- HIPAA rules stipulate that patient healthcare data must be protected
- Privacy regulations create challenges for scientists accessing medical data for research
- Science DMZ model speeds research and improves collaboration
On August 21, 1996, President Bill Clinton signed the Health Insurance Portability and Accountability Act (HIPAA) into law. The legislation created privacy rules to protect confidential health care data for consumers.
It also spurred new challenges for the medical research community. Scientists working with large medical datasets now had to comply with HIPAA regulations. Security systems followed extra safeguards for processing medical data, leading to lengthy data transfer rates.
But there may now be a better way to transfer these large datasets while still complying with HIPAA’s privacy rules.
Over the hills and through the firewall
In their paper, “The Medical Science DMZ,” Energy Sciences Network researcher Eli Dart, Lawrence Berkeley National Laboratory scholar Sean Peisert, and their collaborators outline guidelines for a specialized research network that can be set up outside traditional firewalls.
“The Science DMZ model provides a way of securing data transfer applications without the use of enterprise firewalls,” says Dart. “You can get the firewall out of the way and use technical controls that don’t have performance limitations.”
Domains like genomics require high-performance applications to parse incredibly large and complex datasets. At the National Human Genome Research Institute (NGHRI), for example, there are 3,607 genes catalogued, with each one generating its own unique set of data points.
Many traditional firewalls, however, don’t support these applications. Default configurations in security systems also cannot support high-performance computing. Other factors, like dirty fiber optics cables or irregular operating systems, create performance issues.
The Science DMZ addresses these problems by creating a network that is explicitly designed for high-performance applications with security protocols.
“If you look at overall network design as part of your security arc, this allows you to make better decisions to process data,” says Dart. “This leads to better scientific outcomes.”
Dart and Peisert also found that a Science DMZ increases collaboration among different research organizations by improving transfer speeds and reducing cost, especially for sensitive medical data protected by HIPAA.
“If we look at what the medical field is trying to do with cancer data,” says Dart, “we need a way for multiple institutions to collaborate. Everybody may have a piece of the puzzle, but nobody has the data in one place.”
Shared data repositories like the National Library of Medicine, the National Cancer Institute, and the European Bioinformatics Institute are growing rapidly, highlighting the need for a quick and cost-effective way for researchers to access their large datasets.
“The datasets traditionally used in medical data have been smaller,” says Peisert. “But there is a desire by the communities doing scientific work for that to change.”
Ensuring privacy and results
The Science DMZ model is just one example of how the computing community has evolved in recent years, according to Dart.
“We’re able to do things with computing now that we couldn’t dream of a generation ago,” says Dart. “To make good use of our technologies and capabilities, we have to be able to get data into them and get results back out.”
The Science DMZ may pioneer results in cancer research and other health domains by improving data transfer times for researchers, while still complying with HIPAA’s privacy regulations.
“We can get data, but it must be protected because I, for example, don’t want my medical records exposed,” says Dart. “There’s a huge need to securely protect this data in a performant way. That’s what we’re trying to contribute here.”