|
|
European Biopharmaceutical Review
|
When we rely on the internet to conduct business, we need to be able to
trust the identity of that unseen and possibly unknown person on the
other side of the screen. It’s known as identity trust, and in the
internet age, it’s the lubricant that keeps the biopharmaceutical
industry running smoothly.
Our traditional sense of trust is based on personal experience and that
of others whom we rely on as dependable sources of information. Identity
trust exists at the intersection of law, philosophy and technology and
assumes that in cyberspace it may not be good business to take at word
the unknown (or known) individual who vouches for his own identity.
Assuming otherwise would simply be irresponsible, especially when
dealing with information protected by law and other forms of regulation
or when dealing with information used to make important decisions of
high economic value. Or would it?
Digital Identities
Many industries accept self-proclaimed internet identities. Most credit
card and cash advance card transactions are based on their users
providing information that the card issuers evaluate and trust. This
seems to work pretty well most of the time. But should an aircraft
manufacturer trust the self-asserted identity of an employee for a
vendor providing critical parts? Should a government military entity
allow physical access to facilities based on an identity that is
self-proclaimed? Should a self-asserted physician have access to your
medical information?
The difference between credit card identity and access to a military
facility is an evaluation of risk and system-wide indemnification. The
credit card industry has determined that it is less costly to accept a
lower level of identity trust and a higher level of fraud than to invest
in higher-assurance processes that may affect customer ease of use. The
potential losses are financial and the indemnification scheme handles
that risk effectively. An aeroplane manufacturer and the military have
far more at risk than money.
So do we in the biopharmaceutical industry. These distinctions have not
been lost on the European Commission (EC). In June, the EC adopted a
proposal for a regulation “on identification and trusted services for
electronic transactions in the internal market” to boost user
convenience, trust and confidence in the digital world.
Cryptography
In the US and elsewhere, the security-minded money has been placed on
the use of cryptography, the science and technologies of concealing or
changing data. Students of military history understand that the most
common goal of cryptography is maintaining secrecy – accomplished by
changing data from recognisable to unrecognisable and back to
recognisable again. If you think that applying the same types of
cryptographic disciplines used by the military to business transactions
among the biopharmaceuticals is overkill, consider how closely regulated
we are, wherever we do business.
The requirements around clinical trial data are no exception. And if
concerns about using the internet for secure transmission of protected
data aren’t reason enough, consider the importance of protecting our
massive investment in developing intellectual property. The stakes are
very high, as is the bar by which we need to evaluate the security of
our internet transactions. Hence the need to know that we can trust with
certainty the identity of who we’re dealing with at the other end of
our spaghetti bowl of electronic connections.
This is a problem that applies to every organisation – especially every
biopharmaceutical company. And because the problem is industry-wide, it
makes sense to solve it as an industry. That’s what a group of
biopharmaceutical information technology security people thought about
eight years ago when they started one of those rare industry-wide
approaches to solve the problem. The alternative? Every company could
invent its own language. But that would create a separate problem of
deciphering a new industrial Babel. The experts’ solution was to work as
a community of common interest: to come up with a solution each of us
and each of our vendors, partners, and clinicians would be able to use
for secure internet business transactions.
They did it just in time. The industry was entering a period of change;
what had been the province of company, university, clinician, and
regulator, was now expanding to become a spider web of global
relationships. We could keep track of the relationships in the old
model, but with collaboration occurring on so many different levels and
across so many different economies, those relationships were expanding
exponentially.
This phenomenon, driven in part by the availability of internet
communication, demanded a secure way to transmit data with trust in the
identities of the communicating parties. It also called for the ability
to authenticate identities – making sure that the person presenting
himself to an online application truly is that person or that the
computer or mobile device is the one it’s supposed to be. In the world
of cryptography, this procedure is known as authentication.
The Problem of Paper
As far as data is concerned, we might be able to protect when we
connect. But how can we take full advantage of the internet if the
identity of people accessing our sensitive information and signing
documents cannot be authenticated? Biopharma R&D generates a huge
number of documents.
Anyone familiar with the problem understands that paper is
counter-productive to efficiency. For all the promise of an
internet-driven paperless enterprise, the inability to authenticate and
trust the identity of the person signing electronic documents prevents
business from becoming truly electronic. Being fully electronic saves
time and money. It eliminates the need to have a document physically in
hand for a wet signature. It eliminates the time and expense of
exchanging paper documents. It removes the need to store documents and
the time and expense of retrieving them. Lack of confidence in
authenticating the identity of the person who applied the signature gets
in the way of being fully paperless.
The security experts deliberated on this problem: a way to develop
cyber-identities that could be authenticated and trusted and a way to
allow those identities to apply legally-binding signatures to electronic
documents. They reasoned that the solution should be standardised. That
way, the approach used by one company would be the same as the approach
used by others. They settled on public key infrastructure (PKI), a
solution that had been used successfully in other security-minded
industries and by the US government. Within a few years, virtually every
major biopharmaceutical company had joined the non-profit enterprise
created to develop the standard.
I’ll avoid the mechanics of PKI in this article, but for those who are
interested, Wikipedia gives a reasonable explanation, as does the
website for the US National Institute of Standards and Technology
(NIST). The benefits of PKI are many. Once the province of government
agencies, PKI has evolved to become easy for the private sector to
acquire and use.
PKI: A Quick Primer
Organisations participating in this infrastructure sign an agreement
that they and their associates utilising the technology agree to follow
certain reasonable rules. One of those rules is that, in order to
qualify for a digital credential, an individual must successfully
complete a procedure qualifying him to use and manage the digital
identity credential.
Because of the digital identity credential’s close link to the
individual’s proven identity, the identity credential can be trusted.
Trust is what allows the identity credential’s user to apply valid,
non-repudiable (that is, cannot be denied in a court of law) digital
signatures to electronic documents.
Once one of these digital signatures has been applied to a document,
such as an electronic laboratory notebook, it is permanent for the life
of that document. If any change is made to the signed document, the
digital signature is invalidated automatically and that invalidation is
displayed in a way that can’t be missed.
These digitally signed documents show when they were signed and for what
purpose. They can be audited instantaneously; a convenience anyone
involved in audits immediately appreciates. The digital identities that
allow for digital signatures are universal, meaning that the person with
that identity may choose to discard all other identities – and their
associated user names and passwords. That alone reduces identity
management costs for their organisations.
More significantly, the use of digital identities allows for management
of both physical and logical access: ‘physical’ meaning who is permitted
access to which building or conference room; ‘logical’ meaning who is
permitted access to which portal or file. These benefits are the
foundation to the ever expanding use of digital identities in the life
sciences and are based on the ability to trust the identity associated
with the digital credential.
Each cyber-community using PKI technology is also known as an identity
trust hub. Biopharmaceuticals and healthcare comprise one such
community. The US Federal Government, including the FDA and the National
Institutes of Health (the world’s largest medical research funder) is
another. As a result of behind-the-scenes technology activities, each of
these identity trust hubs can trust the cyber-identities of individuals
from the other trust hubs.
This ability to trust across domains opens myriad opportunities for
collaboration. Now, public and private sector cancer researchers are
able to speed up the clinical trial initiation process by accessing,
signing and exchanging documents via cloud computing. Using their
digital identity credentials, they can do this in any place where there
is internet connectivity. That’s a vast improvement over documents
queued up in a pile on an empty desk, waiting for the recipient to
return to the office. In addition to time, it saves the slow financial
drip of couriers, messengers and other deliverers of hard copies.
Conclusion
None of these advances would be possible without the solid assurance
that all parties can trust the identities of all others in internet
business-to-business and business-to-government transactions. That trust
factor would not exist without the technology that tightly binds
cyber-identity to actual identity. Fortunately, the group of industry
information security pioneers made the correct decisions and
standardised the way digital identities would be managed and how digital
signatures would be used. Their innovations first took root in the
research side of R&D, especially when signing electronic laboratory
notebooks. Over time, they have been applied to electronic document
management and many other uses. More recently, trusted digital
identities are being used on the development side, with clinicians
receiving one digital identity that, in time, will take the place of all
other forms of electronic identity.
Think of that! One universal cyber-identity recognised by every
participating biopharmaceutical and healthcare entity. No more Post-It
notes on the monitor with a list of userID/ password pairs. No more
uncertainty about whether that person is the one he or she is supposed
to be. It’s all based on our ability to trust cyber-identities. It may
not be as revolutionary as the invention of the internet, but it is the
development that liberates its use for our industry. |
Read full article from PDF >>
|
 |
 |
 |
Rate this article |
You must be a member of the site to make a vote. |
|
Average rating: |
0 |
| | | | |
|
|
 |
News and Press Releases |
 |
ETIHAD DOUBLES COOL STORAGE CAPACITY AT ABU DHABI AIRPORT’S CARGO VILLAGE TO SATISFY PHARMA BUSINESS
2 November, Abu Dhabi, United Arab Emirates: Etihad Cargo, the
cargo and logistics arm of Etihad Aviation Group, in partnership with
Etihad Airport Services and Abu Dhabi Airports, are preparing to launch a
new state-of-the-art pharmaceutical cool chain facility. Due to go into
operation soon, the facility will significantly expand Abu Dhabi
International Airport’s (AUH) pharmaceutical handling and storage.
More info >> |
|

 |
White Papers |
 |
Generating Scientific Insights by Deep Collaboration - Bridging the Big Data Divide Between Clinical and Research
BioFortis
Translational research, biomarker discovery, clinical studies and even biobanking have become increasingly data intensive. However, generating scientific insights from such disparate “big” data sources across multiple domains is a challenge for both researchers and the informaticians that support them. Download our Deep Collaboration Whitepaper and and learn how to bridge the clinical and research divide to better explore your biomarker based trials.
More info >> |
|
|