Secure Research Environment

The Institute for Computational Biology and CWRU Information Technology Services have aligned to develop, manage, and maintain a secure research environment for computing, governed by a risk-based security program that includes implementation of controls which meet recommendations or requirements of regulatory and information security standards (including HIPAA Security, FISMA, and SANS/ISO recommendations). These key stakeholders recognize that improved data management, monitoring, and control capabilities are mandatory to ensure our ability to appropriately acquire, manage, and analyze research data efficiency, accuracy, and trustworthiness. Authorized electronic access is controlled at both the SRE and internal applications levels, and oversight for all ICB Clinical Informatics activities is provided by a multi-department, multi-institution Governance Committee and Advisors, including experts in data security, regulatory compliance, IRB requirements, quality, and research best practices.

Inside the SRE, the Safely Held Electronic Data platform (SHED) provides authorized access to OnCore® and Labmatrix™ and other tools utilized by modern translational research activities. A keystone of the strategy to enhance and unify information management for human subjects research is the enterprise adoption of Oncore, a Clinical Trials Management System developed by Forte Research Systems, Inc. to track all PII for all research and clinical trials subjects. The OnCore database system, using Oracle, is an internet-based solution providing the security, auditability, and process visibility that are essential to the management of clinical trials and human subjects research. We utilize BioFortis, Inc. Labmatrix web-based software application to enter, track and manage 1) human patient registry containing demographic, phenotypic, and other clinical research & treatment information, 2) characterization, biorepository storage locations, physical transfers, and chain of custody information of all collected primary and derivative patient biospecimens, and 3) clinical, molecular, genomic, proteomic and statistical findings. In addition to a browser-based graphical user interface, Labmatrix has multiple system-level interface options that can facilitate the exchange of all appropriate patient and biospecimen data.

The SRE is hosted in a HIPAA-compliant & professionally managed Tier III datacenter with physical and software security technologies, hardware/software failover redundancy, daily backup routines with encrypted and redundant off-site storage. The datacenter is access controlled with 24x7x365 oversight and monitoring, and contains proper power and cooling equipment for high availability. All systems in the SRE are actively monitored and maintained by dedicated and credentialed (security and technology) staff, and data transmissions inside and outside the datacenter are encrypted using SSL public key encryption, with file level encryption technologies utilized when appropriate.