Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Liquidity: Creating a Safer Ocean That We Can All Swim in Together Tuesday, November 17 th, 2015 Washington, DC SAFE-BioPharma Association 1.

Published byBrittany Brianna Neal Modified over 8 years ago

Similar presentations

Presentation on theme: "Data Liquidity: Creating a Safer Ocean That We Can All Swim in Together Tuesday, November 17 th, 2015 Washington, DC SAFE-BioPharma Association 1."— Presentation transcript:

1 Data Liquidity: Creating a Safer Ocean That We Can All Swim in Together Tuesday, November 17 th, 2015 Washington, DC SAFE-BioPharma Association 1

2 Trusted Identities And Patient- Centered Compliance: Breaking The Health Information Sharing Logjam Mollie Shields Uehling SAFE-BioPharma Association

3 2 The Challenge Revolution underway in medicines and the treatment of patients Life sciences and healthcare industries characterized by disruption: innovative and challenging science, payer pressure, patient-centricity, personal medicine, new collaborative ways of working, integration of research into on-going clinical treatment But business processes are mired in the last century Trying to move from current models of working to a new model that reflects the consumer world (Amazon, Google, Uber, Waze) Seeking outside-in approaches in digitizing regulated business processes But industry operates in highly regulated environment One of fundamental issues in movement to cloud is protection of IP, PII, protection of infrastructure, and reputation while moving huge amounts of protected info around the web

4 Why the Need for Standardized Identity Trust On-Line? In 2015, Gartner estimates $77b will be spent on cybersecurity — only 4% or $3.3b on identity trust – tall walls, deep moats, open front doors 2 out of every 3 breaches comes through exploited passwords. OPM (21m), IRS (104K), Anthem (80m) breaches caused by hijacked administrator user name/passwords. 52% of all breaches could have been prevented by strong authentication. YET: Most enterprises are managing identities for employees and external partners on an enterprise and project-by-project basis – industrial age approach Users plagued with many, many digital identities – usually user names and passwords – what you know and what can easily be shared or hijacked. Often no identity trust standard behind internet identities. 4 SAFE-BioPharma Association

5 The SAFE-BioPharma Digital Identity and Signature Standard Created by leading biopharmaceutical firms in 2005 SAFE-BioPharma standard encompasses two trust frameworks: –High assurance authentication credentials using multiple technologies that satisfy four levels of trust –High assurance digital signing credentials that meet US and EU regulatory requirements 5 SAFE-BioPharma Association Vision : To facilitate business and regulatory processes to fully electronic in a secure, trusted, regulatory and legally compliant manner that allows a user to have a single digital identity recognized across all stakeholders Vision : To facilitate business and regulatory processes to fully electronic in a secure, trusted, regulatory and legally compliant manner that allows a user to have a single digital identity recognized across all stakeholders

6 The SAFE-BioPharma Digital Identity and Signature Standard Both trust frameworks provide: –Strong identity trust thru standardized ID proofing requirements –Utilizing EU and US Federal government technical standards –Contract-based governance, legal and risk mitigation framework –Mapped to laws at US state & Federal levels, EU & MS levels –Secure and meets US, EU and other data privacy requirements –Compliant with FDA, EMA, DEA requirements –Single interoperable identity Only standard that meets global requirements Provides a tool for companies, vendors, regulators and others to standardize trust for authentication and signing. Allows users and vendors to have standards around which to work knowing that the products will be acceptable across industry and can be confidently used by industry. 6 SAFE-BioPharma Association

7 Non-profit managed by Board of Directors from Member Firms Association functions: –Maintains and evolves standard –Certifies commercial providers, applications and products –Works with Regulators and Policy Authorities –Provides a forum for best practices and shared use cases –Operates a “Bridge” (for interoperability) –Represents the industry in national and international standards- development and global identity management policy-setting organizations 7 SAFE-BioPharma Association

8 SAFE-BioPharma Members 2015 AbbVie Actavis Alkermes Allergy & Asthma Inst. ArenaPharma Arxspan Astellas* AstraZeneca* Bayer Bellepheron Bristol-Myers Squibb CareKinesis Cerecor Collaborativ Dart NeuroSciences Eli Lilly Evolution Scientific GlaxoSmithKline* Ikaria Imaging Endpoints Incyte IPS Research Merck* McDougall Scientific MWB Consulting (now ICON) National Notary Assn. NewCropRx Omnicare Opthotech Oxford Outcomes PDC Biotech Pfizer* Premier Purchasing RegenX* Sanofi-Aventis* Savara Pharma Sinclair Pharma SNAP Diagnostics St. Renatus TransPerfect Veroha Wuxi 8 SAFE-BioPharma Association *Board members

9 SAFE-BioPharma Partners 9 SAFE-BioPharma Association Digital Signature Providers: Exostar IdenTrust TransSped Verizon Identity Proofing and Digital Credentials: AYIN International Doximity Exostar LexisNexis TransUnion Verizon Non-Profit Collaborations ACRES CareLex CDISC HL7 IDESG Kantara NCPDP NH-ISAC OASIS TSCP Assessors: Cygnacom Solutions Electrosoft Kimble Assocs Lydia LLC Zygma Partners: Acelrys* Adobe* Arxspan Cegedim* Cognizant DocuSign* Electrosoft Exostar* 10Pearls Hitachi IDBS* Innovo Commerce LSCP Medversant Microsoft Mt. Airey SIGNiX Taigle Verified Clinical Trials Verizon* Waters* *Offer SAFE-BioPharma certified products or services

10 Fed Common Policy Root CA Entrust CertiPath Bridge CA SAFE Bridge CA Federal Bridge CA Boeing Northrop Grumman SITA Lockhee d Martin CertiPath Common Policy Root CA Exostar VDoT GSA MSO VeriSign SSP DoTHUD Verizon Bus SSP EOP VA HHS US Treasury SSP NASA SSA State of Illinois DoE Dept. of State US PTO GPO DHS DoJ E-Commerce DoJ DEA ARINC DoD SA Exostar AZ Merck ORC ACES EADS Raytheon VeriSign GPO SSP USPS NRC DoD Interoperability Root DoL EPA STRAC Network of Cyber-Communities TranSpeddentrust Pharmas Verizon AbbVie

11 SAFE-BioPharma and the Regulators SAFE-BioPharma and the Regulators FDA and European Medicines Agency (EMA) helped write the Standard –FDA Office of the CIO, 21CFR11 Council, CDER, CBER –EMA Office of the Head of Communications and Networking EMA and FDA are on paths to requiring fully electronic submissions EMA requiring digital signatures for most electronic submissions as of June 2015 FDA has accepted millions of SAFE-BioPharma digital signatures on submissions since 2007 DEA recognizes SAFE-BioPharma digital signatures as compliant for ePrescribing of Controlled Substances (EPCS) SAFE-BioPharma digital signatures satisfy ESMD requirements. 11 SAFE-BioPharma Association

12 Leading Use Cases Regulatory submissions Electronic Lab Notebooks High Value Contracts, SOWs Toxicology and imaging reports IRB reviews and approvals Physician signatures on diagnostics Safety reporting ePrescribing (EPCS) ESMD Study start up Clinical trial applications Access to clinical and other portals Access to eHRs 12 SAFE-BioPharma Association

13 Mobile Credential for Authentication and Signing ePrescribing, Global ELNs 13 SAFE-BioPharma Association Two Integration Methods Signing Request delivered to mobile device Integrated Cloud-based PKI credential for digital signing

14 14

15 Merck’s Engage Zone Engage Zone is on the life sciences hub. Partners authenticate through SAM and then access Engage Zone. Partners benefit from streamlined access for working with Merck and fewer login credentials. University Users Investigator Users CRO Users Contractors Major Pharma Companies connected as IdPs with an SSO experience Non Federated Partner User Partner Identity Federated Partner Org (Charles River Labs) Secure Access Manager (SAM) Secure Access Manager (SAM) ID linked to SAM ID SAM ID used for SSO SAFE Certified IDP 15 Copyright 2014 Exostar LLC.| All Rights Reserved.| Proprietary and Confidential

16 Cognizant Portal for TransCelerate – industry members gain access to multiple partner applications Life Science industry members gain access to multiple partner applications through single credential VIA SAM University Users Investigator Users CRO Users Application providers can make their applications available to the entire community Partner User SAFE Certified IDP Collaboration Space Tools / Software Data / Information authenticate user User ID linked to SAM ID SaaS for Merck Cloud Service Applications Future Applications & Portals Partner Identity Exostar Secure Share Standard/Sensitive Merck Users Single Sign-on Merck Network SWMS SAM ID used for SSO Secure Access Manager (SAM) Secure Access Manager (SAM) SWMS Access Merck Services Exostar Community Cloud 16 Copyright 2014 Exostar LLC.| All Rights Reserved.| Proprietary and Confidential

17 Alliance For Clinical Research Excellence and Safety Platform Overview 17 Mobile Website ACRES Hosted Apps 3 rd Party / Cloud Apps Customer Hosted Apps IoT Apps Hybrid/Native Mobile Cloud ID Authenticator ID/Password 2 Factor Policy Enforcement Self-service tools Cloud ID Provisioner Password Management Provisioning Profile Management Authorization Management Role Management Workflow Engine Cloud ID Broker Security Token Service Federation Protocols Translations & Mapping HealthIDx

18 authentication fax receipt phone finger-print facial biometric voice print password device fingerprint point-of-sale hardware token 1 1 2 Security Directory HR CRM Practice Management enterprise authorities EHR FICAM: FISMA: 3 2 33 user context: Frank.Moore@gmail.com Banking Records create opaque access audit log privacy network authorize release of tax records. discover qualifying credentials required to earn Nationwide.Taxpayer-AAA-ID: 3-factors authentication 3 authorities identity matching 3 authorities identity proofing (at least 1 biometric) discover qualifying credentials required to earn Nationwide.Taxpayer-AAA-ID: 3-factors authentication 3 authorities identity matching 3 authorities identity proofing (at least 1 biometric) zero-knowledge eligibility verification credential requirement: {Nationwide.Taxpayer-AAA-ID} AND {CMS.FISMA-AccessAudit} credential requirement: {Nationwide.Taxpayer-AAA-ID} AND {CMS.FISMA-AccessAudit} nationwide authorities 18 WebShield Confidential Webshield Trust Model

19 The Evolving Standard 2015 : Ecosystem in place: –Multiple identity trust levels meeting US/EU requirements –Multiple identity proofing options –Multiple technologies, applications, and vendors –Network of linked cyber-communities –All based on a set of standards that allow multiple vendors, technologies to interoperate and to allow user a Single Digital Identity Future: –Growth of the network and ecosystem –Expansion of the standard to meet needs of the healthcare and life sciences community around robust identity trust as the threat environment and technology evolve. 19 SAFE-BioPharma Association

20 Today’s Discussion Personalization versus privacy Grand strategy and design for healthcare liquidity Ability to leverage lots of sensitive information across the web while meeting privacy, security, and intellectual property requirements SAFE-BioPharma pleased to sponsor this discussion looking at innovative and disruptive ways to improve the cost and quality of medicines research and healthcare delivery Fundamental to the system design is trust in the identities of those accessing information Today will hear some very intriguing examples of what the privacy network could contribute 20 SAFE-BioPharma Association

21 21 Please visit the SAFE-BioPharma website: http://safe-biopharma.org/ http://safe-biopharma.org/ Please visit the 4BF website: http://www.the4bf.com/ Watch the SAFE-BioPharma introductory video: http://www.safe-biopharma.org/video.htm Contact us for more information: Mollie Shields Uehling CEO mollie@safe-biopharma.org (703) 821-7927 (201) 925-2173 (cell) Gary Wilson Prog. Mgr (781) 962-3172 Gwilson@safe- biopharma.org Jon Weisberg Communications 801-359-9977 o 801-860-9977 m jweisberg@safe-biopharma.org Gary Secrest, CTO Gsecrest@safe- biopharma.org (609) 306-5560 Peter Alterman, COO Palterman@safe- biopharma.org (301) 943-7452 Betsy Fallen Global Programs and Marketing (610) 716-3271 Bfallen@SAFE-BioPharma.org

Download ppt "Data Liquidity: Creating a Safer Ocean That We Can All Swim in Together Tuesday, November 17 th, 2015 Washington, DC SAFE-BioPharma Association 1."

Similar presentations

The World Internet Security Company ID Management in e-Health February 2007.

The World Internet Security Company ID Management in e-Health February 2007.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Federal PKI Architecture Update

Federal PKI Architecture Update
Paul D. Grant Special Assistant, Federated Identity Management and External Partnering Office of the DoD CIO Co-Chair, Identity, Credential.

Paul D. Grant Special Assistant, Federated Identity Management and External Partnering Office of the DoD CIO Co-Chair, Identity, Credential.
The 4BF The Four Bridges Forum Federated PACS A Physical Access Use Case for Bridges FIPS 201/PIV-I PACS Interoperability April 28 th, 2009.

The 4BF The Four Bridges Forum Federated PACS A Physical Access Use Case for Bridges FIPS 201/PIV-I PACS Interoperability April 28 th, 2009.
SAFE-BioPharma Association NSTIC Day How does industry drive forward.

SAFE-BioPharma Association NSTIC Day How does industry drive forward.
Public Key Infrastructure (PKI) Hosting Services.

Public Key Infrastructure (PKI) Hosting Services.
SAFE-BioPharma: Industry’s Digital Identity and Signature Standard Practical Use Cases Cindy Cullen CTO Oct. 1, 2008.

SAFE-BioPharma: Industry’s Digital Identity and Signature Standard Practical Use Cases Cindy Cullen CTO Oct. 1, 2008.
Leveraging a Single Platform - Connecting a Statewide Healthcare Ecosystem Michigan Association of Health Plans Rick Murdock Executive Director Michigan.

Leveraging a Single Platform - Connecting a Statewide Healthcare Ecosystem Michigan Association of Health Plans Rick Murdock Executive Director Michigan.
Beyond Brute Force Strategies for Securely leveraging Mobile Devices Rajesh Pakkath, Sr. Product Manager, Oracle Bob Beach, CIO, Chevron October, 2014.

Beyond Brute Force Strategies for Securely leveraging Mobile Devices Rajesh Pakkath, Sr. Product Manager, Oracle Bob Beach, CIO, Chevron October, 2014.
The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,

The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,
Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.

Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting

EDUCAUSE Fed/Higher ED PKI Coordination Meeting
NIH iTrust Peter Alterman/Debbie Bucci National Institutes of Health October 2010.

NIH iTrust Peter Alterman/Debbie Bucci National Institutes of Health October 2010.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University

The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University
The E-Authentication Initiative: A Status Report Presented at Educause Meeting June 16, 2004 The E-Authentication Initiative.

The E-Authentication Initiative: A Status Report Presented at Educause Meeting June 16, 2004 The E-Authentication Initiative.
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
SAFE is a member-governed, not-for-profit enterprise that: Manages and promotes the SAFE standard Provides a legal and contractual framework Provides technical.

SAFE is a member-governed, not-for-profit enterprise that: Manages and promotes the SAFE standard Provides a legal and contractual framework Provides technical.
The 4BF The Four Bridges Forum The SAFE-BioPharma Digital Identity and Signature Standard.

The 4BF The Four Bridges Forum The SAFE-BioPharma Digital Identity and Signature Standard.

Similar presentations

Ads by Google