Monday, May 24, 2010

Digital Signatures with SAFE-BioPharma

In the recent TISH meeting I attended, one of the discussants emphasized authentication/securing the endpoints/identity management as one of the great enablers of healthcare information exchange.

SAFE-BioPharma is a multi-stakeholder effort that uses digital certificates with private keys held on a smartcard or a USB device to provide electronic signatures which the FDA has determined meet 21 CFR Part 11 requirements, and also to authenticate securely among the stakeholders and Federal government agencies. The effort uses public key infrastructure and enables all of the stakeholders to have a common trust relationship with Federal agencies using the Federal government’s own federated security mechanisms.

As we think about strong authentication methods - biometrics, hard tokens, and smart cards, the SAFE-BioPharma approach is another option to consider.

How does it work?

SAFE-BioPharma member companies are using the SAFE-BioPharma standard in ways that achieve numerous goals including streamlining processes, protecting intellectual property and reducing costs. The standard is a convenient way to apply legally binding (and regulatory compliant) digital signatures to electronic documents. The identity of the signer is clearly verified and the integrity of each digitally signed document is cryptographically guaranteed. SAFE-BioPharma digital signatures are being used to sign electronic laboratory notebooks, electronic regulatory submissions, contracts and a wide variety of forms. Member companies also use the SAFE-BioPharma standard for a variety of identity management functions including employee access, external partner authentication, etc.

For details on the companies involved, the actual systems in production and the business processes used to implement SAFE-BioPharma in production, see this summary.

SAFE is achieving federated identity management using digital certificates on inexpensive smartcards or USB devices. Definitely worth adding to our strong authentication armamentarium.

1 comment:

John Moehrke said...

Nice job. SAFE-BioPharma has been involved in the IHE efforts to define the Digital Signature Content Profile (DSG). What they bring to the table is an infrastructure for high-assurance non-repudiation of origin. This high-assurance non-repudiation is critical when the risks to falsification of content are high. The root cases for SAFE-BioPharma are clinical trials evidence in the Bio-Pharmacy industry. They have worked closely with the FDA to move from a purely paper submission, which was piles and piles of paper; to an electronic submission with digital signatures. A very 'green' effort that they also need to be recognized for.