Bill Barnett, Bob Flynn & Anurag Shankar Pervasive Technology Institute and University Information Technology Services, Indiana University CASC. September.

Slides:



Advertisements
Similar presentations
April 19, 2015 CASC Meeting 7 Sep 2011 Campus Bridging Presentation.
Advertisements

Win8 on Intel Programming Course Win8 and Intel Paul Guermonprez Intel Software
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Author(s): Don M. Blumenthal, 2010 License: Unless otherwise noted, this material is made available under the terms of the Attribution – Non-commercial.
Project Acronym:PEPPOL Grant Agreement number: Project Title:Pan European Public Procurement Online Website: PEPPOL is an EU co-funded.
Data Gateways for Scientific Communities Birds of a Feather (BoF) Tuesday, June 10, 2008 Craig Stewart (Indiana University) Chris Jordan.
Internet of Things with Intel Edison Presentation Paul Guermonprez Intel Software
ESE Einführung in Software Engineering N. XXX Prof. O. Nierstrasz Fall Semester 2009.
ESE Einführung in Software Engineering X. CHAPTER Prof. O. Nierstrasz Wintersemester 2005 / 2006.
Metamodeling Seminar X. CHAPTER Prof. O. Nierstrasz Spring Semester 2008.
Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
1 Supplemental line if need be (example: Supported by the National Science Foundation) Delete if not needed. Supporting Polar Research with National Cyberinfrastructure.
12. eToys. © O. Nierstrasz PS — eToys 12.2 Denotational Semantics Overview:  … References:  …
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
Sequential Storyboards Chapter 4.1 in Sketching the User Interface: The Workbook Image from:
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Pti.iu.edu /jetstream Award # A national science & engineering cloud funded by the National Science Foundation Award #ACI Prepared for the.
Win8 on Intel Programming Course Modern UI : Sensors Cédric Andreolli Intel Software.
Author(s): Bob Riddle, Kathleen Ludewig Omollo License: Unless otherwise noted, this material is made available under the terms of the Creative Commons.
FutureGrid: an experimental, high-performance grid testbed Craig Stewart Executive Director, Pervasive Technology Institute Indiana University
Statewide IT Conference, Bloomington IN (October 7 th, 2014) The National Center for Genome Analysis Support, IU and You! Carrie Ganote (Bioinformatics.
Win8 on Intel Programming Course The challenge Paul Guermonprez Intel Software
HIPAA PRIVACY AND SECURITY AWARENESS.
Next Generation Cyberinfrastructures for Next Generation Sequencing and Genome Science AAMC 2013 Information Technology in Academic Medicine Conference.
Craig Stewart 23 July 2009 Cyberinfrastructure in research, education, and workforce development.
© Trustees of Indiana University Released under Creative Commons 3.0 unported license; license terms on last slide. Using the Purdue DB Technology to build.
Goodbye from Indianapolis, IUPUI, and Craig A. Stewart Executive Director, Pervasive Technology Institute Associate Dean, Research Technologies Indiana.
Big Red II & Supporting Infrastructure Craig A. Stewart, Matthew R. Link, David Y Hancock Presented at IUPUI Faculty Council Information Technology Subcommittee.
Genomics, Transcriptomics, and Proteomics: Engaging Biologists Richard LeDuc Manager, NCGAS eScience, Chicago 10/8/2012.
Internet of Things with Intel Edison Compiling and running Pierre Collet Intel Software.
The National Center for Genome Analysis Support as a Model Virtual Resource for Biologists Internet2 Network Infrastructure for the Life Sciences Focused.
Leveraging the National Cyberinfrastructure for Top Down Mass Spectrometry Richard LeDuc.
September 6, 2013 A HUBzero Extension for Automated Tagging Jim Mullen Advanced Biomedical IT Core Indiana University.
© Trustees of Indiana University Released under Creative Commons 3.0 unported license; license terms on last slide. The IQ-Table & Collection Viewer A.
The Animated Sequence Chapter 5.1 in Sketching User Experiences: The Workbook.
RNA-Seq 2013, Boston MA, 6/20/2013 Optimizing the National Cyberinfrastructure for Lower Bioinformatic Costs: Making the Most of Resources for Publicly.
July 18, 2012 Campus Bridging Security Challenges from “Panel: Security for Science Gateways and Campus Bridging”
Internet of Things with Intel Edison CylonJS Pierre Collet Intel Software
Making Campus Cyberinfrastructure Work for Your Campus Guy Almes Patrick Dreher Craig Stewart Dir. Academy for Dir. Advanced Computing Associate Dean Advanced.
Pti.iu.edu /jetstream Award # funded by the National Science Foundation Award #ACI Jetstream Overview – XSEDE ’15 Panel - New and emerging.
Using Prior Knowledge to Improve Scoring in High-Throughput Top-Down Proteomics Experiments Rich LeDuc Le-Shin Wu.
INDIANAUNIVERSITYINDIANAUNIVERSITY Spring 2000 Indiana University Information Technology University Information Technology Services Please cite as: Stewart,
November 18, 2015 Quarterly Meeting 30Aug2011 – 1Sep2011 Campus Bridging Presentation.
February 27, 2007 University Information Technology Services Research Computing Craig A. Stewart Associate Vice President, Research Computing Chief Operating.
Win8 on Intel Programming Course Paul Guermonprez Intel Software
State of the Ward in 2007 Version 1.0 A Fifth Sunday Lesson Given in the Sterling Park Ward, Ashburn, VA Stake by D. Calvin Andrus, Bishop
A national science & engineering cloud funded by the National Science Foundation Award #ACI Craig Stewart ORCID ID Jetstream.
Recent key achievements in research computing at IU Craig Stewart Associate Vice President, Research & Academic Computing Chief Operating Officer, Pervasive.
© Trustees of Indiana University Released under Creative Commons 3.0 unported license; license terms on last slide. Update on EAGER: Best Practices and.
Award # funded by the National Science Foundation Award #ACI Jetstream: A Distributed Cloud Infrastructure for.
Design of Everyday Things Part 2: Useful Designs? Lecture /slide deck produced by Saul Greenberg, University of Calgary, Canada Images from:
Jetstream: A new national research and education cloud Jeremy Fischer ORCID Senior Technical Advisor, Collaboration.
A national science & engineering cloud funded by the National Science Foundation Award #ACI Craig Stewart ORCID ID Jetstream.
1 A national science & engineering cloud funded by the National Science Foundation Award #ACI Craig Stewart ORCID ID Jetstream.
© Trustees of Indiana University Released under Creative Commons 3.0 unported license; license terms on last slide. Informatics Tools at the Indiana CTSI.
Jetstream Overview Jetstream: A national research and education cloud Jeremy Fischer ORCID Senior Technical Advisor,
PAUL STACEY Except where otherwise noted these materials are licensed under a Creative Commons Attribution 3.0 (CC BY)CC BY Open Licensing Requirements.
Jetstream: A national research and education cloud Jeremy Fischer ORCID Senior Technical Advisor, Collaboration and.
Research & Academic Computing Indiana University Statewide IT Conference 11 September 2003 Indianapolis IN.
February 3, 2009 Bridging Academic and Medical Cultures Academic Research Systems and HIPAA William K. Barnett Anurag Shankar.
Providing Private Cloud Services to Support HIPAA Compliance Dennis Cromwell – Associate Vice President of Enterprise Infrastructure at Indiana University.
IRB Open House: Implementation of Single IRB Review
Matt Link Associate Vice President (Acting) Director, Systems
Introduction to electronic resources management
Pre and post workshop assessments
ICT-PreAward-eCAT- Pre_Award_Conformance_and_ Test_Strategy-1.0.1
E-resource evaluation tips
Health Care: Privacy in a Digital Age
Introduction to electronic resources management
Introduction to electronic resources management
Presentation transcript:

Bill Barnett, Bob Flynn & Anurag Shankar Pervasive Technology Institute and University Information Technology Services, Indiana University CASC. September 17, 2014 Bringing Box into HIPAA Alignment

CASC. September 17, 2014 University Information Technology Services Outline 1.Introduction 2.Service Partnership 3.Box Evaluation 4.Conclusions

CASC. September 17, 2014 University Information Technology Services 1. Introduction

CASC. September 17, 2014 University Information Technology Services Nature abhors a vacuum Because of the lack of HIPAA aligned campus services that support external collaborations, biomedical researchers share sensitive data using and cloud services such as Google docs, Dropbox, etc.

CASC. September 17, 2014 University Information Technology Services The lure of cheap, ubiquitous cloud storage is irresistible. Cloud providers have been unaware or unwilling to address HIPAA compliance. Market pressures are forcing some vendors, including Amazon, Microsoft, and Box, to reconsider. We at IU have also been revisiting our stance of requiring our sensitive data to be kept on site. HIPAA in the Cloud?

CASC. September 17, 2014 University Information Technology Services 2. Service Partnership

CASC. September 17, 2014 University Information Technology Services Implemented at IU in 2012, Box has become popular for sharing data with collaborators within and outside IU. Researchers in the IU School of Medicine (second largest medical school in the U.S.) want to use Box to share clinical research data. This requires that Box be HIPAA aligned. & HIPAA

CASC. September 17, 2014 University Information Technology Services In 2013, Box began talking about the possibility of HIPAA alignment after conducting thirty party security and HIPAA audits. In late 2013, they began signing contracts promising to comply with HIPAA. Internet2 has negotiated a BAA* and revised contract with Box. Box & HIPAA * = Business Associate Agreement

CASC. September 17, 2014 University Information Technology Services Basics Program rollout April 2012 Reached 50,000 users by October 2013 Currently 74,000 internal users 9,000 external collaborators 180,000 collaborations 68TB in storage All this without FERPA or HIPAA data

CASC. September 17, 2014 University Information Technology Services Growth

CASC. September 17, 2014 University Information Technology Services 3. Box Evaluation

CASC. September 17, 2014 University Information Technology Services While Box told us they were HIPAA ‘compliant’, due diligence (to us) meant evaluating whether Box met the same NIST standards we follow ourselves.

CASC. September 17, 2014 University Information Technology Services The Stack Network Box Cloud Environment OS Application Authentication Box Box/IU Layer Responsible User Interface Box

CASC. September 17, 2014 University Information Technology Services What we Did We asked Box for documentation of their information security practices, audit reports, etc. We reviewed the documents thoroughly. We used the NIST HIPAA Security Rule Toolkit to answer nearly 1000 questions about Box’s security/risk management practices. Some of these answers came from the Box documentation, some from Box’s Compliance folks.

CASC. September 17, 2014 University Information Technology Services NIST HIPAA Security Rule Toolkit Questionnaire

CASC. September 17, 2014 University Information Technology Services Evaluation Results Box answered > 95% of the questions satisfactorily. They have the necessary “Required” and “Addressable” HIPAA safeguards in place. It helps greatly that they encrypt all data both during transit and at rest for enterprise customers and secure the encryption keys.

CASC. September 17, 2014 University Information Technology Services Current Status We have a signed BAA with Box. We are HIPAA aligning IU authentication services (Shibboleth and CAS) for ePHI, with a final check by internal governance (Security, Audit, Compliance). After the above are completed, we will issue an ATO and make Box available to biomedical researchers as a HIPAA aligned collaboration tool.

CASC. September 17, 2014 University Information Technology Services 4. Conclusions

CASC. September 17, 2014 University Information Technology Services Conclusions Box provides an ideal data sharing environment for researchers, biomedical or otherwise. Our own NIST-based evaluation found Box to be capable of keeping our ePHI secure. We are using our existing standards to satisfy dependencies and ensure end to end security.

CASC. September 17, 2014 University Information Technology Services Contact Bill Barnett Bob Flynn Anurag Shankar

License Terms Please cite as: Barnett, W., R. Flynn and A. Shankar, Bringing Box into HIPAA Alignment, presented at the Fall 2014 Coalition for Advanced Scientific Computing meeting, Arlington, DC. Items indicated with a © are under copyright and used here with permission. Such items may not be reused without permission from the holder of copyright except where license terms noted on a slide permit reuse. Except where otherwise noted, contents of this presentation are copyright 2011 by the Trustees of Indiana University. This document is released under the Creative Commons Attribution 3.0 Unported license ( This license includes the following terms: You are free to share – to copy, distribute and transmit the work and to remix – to adapt the work under the following conditions: attribution – you must attribute the work in the manner specified by the author or licensor (but not in any way that suggests that they endorse you or your use of the work). For any reuse or distribution, you must make clear to others the license terms of this work.