Protected Health Data Infrastructure

Protected Health Data Infrastructure PHDI is a Secure Enclave
PHDI supports projects, datasets, and users from any Georgia Tech or GTRI unit where PHI/PII compliance needs are required including HIPAA, HITECH, CMS, and sponsor specific requirements for fully identifiable, limited data sets, and de-identified data. PHDI is a secure enclave with compute and storage resources which can be provisioned to host project specific storage, applications, and services for analytics, research data collection, and systems integrations.
Researcher access to the environment requires CITI HIPS and IRB training and approval. Projects and/or data as well as all administrative, network, security, and compliance resources are segmented from one another with rigid role-based access, network, storage, and system controls. PHDI follows the HITRUST Common Security Framework to achieve HIPAA compliance, and undergoes an annual risk assessment, third party certification, and security penetration testing.
Protected data does not enter or leave the environment without agreed upon procedures and approvals (based on contracts, data usage agreements (DUAs), IRB requirements, etc.). Policies are enforced through the separation of roles (researchers, data management, compliance, administration). Data access models include secure review rooms, remote access over 2FA VPN, as well as secure mobile and web services utilizing web application firewalls (WAF). Restrictions and auditing of activities including file upload/download and cut/copy/paste are also provided.
Technical safeguards include multiple layers of differing security protocols protecting data in transit and data at rest with multiple vendor products as well as routine auditing, alerting, and reporting. The PHDI environment also mandates administrative safeguards and undergoes periodic risk assessment and management processes to gauge the security of the environment and develop plans for mitigations of any deficiencies.
Protected Health Data Infrastructure PHDI - OneGT Operating Model
PHDI has a OneGT operating model with support from Georgia Tech’s EVPR, IPaT, Pediatric Technology Center (PTC), GTRI-ICL, GTRC, OIT cybersecurity and network services, GTRI information systems, GTRI research security, and other Georgia Tech unit and lab IT and research professionals. The PHDI team provides healthcare data management, compliance, and domain expertise including: operational relationship and process management with sponsors and data owners; streamlined research pipelines through standard data transfer and ETL processes, databases and tools, training, software development, cohort and project identification/development; and streamlined Institutional Review Board (IRB) applications, data usage agreement(s) and contracting processing with Georgia Tech’s legal, contracting and partnerships work with GTRC, as well as HIPAA security and compliance assistance for project development and implementation.
If you are a Georgia Tech Researcher in need of secure data services, or a corporate / industry partner interested in working with Georgia Tech researchers on projects that might protected data services please contact: phdi@gatech.edu

PHDI Use Case Examples

The Children's Healthcare of Atlanta Pediatric Technology Center is housed on the ground floor of the Roger A. and Helen B. Krone Engineered Biosystems Building (EBB) at Georgia Tech.
Pediatric Technology Center
IPaT's PHDI services are supporting these Children's Healthcare of Atlanta research focus areas
Pillar 1 – Data Science, Machine Learning, and Artificial Intelligence
- Goal is to design a system to predict “critical deterioration” of children. A deterioration event results in a severe risk to the child.
- The system will include a real-time FHIR application on the Childrens’ infrastructure running models to be developed inside the PHDI environment using data from Childrens’ Datalake and EHR datasets. The models will be built using a new 4xH100 GPU server bought to support both Pillars.
Pillar 2 - Patient-Centered Care Delivery
- Care coordination and integration of pediatric healthcare: Delivering care through multiple settings (in clinic, at home, in school and via telehealth) and across different providers and services.
- Care system navigation through a single-digital solution: Connecting care systems outside of Children’s through a unified interface to integrate scheduling and referral systems, communication between patients and parents/caregivers, and submission of lab and imaging
- Health policy for supporting care coordination and improving access: Enhancing care coordination, access to different modalities of care and technological advancements.
- Data models to be developed inside the PHDI environment using data from Childrens’ Datalake and EHR datasets. The models will be built using a new 4xH100 GPU server bought to support both Pillars.

GTRI Research Support
IPaT's PHDI services are supporting GTRI research projects involving Controlled Unclassified Information (CUI).
GTRI needed data support for an Army Ground Safety Project
- PHDI created a new system security plan
- PHDI's policies and procedures and HITRUST controls expedited the completion of the new CUI certification
- This compliance effort involved GT and GTRI cybersecurity, GRC, OSP personal and PHDI staff.
- This project will ease efforts to host future CUI projects and will help with future PACE integrations
Claims Utilization Research of Myalgic Encephalomyelitis/Chronic Fatigue Syndrome in the Georgia All-Payer Claims Database (CURe-ME)
- Using an official extract from the Georgia All Payers Claims Database (APCD)
- GTRI is using PHDI for security and compliance oversight, data management, and storage and compute resource

CMS Medicaid Dataset
PHDI hosts Medicaid data from 2005 - 2020 for research
Allowed Research Usage
- Measuring and explaining inequities
- Optimizing interventions and delivery systems
Claim File Types
- Members & Eligibility
- Inpatient Claims
- Rx Claims
- Other” Claims - (Outpatient, clinics, labs, and others)
Dataset Contents
- Costs and Charges
- Procedures and Diagnosis
- Prescriptions and Charges
- Membership Eligibility
- Race, Gender, Ethnicity, and Age
- Location Information
- Provider NPI

I-CONECT Dataset
PHDI hosts internet-based conversational engagement clinical trial data
Collected as part of a clinical trial to examine how social engagement via technology impacts brain health in socially isolated older adults
- Participants: 75 older adults (75 yo+)
- Intervention: Regular conversation via video chat with a trained conversational partner (30 minutes, 2-3x/week over 6 months)
- Dataset: audio/video recordings of chat, ASR transcriptions

Data Engineering Services
The PHDI team has extensive experience in Data Wrangling, especially in the health data space. Data extract-transform-load (ETL) design, extract-load-transform design for data lakes, SQL database design, and other data engineering skills. These are usually project based work for research scientists and engineers, but some of these are offered as part of the general PHDI onboarding.
Examples of data projects utilizing PHDI team expertise:
- Georgia All Payers Claims Database – ETL, OMOP CDM transformations, Data Extracts, Data Release Reviews, and Privacy, Security, and Compliance.
- CDC T10 – ETL, OMOP CDM transformations, Porting of code to Azure Databricks
- CHoA Pillars 1 & 2 – Data Capture design, Health Data SME, Data import/export, and Privacy, Security, and Compliance.
- CMS Medicaid – Database design (~45 TB MariaDB instance), Performance monitoring and advising students and other researchers on refactoring, Data ingest and ETL. Data SME

Data Management Plans and Consulting Services
Another capability of PHDI is the personnel and our storehouse of knowledge about the compliance space. We offer a more hands-on approach when we talk with groups about their needs. We approach the space with an operational and security perspective. This allows us to assist with the creation of compliant spaces outside of PHDI. We also can craft data management plans for proposal submission that describes the approach that should be taken if the project is funded. These can serve as the design for the approach to meeting the compliance requirements needed at project startup and guide to resources that may need to be added to the budget.
Examples of projects requesting consultation:
- IBB Molecular Evolution Core CLIA controls
- Army Ground Safety CUI controls
- Mt. Sinai Cooperative Research and Development Agreement (CRADA) for deidentified health data (requires PHDI even though deidentified)