Monday, May 24, 2010
Digital Signatures with SAFE-BioPharma
In the recent TISH meeting I attended, one of the discussants emphasized authentication/securing the endpoints/identity management as one of the great enablers of healthcare information exchange.
SAFE-BioPharma is a multi-stakeholder effort that uses digital certificates with private keys held on a smartcard or a USB device to provide electronic signatures which the FDA has determined meet 21 CFR Part 11 requirements, and also to authenticate securely among the stakeholders and Federal government agencies. The effort uses public key infrastructure and enables all of the stakeholders to have a common trust relationship with Federal agencies using the Federal government’s own federated security mechanisms.
As we think about strong authentication methods - biometrics, hard tokens, and smart cards, the SAFE-BioPharma approach is another option to consider.
How does it work?
SAFE-BioPharma member companies are using the SAFE-BioPharma standard in ways that achieve numerous goals including streamlining processes, protecting intellectual property and reducing costs. The standard is a convenient way to apply legally binding (and regulatory compliant) digital signatures to electronic documents. The identity of the signer is clearly verified and the integrity of each digitally signed document is cryptographically guaranteed. SAFE-BioPharma digital signatures are being used to sign electronic laboratory notebooks, electronic regulatory submissions, contracts and a wide variety of forms. Member companies also use the SAFE-BioPharma standard for a variety of identity management functions including employee access, external partner authentication, etc.
For details on the companies involved, the actual systems in production and the business processes used to implement SAFE-BioPharma in production, see this summary.
SAFE is achieving federated identity management using digital certificates on inexpensive smartcards or USB devices. Definitely worth adding to our strong authentication armamentarium.
Posted by John Halamka at 3:00 AM