SAFE-BioPharma Digital Identity and Signature Standard and Services Fed/Ed XVIII Friday, December 12 th, 2008.

Slides:

Advertisements

Similar presentations

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

Advertisements

Electronic Submission of Medical Documentation (esMD) Face to Face Informational Session esMD Requirements, Priorities and Potential Workgroups – 2:00pm.

The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.

1 GPO PKI – Getting Started U.S. Government Printing Office May 20, 2011.

Paul D. Grant Special Assistant, Federated Identity Management and External Partnering Office of the DoD CIO Co-Chair, Identity, Credential.

Certificate Interoperability S&I Framework Initiative Final Report August 17, 2011.

SAFE-BioPharma Association NSTIC Day How does industry drive forward.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

SAFE-BioPharma: Industry’s Digital Identity and Signature Standard Practical Use Cases Cindy Cullen CTO Oct. 1, 2008.

SAFE Implementation Toolkit How to use it. Implementation toolkit Overview Log-in Contents Search Toolkit Use Log-out.

SAFE BioPharma Association CONFIDENTIAL1 SAFE Public Key Infrastructure (PKI) 2005 EDUCAUSE/Dartmouth PKI Deployment Summit.

August 2004 Providing Industry-wide Security and Identity Management Solutions.

The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,

21 mai 2015 Bridges between Certification Authorities.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

Trusted Identities That Drive Global Commerce IdenTrust: NCMS Presentation JPAS Logon changes requiring PKI credentials Richard Jensen, October 19 th 2011.

Security Controls – What Works

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Bill Maaske CIO AZ Secretary of State

The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.

Regional Health Information Exchange: Getting There Ed Barthell – Wisconsin Health Information Exchange Hugh Zettel, GE Healthcare.

Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.

SAFE is a member-governed, not-for-profit enterprise that: Manages and promotes the SAFE standard Provides a legal and contractual framework Provides technical.

1 Digital Credential for Higher Education John Gardiner August 11, 2004.

The 4BF The Four Bridges Forum The SAFE-BioPharma Digital Identity and Signature Standard.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

The InCommon Federation The U.S. Access and Identity Management Federation

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Johnson & Johnson’s Public Key Infrastructure Bob Stahl

© Copyright 2011, Alembic Foundation. All Rights Reserved. Aurion: Health Information Exchange Technology Today Alembic Foundation OSCON 2011 July 27,

SAFE-BioPharma Association Overview of the SAFE-BioPharma Digital Identity and Signature Standard 10 th Annual Symposium on Identity and Trust on the Internet.

® Copyright 2008 Adobe Systems Incorporated. All rights reserved. Bobby Caudill Solution Architect, Global Government August 2008 Adobe Solutions for Government.

1 PKI & USHER/HEBCA Fall 2005 Internet2 Member Meeting Jim Jokl September 21, 2005.

1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

1 June Richard Guida Stephanie Evans Johnson & Johnson Director, WWIS WWIS SAFE Infrastructure Overview.

CRIX: toward a secure, standards-based, clinical research information exchange.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

PKI Forum Business Panel March 6, 2000 Dr. Ray Wagner Sr. Director, Technology Research.

Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.

Legislation and Market Forces: PKI Drivers for the U. S. Mortgage Industry November 27, 2006 R. J. Schlecht Director, Industry Technology – Security &

The Ninth Annual Pharmaceutical Regulatory Compliance Congress and Best Practices Forum Thomas E. Costa Bristol-Myers Squibb Company This presentation.

Ian Bailey Director Application Architecture Office of CIO, Province of BC A User Centric and Claims Based Architecture for British Columbia.

PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.

Identity Management Working Group 2006 Member Meeting Tempe, AZ Barry Ribbeck Rice University.

The Federal Bridge A Brief Overview 1. 4BF Industry Forum April Fed PKI: View from 20,000 km FBCA C4 Common Policy CA (HSPD-12) CertiPath SSPs.

I-CIDM Bridge to Bridge Working Group (BBWG) Purpose and Activities Fed-Ed Meeting The Fairmont Hotel Washington, DC December 14, 2004 Debb Blanchard Enspier.

January 26, 2007 State Alliance for e-Health January 26, 2007 Robert M. Kolodner, MD Interim National Coordinator Office of the National Coordinator for.

State of e-Authentication in Higher Education August 20, 2004.

Cloud Computing, Policy Management and Standardization Europe Identity Conference 2011 John Sabo, Director Global Government Relations, CA Technologies.

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Patient Identifier Cross-referencing Charles PARISOT GE Healthcare.

1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.

Hajar Sabuur Johnson & Johnson Worldwide Information Security June 16, 2005

Data Liquidity: Creating a Safer Ocean That We Can All Swim in Together Tuesday, November 17 th, 2015 Washington, DC SAFE-BioPharma Association 1.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

S ecure A rchitecture F or E xchanging Health Information in Central Massachusetts Larry Garber, M.D. Peggy Preusse, R.N. June 9 th, 2005.

Pennsylvania Health Information Exchange NJHIMSS - DVHIMSS Enabling Healthcare Transformation Through Information Technology September, 2010.

Pfizer’s SAFE Use Case Michael Lavoie, CISSP, PMP Member, SAFE Board of Directors 24-FEB-2016.

Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.

SAFE-BioPharma Association Blocking the Big Breach SCOPE Summit 2016 Mollie Shields Uehling SAFE-BioPharma Association.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

Jim Bland Executive Director, CRIX International

Electronic Case Reporting Update

U.S. Federal e-Authentication Initiative

SAFE-BioPharma Digital Identity and Signature Standard and Services

Regional Health Information Exchange: Getting There

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

HIMSS National Conference New Orleans Convention Center

Presentation transcript:

SAFE-BioPharma Digital Identity and Signature Standard and Services Fed/Ed XVIII Friday, December 12 th, 2008

2 SAFE-BioPharma Digital Identity and Signature Standard and Services Strategic initiative started 11/03 by biopharmaceutical industry to facilitate transformation to fully electronic SAFE-BioPharma Association incorporated May 2005 –Member-governed, non-profit collaborative industry org –Develop and maintain standard –Facilitate adoption –Services for Members Outreach to regulators SAFE-BioPharma Bridge Tiered Services Commercial issuers/products Cross Certification with FBCA Pilots; new use cases Best practices; industry sharing

SAFE-BioPharma Members Abbott AstraZeneca* BristolMyers Squibb* Eli Lilly GlaxoSmithKline* J&J* Merck * National Notary Assn. Organon- ScheringPlough* Pfizer* P&G* Roche Sanofi-Aventis* 3 *Board and PAA Members

4 SAFE-BioPharma Association SAFE Vendor Community Adobe* Aladdin* Arcot ARX * Gemalto Gemini Security IBM IDBS Microsoft MXI Security* Northrop Grumman nCipher Open Text SAIC Tricipher* Xyzmo* SAFE Vendor PartnersSAFE Issuers BMS Chosen Security Citibank Verizon Business IdenTrust J&J TransSped *SAFE-BioPharma certified products

5 SAFE Core Team A Non-Profit, Member-Driven Standards Association CEO Mollie Shields-Uehling Business WG Implementation WG Technology WG Working Groups SAFE-BioPharma Member Consortium Global Regulatory WG Board of Directors & PAA Gary Secrest, J&J, Chair Technology WG Maria Ramos, J&J Keith Respass, Merck Business Colleen McMahon, GSK Marilyn Teal, P&G Implementation AnnaMarie Ahearn, AZ Wei Wang, SA Global Regulatory Tam Woodrum, Pfizer H. Van Leeuwen, Organon SAFE European Union Advisory Group, Cecil Pistre, Sanofi- Aventis STAFF Cindy Cullen, CTO Jon Schoonmaker, Chief, Ops Rich Furr, Head, Reg Afrs Tanya Newton, Mgr, Reg Afrs John Hendrix, Prog Dir Kevin Chisholm, Exec Asst John Weisberg, PR & Comm Legal, Financial SAIC NGC, Gemini

66 The Contract-Based SAFE-BioPharma Standard Business –Operating Policies –Contracts –Processes Technical & Identity –Certificate Policy (PKI) –Specifications –Guidelines  Accept digitally signed transactions  Agree to limited liability caps  Agree to dispute resolution  Agree to identity assurance  Agree to self-audit & meet SAFE requirements  Identity verification  Manage identity life cycle  Comply with referenced standards  Follow security, audit & control requirements  Certification

7 High-Level Architecture 7

Member Public Key Infrastructure Options Internal infrastructure –Cross certified with SAFE Bridge –BMS, J&J – soon others Outsourced infrastructure –Cross-certified with SAFE Bridge: Chosen Security Citibank IdenTrust TransSped Verizon Business/Cybertrust SAFE tiered services infrastructure (member-funded) –External partners –Regulatory uses –Healthcare providers –Members

Options for Flexible Use Two levels of trust: –Basic Assurance for authentication –Medium Assurance for trusted identity uniquely linked to digital signature and EU-qualified Three digital signing technologies: –Software –Hardware (zero footprint now undergoing FIPS certification) –Roaming Three identity-proofing options –Antecedent – enterprise and on-line –Trusted agent –Notary – including office/home notary services 9

On-Line Antecedent Data Sources US only at present – international sources being identified Based on previous F2F; publicly available data Authoritative Antecedent Data sources (e.g., state licensing authorities): –DEA Licenses –Medical Professional Licenses Physicians & Surgeons Osteopaths Physician Assistants Nursing Pharmacists Among others –State Motor Vehicle Records DMV Registrations –Property Records –Financial/credit records 10

On-Line Antecedent Process ID Vetting Successful: –Applicant Passes 3 rd Party Antecedent identity proofing –Moved to RA queue for processing and Certificate Issuance steps. –It’s a matter of minutes end-to-end. ID Vetting Not Successful: ― Unable to verify identity via 3rd Party Antecedent ― Process reverts to Notary Process with two service options: User locates notary RAS/NNA will have a local notary contact the Applicant directly 11

12 SAFE-BioPharma and Regulators FDA engagement since inception – helped write standard –Familiarization program and compliance matrix –FDA Statement acknowledging use of SAFE-BioPharma digital signature as facilitating compliance with 21CFR11 –SAFE-BioPharma members have submitted 1,000s of fully electronic submissions since Sept. ‘06 EMEA engagement since inception – helped write standard –Evaluation, pilots, electronic submission guidance –EMEA will use SAFE-BioPharma as access solution to EudraVigilance data base (~3,000 users) –1Q09 eCTD Pilot

13 OrganizationPilots and Implementations AbbottELN AmgenClinical Research Info Exchange (CRIX); ELN AstraZenecaeSubmissions (US); ELN; Investigator Portal; Global infrastructure BMSELNs; Promotional material review (EU); eSubmissions; alliances CDC-MedNet-SAFE-SAICCross-jurisdictional public health-disease surveillance EMEAEudraVigilance; eCTDs, regulatory submissions GSKeSubmissions, R&D docs; Global infrastructure J&J90,000+ employees; eSubs; External partners; Records Eli LillyeSubmissions National Notary AssociationDigital Notary Signature PfizerELNs; eSubmissions; contracts/SOWs; investigator portal P&GELNs; contracts; HR Group Purchasing Org.Supplier and member contracts Sanofi-AventiseSubmissions; ELNs; Finance and Purchasing SAFE-BioPharma Pilots & Implementations 13

The Infrastructure and the Network Are In-Place Expanded Communities of Trust – 4BF (4 Bridges Forum) for Collaboration –Federal Bridge CA ; Certipath (Defense & Aerospace); Higher Education Bridge CA; SAFE-BioPharma CA –Raise awareness –Drive use of network of interoperable trusted communities CDC Cross-Jurisdictional Public Health Surveillance Pilot –MN public health; Duluth hospitals and physicians; CDC Group Purchasing Organizations (GPOs) –Hospital systems –Suppliers Federation pilot 14

Clinical Labs ELR System 15 8/24/2015 Patient Test Results Notification w/ Lab test results Local Public Health Officials Alert Notification MN NEDSS Alert Subscription/Notification Service Disease Investigation Service Disease Investigation Service NHIN Gateway Service NHIN Gateway Service Public Health Disease Investigation Portal (Pilot) Alert Subscription/Notification Service

16 8/24/2015 CDC NEDSS Alert Subscription/Notification Service Disease Investigation Service Disease Investigation Service NHIN Gateway Service NHIN Gateway Service Public Health Disease Investigation Portal (Pilot) Access Portal Authentication Request Federated Identity Management System Federated Identity Management System User Authentication SAFE-BioPharma Digital Certificate Local Public Health Officials S ingle S ign O n to portal Open a Disease Investigation Case HL7 CDA for public health or CCD documents CHIC NHIN Gateway CHIC NHIN Gateway Document Repository Clinical Document Review Cross-Gateway Document Query/Retrieval Submit the case

17 8/24/2015 CDC NEDSS Alert Subscription/Notification Service Disease Investigation Service Disease Investigation Service NHIN Gateway Service NHIN Gateway Service Public Health Disease Investigation Portal (Pilot) Access Portal Authentication Request Federated Identity Management System Federated Identity Management System User Authentication SAFE-BioPharma Digital Certificate State Public Health Officials S ingle S ign O n to portal Review the Disease Investigation Case Submit the case Open-Case Notification

18 Please visit the SAFE-BioPharma website: Pfizer’s Implementation of SAFE-BioPharma Digital Signatures in ELNs : f f AstraZeneca’s Implementation of SAFE-BioPharma for FDA Submissions: Learn more about the SAFE-BioPharma Implementation Toolkit: biopharma.org/index.php?option=com_content&task=view&id=254&Itemid=422 biopharma.org/index.php?option=com_content&task=view&id=254&Itemid=422 Watch the SAFE-BioPharma introductory video: Contact us for more information: John Hendrix Program Director (973) 272- Mollie Shields Uehling CEO (201) (201) (cell)8621 Jon Schoonmaker Chief of Operations & Technical Program (301) biopharma.org Cindy Cullen CTO (609) Rich Furr Head, Reg. Afrs. (610) Tanya Newton Manager, Reg Afrs (908) biopharma.org Kevin Chisholm, Admin. BioPHarma.org (201)