Identity Verification in Healthcare: Revamping a FrameworkHere's How the SAFE-BioPharma Trust Framework Is Being Updated
A 15-year-old identity framework originally designed for narrow use by pharmaceutical companies is being revamped and updated for broader use in healthcare, says Kyle Neuman, managing director of SAFE Identity, an industry consortium and certification body that's coordinating the project.
Eventually, the revamped SAFE-Biopharma Trust Framework could be used to enhance trusted identification for suppliers, medical devices, clinical trials and eventually patients, he explains in an interview with Information Security Media Group.
The framework was built to serve a specific purpose - provide a mechanism to create trusted digital identities that could be verified by the Food and Drug Administration for processes related to the submission of electronic documents by pharmaceutical companies, Neuman explains.
"The reason why this was important was because in the past, with paper submissions, [biopharma companies] would sign with ink their clinical trial drug submissions to the FDA, and when the FDA got it, it was legally binding," he says. "With electronic submissions, how do you know it comes from the source it claims to be coming from?"
The framework provided a cryptographic infrastructure so that the FDA knew "with a high degree of certainty who was submitting this document," he says.
Time for an Update
When the SAFE-BioPharma Trust Framework was first introduced, "PKI was cutting edge," Neuman says. "But 15 years later, this technology has been pretty widely embraced by the world, and a lot of things have developed since then, but the SAFE-BioPharma Trust Framework remained mostly unchanged. So in order to leverage this for a modern healthcare use cases, a revamp and overhaul was necessary."
The goal of the revamp project, which is ongoing, is "to establish consistency of identity among all these many different identity providers," he says. "We have a series of progressive steps we'll be taking in healthcare," the first related to third-party suppliers, he notes.
In the interview (see audio link below photo), Neuman also discusses:
- Components of the updated framework;
- The types of organizations that can participate in the SAFE Identity consortium and use the updated framework;
- Various use cases for the framework;
- How the framework compares to other security frameworks, such as the National Institute of Standards and Technology cybersecurity framework;
- What's next in the evolution of the Safe Identity consortium and the framework.
Neuman, a cryptography engineer, is managing director at industry consortium and certification body SAFE Identity, formerly SAFE-BioPharma Association. The group supports identity assurance and cryptography in the healthcare sector to enable trust, security and user convenience. Neuman also continues to develop technical standards for public-key cryptography, blockchain cryptography, key management and multifactor authentication.