X-ISS Builds HIPAA-compliant Cloud HPC Solution for Northwestern University Research Computing
Northwestern University in Chicago (NU) is a recognized leader in clinical and medical research. Facing the challenges of analyzing a quickly-growing amount of medical data, Northwestern partnered with X-ISS to develop a secure, scalable cloud-based solution to meet the needs of its research community.
The HIPAA Security Challenge
Federal HIPAA compliance ensures protection of sensitive patient data and is critical for certain research. This requires a guarantee that appropriate security measures are in place. This level of security challenges any organization, but is especially important when the computing systems reach into the cloud.
NU requested assistance with a new cloud-based HIPAA compliant workload. The need for timely delivery of compliant solutions drove the need to explore cloud-based solutions. Additionally, the approach enabled Northwestern to leverage X-ISS to effectively augment the capabilities of their existing staff to deliver new technology solutions.
X-ISS Uses a Holistic Approach
NU reached out to Deepak Khosla, President of X-ISS, to partner with NU IT in developing a new HIPAA-compliant HPC system in the cloud. Because of previous work in the medical computing field, X-ISS was able to suggest a proof-of-concept (POC) project that would build procedures, processes, and the requisite technical infrastructure.
X-ISS provided a HIPAA expert to perform an initial assessment of the research department, infrastructure, procedures, and staff knowledge. This assessment allowed NU IT to detect gaps and potential vulnerabilities that might exist in the researcher’s system and identify contingency requirements.
Additionally, X-ISS placed one of its cloud experts on task to create a technical environment where the researcher could quickly “spin up” a cluster of computers in the cloud, securely move data to the cloud, run data analysis jobs, and securely return results. This new capability allowed NU to ensure security and regulatory compliance of highly sensitive data.
Key Elements for Success
Jackie Milhans, Manager of Computing and Data Support Services, needed more than just a technical solution. Any POC would need to address how HIPAA compliance would be accomplished when interfacing with both local and cloud infrastructure. For this POC, Amazon Web Services (AWS) was utilized based upon NU’s previous usage and experience. X-ISS was able to build a cloud solution for the research group tightly integrated with regulatory
requirements and NU’s goals.
- Key Management Involvement at All Levels
A management attitude that supports attention to detail, excellence, and doing things right.
Staying on schedule by providing project management and technical leadership.
- Partnership Attitude
Looking at the best “end-game” solution instead of a quick fix. Working with existing IT groups to ensure compliance, acceptance, and integration. Ensuring a project is never a “one-off”, but becomes part of the new, more capable infrastructure of the client organization.
Understanding Cloud HPC knowledge and experience with providers such as AWS. Providing knowledge transfer to assure continued success. In-depth HIPAA knowledge and experience to ensure the cloud solution meets all federal regulatory requirements.
X-ISS was able to bring a diverse set of skills to play in this proof-of-concept project that not only solved NU’s immediate need, but positioned them for future growth. A key part of any successful project is to have both the client and the service provider be partnership oriented. NU is such a client; taking extra effort to provide resources, allocate enough time for completion, and remaining involved throughout the project.
Because of this effort, NU is better positioned to deliver services to researchers needing to analyze sensitive data. The foresight of designing this project to incorporate Cloud, HIPAA compliance, and new processes and procedures has positioned NU to address the growing need for secure computing platforms and further demonstrate the University’s proactive stance on protecting health data. X-ISS has proven to be a capable partner, helping NU bring this about in a short period of time.
Download this case study: NUCloud.CaseStudy13