courier services, having to wait for someone to return from a trip or other speed bumps were no longer applicable. NCI plans to continue to streamline other workflows using digital identities and digital signatures.

A recently formed strategic relationship with DocuSign has made digital signing available to any organisation and, in turn, eliminated antiquated and cumbersome manual signature processes. The company provides end-to-end workflow automation in a way that is highly customisable for a broad range of business applications and processes.

What is noteworthy about this approach is that, in the past, applications and other service providers would engineer bespoke services to enable an organisation's employees to sign electronically and to achieve some degree of the company's paperless ideal. DocuSign's technology dramatically improves the ability to digitise electronic workflows with its off-the-shelf, cloud-based approach. The effect is smoother and makes for easier collaboration, both internally and with external partners, as experienced by thousands of companies and many millions of people in multiple industries. Thanks to DocuSign's ability to integrate SAFE-BioPharma digital identities and SAFE-BioPharma signatures into its system, any company of any size subscribing to the SAFE-BioPharma standard and to DocuSign can streamline clinical trials, along with a variety of other document-intense functions.

Another relationship that SAFE-BioPharma has forged improves external collaboration via a full-featured and browser-based electronic laboratory notebook built for collaborative research. Partner company Arxspan has incorporated digital signing certificates compliant with the SAFE-BioPharma standard into its proprietary ArxLab electronic lab notebook (ELN). This capability significantly reduces the barriers to signature compliance for external research initiatives, as a US-based SAFE-BioPharma member's programme of multiple research sites in China has demonstrated. Provisioned with SAFE-BioPharma cyber-identities, Chinese scientists are able to authenticate their identity and apply digital signatures using the ArxLab ELN.

Enabling the use of clinical portals

Rapid expansion of clinical portals raises concerns about who has access to the centralised information assets that they contain. Study sponsors and CROs need to be able to trust the identities of personnel who access important online, trial-related information, and submit and sign trial results. Increasingly, these people operate outside organisational firewalls and are located in the developing world.

This as an important area of growth where SAFE-BioPharma needed to incorporate the standard into established services, providing member companies with clinical portals and related services. To date, it has formed two such relationships. One is with InnovoCommerce, creator of an eClinical product suite that is used by many of the world's largest pharmaceutical companies for their enterprise and investigator portals. The other is with Trifecta Clinical, a leading global clinical trials solution provider.

InnovoCommerce sees incorporating the standard into its InnovoPOINT off-the-shelf clinical investigator portal product as a way to help sponsor companies improve productivity, quality and compliance throughout their collaborative exchanges with globally distributed clinical research sites.

Trifecta Clinical is incorporating SAFE-BioPharma digital identity credentials as a way to enhance its ability to quickly and securely exchange data with sponsors, CROs and clinical research consortia. The company anticipates that the credentials will simplify processes for sponsors and investigators, and save time and financial resources.

Trial data integrity assurance

A growing - though little discussed - concern in the R&D community is the problem of multiple enrolments in trials by the same patients. Depending on the therapeutic area, it's estimated that 2-12% of patients may be double-enrolled. For example, participants in pain studies have been known to travel long distances to enrol, under pseudonyms, at a different site for the same trial. Their motivation is obtaining a larger supply of opioids (or, possibly, placebo) for personal use or illegal sale.

This lack of control may skew study results and influence trial outcomes; this poses an unacceptable health and safety risk for patients, and a significant financial risk for sponsors.

SAFE-BioPharma has formed an alliance with a US company, which produces technology that, among other things, helps eliminate multiple enrolments. The company, Verified Clinical Trials, assigns a proprietary de-identified unique identification code to research subjects that, combined with other features, tracks clinical trial subjects and the investigational compounds or devices being administered. Incorporating the SAFE-BioPharma standard will allow research staff to obtain a digital identity. The combined service will enable each research subject and trial administrator to apply binding digital signatures to electronic consent forms, patient diaries and other documents.

The company views the integration of SAFE-BioPharma into its service as a way to improve clinical trial efficiencies by saving the time and costs associated with secure document signing and exchange.

Cyberspace odyssey

Cyberspace has launched the pharmaceutical industry into new levels of globalisation and collaboration, but this new way of doing business has created issues of trust. Organisations need to know, with certainty, that they can trust identities on both sides of the firewall.

This is why the biopharmaceutical industry and a group of regulators have collaborated to create a standardised way to manage digital identities and apply digital signatures to electronic documents in line with their specific needs. First, companies used it. Now, the EMA is using it. SAFE-BioPharma's new alliances in the global trial space place it on another level and prove that trust is the threshold to the future.