Researchers in the University of Pittsburgh’s Biomedical Informatics department needed to grant multiple outside researchers access to sensitive biomedical data that would speed treatment to patients in need. With Pitt IT, they collaborated with Microsoft cloud solution architects to deploy a secure research enclave in record time using Microsoft Azure. Now, the University has a blueprint for replicating this secure environment, creating broad, secure access to sensitive data from multiple sources. University officials expect this will accelerate clinical trial approvals and access to funding for Pitt’s vast research community.
To this day, Pitt continues its tradition of service-related research by focusing its resources on solving the challenges of the 21st century. Since its founding, research has been a core tenet of the University’s mission. Pitt researchers are credited with eradicating polio, unlocking the secrets of DNA, and leading the world in organ transplants. Today, we are emerging as leaders in creating a COVID-19 vaccine and researching a cure for Alzheimer’s disease. Those are just a few of the many areas, both past and present, where cutting-edge research is not only making a difference but also changing lives.
In summer 2020, Jonathan Silverstein, M.D., Chief Research Informatics Officer at the University’s Schools of Health Sciences, launched an unprecedented research initiative to collect and analyze nationally-critical biomedical health data. He approached Pitt IT with a challenge: spin up a secure research environment that could handle sensitive health information, be accessed by multiple collaborators, and stay sealed against data leaks—all within a four- to six-week period. The technical requirements alone were difficult enough. And the researchers questioned the feasibility of the tight timeline.
Silverstein and his colleagues were accustomed to handling sensitive health data. His department leads multiple high-profile, nationally-funded research studies designed to analyze data on cancer treatment, disease prevention, and advanced medical imaging. Typically, this data had been stored on premises to ensure that proper security protocols were in place and that HIPAA regulations—federally mandated safeguards that ensure patient privacy—were being followed. But this was different: numerous outside investigators would need access and storing data on site was not a realistic solution.
Silverstein and his team connected with Lou Passarello, Pitt IT’s director of operations, along with enterprise architects Brian Pasquini and Jay Graham to collaborate on a solution. This was a unique opportunity for Pitt IT. Meeting Silverstein’s needs would elevate the department’s reputation and enhance their ability to advance the world-renowned research conducted throughout the university. But the deadline was challenging.
Building on Microsoft Azure for secure data access
Graham had a relationship with Microsoft dating back to the 1990s, when the University launched its web infrastructure. Over the years, Pitt IT has progressed through their digital transformation, deploying several Microsoft Azure solutions. To brainstorm the possibilities for the secure data environment, the team engaged with Microsoft Senior Cloud Solution Architects specializing in educational environments.
Initially, Pitt’s Information Security Team was wary about moving sensitive medical data to the cloud, rather than keeping it on premises where the research team could “keep their hands on it.” Nevertheless, Pasquini, Graham, and the Microsoft team moved forward with creating an architecture based on the University’s existing Azure deployments that satisfied the security experts. “From the very first call where we presented the architecture and talked them through it, the whole mood changed,” recalled Microsoft Senior Cloud Solution Architect Clayton Barlow. “They became these hardcore believers.”
Building on existing infrastructure was key to meeting the deadline. The university already had a “really good implementation of Azure Virtual Desktop,” explains Barlow. The team used that as a secure access point for third-party researchers. “It was just fantastic,” continues Barlow, “because it was something they already knew, and it was pretty straightforward.”
Pasquini agrees. “We had a lot of experience launching Azure Virtual Desktop and putting controls around it from when we implemented our Virtual Computing Lab because of COVID,” he notes. “It was also nice,” he continues, “because there wasn't a lot of burden put on our operations team since we were integrating into existing solutions. From a security standpoint, simpler is better.”
Creating a locked-down data enclave in the cloud
From there, the Microsoft team added Azure Logic Apps, Azure Data Factory, Azure Security Center, and Azure Policy. “We actually were very leery about using Data Factory, because we weren’t familiar with it,” recalls Pasquini. “But once our Microsoft colleagues started walking us through it, we realized how easy it was to take advantage of,” he notes. “That allowed us to have a controlled ingress and egress of the data sets into this environment, which was extremely locked down.”
Within the six-week period, Pitt IT had created a secure environment where researchers from multiple organizations could run machine learning models on HIPAA-compliant, research-ready medical data, with no chance of data leakage. The data enclave was up and running even before the team had access to the data. “The Microsoft Azure technology actually beat the data implementation,” Silverstein observed.
“It was refreshing to work with a group that appreciated the needs of both the technologists and the researchers in sort of one brain,” said Silverstein. And despite initial concerns, Azure provided a tighter, more controlled environment than the team’s previous on-premises storage. “It was a flip-flop,” said Pasquini. “We actually have more controls in the cloud, building up this secure enclave in Azure, than we can on-prem.”
Empowering innovative and secure research
The impact extends well beyond the technical requirements of Silverstein’s specific project. From the start, Pasquini wanted to develop a solution that not only supported the Biomedical Informatics team but could also be “productized,” as he describes it “into something that was applicable to a more general audience.” In fact, Pitt IT has continued using Azure Data Factory in other projects, too. “It was kind of neat how this one service that became one of the linchpins for this environment was introduced through this project,” adds Pasquini.
This secure research enclave benefits the entire Biomedical Informatics Department. “Probably the most important thing is that what is inside that enclave is completely flexible,” explains Silverstein. It can handle multiple combinations of sensitive data, computing requirements, and the parties who access the data.
Having a blueprint for creating secure data enclaves will also speed time to research and results university-wide. Now any researcher can fast-track building an environment to accept sensitive data. Having such an enclave in place, with strict data controls and HIPAA compliance, might also help streamline review and approval processes with the University’s Institutional Review Board, which oversees all human subject research.
This innovative project has enhanced Pitt IT’s reputation with other researchers throughout the University. The team is currently collaborating with Microsoft to develop a next-generation high-performance computing model as a showcase for senior leadership in both IT and research departments.
As the world pushes further into digital, Pitt is looking ahead to advance scientific knowledge. As Strategic Research Liaison Sandra Brandon describes it, “We make sure that our faculty and students can engage in research and impact, not only for their departments and their schools, but also for the greater good of the University, our communities, and globally.”