Online doctor concept. Expert advice via your computer. Flat vector illustration.

Applying Security to Clinical Trials

Apply Security to Clinical Trials and Reduce User Verification Friction.

Pharmaceutical companies have been leveraging cloud services for many years. This is especially true for clinical trials which use many secure browser applications hosted by the trial management companies. Cloud-based CTMS (Clinical Trial Management Systems) have been a preferred method to provide lower costs, lower maintenance, and increased reliability of the cloud. Although these are often hosted by professional Cloud Services companies like Google and Amazon and are inherently secure, their flexibility and introduces the aspect of impersonation or misinformation from unapproved trial members or rival companies with malicious intents.

Luckily advances in identity technologies have reduced this risk significantly and, in many cases, they are easier to deploy thanks to many open standards and open-source technologies ensuring most Clinical Trials can afford to build and maintain these themselves.

Always, when it comes to patient information data security, no error should be the norm. But no system is fool proof and ensuring the integrity that the information fed back from the clinical trial members in the field is valid and hasn’t been impersonated should be a top concern.

Having more relevant data means having to assure the identities are unique and are authorized to answer the questions. This is further complicated when often clinical trials are prohibited from capturing personal data to remain anonymized to protect the patients and to ensure no biasing occurs from the interpretation of the results.

How then can your patients remain anonymous but ensure that the individual is authorized to participate and isn’t impersonating someone else? Tracing the patient identity requires a keeping a unique login and a second factor to ensure the trial patient is who they claim to be and are present during the login or transaction. This is core element of multi factor authentication or (MFA) and identity proofing.

Multifactor authentication is an additional layer of security that requires users to provide more than one method of authentication to verify the user’s identity to log into the system. This is usually a combination of information provided to the individual such as a relaying a number from an email or text message or a pressing a button and/or inserting a USB from a unique plastic token, or a photo verification in addition to providing their unique username and a password.

Identity Proofing is supplying evidence of their identity and verifying that evidence based government records, or on unique biometric characteristics such as a picture, a fingerprint or retina scan. Managing these attributes can be dangerous and difficult. Managing MFA and Identity Proofing at the scale and complexity of a clinical trial can create logistical considerations and often many enrollment centers may be ill equipped to provide service desk or technical guidance for everyone.

This is where a web-based MFA management solution like Gluu’s CASA can be used with a Cloud based CTMS will be very helpful. Gluu’s CASA can provide an enrollment dashboard to establish a unique username and password and allow an individual to choose and manage a second factor authentication like Microsoft’s Authenticator, a Yubikey or even a Cell Number. Advancements in this area include Cloud based Bio Identifiers that leverage Mobile and PC based cameras and scanners like Apple’s TouchID to record unique attributes of the individual and are stored outside of the system to ensure they are not kept within the CTMS system. If a user loses a token or card to provide evidence they may delete and re-enroll using a camera or pushing the button on the USB Key.

Not all MFA solutions are practical in call cases, and some Identity Proofing techniques can be intrusive and restrict those willing to enroll especially when working with a marginalized or underserved population that often will not have ready access to internet or other forms of digital ID.

Providing the user options that work for them within their technology and allow them to manage alternate credentials can improve the experience and ensure the success of the trials. Creating a frictionless login into the CTMS solution can ensure timely results and improve user experiences.

If your company is conducing a trial and would like to add MFA affordably at scale please contact Gluu.