SAFE-BioPharma Association HIPAA 12 SAFE: The Key to Identity Management and Digital Signatures Mollie Shields Uehling President & CEO April 11, 2006.

Slides:



Advertisements
Similar presentations
HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.
Advertisements

S.O.S. eHealth Project Open eHealth initiative for a European large scale pilot of patient summary and electronic prescription Daniel Forslund, Head of.
Tips to a Successful Monitoring Visit
Electronic Submission of Medical Documentation (esMD) Face to Face Informational Session esMD Requirements, Priorities and Potential Workgroups – 2:00pm.
The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
ITEC 6324 Health Insurance Portability and Accountability (HIPAA) Act of 1996 Instructor: Dr. E. Crowley Name: Victor Wong Date: 2 Sept
SAFE-BioPharma: Industry’s Digital Identity and Signature Standard Practical Use Cases Cindy Cullen CTO Oct. 1, 2008.
SAFE Implementation Toolkit How to use it. Implementation toolkit Overview Log-in Contents Search Toolkit Use Log-out.
SAFE BioPharma Association CONFIDENTIAL1 SAFE Public Key Infrastructure (PKI) 2005 EDUCAUSE/Dartmouth PKI Deployment Summit.
August 2004 Providing Industry-wide Security and Identity Management Solutions.
Security Controls – What Works
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Introduction to Regulation
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
1 Webinar on: Establishing a Fully Integrated National Food Safety System with Strengthened Inspection, Laboratory and Response Capacity Sponsored by Partnership.
Session 6: Data Integrity and Inspection of e-Clinical Computerized Systems May 15, 2011 | Beijing, China Kim Nitahara Principal Consultant and CEO META.
SAFE is a member-governed, not-for-profit enterprise that: Manages and promotes the SAFE standard Provides a legal and contractual framework Provides technical.
Electronic Submission of Medical Documentation (esMD) Face to Face Informational Session Charter Discussion – 9:30am – 10:00am October 18, 2011.
The 4BF The Four Bridges Forum The SAFE-BioPharma Digital Identity and Signature Standard.
Stakeholders In Clinical Research Government and Regulatory Bodies Professor Phil Warner.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
The InCommon Federation The U.S. Access and Identity Management Federation
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
How can I trust the rest of Europe ? Requirements and a possible organisation with regard to epSOS and eHealth Frank Robben General manager eHealth platform.
Johnson & Johnson’s Public Key Infrastructure Bob Stahl
STORAGE MANAGEMENT/ EXECUTIVE: Managing a Compliant Infrastructure Processes and Procedures Mike Casey Principal Analyst Contoural Inc.
HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
U.S. General Services Administration Federal Technology Service November 9, 1999 Judith Spencer Director, Center for Governmentwide Security Office of.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
AMERICAN RECOVERY AND REINVESTMENT ACT OF 2009 Health Information Technology for Economic and Clinical Health Act (HITECH Act) Regina.
Chapter 6 – Data Handling and EPR. Electronic Health Record Systems: Government Initiatives and Public/Private Partnerships EHR is systematic collection.
1 June Richard Guida Stephanie Evans Johnson & Johnson Director, WWIS WWIS SAFE Infrastructure Overview.
The United States Health Information Knowledgebase: Federal/State Initiatives An AHRQ Research Project J. Michael Fitzmaurice, PhD, AHRQ Robin Barnes,
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Overview of IHE IT Infrastructure Patient Synchronized Applications.
CRIX: toward a secure, standards-based, clinical research information exchange.
Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.
PKI Forum Business Panel March 6, 2000 Dr. Ray Wagner Sr. Director, Technology Research.
1 7 th CACR Information Workshop Vulnerabilities of Multi- Application Systems April 25, 2001 MAXIMUS.
Integrating Federated Identity and Web services in the RHIO Environment John Richardson Vice-Chair, Liberty Alliance eHealth SIG Intel Corporation Digital.
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
Identity Management Working Group 2006 Member Meeting Tempe, AZ Barry Ribbeck Rice University.
IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.
Integrating a Federated Healthcare Data Query Platform With Electronic IRB Information Systems Shan He IPHIE 2010.
Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.
Agenda for Session Compliance in Clinical Research
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
Hajar Sabuur Johnson & Johnson Worldwide Information Security June 16, 2005
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
CRIX – A Public Private-Partnership in the US: Structure, Benefits and Lessons Learned Jim Bland Executive Director, CRIX International.
1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)
Lifespan GOOD CLINICAL PRACTICE Record Management GCP May 2005.
FIRE1000S - Self-Paced FIREBIRD Training Training on the Federal Investigator Registry of Biomedical Informatics Research Data (FIREBIRD) for Clinical.
The technology behind the USPS EPM. AND COMPLIANCE March 25, 2004 Adam Hoffman.
SAFE-BioPharma Association Blocking the Big Breach SCOPE Summit 2016 Mollie Shields Uehling SAFE-BioPharma Association.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.
Overview eSignature Features: Field Type vs Record Locking Regulations
Jim Bland Executive Director, CRIX International
Paperless & Cashless Poland Program overview
Data and Applications Security Developments and Directions
InCommon Steward Program: Community Review
Building A Community of Trust to Transform Medicines Development
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
HIMSS National Conference New Orleans Convention Center
E-Lock ProSigner ProSigner means “Professional Signer” signifying the software that can apply legally enforceable Advanced electronic signatures to electronic.
Presentation transcript:

SAFE-BioPharma Association HIPAA 12 SAFE: The Key to Identity Management and Digital Signatures Mollie Shields Uehling President & CEO April 11, 2006

2 SAFE-BioPharma Association Impetus for SAFE….. Revolution in life sciences and medical technology: –Changing the way we live –Expensive Need to improve safety, quality, development time of medicines to patients: –Paper costs: 40% of R&D costs; 33% all healthcare costs –Increasingly complex industry –Wall Street’s imperative: reduce cost structure Need to improve efficiencies, reduce costs, and allocate resources better – eliminate paper costs: Shift to eClinical eRegulatory processes eHealthcare, e.g., UK, France, US

3 SAFE-BioPharma Association The Vision... What would the world be like if we could conduct –business electronically with the same certainty of paper? What would our business processes be like if we could –Eliminate wet signatures? –Digitally sign documents the same way we do paper? –Trust people’s identities without ever meeting them? –Eliminate multiple passwords, passcards? –Interoperate regardless of technology or vendor? How much faster? How much more productive? How much more accurate? How much more profitable?

4 SAFE-BioPharma Association Barriers to Adoption of Digital Signatures/Processes by Bio-Pharma Identity Management and Authentication Regulatory Legal Enforceability Risk Management Change Management Privacy, Security Interoperability

5 SAFE-BioPharma Association Industry Collaboration: Signatures and Authentication for Everyone: May 2005 SAFE is the only global standard for the healthcare community that enables trusted, secure, legally enforceable paperless business and clinical transactions.

6 SAFE-BioPharma Association What is SAFE? SAFE enables trusted, secure, legally enforceable paperless business and clinical transactions. A single common digital credential: –For ID management –For digital signatures Basis: –Hardware -- smart card or USB fob 2-Factor security –Closed user community –Bound by contracts –That manage risk –That bridge local and regional differences in digital signature laws –Provide interoperability

7 SAFE-BioPharma Association SAFE & Regulatory Requirements Complies with 21CFR11 & other predicate rules Meets OMB, NIST and EAP Level 4 criteria for eGovernment and e-Authentication EMEA – Evaluated SAFE – meets EMEA requirements

8 SAFE-BioPharma Association SAFE Standard Legal Structure -Uniform obligations/protections: -Safekeeping of credentials -Record-keeping -Accuracy of registration data -Timely revocation -Global legal enforceability -Risk Management Approach -Arbitration vs. lawsuit -Damages capped Issuer PfizerCRO SAFE LLC Issuer C C CC C C Bound by a Closed Contract System C = Contract

9 SAFE-BioPharma Association SAFE Features Global Trust network –Face to face ID –High assurance that the other end is who they say they are –Community of users Signature verified at the time of signing & authentication SAFE CA Bridge allows interoperability Certification of products and applications

10 SAFE-BioPharma Association The SAFE Community Participants  Abbott Labs  AstraZeneca – Founder  Bristol-Myers Squibb – Founder  GlaxoSmithKline – Founder  Genzyme  INC Research  Johnson & Johnson – Founder  Merck – Founder  Nektar  Organon  Pfizer – Founder  Procter & Gamble – Founder  Sanofi-Aventis – Founder  National Cancer Institute  Food & Drug Administration  European Medicines Evaluation Agency  Irish Medicines Board  Medicines Evaluation Board – Netherlands  EOF: Greece  Veterinary Medicines Directorate: United Kingdom  Pharmaceutical Research & Manufacturers Association  European Federation of Pharmaceutical BioPharma MembersGovernment Agencies Association Partners  Memorial Sloan Kettering  Mayo Clinic  City of Hope National Medical Center  Women & Infants Hospital of Rhode Island  H Lee Moffitt Cancer Center  Sidney Kimmel Cancer Institute  Shulman & Associates  Western IRB Research Sites & IRB’s

11 SAFE-BioPharma Association SAFE BioPharma Association Technical Standards BodyShared Services CompanyHealthcare Industry Association Standards Working Groups Certification standards & administration Standard Development & Maintenance Alignment to HL7, CDISC, IHE, ICH, EAP Engagement in ONCHIT, AHIC, NHII, PDUFA III, CaBIG Issuance of Credentials Directory of Users Operation of bridge Member Implementation Member/Product/Issuer certification Vendor program Tech Devel: Signing Services, Remote FDA EMEA NCI Stakeholder outreach Education & advocacy –eHI Policy engagement –Congress & leg. –HHS, NCI –EFPIA, PhRMA, BIO, ACRO, etc. –FDA, EMEA Media: local, national, trade, international Working Groups

12 SAFE-BioPharma Association SAFE Biopharma Association Delivers NETWORK AUTHENTICATION SIGNING SERVICES AND UTILITIES IDENTITY STANDARD AND GUIDELINES SAFE IDENTITY UTILITIES

13 SAFE-BioPharma Association SAFE Identity Standard and Guidelines Value –Creates operating framework for movement to e-business processes –Interoperability across all members/users on the network –Shared experience improves member implementation success –Vendor partner program to deliver off-the-shelf SAFE enabled applications –Universal agreement, contractually bound, to abide and comply with rules –Risk management scheme –Rules are mapped to regulatory requirements to ensure conformance: 21CFRP11, EMEA, SOX, HIPPA –Provides legal, regulatory business risk management SAFE Delivers –Policies procedures specifications and guidelines, compliance checklists, legal guidelines –Access to SAFE working groups (FDA Compliance, EU Forum, Implementation, Operations technology, e-Health Initiative) –SAFE Vendor Partner Program delivers certified applications to the healthcare community

14 SAFE-BioPharma Association SAFE Identity Utilities Value –Competitive pricing ~$100 per year credential costs –Pre-packaged implementation speeds time to production and reduces risk of implementation failure –Engineered specifically to meet regulatory requirements –Interoperability at scale once the network is in effect SAFE Delivers –USB Identity tokens Use digital certificates (X.509) to access and sign information –Universal SAFE Signing Interface web based interface for uploading and signing documents –SAFE Registration Authority to register users for credential issuance –SAFE call center 24X7 support

15 SAFE-BioPharma Association SAFE Network Services – SAFE Signature Book Basic POC Environment –5 pre-production SAFE USB credentials –Application integration guide –Universal SAFE Signing Interface Code –POC end user kit –Authentication and document signing service –Audit log management –Limited diagnosis and implementation support n SAFE Signature Book Signing Application Pre-production Pilot –20–100 pre-production pilot credentials –Pilot implementation guideline –Universal SAFE Signing Interface Code –Infrastructure support –Authentication and document signing service –Audit log management –Diagnosis and implementation support

16 SAFE-BioPharma Association Visible SAFE Signature Block Placement Reason: Affirm information on Form 1572 DN: CN=Jane Doe, C=US, O=Miracle Cure Pharma, OU= Date: :33:07 – 4’00’ ? Jane Doe

17 SAFE-BioPharma Association SAFE Signature Block √ Karl Von Jacobowitz Name: Karl Von Jacobowitz Reason: Affirm information on Form 1472 Date: :33:07 – 4’00’ X Karl Von Jacobowitz Name: Karl Von Jacobowitz Reason: Affirm information on Form 1472 Date: :33:07 – 4’00’ Valid SAFE Signature Invalid SAFE Signature Name: Karl Von Jacobowitz Reason: Affirm information on Form 1472 Date: :33:07 – 4’00’ Non-Validated SAFE Signature ? Karl Von Jacobowitz

18 SAFE-BioPharma Association SAFE Signature Validation

19 SAFE-BioPharma Association SAFE-FDA

20 SAFE-BioPharma Association SAFE Compliance Working Group SAFE Member reps with QA/Compliance/Regulatory backgrounds Works with FDA –CDER/Division of Scientific Investigations –Part 11 Council –CIO –CBER SAFE/FDA Auditor Familiarization Program –Joint effort to develop training for FDA and Member Internal Audit staffs –What is SAFE, What is a SAFE Signature, How is it manifested on a record, What should you look for? Products/Schedule –Inspection Techniques Manual for Auditors: Final –Auditor Familiarization Training Materials: 2Q06 operational Provides –Regulatory Compliance Matrix How does SAFE comply with Pt 11 –Functional Validation Scenarios & Validation Checklists Can be used by Members to support system validation –Internal SOP Matrix What internal documents does a Member need to develop

21 SAFE-BioPharma Association SAFE EMEA Pilot Participants –SAFE Evaluation Team: EMEA, GSK, Organon, Pfizer –EMEA Manager: Wim Nuyts Pilot has 3 main areas of scope –The technology, –EMEA legal opinion –Auditability. –The Participants will be limited to SET members Key Assumptions –The pilot will interact between the Participants and the EMEA –The pilot will utilize the SAFE Profile/USSI proof of concept (POC) signing interface to apply digital signatures to PDF –The Participants will digitally sign PDF documents only – notifications will be sent using SAFEsign.org to confirm approval of documents –The pilot will use SAFE test credentials supplied by SAFE

22 SAFE-BioPharma Association National Cancer Institute Firebird (Federal Investigator Registry for Bioinformatics Research Data): –Investigators register on-line with NCI and other sponsors –Clinical trial registration via Form 1572 Deployment Scope: –Technical pilot completed –Pilot Phase: ~50 investigators and support staff at 8 sites (Q206) –Production: 13,500 Principal Investigators; 7,000 research sites to be registered within the next 24 months (end 2006) Pilot Sites: –Memorial Sloan Kettering Mayo Clinic –City of Hope Women & Infants Hosp. RI –H Lee Moffitt Cancer CenterSidney Kimmel Cancer –University of Chicago Stanford University

23 SAFE-BioPharma Association SAFE Member Projects GlaxoSmithKline – EDC, Site Study Initiation Merck – Sampling Pfizer – Enterprise identity Management, Clinical P&G – Digital Signatures BMS, AstraZeneca, SanofiAventis, Genzyme

24 SAFE-BioPharma Association Cross-Certifications: J&J and Cybertrust Johnson & Johnson Services can now offer SAFE digital identity credentials and SAFE authentication and digital signature services across its parent enterprise. Cybertrust’s SAFE customers can now utilize the SAFE digital identity and SAFE digital signatures in a broad range of business-to-business and business-to-regulator transactions utilizing the Internet.

25 SAFE-BioPharma Association The SAFE Vendor Community  PhaseFoward  Relsys  Liquent  Microsoft  Documentum  Oracle  OpenText  Intralinks  ISI  Lorenz  ArborText  Glemser Technologies  Scientific Software  PathData  Tumbleweed  FCG Applications Vendors  SafeNet  Tumbleweed  Gemplus  Verisign  CyberTrust Infrastructure Vendors  Northrop Grumman  SAIC  Ernst & Young  Teratec  Accenture  Churchill & Harriman  SIG Integration Vendors  Adobe  Arcot  Aladdin  Bearing Point  Corestreet  Cybertrust  IBM  Kyberpass Premier Partners

26 SAFE-BioPharma Association SAFE and eHealth, SDOs Objectives: –Increase awareness of SAFE to healthcare community –Participate in standards development –Provide framework to foster/evolve industry standard SAFE - E-Health Partnership: –US: e-HI Identity Management and Dig Sig Working Group –EU Forum –White papers – e.g., risk management, legal

27 SAFE-BioPharma Association Imagine a Future…… Patient visits physician Registered with the swipe of a card Physician enters info on integrated point of care device, orders tests, prescribes, enrolls patient in clinical trial – all electronically Lab tests submitted and reported electronically Medicines are manufactured in batch and sent via electronic order Claims submitted and paid and records kept electronically Clinical trial data managed, signed and submitted electronically Patient carries personal health record……

28 SAFE-BioPharma Association SAFE is the only global standard for healthcare community interoperability that enables trusted, secure, legally enforceable, paperless healthcare regulatory and business transactions

29 SAFE-BioPharma Association Becoming a SAFE Member Visit:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.