Protected Health Data Infrastructure

Protected Health Data Infrastructure PHDI is a Secure Enclave
The PHDI environment supports research that needs to take place inside a secure location. The research can encompass HIPAA requirements for work on medical records (PHI) or the new Controlled Unclassified Information (CUI) requirements to work on national government information. The environment is available for these specific types of projects, but can handle other compliance requirements. This allows the initiation of secure projects to be streamlined to let the actual work start quickly and with a minimum level of configuration since that is handled by the enclave.
All the policies and procedures are already created and managed by team of compliance and IT admins from both GT’s Institute for People and Technology (IPAT) and GTRI’s Information and Communications Laboratory (ICL). This OneGT approach allows researchers from both GT and GTRI to make use of the environment.
The PHDI environment is accessed via a Microsoft Remote Desktop virtual system and can provide windows and linux VM environments configured for research needs. Some limited GPU resources are available.
If you are a Georgia Tech Researcher in need of secure data services, or a corporate / industry partner interested in working with Georgia Tech researchers on projects that might protected data services please contact: phdi@gatech.edu
Definitions
- HIPAA – Healthcare Insurance Portability and Accountability Act a 1996 federal law that initiated the rules to protect patient data. It has been supplemented throughout the years and now is a catchall term for healthcare compliance.
- PHI – Protected Health Information – This term has a specific legal definition under HIPAA of specific information gathered from a healthcare provider that would be consider individually identifiable and protected. It is also used generically to reference medical information containing PII, but that may not meet the legal definition of HIPAA PHI, specifically as it is gathered for research with appropriate waivers. It is important to distinguish between the two to understand the legal requirements to working with the data, but we have a responsibility to protect PII in any case.
- CUI – Controlled Unclassified Information – This is a relatively new requirement for working with data that comes from the federal government, but it will probably have more widescale adoption as a standard in the near future. This is government information that is considered sensitive but not classified as secret or top secret. It must be safeguarded in an environment that protects it from unauthorized access. This set of standards and requirements is known as CMMC (the Cybersecurity Maturity Model Certification) and will become the auditing mechanism as the policies are rolled out from the government.
- HITRUST – a requirements framework for 3rd party HIPAA auditors and accessors. A set of requirements that an entity must meet with policies and procedures to gain HIPAA compliance for an environment.

PHDI Use Case Examples

The Children's Healthcare of Atlanta Pediatric Technology Center is housed on the ground floor of the Roger A. and Helen B. Krone Engineered Biosystems Building (EBB) at Georgia Tech.
Pediatric Technology Center
IPaT's PHDI services are supporting these Children's Healthcare of Atlanta research focus areas
Pillar 1 – Data Science, Machine Learning, and Artificial Intelligence
- Goal is to design a system to predict “critical deterioration” of children. A deterioration event results in a severe risk to the child.
- The system will include a real-time FHIR application on the Childrens’ infrastructure running models to be developed inside the PHDI environment using data from Childrens’ Datalake and EHR datasets. The models will be built using a new 4xH100 GPU server bought to support both Pillars.
Pillar 2 - Patient-Centered Care Delivery
- Care coordination and integration of pediatric healthcare: Delivering care through multiple settings (in clinic, at home, in school and via telehealth) and across different providers and services.
- Care system navigation through a single-digital solution: Connecting care systems outside of Children’s through a unified interface to integrate scheduling and referral systems, communication between patients and parents/caregivers, and submission of lab and imaging
- Health policy for supporting care coordination and improving access: Enhancing care coordination, access to different modalities of care and technological advancements.
- Data models to be developed inside the PHDI environment using data from Childrens’ Datalake and EHR datasets. The models will be built using a new 4xH100 GPU server bought to support both Pillars.

GTRI Research Support
IPaT's PHDI services are supporting GTRI research projects involving Controlled Unclassified Information (CUI).
GTRI needed data support for an Army Ground Safety Project
- PHDI created a new system security plan
- PHDI's policies and procedures and HITRUST controls expedited the completion of the new CUI certification
- This compliance effort involved GT and GTRI cybersecurity, GRC, OSP personal and PHDI staff.
- This project will ease efforts to host future CUI projects and will help with future PACE integrations
Claims Utilization Research of Myalgic Encephalomyelitis/Chronic Fatigue Syndrome in the Georgia All-Payer Claims Database (CURe-ME)
- Using an official extract from the Georgia All Payers Claims Database (APCD)
- GTRI is using PHDI for security and compliance oversight, data management, and storage and compute resource

CMS Medicaid Dataset
PHDI hosts Medicaid data from 2005 - 2020 for research
Allowed Research Usage
- Measuring and explaining inequities
- Optimizing interventions and delivery systems
Claim File Types
- Members & Eligibility
- Inpatient Claims
- Rx Claims
- Other” Claims - (Outpatient, clinics, labs, and others)
Dataset Contents
- Costs and Charges
- Procedures and Diagnosis
- Prescriptions and Charges
- Membership Eligibility
- Race, Gender, Ethnicity, and Age
- Location Information
- Provider NPI

I-CONECT Dataset
PHDI hosts internet-based conversational engagement clinical trial data
Collected as part of a clinical trial to examine how social engagement via technology impacts brain health in socially isolated older adults
- Participants: 75 older adults (75 yo+)
- Intervention: Regular conversation via video chat with a trained conversational partner (30 minutes, 2-3x/week over 6 months)
- Dataset: audio/video recordings of chat, ASR transcriptions

Data Engineering Services
The PHDI team has extensive experience in Data Wrangling, especially in the health data space. Data extract-transform-load (ETL) design, extract-load-transform design for data lakes, SQL database design, and other data engineering skills. These are usually project based work for research scientists and engineers, but some of these are offered as part of the general PHDI onboarding.
Examples of data projects utilizing PHDI team expertise:
- Georgia All Payers Claims Database – ETL, OMOP CDM transformations, Data Extracts, Data Release Reviews, and Privacy, Security, and Compliance.
- CDC T10 – ETL, OMOP CDM transformations, Porting of code to Azure Databricks
- CHoA Pillars 1 & 2 – Data Capture design, Health Data SME, Data import/export, and Privacy, Security, and Compliance.
- CMS Medicaid – Database design (~45 TB MariaDB instance), Performance monitoring and advising students and other researchers on refactoring, Data ingest and ETL. Data SME

Data Management Plans and Consulting Services
Another capability of PHDI is the personnel and our storehouse of knowledge about the compliance space. We offer a more hands-on approach when we talk with groups about their needs. We approach the space with an operational and security perspective. This allows us to assist with the creation of compliant spaces outside of PHDI. We also can craft data management plans for proposal submission that describes the approach that should be taken if the project is funded. These can serve as the design for the approach to meeting the compliance requirements needed at project startup and guide to resources that may need to be added to the budget.
Examples of projects requesting consultation:
- IBB Molecular Evolution Core CLIA controls
- Army Ground Safety CUI controls
- Mt. Sinai Cooperative Research and Development Agreement (CRADA) for deidentified health data (requires PHDI even though deidentified)