Security Standards and use of Cyberinfrastructure Systems in Clinical Research.

Many areas of biomedical research, including precision health research, inherently involve the use of IT systems properly secured to store and analyze protected health information (PHI). Managing cybersecurity policies in ways that allow such storage and analysis of PHI on computing systems is involved, but so doing can facilitate important research. In 2005, Indiana University established the ability to analyze PHI (HIPAA alignment) as the minimal security level for its High Performance Computing (HPC) systems and research storage systems. Starting in 2010, REDCap was also offered as a central service, providing capabilities for conducting surveys that collect PHI and storing those data in ways that align with HIPAA. Usage data shows that providing computational and data resources aligned with HIPAA has increased the use of advanced research cyberinfrastructure over time. We explain some of our tactics in providing secure environments for handling protected health information and offer suggestions that other cyberinfrastructure centers may find useful in setting strategies for serving medical researchers.