Data Security Standards for Drug R&D and Secure Access to Clinical Applications


Ann Nguyen:
Greetings. I'm Ann Nguyen, Senior Associate Conference Producer with Cambridge Healthtech Institute. Welcome to this podcast for the Data Security conference at Bio-IT World Conference & Expo 2017, celebrating its 15th anniversary and running this May 23-25 in Boston, Massachusetts. For this interview we have two speakers who will be co-presenters during the conference: Mollie Shields-Uehling, President and CEO of SAFE-BioPharma Association, and Tom Johnson, Senior Director of Healthcare and Life Sciences Solutions at Exostar.

Mollie and Tom, thanks very much for your time.

Mollie Shields-Uehling:
Our pleasure.

Tom Johnson:
Thanks, Ann.

Ann Nguyen:
Can you describe the relationship between your organizations and what it represents for developing data security standards for drug R&D? Mollie?

Mollie Shields-Uehling:
I think that everyone in our audience is probably very aware that this is one of the most dynamically innovative periods in terms of medical research and the development of new medicines and treatments for patients. This development requires all kinds of new partnerships. It involves new science, new research and very importantly, new collaboration, government agencies, universities, patient groups, payers, sponsors and others on a global basis, certainly using electronic technologies, cloud collaboration, mobile devices. This collaboration requires the ability to share sensitive intellectual property and personal health information across many partners around the globe.

This trend will increase even further as we do more and more in the area of genomics which is very identifiable personal information. We need to be able to protect this information and to trust those who are accessing our data. Currently many, many, many enterprises use unsecure methods, user names and passwords. In fact, we know from Verizon's data breach reports that two out of three data breaches in healthcare are caused by weak use of user names and passwords. In fact, it's been so extensive that almost one-half of all Americans' healthcare records have been breached.

What we need are standards to be able to trust the identities of those accessing our information and to do business without ever having met on a face-to-face basis. That is why the leading biopharmaceutical research companies established the SAFE-BioPharma standard. What the SAFE-BioPharma standard provides is very strong identity trust. Trust that you are who you say you are even though I've never met you. For where signatures are required, an identity that is uniquely linked to the signature. Certainly a standard that meets global legal requirements and that meets global regulatory requirements, particularly the FDA, the European Medicines Agency and the Drug Enforcement Administration as well as a standard that meets all the leading data privacy requirements. That is what the SAFE standard does. It enables secure global R&D collaboration.

Now, our relationship with Exostar: SAFE is a nonprofit community. We set standards and we certify providers. Exostar is certified to meet all the requirements of the SAFE-BioPharma standards, for both authentication as well as for digital signing. They offer SAFE-BioPharma-compliant identities to SAFE members. In addition Exostar provides a bridge which allows members to trust credentials from all of the cyber-communities that meet the same robust standards. This includes every U.S. government agency and in the case of Exostar, their bridge meets European Union requirements.

Ann Nguyen:
And Tom.

Tom Johnson:
That was great, Mollie. Just to add to that a little bit: From when Exostar began working in life sciences, we were directed by our customers to really engage with the SAFE team to ensure we were leveraging their credentialing standards. Since then Exostar has utilized those SAFE certification services for NIST LOA 3 level proofing and credentialing services and those are focused on HCPs, healthcare providers prescribing controlled substances as well as level 3 credentials issued through our secure access manager identity hub which is enabling that authentication service to multiple applications within the industry. As Mollie mentioned, we do operate the SAFE-BioPharma bridge service and overall our bridge and certificate authority is cross-certified with the federal bridge.

Ann Nguyen:
How do you think secure access to research and clinical applications and data will or should evolve in the next decade to enable fruitful collaborations within and across biopharmaceutical companies? Tom?

Tom Johnson:
We've really seen an incredible increase in collaboration in life sciences over the last six years where we've been deeply involved. Many of those customers have identified a need to reduce the risk of inviting users inside their internal service architecture. They're doing that today through VPN access. They're trying to really provide a vastly improved user experience for their partners. With that focus on improving that user experience, accelerating the ability to get access, there seems to be a real commitment to working together to establish this trusted identity framework for the industry.

We expect to see that trust grow in life sciences industry as we move forward in the next decade and that's similar to our experience in aerospace and defense where we have a hundred thousand organizations with a half a million users working with industry-trusted credentials. We see that same path really developing within life sciences. This trust along with a lot of hard work to establish the integrated access network which will provide highly secure, extremely fast access for new users or even existing users, to get access to the new applications or their existing sponsored applications for new users and their cloud service providers or regulatory body.

By coming together through this trust across the industry, we're going to accelerate and simplify that access so that they can get access to applications and improve their collaboration and really drive that overall innovation that Mollie mentioned early in her update.

Ann Nguyen:
Mollie, what do you think?

Mollie Shields-Uehling:
Well, I think that secure access is really fundamental to online collaboration for a variety of reasons. First we have to protect patient information. We have to maintain the trust of patients. Secondly is the protection of valuable intellectual property. As we know, the clinical trial information is extraordinarily valuable to researchers. The third is really improving the business process and supporting the transition to fully electronic in a very rational way that reduces cycle time, that reduces cost, improves access to and analysis of data and very, very importantly, allows the user to have a single identity that is recognized across the ecosystem. Essentially an Internet passport. Exostar is providing a really valuable service that supports this secure collaboration and more efficient business process.

Ann Nguyen:
Your co-presentation will discuss “Creating & Leveraging an Industry Security Standard to Protect IP & Sensitive Data throughout the R&D Process” at Bio-IT World on May 25. What's the main theme you'd like to convey to your peers? Mollie?

Mollie Shields-Uehling:
I think the critical idea is that strong identity trust standards are foundational to protecting intellectual property and sensitive data. They allow the user to have a single identity recognized across the ecosystem. They allow sponsors, contract research organizations, regulators, vendors and others to have standards for trust and authentication that create an identity trust ecosystem.

Ann Nguyen:
Tom, any final thoughts?

Tom Johnson:
Yeah, I think as we've talked about the presentation it's really helping those Bio-IT World attendees to better understands the benefits of these trusted identities. We're going to talk about some of what we think are the appropriate use cases where they're going to add value to their organizations. We want to make sure they understand the process to go and implement those benefits for their organizations.

Ann Nguyen:
Thank you both again for sharing your experiences and insights.

Tom Johnson:
Thank you.

Mollie Shields-Uehling:
Thank you.

Ann Nguyen:
That was Mollie Shields-Uehling of SAFE-BioPharma AssociatIon and Tom Johnson of Exostar. They'll be co-presenting during the Data Security track at Bio-IT World this May 23-25 in Boston. To learn more from them, visit www.bio-itworldexpo.com for registration info and enter the keycode “Podcast”.

This is Ann Nguyen. Thank you for listening.


Register

Search Agenda

Conference Tracks

Data Platforms & Storage Infrastructure