UITS Research Technologies systems and services for researchers working with data containing HIPAA-regulated PHI
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) established rules protecting the privacy and security of individually identifiable health information. The HIPAA Privacy Rule and Security Rule set national standards requiring organizations and individuals to implement certain administrative, physical, and technical safeguards to maintain the confidentiality, integrity, and availability of protected health information (PHI).
The Research Technologies division of UITS provides several systems and services that meet certain requirements established in the HIPAA Security Rule thereby enabling their use for research involving data that contain protected health information (PHI). However, using a UITS Research Technologies resource does not fulfill your legal responsibilities for protecting the privacy and security of data that contain PHI. You may use these resources for research involving data that contain PHI only if you institute additional administrative, physical, and technical safeguards that complement those UITS already has in place.
-
Although PHI is classified as Critical data, other types of institutional data classified as Critical are not permitted on Research Technologies systems. For help determining which institutional data elements classified as Critical are considered PHI, see About protected health information (PHI) data elements in the classifications of institutional data.
- Files containing PHI must be encrypted when they are stored (at rest) and when they are transferred between networked systems (in transit). For more, see Recommended tools for encrypting data containing HIPAA-regulated PHI.
- To ensure accountability and prevent access by unauthorized users, you are not permitted to use a group (or departmental) account for work involving PHI.
- For more, see Your legal responsibilities for protecting data containing protected health information (PHI) when using UITS Research Technologies systems and services.
| Service category | System name | Description |
|---|---|---|
| Archival storage | Scholarly Data Archive (SDA) | The SDA tape library provides extensive capacity (79 PB) for storing and accessing research data. The SDA is a distributed storage service co-located at IU data centers in Bloomington and Indianapolis. The SDA provides IU researchers with large-scale archival or near-line data storage, arranged in large files, with automatic off-site copies of data for disaster recovery. |
| Data management | IU REDCap | IU's implementation of REDCap provides secure, web-based database management tools for capturing, using, and sharing research data. IU REDCap was designed for investigators who collect and share data (including PHI) for clinical research. |
| Data visualization | About the UITS Advanced Visualization Lab (AVL) | Advanced Visualization Lab (AVL) facilities and systems at IUB and IUPUI are designed to help researchers effectively use advanced visualization technologies. A variety of AVL technologies are available for routine use, testing, and demonstration. |
| High performance scratch and project space for research computing applications | Slate, Slate-Project, Slate-Scratch | The High Performance File Systems (HPFS) unit of Research Technologies operates Lustre-based parallel file systems that provide high-speed read-write data access for applications running on IU's research supercomputers. These file systems are ideal for storing application data that are being processed and analyzed on IU's research supercomputers; they are not intended for permanent data storage (data are not backed up).
|
| Disk-based home directory and project space on IU research supercomputers | Geode, Geode-Project |
Geode is a disk-based online storage system that provides home directory space for users of Indiana University's research supercomputers and the Geode-Project fee-based storage service for IU research projects. Geode is co-located at the IU data centers in Bloomington and Indianapolis. Files stored on Geode are replicated, by default, at each data center. Home directories and Geode-Project spaces are accessible directly from all IU research supercomputers and remotely from personal workstations connected to the IU campus network. For current Geode-Project fee information, see "Replicated Research Storage (Geode)" on UITS Rates for Direct-Bill Services. |
| Research databases | Research Database Complex (RDC) |
The Indiana University Research Database Complex (RDC) supports research-related MySQL and PostgreSQL databases and data-intensive applications that require databases. The RDC is strictly devoted to supporting research, and is not an instructional, classroom environment. |
| Research supercomputers | Quartz, Carbonate |
Quartz is Indiana University's high-throughput computing cluster. Designed to deliver large amounts of processing capacity over long periods of time, Quartz provides the advanced supercomputing performance needed to run high-end, data-intensive applications that are critical to scientific discovery and innovation. Carbonate is Indiana University's large-memory computer cluster. Designed to support data-intensive computing, Carbonate is particularly well-suited for running genome assembly software, large-scale phylogenetic software, and other genome analysis applications that require large amounts of computer memory. Carbonate provides a specialized GPU partition for researchers with applications that require GPUs. Additionally, Carbonate offers a colocation service to IU researchers, research labs, departments, and schools. Note:
UITS Research Technologies will retire Carbonate on December 17, 2023. Carbonate users should plan to move to Quartz or Big Red 200 before the retirement date to ensure that their research continues without interruption. Following the retirement, Carbonate's GPU hardware will be moved to the Quartz cluster, and Research Desktop (RED) will be updated to align more closely with Quartz. The colocation service on Carbonate will not be impacted by this retirement. If you have questions about the retirement of Carbonate, contact UITS Research Technologies. |
Failure to comply with HIPAA requirements can result in civil and criminal penalties, as well as progressive disciplinary actions through Indiana University, up to and including termination.
Although PHI is classified as Critical data, other types of institutional data classified as Critical are not permitted on Research Technologies systems. For help determining which institutional data elements classified as Critical are considered PHI, see About protected health information (PHI) data elements in the classifications of institutional data.
If you have questions about securing HIPAA-regulated research data at IU, email securemyresearch@iu.edu. SecureMyResearch provides self-service resources and one-on-one consulting to help IU researchers, faculty, and staff meet cybersecurity and compliance requirements for processing, storing, and sharing regulated and unregulated research data; for more, see About SecureMyResearch. To learn more about properly ensuring the safe handling of PHI on UITS systems, see the UITS IT Training video Securing HIPAA Workflows on UITS Systems. To learn about division of responsibilities for securing PHI, see Shared responsibility model for securing PHI on UITS systems.
This is document bdqg in the Knowledge Base.
Last modified on 2023-08-16 13:10:01.