• Subscribe

No Exit

Image courtesy of Frank Köhne.

For medical researchers, clinical data means opportunities and risks: Opportunities for experiments and analyses that will lead to new knowledge about human diseases; risks because the burden of keeping personal medical data secure usually falls on the shoulders of the researchers.

Medical researchers and the clinicians who collect medical data in hospitals and clinics want to work together to advance medical research, said Michael Shoffner, a senior research software engineer at the Renaissance Computing Institute (RENCI) and adjunct faculty member in the School of Information and Library Science at the University of North Carolina at Chapel Hill. Shoffner also serves as the technical lead and architect for the Secure Medical Research Workspace project, a multidisciplinary effort at UNC Chapel Hill to create a secure, controlled environment where researchers can use sensitive medical data.

"The challenge is to get that medical data to the researchers while minimizing the risk that it either accidentally gets out or in some other way escapes from the containment it needs to be in to protect personal privacy and comply with regulations," Shoffner said.

Learn more about the legal and technical difficulties in handling medical data, and more, in this four-minute video; the video features interviews with several researchers involved in the project. Video courtesy of RENCI.

Typically when researchers use test results, medical images, doctors' notes and other clinical data in their research, they obtain that data on a disk or another physical storage device, take it back to their lab and use it in experiments. The clinical data is not in a secured, controlled setting and could be lost, damaged, inadvertently picked up by another researcher or accidentally thrown away.

In order to develop the technical requirements for a secure medical workspace environment, the technical team is working hand-in-hand with medical researchers and other experts from their project partners at the North Carolina Translational and Clinical Science Institute (NC TraCS) and the Clinical Translational Science Award; the project also acquired funding through NC TraCS and CTSA. Together, the project team produces and deploys prototypes as well as the final production-ready virtual workspace environment.

In order to meet government regulations about personal data and privacy, the resulting workspace must achieve what is known as data leakage prevention, or DLP as data security professionals call it. Creating secure, controlled virtual environments for research is one way to plug data leaks.

The secure medical research workspace environment involves four roles, all centered around sensitive medical research data: 1) The researcher, who requests sensitive data for experiments and analysis; 2) A business analyst, who has access to that data, and provisions it to the workspace; 3) A system administrator, who receives a request from the analyst to create a virtual workspace; 4) A security auditor, who monitors virtual workspace usage for data policy violations.

The researcher's secure "workspaces" exist as virtual machines from a private cloud deployed using VMware ESXi; the cloud will be administered by UNC IT staff.

Each virtual machine contains all the software tools that researchers would use to analyze their data, including the Microsoft Office suite and SAS analytics applications, explained Phil Owen, a RENCI-based information technology developer. If a researcher needs another tool not included in the standard workspace, he or she can request that it be added to their virtual environment.

"It's a virtual environment that mimics what a desktop computer would do," Owen said. "The idea is to isolate the sensitive data into a workspace so that it can't exit that workspace either accidentally or maliciously."

To achieve that goal, the team deploys and enhances commercial DLP software (WebSense) that inspects content entering and leaving a virtual workspace and uses rules, often tied to HIPAA privacy rules and other government regulations, to determine whether that content is sensitive and should be protected. (The US Health Insurance Portability and Accountability Act includes laws that govern the security, privacy, and use of health data; WebSense advertises that it is used in 46 countries, so it may be able to serve in the same way for researchers in other countries.)

"For example, if [a researcher] is downloading or uploading data out of the secure research environment and that data contains something like credit card numbers or patient social security numbers, that would trigger a rule and implement actions. That data would not be able to get out," said Xiaoshu Wang, a RENCI-based biomedical researcher.

It's a process the RENCI team jokingly compares to a roach motel-data can check in, but it won't check out. But jokes aside, they understand the importance of their work.

"The security of data is of paramount importance for the protection of patients, the protection of researchers and compliance with regulatory requirements," Shoffner said. "The driver behind this solution is to provide an environment that will do that and also help the researchers get their work done."

At present, the project is at the prototype stage. Researchers will receive their dedicated virtual workspace sometime in the next week or two.

A version of this story originally appeared on the RENCI website.

Join the conversation

Do you have story ideas or something to contribute? Let us know!

Copyright © 2018 Science Node ™  |  Privacy Notice  |  Sitemap

Disclaimer: While Science Node ™ does its best to provide complete and up-to-date information, it does not warrant that the information is error-free and disclaims all liability with respect to results from the use of the information.


We encourage you to republish this article online and in print, it’s free under our creative commons attribution license, but please follow some simple guidelines:
  1. You have to credit our authors.
  2. You have to credit ScienceNode.org — where possible include our logo with a link back to the original article.
  3. You can simply run the first few lines of the article and then add: “Read the full article on ScienceNode.org” containing a link back to the original article.
  4. The easiest way to get the article on your site is to embed the code below.