OR WAIT null SECS
© 2023 MJH Life Sciences™ and Pharmaceutical Commerce. All rights reserved.
Identity Hub expedites access to regulated content in clinical research; now, prescribing and other commercial applications are being adopted
Choosing a username and password is an everyday occurrence for Web users, but the relatively low level of security that that process entails is a growing worry in life sciences. Not only is proprietary information being shared among business partners, but regulatory constraints, ranging from HIPAA for protected health information (PHI) of patients, to 21 CFR Part 11, FDA’s regulation for authenticating records, need to be met. There is at least one industry organization, SAFE-Biopharma, addressing identity and authentication needs, mostly in the research community, and there are a variety of vendors offering authentication services. Now, Exostar (Herndon, VA) is emerging as a preferred provider for pharma companies. A couple years ago, it announced the Exostar Life Sciences Identity Hub, and last month it boasted that 700 life sciences companies, encompassing over 15,000 users, are being authenticated through its cloud-based service. Last year, it aligned its service offerings with the standards developed by SAFE-Biopharma as well.
To some degree, Exostar is banking on work it did previously for the aerospace (and, indirectly, military defense) industry, says Vijay Takanti, VP, security and collaboration solutions. It is offering (among other security levels) NIST Level 3 two-factor token authentication. Through a collaboration with SureScripts (a widely used e-prescribing platform) it is also compliant with the DEA controlled-substances ordering system (CSOS) standards, so that such drugs can be prescribed electronically. Takanti says that an internal work group is finalizing practices for HIPAA-compliant PHI, and, based on its service offering for supply chain collaboration in aerospace, is beginning some work on traceability in pharma distribution.
One of the presumed efficiencies of a centralized authentication services is “single sign-on” so that a user needn’t compile an ever-growing list of passwords and usernames. While there isn’t a way, yet, to authenticate across different IT platforms, says the company, any user with an Exostar sign-on can use that for other Exostar-based collaborations. An intriguing new capability is arising from a just-announced partnership with a company called WhoKnows.com, which is setting up a system for compiling individuals’ experience and capabilities, to be matched with internal work tasks within organizations.