Tom Furlani, Center for Computational ResearchUniversity at Buffalo, October 15, 2015

Coexisting with Protected Health Information at CCR

Tom’s Guiding Principles to Storing HIPAA Data

• Avoid doing it if possible • If not possible, find someone else to be responsible

• Be sure they are not housing your EMR data

PHI Data in CCR• Treat them like a leper (just kidding)

• PHI racks isolated in CCR datacenter

• A distinct entity (IHI)• Separate director and IT support staff

• Full time HIPAA compliance officer

PHI racks in CCR isolated within a cage

IHI card access separate from machine room access

• >100Tb self-encrypting data repository with expansion capability• 24x7 access control system, CCTV data center surveillance, and

outside perimeter monitoring with video capture systems monitored by Roswell Park Security officers

• Security card reader access to facility, data center and IHI secured area

• 18 individually locked racks that are fully monitored for access, network, power, and cooling utilization

• Managed and Monitored Firewall Service, including vulnerability management services, real-time, 24x7x365 security event and log monitoring, analysis and response by Global Information Assurance Certification (GIAC) certified security analysts

• Encryption of data at rest and in motion• Remote access via VPN only• Virtual Desktop Infrastructure with no access to removable media • Continuous antivirus and malware monitoring• Segregated primary internet connection to the UB Fiber

backbone

IHI HIPAA-compliant security infrastructure

Institute for Healthcare Informatics (IHI)

• Data at the IHI includes: UBMD Physicians’ Group: over 400 providers entering

identified patient data over 6 years. HealthNow: insurance claims on limited diagnosis over 7 years

 

• IHI Services All services provided require strict security protocols and

approvals by the institutional review board (IRB). Services include data management, data aggregation, subject

matter experts (SMEs), data modeling expertise and data warehousing..

• IHI Data Hosting Provide secure computing infrastructure to host researchers

data.

IHI Clinical Data Repository (CIDR)

1,700,000 Patient records

59,000,000claims

115,870,000diagnosis

42,600,000prescriptions

4,850,000observations

>1,000,000 million lab results

Tying It All Together at UBClinical data, Genomic data, and computing horsepower

The non-PHI Side: UB’s Genomics, Bioinformatics and HPC Capabilities

Research Scientists/Industry Partners

UB Next-Gen Sequencing: data generation and bioinformatics analysis

Center for Computational Research

170 Tflops Total Aggregate Compute Capacity11,400 cores; including $1.2M ESD CFA Award – HPC Cluster for Economic Dev 3.2 PB of High Performance Storage (GPFS)Major Upgrades Planned for 2015

~0.5 Tbyte of data a day 300 Billion sequence bases

a day 100 human genomes a day

UB Next-Gen Bioinformaticianscomputing on CCR resources