Card-based PKI to better secure doctor’s communications
28 June, 2006
category: Corporate, Digital ID, Health, Library, Transit
SAFE BioPharma’s secure signatures to be adopted by more docs in coming year
By Marisa Torrieri, Contributing Editor
Expect to see an influx of doctors using digital signatures in lieu of cumbersome paper-pen-fax combinations to authorize medical care, services and prescriptions. Using public key infrastructure (PKI) with certificates held on a smart card, USB fob, or other hardware token, a new identity standard for the medical community is taking hold.
At least, that’s the hope for the SAFE BioPharma Association, which says its hard work will bear some serious fruit this year. The global identity management coalition, which counts a number of pharmaceutical heavyweights as its founding members, formed with the primary purpose of development and deployment of the new technology standard. Members share the goal of promoting safe, secure, digital transactions that meet regulatory guidelines.
At the end of 2005, the association announced a series of partnerships with major technology vendors. Adobe, Arcot Systems, CoreStreet, nCipher, IBM, and Kyberpass are the first to participate in the SAFE Vendor Partner Program, which encourages development of SAFE-enabled, off-the-shelf software and applications for a broad range of uses within the pharmaceutical and healthcare industries. Each program and application will be thoroughly tested by the SAFE-BioPharma Association to guarantee it functions according to SAFE requirements.
What this means is a number of computer applications will soon become available to physicians and other medical caregivers who are ready to switch to digital signatures.
Many of these physicians have been resistant to switching from the more tedious method of physical signatures, fax machines, and speedy delivery services to authorize medical transactions.
The SAFE framework gives companies the ability to sign regulatory and commercial transactions in a legally enforceable way that is much faster and simpler, says George Rathbun, CTO of SAFE-BioPharma Association. It does this by simplifying, securing, and streamlining business-to-business and business-to-regulatory information exchange. Now that the standard is up and running, the organization’s biggest goal this year is adoption, says Mr. Rathbun.
“2006 is the year of that happening in scale,” says Mr. Rathbun. “SAFE has made the commitment to now begin with a more aggressive provisioning schedule.”
In his role as CTO, Mr. Rathbun oversees and administers all aspects of technology for SAFE-BioPharma Association. He also serves as chairman of the SAFE Technology and Implementation Working Groups and as the chief systems architect. Prior to leading the association, he served as a technology architect for Pfizer.
SAFE members include the heavyweights of the pharmaceutical industry … AstraZeneca, Bristol-Myers Squibb, GlaxoSmithKline, Johnson & Johnson, Merck, Pfizer, Procter & Gamble, and Sanofi-Aventis. Representatives have been toiling away on this high-security pharmaceutical standard since its inception in 2001. But the organization faced numerous challenges in its early years.
Because PKI and the ability to deploy smart cards and the necessary software is expensive, deployment is complex. “There are a lot of legal and financial considerations when deploying a PKI infrastructure,” says Mr. Rathbun. “When you try to deploy a PKI infrastructure for a medical environment, it’s a big challenge.”
When SAFE was formed, “we all witnessed and were painfully aware how difficult it was for the community to manage the different forms of identification mechanisms used to gain access to our systems,” says Mr. Rathbun. “The dominant methodology was an OTP issued to a doctor to gain access to an IT solution.”
But that was a difficult form factor because many physicians accessed multiple systems and it brought up legal and privacy issues.
The SAFE credential addresses these obstacles by issuing easy-to-use credentials for physicians so they don’t have to worry about security and can simply focus on sending their digital signature.
As more physicians catch on, “I think you’re going to see other uses of this technology,” says Tom Greco, VP of enabling infrastructures for Cybertrust. The company supports the SAFE standard by offering compliant technology and services to pharmaceutical vendors and is piloting a SAFE-enabled system with Merck Pharmaceuticals. Cybertrust’s core business revolves around supporting shared security credentials for multiple industries and applications.
“Adoption of new identity technologies – it’s a chicken and egg issue,” Mr. Greco says. “You’ve got to get credentials out there before people start using them (but) once you get the buy-in from the doctors themselves, there will be multiple uses of the credential.” That could open up a whole new world of secure communications within the medical community.
