ARCHIVED: Completed project: Information Protection for Privacy and Security (IPPS)

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.

Primary UITS contact: Dr. William K. Barnett, Research Technologies

Completed: April 24, 2009

Description: This project in the UITS Research Technologies (RT) division is aimed at enhancing the security of RT's computational, storage, and visualization systems to comply with both the Health Information Portability and Accountability Act (HIPAA), a federal law passed by the US Congress in 1996, and the US Food and Drug Administration (FDA) Title 21 CFR Part 11. HIPAA regulations require administrative, physical, and technical safeguards to prevent the release of electronic protected health information (ePHI). Title 21 CFR Part 11 requires the use of electronic signatures to safeguard protected information. RT systems under consideration include Big Red, Quarry, Libra, the Research Database Complex, Discern, the Research File System, the Scholarly Data Archive, and the Data Capacitor. This project is in partnership with the IU School of Medicine (IUSM) and other UITS units that plan to store data containing ePHI.

Outcomes: IUSM and other life sciences researchers who need to store or perform analyses using ePHI data are able to use the storage and supercomputing cyberinfrastructure offered by the UITS RT division. The scope of this project will extend to providing RT, particularly supercomputing, services to industry partners through the Indiana Economic Development Corporation (IEDC). An additional goal is to position UITS for compliance with future rules and legislation governing ePHI.

Milestones and status:

As of January 30, 2009, the project team, in partnership with Enterprise Infrastructure, has completed the process to align RT with HIPAA. As part of this exercise, gap analysis and risk assessment of RT's current practices and policies were carried out by an external third party (HIT Professionals, Inc.). Security needs identified by the gap analysis were addressed and risk assessment results were used to develop a risk management plan for RT. Current work includes developing and executing a communication plan (to inform IUSM researchers of RT's ability to accept ePHI) and the provision of easy-to-use tools (such as encryption) to help researchers satisfy HIPAA security and privacy rule requirements.

  • October 2007: Project kick off Completed
  • November 2007: Security gap analysis Completed
  • January 2008: Oversight committee formed Completed
  • February 2008: RT Current Practices documentation Completed
  • July-August 2008: Risk analysis and risk management planning Completed
  • January 2009: All RT services aligned with HIPAA

Benefits: The ability of IUSM researchers to store and process ePHI in a HIPAA-compliant manner is expected to accelerate IU research on human subjects. Researchers will be more competitive in seeking grant funding, and will be able to undertake broader and more translational ("bench to bedside") research.

Primary client(s): IUSM at IUPUI, and IU Bloomington research faculty, staff, and students

Comment process: Send comments to the Advanced IT Core team.

Project sponsor: Craig Stewart, Associate Dean for Research Technologies

Project team:

  • William K. Barnett, Director, Advanced IT Core (Project Director)
  • Anurag Shankar, Advanced IT Core Project Analyst (Project Manager)
  • Andy Arenson, Manager, Biomedical Applications
  • Dave Hancock, Manager, High Performance Systems
  • Ray Sheppard, Manager, High Performance Applications
  • Keith Lehigh, RT Core Services
  • Eric Wernert, Senior Manager, Visualization
  • Jeff Rogers, Advanced Visualization Lab
  • Kurt Seiffert, Manager, Research Storage

Project oversight committee:

  • Marcia Gonzales, Research Compliance Administration, IUSM
  • Michael Jackson, Compliance and Privacy Officer, IUSM
  • Shelley Bizilla, Director, Research Compliance Administration, IUSM
  • Vince Sheehan, CIO, IUSM
  • Eric Schmidt, IT Security, IUSM
  • Michael Vaughn, IUSM administration
  • Kieren Mather, MD, IUSM faculty
  • Dennis Cromwell, Associate VP for Enterprise Infrastructure, UITS
  • Tom Davis, IU Chief Information Security Officer
  • Merri Beth Lavagnino, IU Chief Information Policy Officer
  • Matt Link, Director of Systems, RT, UITS
  • William K. Barnett (ex officio)
  • Anurag Shankar (ex officio)

This is document awjk in the Knowledge Base.
Last modified on 2018-01-18 15:59:54.