NIH builds a bridge to paperless processes

The National Cancer Institute and Bristol-Myers Squibb are using digital certificates to eliminate paper in a cancer therapy evaluation program, a trend that advocates hope will become more widespread in government.

The National Cancer Institute and Bristol-Myers Squibb are using digital certificates that have been cross-certified by federal and industry public-key infrastructure bridges to take the paper out of paperwork in a cancer treatment evaluation program.

The program to enable digital signatures on electronic documents, which began this spring, could dramatically reduce the cost of clinical trials in the pharmaceutical industry and allow NCI to make fuller use of the government’s Personal Identity Verification card.

“We’re thrilled to be able to use the digital certificates for two modes,” authentication and digital signatures, said Peter Alterman, senior adviser for strategic initiatives to the CIO at the National Institutes of Health.


Related coverage:

Using digital signatures: What took so long?

Will digital certificates replace passwords?

An ID for all domains


The cost of implementing the program has been almost nothing because most of the hardware and infrastructure for validating trusted certificates already is in place, Alterman said.

“It is significantly cutting down on the time it takes to get these things processed,” he said. “I think this is going to become viral in government.”

The program takes advantage of the trust relationship between the Federal Bridge Certification Authority, which certifies trusted digital certificates issued by government agencies, and the SAFE-BioPharma Bridge, which performs the same function for the pharmaceutical industry. The bridges not only ensure common technical standards and standards for ID proofing and issuing of certificates but also establish a chain of trust for those certificates and the signatures they enable and provide a path for validating the certificates.

“Everybody who trusts the federal bridge can trust each other,” Alterman said.

Finding a Niche

The pharmaceutical industry moved to create its own PKI bridge because of the increasing complexity of the research and the growth of regulatory oversight.

“The way that drugs are discovered and researched is changing dramatically,” said Mollie Shields-Uehling, president of the SAFE-BioPharma Association, which manages the standards for the industry’s PKI bridge. More testing of drugs and procedures is being required, and the technical expertise required for research increasingly is coming from outside providers. She cited estimates that 40 percent of the costs of bringing a new drug to market are related to paper-based processes. “There is a compelling business case to move to a fully electronic environment,” she said.

SAFE-BioPharma was created with a goal of developing technical standards that would allow creation of a full electronic business environment for the pharmaceutical and health care industries by 2015. The standards were approved in 2005. The organization originally worked with a number of banks that had established programs for credentialing employees, but it found that those processes did not translate well to the pharmaceutical industry, where employees did not use digital certificates every day and where the medical research environment is more distributed.

Using its own standards, the organization established the SAFE-BioPharma Bridge, which Verizon operates. It enables member companies whose certificates and issuing processes are certified by the bridge to trust one another’s credentials.

The creation of a single trusted identity in the pharmaceutical industry allows members to validate digital certificates from other companies and can enable authentication and authorization for access to resources by outsiders. From the beginning, the goal of the program was to cross-certify the SAFE-BioPharma Bridge with the Federal Bridge Certification Authority, which Shields-Uehling called “the mother of all bridges.”

The federal bridge opened for business in 2002, certifying digital certificates issued by federal agencies. When a digital certificate is submitted to an online application, it can be passed along to the bridge. The bridge can verify that the certificate was indeed issued by an organization whose policies have been accepted as trusted. The bridge also can check with the issuing authority to ensure that the certificate is still valid.

The more entities participating in the process, the more valuable it becomes. Illinois was accepted in 2004 as a trusted certificate authority whose certificates could be validated by the federal bridge, the first nonfederal entity to cross-certify. In 2006, the defense and aerospace industry’s CertiPath bridge was cross-certified, becoming the first nongovernment group. SAFE-BioPharma was cross-certified in 2008. The Higher Education Bridge Certification Authority has also since joined.

Technologically, the bridges are peers, but the federal bridge is the first among equals, said SAFE-BioPharma Chief Technology Officer Cindy Cullen. “We show deference to their policy,” she said.

Because trust is the primary issue that the bridges address, policies for vetting the identity of people who receive certificates and for issuing and managing those certificates are a greater challenge to cross-certification than the technology is.

“The policies are the initial setup components,” Cullen said. “Once that is done, everything is done seamlessly.” It becomes a matter of regular audits to ensure compliance.

Staggered Start

Despite the creation of trust bridges for certificates, the paperless environment they were intended to facilitate has been slow to take off.

“The electronic government initiatives languished for a number of years because of a lack of funding and resources,” Alterman said. However, there were pockets of innovation. “FDA has been in the business for a while.”

The Food and Drug Administration and SAFE-BioPharma initiated a program for electronic submission of applications for new drug and device approval. Submission of digitally signed electronic documents through a secure FDA gateway helped to eliminate large amounts of paperwork and resulted in greater efficiency, Alterman said. NIH began a paperless grants application program, but the development of the Grants.gov website made it unnecessary.

There have been a number of other small programs that use digital signatures, but widespread deployment of the PIV card — a standardized government ID card that contains interoperable digital certificates and is intended for logical and physical access control — could accelerate the move to paperless processes.

“We have known about this technology for years,” Alterman said. “We now have a ubiquity of credentials and a mandate to use them.”

Industry approached NIH about implementing digital signatures in early 2010.

“Bristol-Myers Squibb came to us and said they would like to do a pilot [program] for one business process,” Alterman said. They wanted to partner with the National Cancer Institute on the Cancer Therapy Evaluation Program, which sponsors clinical trials of cancer treatments. It is the world’s largest sponsor of clinical trials, with more than 100 new drug investigations under way and more than 700 treatment protocols being investigated, involving about 33,000 patients. The process requires the exchange of signed documents among NCI, the company and outside organizations that participate in the trial.

NCI already was interested in paperless business processes. “I was excited because this was the kind of thing we had been trying to do,” Alterman said. “The request fell on fertile ground.”

The pilot project, which went into operation in the spring, uses medium assurance credentials, which include the PIV card for NCI personnel, certificates issued to its employees by Bristol-Myers Squibb, and certificates used by third-party organizations involved in trials. Certificates are used for authentication to log on to a secure document management system hosted by Bristol-Myers Squibb to review documents that investigators and managers post. A workflow tool alerts people who need to sign off on documents when those documents are ready for review. The certificates also are used for signing the documents. Signed documents are sent via encrypted link to NCI archives.

“They have eliminated paper completely” from the process, Alterman said.

“There is a chain of trust that is established,” Cullen said. “This is the path of verification.”

When the certificate used to digitally sign is validated, it moves up the chain of trust until the issuing authority can be verified as trusted and still in effect. If the certificate is from an outside organization, validation continues to the certification bridge. If it is from an organization outside that bridge, it continues to cross-certified bridges until it is verified.

Verification assures that:

  • A certificate chain was successfully built to a trusted root certificate.
  • The signer's identity is valid.
  • The signed document has not been altered regardless whether subsequent versions of the document have been created.

Implementing the technology for the program was fairly simple for the pilot program, consisting primarily of putting signing software on NCI desktops, Alterman said.

“We had minor technical glitches to overcome,” he said. “No show-stoppers. We could do that on the pilot scale. We’re trying to make it more turnkey” for wider use.

The results could amount to an estimated savings of more than $48,000 per 100 users a year. “We’re happy that this is doable,” Alterman said.