In safe hands

Typically, it takes between 10-12 years of rigorous testing at a cost of US$1.1 billion to bring the average drug to market (i.e. to earn FDA approval), and up to 40 percent of this cost is attributed to the submission, management and archiving of the 6.5 million pages of data generated during the process. But while the internet has shaved time and money off business processes in almost every other industry, big drug companies have so far been slow to take up new electronic communication methods. Now, however, things are changing.

SAFE is a new biopharmaceutical industry initiative designed to bring secure e-mail and trusted communications to the world’s drug developers. Founded by major industry players like AstraZeneca, Bristol-Myers Squibb, GlaxoSmithKline, Johnson & Johnson, Merck, Pfizer, Procter & Gamble and Sanofi-Aventis, the initiative is already recognized in the US by the FDA and now in Europe thanks to the European Medicines Agency’s (EMEA) recent evaluation. If take-up meets expectations, the system will shave millions off the cost of drug development. In the biopharmaceutical industry alone, even the most conservative estimates calculate savings of more than €165 million per year.

How does it work?

Tech companies like IBM, Adobe and CoreStreet are already developing the SAFE compliant products that the drug industry’s doctors, researchers and scientists will use to send, receive and, crucially, ‘digitally sign’ documentation. Documents ‘signed’ by the digital systems are legally enforceable.

“It’s a major step,” says Phil Libin, President of CoreStreet, one of the first providers of technology for SAFE. “We’ve seen a real evolution in the scope and vision for SAFE during our work with them over the last two years.” By creating electronic digital signatures for the doctors, scientists and researchers that create new drugs, SAFE brings the business of authenticating documents into the electronic age.

The system is already simplifying life for Robert Morgan Jr, staff physician in the department of medical oncology and therapeutics research at City of Hope Medical Centre in California. With more than 300 doctors and scientists plus some 2500 employees studying cures for cancer, HIV/AIDS and other life-threatening diseases, the center is now using SAFE credentials to file electronic documents for National Cancer Institute programs and other paperwork-intensive clinical research. “It’s just as easy, if not easier, for me to use this system than to use paper. And it saves our staff an enormous amount of preparation time. There’s absolutely no paper involved,” says Morgan.

To access the system, Morgan inserts his smart card and enters his username and password. To sign electronic medical documents, he clicks where his signature would have been required in the past; each time he electronically signs a document, his smart card must be in the reader and he must re-enter his password.

Case study: Pfizer and SAFE

Pfizer is a leading pharmaceutical company with more than 250 business partners in academia and industry, and one of the founding members of SAFE-BioPharma. The company has provided input into the development of SAFE and has deployed a full-scale implementation based on the SAFE standard throughout their organization. As an industry leader, Pfizer and the SAFE community will fundamentally change the way the life sciences industry conducts business. According to Scott Potter, Pfizer manages identity credentials for over 200,000 employees and contractors, and spends an estimated US$10 million per year for password resets. Every digital signature utilized for regulatory and non-regulatory transactions eliminates the costs of approximately US$125 dollars required per wet signature.

The decision point that influenced Pfizer to become involved with the SAFE project was to replace the multiple ID architectures that were in place with a common internal identity management framework. SAFE uniquely aligns identity credentials with secure information exchange. The company chose a unified identity model that links multiple credentials onto one cryptographic hardware device (smart card); the unique ID badge provided a consistent user experience for access control and digital signing.

They decided to implement SAFE quickly and robustly, and Pfizer embarked upon a full-scale systems reengineering and identity management solution that impacted every Pfizer employee and contractor.

One of the implementation challenges the company faced was adopting an identity management strategy, and linking multiple identity credentials to one token. Another challenge was keeping up with the demand for identity badges once employees realized the convenience of using a single ID badge. One of the early implementation successes was the convenience of Pfizer employees and contractors being able to have their identity authenticated at remote Pfizer locations without having to ride over to the visitor’s station for additional screening.

For those members new to SAFE, Pfizer’s Tony Gazikas, Vice President for Worldwide Development Informatics, had several recommendations regarding deployment. “It is important to attack the hardest issues first. Educate high-level personnel about the SAFE concept and vision to dispel fear, uncertainty and doubt. Get the financial, legal and regulatory stakeholders on board early. Finally, chose the implementation model best suited for your organization, and then start brainstorming the right path to get there.”