July 5, 2022
The Scientific Computing (SciC) Linux Clusters platform has been developed to provide security appropriate for HIPAA associated work. In any analysis it is prudent to minimize risk, beginning with the base level of de-identification.
When files containing Protected Health Information (PHI) must be processed on the SciC Linux Clusters, the following minimum requirements need to be followed in order to preserve security and HIPAA compliance:
The minimum, essential requirements, for working with PHI on the cluster are:
- The job script must not contain any PHI. The job script is the sequence of commands and associated options in your data processing pipeline, and is visible to all cluster users
- Filenames must not contain PHI. Filenames appear in job scripts and may enter server log files which can be shared with hardware vendors during troubleshooting
- We strongly recommend that filenames also do not include Personally Identifiable Information (PII) as this may link an individual to your area of research
- Files should not be written to any public location (such as "/tmp" or "$HOME/public"). Your home folder or private group folder are the correct locations for these data files
- Default file or folder permissions, and the "umask" setting should not be changed on your account
- Access credentials to your account must not be shared with others
ERIS staff who have administrative access to the cluster data have taken required training and can be included on your IRB protocol. Contact Scientific Computing for a current ERIS staff list.
The cluster is located in the same secure data centers that contains Partners clinical IT systems.
For large projects, an isolated network zone may be available for processing depending on resource availability.