By Mark D. Uehling
January 15, 2003 | Are clinical data clean?
Certainly not. In a recent survey of 20 clinical trials professionals in the U.S. and Europe, the research firm Adelphi Research learned that four researchers shared their passwords. Another six thought that swapping of personal identification numbers (PINs) and passwords was commonplace at their institution. Such a carefree approach to the security of clinical data poses scientific and regulatory problems.
With billions of dollars and the health of millions of patients hanging in the balance, the FDA has legitimate concerns about whether a doctor actually initialized the electronic version of a particular medical report -- or if it was a colleague or a janitor.
To address that, IBM and a company specializing in biometric security, Daon, are collaborating to provide biometric security in clinical trials. "We will deliver the solutions with key partners," says Mike Svinte, vice president of worldwide marketing and business development, IBM Life Sciences. He says Daon is now one of 100 IBM partner companies in the life sciences. "Whatever I do in a clinical environment, I have to do securely," notes Svinte. To that end, the Daon/IBM solution will be compliant (and then some, according to the companies) with 21 CFR Part 11, the all-encompassing FDA regulation about electronic data security.
For Daon, the goal is to fit as unobtrusively as possible into harried medical clinics where IT -- much less secure IT -- is a low priority. According to Daon, a rough rule of thumb is that some corporate customers may spend $300 per user for passwords and identity management annually. Daon and IBM may be able to offer solutions costing $70 to $900 per user per year. But the reason many customers choose biometric technology is because it is easier to use than keeping track of yet another password. Daon's technology uses personal biological identifiers -- the iris, finger, or voice -- that cannot be forgotten or forged.
IBM and Daon will offer a token-, passcard-, and password-free environment in which users offer their biological selves. In eight-tenths of a second, the technology can establish the identity by tapping, among other things, IBM's DB2 database and WebSphere software.
Beyond the practical appeal, however, there is the distant prospect of datasets that gleam immaculate in the glare of an FDA inspection. "The holy grail is clean data," says Mark Wade, Daon's vice president for sales in North America. "There is a chance the data is not clean. We have to be a bit more forward-thinking about how we handle data."
Wade concedes that there are other problems with clinical data that also bear scrutiny. "No one is suggesting strong authentication and biometrics is a panacea," he says. Nor is Wade pushing a specific biometric technique, such as fingerprint or retinal scanning. "We are against proprietary technology," Wade says. Daon's authentication algorithms run on DB2 for now, with an Oracle solution due shortly.
The DaonEngine, as the algorithm is called, is highly scalable and extensible across several types of body scanning hardware, not to mention computing or business environments, including Unix, Windows and SAP. The underlying hardware, Wade says, is not as critical as the reliability and accuracy of the data. Says Wade: "The forward-thinking life-sciences company will not be thinking about just getting across the finish line."
Having said that, Wade acknowledges some customers are skeptical of promises from life science IT vendors. "People were making promises they could never deliver on," he says. "This has got to do what it says."
Daon and IBM also have an integrated solution for Documentum, the document management concern, meaning that any Documentum users will be able to deploy Daon authentication.
That will allow users to sign Documentum clinical documents using not their signatures but their biometric selves, creating unspoofable bullet-proof audit trail, at least until eyeballs or fingertips can be cloned.