SAFE is a biopharmaceutical industry initiative designed to bring secure email and trusted communications to the drug companies.
Typically, it takes between 10 and 12 years of testing at a cost of $1.1 billion to bring the average drug to market (to earn Food and Drug Administration approval in the US). Some 40 per cent of this cost is attributed to the submission, management and archiving of the 6.5 million pages of data generated during the process. But while the internet has shaved time and money off business processes in almost every other industry, big drug companies have so far been slow to take up new electronic communication methods. Now things are changing.
SAFE was founded by industry players like AstraZeneca, Bristol-Myers Squibb, GlaxoSmithKline, Johnson & Johnson, Merck, Pfizer, Procter & Gamble and Sanofi-Aventis. The initiative is already recognised in the US by the Food and Drug Administration (FDA) and now in Europe thanks to the European Medicines Agency’s (EMEA) recent evaluation. If take-up meets expectations, the system will shave millions off the cost of drug development, it is claimed.
How does it work?
Tech companies like IBM, Adobe and CoreStreet are already developing the SAFE compliant products that the drug industry’s doctors, researchers and scientists will use to send, receive and – crucially – "digitally sign" documentation. Documents "signed" by the digital systems are legally enforceable. "It’s is a major step," says Phil Libin, president of CoreStreet, one of the first providers of technology for SAFE. "We’ve seen a real evolution in the scope and vision for SAFE during our work with them over the last two years." By creating "electronic digital signatures" for the doctors, scientists and researchers that create new drugs, SAFE brings the business of authenticating documents into the electronic age, it is claimed.
Simplified
The system is already simplifying life for Robert J Morgan Jr, staff physician in the department of medical oncology and therapeutics research at City of Hope Medical Centre in California. With more than 300 doctors and scientists plus some 2,500 employees studying cures for cancer, HIV/AIDS and other life-threatening diseases, the centre is now using SAFE credentials to file electronic documents for National Cancer Institute programmes and other paperwork-intensive clinical research. "It’s just as easy, if not easier, for me to use this system than to use paper. And it saves our staff an enormous amount of preparation time. There’s absolutely no paper involved," says Morgan.
Access
To access the system, Morgan inserts his smart card and enters his username and password. To sign electronic medical documents, he clicks where his signature would have been required in the past; each time he electronically signs a document, his smart card must be in the reader and he must re-enter his password.
Pfizer and SAFE
Pfizer is a pharmaceutical company with more than 250 business partners in academia and industry. The firm is one of the founding members of SAFE-BioPharma. Pfizer has provided input into the development of SAFE and has deployed a full-scale SAFE implementation based on the SAFE standard through their organisation. According to Scott Potter, Pfizer manages identity credentials for 200,000 employees and contractors; and it spends an estimated $10m per year for password resets. Every digital signature used for regulatory and non-regulatory transactions eliminates the costs of about $125 US dollars required per wet signature.
Multiple IDs
The decision point that influenced Pfizer to become involved with the SAFE project was to replace the multiple ID architectures that were in place with a common internal identity management framework. SAFE uniquely aligns identity credentials with secure information exchange. Pfizer chose a unified identity model that links multiple credentials onto one cryptographic hardware device (Smart Card). The unique ID badge provided a consistent user experience for access control and digital signing. Pfizer has deployed a unique ID platform across their infrastructure. The rationale for adopting a holistic approach was as a business enabler that results in the elimination of costly paper-based business processes and universal identity badges. They decided to implement SAFE. Pfizer embarked upon a full-scale systems reengineering and identity management solution that impacted every Pfizer employee and contractor.
Identity management
One of the implementation challenges Pfizer faced was adopting an identity management strategy, and linking multiple identity credentials to one token. Another challenge was keeping up with the demand for identity badges once staff saw the convenience of using a single ID badge. One of the early implementation successes was the convenience of Pfizer employees and contractors being able to have their identity authenticated at remote Pfizer locations without having to ride over to the visitor’s station for additional screening.
Educate
For those members new to SAFE, Pfizer’s Tony Gazikas, Vice President World Wide Development Informatics, had several recommendations regarding deployment. "It is important to attack the hardest issues first. Educate high-level personnel about the SAFE concept and vision to dispel fear, uncertainty, and doubt. Get the financial, legal, and regulatory stakeholders on board early. Finally, chose the implementation model best suited for your organization, and then start brainstorming the right path to get there," said Gazikas.
