Identity Review | Global Tech Think Tank
Keep up with the digital identity landscape.
SAFE Identity re-envisions the SAFE-BioPharma Trust Framework for an updated interoperable digital identity standard within the healthcare industry. The certification body supports the advancement of digital identity and cryptography in healthcare. The goal is to unify human, organization and device identities across the industry so that an identity can be issued once and repeatedly used between healthcare participants. SAFE Identity is an industry consortium of healthcare stakeholders and organizations that have come together to establish common baselines for identification, and trust between organizations.
The re-envisioned framework serves as the culmination of a 11-month revamp of the SAFE-BioPharma Trust Framework, a cryptographically secure identity infrastructure originally established 15 years ago for government compliance to make it broadly useable across the commercial health sector.
Managing Director of SAFE Identity, Kyle Neuman shares, “The infrastructure necessary for establishing digital trust across healthcare already exists at SAFE. Our next objective is establishing consensus among identity providers and those that will rely on digital identities to foster interoperability among all participants.”
To date there is the issuance of new identity to each person or device that a health organization engages with, even if the person or device already has a digital identity from another source. Healthcare organizations struggled to rely on other data and external identity systems because of disparate standards, but SAFE Identity seeks to resolve this issue.
With the Trust Framework, organizations can accept an existing digital identity without issuing a new one. The Trust Framework defines the identity policies necessary to create secure and interoperable digital credentials. The framework allows one organization’s credentials to be trusted externally by other organizations by setting common identity policies that all participants adhere to.
SAFE Identity services help to reduce the risk and assure the authenticity of identities and data in virtual clinical trials, medical devices and trusted data exchange in healthcare supply chains.
The Policy Management Authority (PMA) is a member-driven governance body chaired by SAFE Identity. It is comprised of a select group of individuals and leading organizations in the health industry, and through consensus ultimately determines how identity is governed in the SAFE Identity ecosystem. This not only achieves organizational trust and security and risk mitigation, but also creates consistency and consensus in the SAFE Identity Consortium, as all SAFE Certified Credential Providers are compliant with these identity policies.
Identity policies that govern the Trust Framework are achieved through consensus of its participants, which allows for updated use cases as various stakeholders can customize it for their specific needs. For example, device manufacturers themselves can become certified identity providers and build the digital identity right into the device on the production line, helping to streamline efficiency in the transfer of information. In the past, the Trust Framework has been primarily used by pharma and clinical research organizations. However, SAFE Identity envisions expanding to reach the greater healthcare sector, including healthcare delivery organizations, medical device manufacturers, pharmacies and payers.
Through the encryption framework, it is clear which identities, signatures and encryption credentials can be trusted and reused between multiple relying parties. The Trust Framework has a wide variety of use cases, as a medical device manufacturer will leverage interoperable identity differently than a healthcare delivery organization and a patient. Upon audit and evaluation of these organizations’ practices, the identity provider is cryptographically bound to SAFE Identity’s Trust Framework so that these identities can be trusted throughout a network of like-minded healthcare participants.
This allows for streamlined and secure operations, as there is a network of encrypted information between the device and the healthcare provider and strong authentication to connect to a hospital network. Healthcare organizations can identify individuals for access to sensitive information using strong doctor and patient identities, protect PII and secure logins to avoid compromise and data breaches. In addition, they can securely exchange and encrypt sensitive information in global supply chains and identify patients for virtual clinical trials.
When a healthcare delivery organization or patient receives a device with a credential that is connected to the SAFE Trust Framework, they’re able to verify who manufactured the device, what the make/model is, and other information about the device. Other uses include protecting telehealth for drugs and interactive treatment and digitally signing ePrescriptions for controlled substances.
Through this approach, healthcare organizations can require third-party vendors to bring standardized credentials rather than having to issue and manage the credentials themselves, which can offer huge cost savings and an increase in security posture. Furthermore, healthcare organizations can use modern cryptography like digital signatures and multi-factor authentication to foster more secure communication. Having an interoperable identity system streamlines operations across the network, bringing healthcare into the digital age.
Keep up with the digital identity landscape.
Bringing together key partners, platforms and providers to build the future of identity.Apply