National Cancer Institute securing online transactions

By National Strategy for Trusted Identities in Cyberspace (NSTIC) into practice.

NCI and SAFE BioPharma are securely automating the document sign-off process, which currently is long and manually intensive.

“It goes into a portal, so to speak, and then people can go into the portal, retrieve it, sign it and push it back through, sort of cloud technology in that regard,” said Steve Friedman, the chief of clinical trials operations in NCI’s informatics branch. “Then people as long as they have the right credentials can go in. Because we are dealing with confidential documents, we need to make sure there is secure access and only the right people with the right permissions can go in and retrieve and sign documents.”

He said it currently takes three-to-five days to move documents through the approval process. But with secure automation, the goal is a few hours.

Friedman said SAFE BioPharma approached the NCI asking to use technology behind secure online transactions. Bristol-Myers-Squibb is the first company to take part in the pilot.

Friedman said NCI was eager to speed up its clinical trials, but first had to make sure the technologies were secure enough.

“It was a lot of background checks, making sure this is right thing we can use at the right time for the right purpose,” he said. “Once that was all vetted out, we were able to move forward with the pilot.”

The pilot is about a year old and NCI started small with protocol approval letters. Friedman said the initial effort presented some technology challenges, but they were quickly resolved. NCI expanded the use of digital signatures through material transfer agreements between pharmaceutical companies and the agency. He said both parts of the pilot have been working well.

Mollie Shields-Uehling, the president and CEO of SAFE BioPharma, said security also was a primary concern for the drug companies. SAFE BioPharma is using the standards behind federal public key infrastructure bridge to authenticate and authorize users.

“They get a digital credential, which is a unique algorithm, linked to that identity for them to authenticate and to sign,” Shields-Uehling said. “Every time they sign, it’s a unique signature linked to them that can be validated at the time of signing or long after that signature has been executed to ensure it was indeed valid at the time of signing.”

She added having that signature history is important in clinical trials. The Food and Drug Administration, for instance, requires the retention of those signatures for the life of the drug and a number of years after the drug is off the market.

Shields-Uehling said researchers can use anything from USB token to software tokens to smartcards to a one-time password credential that is based on PKI.

“There are standards that both the U.S. government and SAFE BioPharma community use to identity proof that person so you have very high trust that this person is who he or she says he is and then they get a digital credential,” she said. “The Federal Bridge is the anchor to the four bridges forum. It is cross certified with the SAFE BioPharma bridge, which is the healthcare and biopharmaceutical industry community. Then you have CertiPath, which represents the aerospace and defense industry, and soon there will be a research and education bridge, which will link the education community, which also contains a large number of medical research institutions. This is kind of a backbone or spine of an interoperable network of cyber communities where you can trust identities and conduct business.”

The goal of the NSTIC is to help create those trusted business communities. The Obama administration is leading the development of standards and processes to eliminate passwords and replace them with commercially-provided digital certificates to make online transactions safer, faster and more convenient.

NCI and SAFE BioPharma are demonstrating just how the NSTIC could work.

“I think this is a big advantage here by being able to show people that the government can enter into these public-private partnerships with success,” Friedman said. “There have always been some casual attitudes that the government is not up with the latest and greatest from the commercial standpoint. This proves that we are willing to collaborate and move forward for the betterment of the patients in our trials.”

Shields-Uehling said speed is one benefit for both companies and the government, but electronic signatures also provide a better audit trail, create searchable databases and it’s mobile because the researchers can sign off on the documents anywhere in the world. She said there are a lot of real and cost avoidance savings.

NCI and SAFE BioPharma have implemented the first two phases of the program and plan to expand it in the coming year.

Shields-Uehling said phase one focused on digitally signing and exchanging documents for trial initiation, a letter of intent and clinical trial agreements. Phase two included another company, Sanofi-Aventis, moving documents digitally and securely.

Shields-Uehling said phase 3 will include medical research institutions, and by the end of 2011, NCI is expected to have a plan to move the system into full production.

Friedman said other parts of NCI and the National Institute of Health also have expressed interest in using the technology and Federal Bridge.

“We’re involved in a global reengineering of our clinical trial processes within the NCI, called the operational efficiency working group,” he said. “That is where a number of the clinical trial leadership got together and said ‘We know we have a problem with our timelines so how can we speed them up?’ We made some adjustments and have seen some improvements, but clearly the more we can do, the better off we are.”

RELATED STORIES: NIST to play big role to secure online identities

NSTIC is out. Where’s the PKI instruction book?

White House works to change online transactions

(Copyright 2011 by All Rights Reserved.)

Copyright © 2023 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.