Protected Health Data Infrastructure

Protected Health Data Infrastructure

Protected Health Data Infrastructure PHDI is a Secure Enclave

PHDI supports projects, datasets, and users from any Georgia Tech or GTRI unit where PHI/PII compliance needs are required including HIPAA, HITECH, CMS, and sponsor specific requirements for fully identifiable, limited data sets, and de-identified data. PHDI is a secure enclave with compute and storage resources which can be provisioned to host project specific storage, applications, and services for analytics, research data collection, and systems integrations.

Researcher access to the environment requires CITI HIPS and IRB training and approval. Projects and/or data as well as all administrative, network, security, and compliance resources are segmented from one another with rigid role-based access, network, storage, and system controls. PHDI follows the HITRUST Common Security Framework to achieve HIPAA compliance, and undergoes an annual risk assessment, third party certification, and security penetration testing.

Protected data does not enter or leave the environment without agreed upon procedures and approvals (based on contracts, data usage agreements (DUAs), IRB requirements, etc.). Policies are enforced through the separation of roles (researchers, data management, compliance, administration). Data access models include secure review rooms, remote access over 2FA VPN, as well as secure mobile and web services utilizing web application firewalls (WAF). Restrictions and auditing of activities including file upload/download and cut/copy/paste are also provided.

Technical safeguards include multiple layers of differing security protocols protecting data in transit and data at rest with multiple vendor products as well as routine auditing, alerting, and reporting. The PHDI environment also mandates administrative safeguards and undergoes periodic risk assessment and management processes to gauge the security of the environment and develop plans for mitigations of any deficiencies.

 

Protected Health Data Infrastructure PHDI - OneGT Operating Model

PHDI has a OneGT operating model with support from Georgia Tech’s EVPR, IPaT, Pediatric Technology Center (PTC), GTRI-ICL, GTRC, OIT cybersecurity and network services, GTRI information systems, GTRI research security, and other Georgia Tech unit and lab IT and research professionals. The PHDI team provides healthcare data management, compliance, and domain expertise including: operational relationship and process management with sponsors and data owners; streamlined research pipelines through standard data transfer and ETL processes, databases and tools, training, software development, cohort and project identification/development; and streamlined Institutional Review Board (IRB) applications, data usage agreement(s) and contracting processing with Georgia Tech’s legal, contracting and partnerships work with GTRC, as well as HIPAA security and compliance assistance for project development and implementation.
 

If you are a Georgia Tech Researcher in need of secure data services, or a corporate / industry partner interested in working with Georgia Tech researchers on projects that might protected data services please contact: phdi@gatech.edu

PHDI Use Case Examples

PTC Bldg

The Children's Healthcare of Atlanta Pediatric Technology Center is housed on the ground floor of the Roger A. and Helen B. Krone Engineered Biosystems Building (EBB) at Georgia Tech.

Pediatric Technology Center

IPaT's PHDI Services are Supporting These Children's Healthcare of Atlanta Research Focus Areas
 

Pillar 1 – Data Science, Machine Learning, and Artificial Intelligence
- Goal is to design a system to predict “critical deterioration” of children. A deterioration event results in a severe risk to the child. 
- The system will include a real-time FHIR application on the Childrens’ infrastructure running models to be developed inside the PHDI environment using data from Childrens’ Datalake and EHR datasets. The models will be built using a new 4xH100  GPU server bought to support both Pillars.

Pillar 2 - Patient-Centered Care Delivery  
- Care coordination and integration of pediatric healthcare: Delivering care through multiple settings (in clinic, at home, in school and via telehealth) and across different providers and services.
- Care system navigation through a single-digital solution: Connecting care systems outside of Children’s through a unified interface to integrate scheduling and referral systems, communication between patients and parents/caregivers, and submission of lab and imaging
- Health policy for supporting care coordination and improving access: Enhancing care coordination, access to different modalities of care and technological advancements.
- Data models to be developed inside the PHDI environment using data from Childrens’ Datalake and EHR datasets. The models will be built using a new 4xH100  GPU server bought to support both Pillars.

 

GTRI logo

GTRI Research Support

IPaT's PHDI services are supporting GTRI research projects involving Controlled Unclassified Information (CUI).

GTRI needed data support for an Army Ground Safety Project

- PHDI created a new system security plan
- PHDI's policies and procedures and HITRUST controls expedited the completion of the new CUI certification
- This compliance effort involved GT and GTRI cybersecurity, GRC, OSP personal and PHDI staff.
- This project will ease efforts to host future CUI projects and will help with future PACE integrations