1 experiences and lessons learned from past grid projects chuck kesler [email protected] november...
TRANSCRIPT
11
Experiences and Lessons LearnedExperiences and Lessons Learnedfrom Past Grid Projectsfrom Past Grid Projects
Chuck KeslerChuck Kesler
[email protected]@mcnc.orgNovember 2004November 2004
22
AgendaAgenda
Experience from the NC BioGridExperience from the NC BioGrid
What we learned; what can be done betterWhat we learned; what can be done better Business environmentBusiness environment Technical environmentTechnical environment Cultural environmentCultural environment Regulatory environmentRegulatory environment
33
The NC BioGrid PartnershipThe NC BioGrid Partnership
NC Biotech CenterNC Biotech Center Provided the catalyst through the Provided the catalyst through the
NC Genomics & Bioinformatics NC Genomics & Bioinformatics ConsortiumConsortium
MCNCMCNC Provided the funding and Provided the funding and
dedicated staffdedicated staff
SunSun Donated infrastructure hardwareDonated infrastructure hardware Established Sun Center of Established Sun Center of
Excellence in BioinformaticsExcellence in Bioinformatics
IBMIBM Donated human capital Donated human capital
(application developers)(application developers)
Triangle UniversitiesTriangle Universities Focal point for the collaborationFocal point for the collaboration Brought early adopters to the tableBrought early adopters to the table Created collaborative working Created collaborative working
groupsgroups
44
NC BioGrid AccomplishmentsNC BioGrid AccomplishmentsIn the Summer of 2002, installed a In the Summer of 2002, installed a dedicated testbed for evaluating grid dedicated testbed for evaluating grid middleware and developing grid middleware and developing grid applications for bioinformaticsapplications for bioinformatics
Testbed spanned multiple administrative Testbed spanned multiple administrative domains with systems located at MCNC, domains with systems located at MCNC, NC State, UNC-CH & Duke, and included NC State, UNC-CH & Duke, and included representative heterogenity of hardware representative heterogenity of hardware and OS platforms found at those sitesand OS platforms found at those sites
Employed “best of breed” approach to Employed “best of breed” approach to grid middleware deploymentgrid middleware deployment
Working groups met up to twice a month Working groups met up to twice a month during 2002-2003during 2002-2003
Created several pilot applications using Created several pilot applications using the testbedthe testbed
55
Job SchedulingJob Scheduling Platform LSFPlatform LSF Sun Grid EngineSun Grid Engine
User PortalUser Portal CHEF / OGCECHEF / OGCE MyProxyMyProxy
Grid Middleware:Grid Middleware:Best-of-Breed ApproachBest-of-Breed Approach
Compute GridCompute Grid Globus V2 (NMI)Globus V2 (NMI) Avaki V2Avaki V2
Data GridData Grid Avaki Data Grid V4Avaki Data Grid V4 GridFTP (Globus)GridFTP (Globus)
66
Data GridData Grid
Avaki 4.0 Data GridAvaki 4.0 Data Grid Federation of data providers across the WANFederation of data providers across the WAN
Provides a global name space for user home directories, Provides a global name space for user home directories, shared project spaces, databases, and applicationsshared project spaces, databases, and applicationsAbility to have results from canned SQL queries show up Ability to have results from canned SQL queries show up as files in the global name spaceas files in the global name space
Variety of access methodsVariety of access methodsWeb-based user interfaceWeb-based user interfaceNFS and CIFS through local “data grid access servers” to NFS and CIFS through local “data grid access servers” to provide access at the native OS levelprovide access at the native OS level
Simple deploymentSimple deploymentNo kernel mods requiredNo kernel mods requiredEach site can run a “share server” to distribute their local Each site can run a “share server” to distribute their local home and project directories to the gridhome and project directories to the gridWeb-based management interface Web-based management interface
77
Compute GridCompute Grid
Globus Toolkit –global gridGlobus Toolkit –global grid NSF Middleware Initiative (NMI) V2 (Globus NSF Middleware Initiative (NMI) V2 (Globus
2.4.3)2.4.3)Provides “gatekeeper” functionality for submitting Provides “gatekeeper” functionality for submitting jobs through to the local cluster managerjobs through to the local cluster managerProvides GridFTP support for file transferProvides GridFTP support for file transferProvides MDS to track grid resource characteristicsProvides MDS to track grid resource characteristicsPlanned migration to Globus 3.2Planned migration to Globus 3.2
MCNC provides infrastructure servicesMCNC provides infrastructure servicesCertificate Authority (initially based on the Globus Certificate Authority (initially based on the Globus SimpleCA)SimpleCA)GIIS (master resource directory for the grid)GIIS (master resource directory for the grid)
88
BioGrid Web PortalBioGrid Web Portal
CHEF/OGCE – a grid portal frameworkCHEF/OGCE – a grid portal framework Implements web-based interfaces for Implements web-based interfaces for
managing job submissions, file access, and managing job submissions, file access, and online meetingsonline meetings
Originally developed as a distance learning toolOriginally developed as a distance learning tool
MyProxy – security credential MyProxy – security credential repositoryrepository Provides the portal with a mechanism for Provides the portal with a mechanism for
accessing and using Globus security accessing and using Globus security credentialscredentials
1010
NC BioGrid Proof of Concept NC BioGrid Proof of Concept ApplicationsApplications
Parameter Space Study with BLASTParameter Space Study with BLAST BLAST compares a target gene sequence against a BLAST compares a target gene sequence against a
known genome to find similaritiesknown genome to find similarities Grid BLAST distributed 1,000+ target sequences across Grid BLAST distributed 1,000+ target sequences across
the grid for comparisonthe grid for comparison
IBM Extreme Blue ProjectIBM Extreme Blue Project Built a grid interface to BioPerl libraries Built a grid interface to BioPerl libraries
UNC-CH/IBM QSAR ApplicationUNC-CH/IBM QSAR Application Grid-enabled version of a drug compound screening Grid-enabled version of a drug compound screening
applicationapplication Finds compounds that have promising biological activity Finds compounds that have promising biological activity
characteristics that should receive further researchcharacteristics that should receive further research
The MCNC Enterprise GridThe MCNC Enterprise Grid 128-CPU cluster and 32-CPU Linux SMP environment 128-CPU cluster and 32-CPU Linux SMP environment
with Globus interfacewith Globus interface
1111
32-CPU SGI AltixLinux SMP Server
128-CPU IBM LinuxCluster (64 nodes)
8-TB Storage
LSF Master Job Scheduler
Grid Gatekeeper / Interactive Nodes
Global Grid Resource DB
(GIIS)
Users
Campus Grids
The MCNC Enterprise GridThe MCNC Enterprise Grid
AvakiDataGrid
Data G
rid A
ccess Servers
(8 total, i.e. 1 p
er 8 no
des)
1212
What did we learn?What did we learn?What do we do better next time?What do we do better next time?
1313
Critical Success FactorsCritical Success Factors
Technical EnvironmentTechnical Environment Insure the technology fits the problemInsure the technology fits the problem
Cultural EnvironmentCultural Environment Satisfy the disparate needs of stakeholdersSatisfy the disparate needs of stakeholders
Business EnvironmentBusiness Environment Create transforming competitive advantagesCreate transforming competitive advantages
Regulatory EnvironmentRegulatory Environment Adhere to government or industry regulationsAdhere to government or industry regulations
1414
Today’s Discussion...Today’s Discussion...
Technical EnvironmentTechnical Environment Insure the technology fits the problemInsure the technology fits the problem
Cultural EnvironmentCultural Environment Satisfy the disparate needs of stakeholdersSatisfy the disparate needs of stakeholders
Business EnvironmentBusiness Environment Create transforming competitive advantagesCreate transforming competitive advantages
Regulatory EnvironmentRegulatory Environment Adhere to government or industry regulationsAdhere to government or industry regulations
1515
The Business Environment:The Business Environment:Using Grids for Competitive Using Grids for Competitive
AdvantageAdvantage
1616
Transforming the Business Transforming the Business EnvironmentEnvironment
Two Possible Competitive Advantages Two Possible Competitive Advantages from Gridsfrom Grids Virtual OrganizationsVirtual Organizations Knowledge ManagementKnowledge Management
1717
CAPABILITIESCAPABILITIES
““VIRN” Test for Competitive VIRN” Test for Competitive AdvantagesAdvantages
SustainableSustainableCompetitiveCompetitiveAdvantageAdvantage
KnowledgeKnowledge
VVALUABLEALUABLEExploits opportunities,Exploits opportunities,
Neutralizes threatsNeutralizes threats
RRAREAREPossessed by fewPossessed by few
DIFFICULT TO DIFFICULT TO IIMITATEMITATECausally ambiguousCausally ambiguousor socially complexor socially complex
NNON-SUBSTITUTABLEON-SUBSTITUTABLENo strategic equivalentsNo strategic equivalents
CultureCulture
InfrastructureInfrastructure
RESOURCESRESOURCES ADVANTAGESADVANTAGES
1818
CAPABILITIESCAPABILITIES
Knowledge ManagementKnowledge Management
KnowledgeKnowledge
CultureCulture
InfrastructureInfrastructure
RESOURCESRESOURCES ADVANTAGESADVANTAGES
Grids help firms Grids help firms analyze massive analyze massive amounts of data amounts of data more quickly and more quickly and cost effectively, cost effectively,
leading to a better leading to a better insight into the insight into the marketplace, marketplace, keeping the keeping the
product pipeline product pipeline full, and lower full, and lower
development costsdevelopment costs
VVALUABLEALUABLEExploits opportunities,Exploits opportunities,
Neutralizes threatsNeutralizes threats
RRAREAREPossessed by fewPossessed by few
DIFFICULT TO DIFFICULT TO IIMITATEMITATECausally ambiguousCausally ambiguousor socially complexor socially complex
NNON-SUBSTITUTABLEON-SUBSTITUTABLENo strategic equivalentsNo strategic equivalents
1919
Haeckel’s Hierarchy ofHaeckel’s Hierarchy ofOrganizational KnowledgeOrganizational Knowledge
DATADATA
INFORMATIONINFORMATION
INTELLIGENCEINTELLIGENCE
KNOWLEDGEKNOWLEDGE
WISDOMWISDOM
Data + Context =Data + Context =
Information + Inference =Information + Inference =
Intelligence + Certitude =Intelligence + Certitude =
Knowledge + Synthesis =Knowledge + Synthesis =
SustainableSustainableCompetitiveCompetitiveAdvantageAdvantage
Source: http://www-1.ibm.com/ibm/palisades/ assets/pdf/Knowledge_Dev.pdf
2020
Leveraging Data forLeveraging Data forCompetitive AdvantageCompetitive Advantage
DATADATA
INFORMATIONINFORMATION
INTELLIGENCEINTELLIGENCE
KNOWLEDGEKNOWLEDGE
WISDOMWISDOM
Data + Context =Data + Context =
Information + Inference =Information + Inference =
Intelligence + Certitude =Intelligence + Certitude =
Knowledge + Synthesis =Knowledge + Synthesis =
ITIT
HumansHumans
The Information Age...The Information Age...
2121
Leveraging Data forLeveraging Data forCompetitive AdvantageCompetitive Advantage
DATADATA
INFORMATIONINFORMATION
INTELLIGENCEINTELLIGENCE
KNOWLEDGEKNOWLEDGE
WISDOMWISDOM
Data + Context =Data + Context =
Information + Inference =Information + Inference =
Intelligence + Certitude =Intelligence + Certitude =
Knowledge + Synthesis =Knowledge + Synthesis =
ITIT
HumansHumans
The Information Age...The Information Age...
Context created through Context created through classification of data, classification of data,
sorting, statistics, etc...sorting, statistics, etc...
2222
Leveraging Data forLeveraging Data forCompetitive AdvantageCompetitive Advantage
DATADATA
INFORMATIONINFORMATION
INTELLIGENCEINTELLIGENCE
KNOWLEDGEKNOWLEDGE
WISDOMWISDOM
Data + Context =Data + Context =
Information + Inference =Information + Inference =
Intelligence + Certitude =Intelligence + Certitude =
Knowledge + Synthesis =Knowledge + Synthesis =
ITIT
HumansHumans
The Internet Age...The Internet Age...
2323
Leveraging Data forLeveraging Data forCompetitive AdvantageCompetitive Advantage
DATADATA
INFORMATIONINFORMATION
INTELLIGENCEINTELLIGENCE
KNOWLEDGEKNOWLEDGE
WISDOMWISDOM
Data + Context =Data + Context =
Information + Inference =Information + Inference =
Intelligence + Certitude =Intelligence + Certitude =
Knowledge + Synthesis =Knowledge + Synthesis =
ITIT
HumansHumans
The Internet Age...The Internet Age...
Inference enabled by Inference enabled by the network, which the network, which
allows the federation of allows the federation of data and workflowsdata and workflows
2424
Leveraging Data forLeveraging Data forCompetitive AdvantageCompetitive Advantage
DATADATA
INFORMATIONINFORMATION
INTELLIGENCEINTELLIGENCE
KNOWLEDGEKNOWLEDGE
WISDOMWISDOM
Data + Context =Data + Context =
Information + Inference =Information + Inference =
Intelligence + Certitude =Intelligence + Certitude =
Knowledge + Synthesis =Knowledge + Synthesis =
ITIT
HumansHumans
The Grid Age...The Grid Age...
2525
Leveraging Data forLeveraging Data forCompetitive AdvantageCompetitive Advantage
DATADATA
INFORMATIONINFORMATION
INTELLIGENCEINTELLIGENCE
KNOWLEDGEKNOWLEDGE
WISDOMWISDOM
Data + Context =Data + Context =
Information + Inference =Information + Inference =
Intelligence + Certitude =Intelligence + Certitude =
Knowledge + Synthesis =Knowledge + Synthesis =
ITIT
HumansHumans
The Grid Age...The Grid Age...Grids enable deep analysis Grids enable deep analysis through easy aggregation through easy aggregation
of people, data, and of people, data, and computing resourcescomputing resources
2626
CAPABILITIESCAPABILITIES
Virtual OrganizationsVirtual Organizations
KnowledgeKnowledge
CultureCulture
InfrastructureInfrastructure
RESOURCESRESOURCES ADVANTAGESADVANTAGES
Enables flexible Enables flexible workforces to be workforces to be built just-in-time, built just-in-time,
using the best using the best resources, resources,
wherever they wherever they physically are physically are
located; this allows located; this allows companies to focus companies to focus their own staffing their own staffing
on their on their organizational core organizational core
competenciescompetencies
VVALUABLEALUABLEExploits opportunities,Exploits opportunities,
Neutralizes threatsNeutralizes threats
RRAREAREPossessed by fewPossessed by few
DIFFICULT TO DIFFICULT TO IIMITATEMITATECausally ambiguousCausally ambiguousor socially complexor socially complex
NNON-SUBSTITUTABLEON-SUBSTITUTABLENo strategic equivalentsNo strategic equivalents
2727
In a traditional workforce, the In a traditional workforce, the worker must serve the system;worker must serve the system;
In a knowledge workforce, the In a knowledge workforce, the system must serve the worker.system must serve the worker.
Peter Drucker,Peter Drucker,
Managing in the Next SocietyManaging in the Next Society
(2002)(2002)
2828
The Regulatory Environment:The Regulatory Environment:Understanding the impact of Understanding the impact of
industry regulationsindustry regulations
2929
Service ProvidersService Providers
SustainableSustainableCompetitiveCompetitiveAdvantageAdvantage
TECHNICALTECHNICAL
CULTURALCULTURAL
BUSINESSBUSINESS
LEGAL &LEGAL ®ULATORYREGULATORY
How can a grid resource How can a grid resource provider protect themselves provider protect themselves against illegal activities that against illegal activities that
their users may perform, their users may perform, particularly if those users may particularly if those users may
“belong” to another “belong” to another organization?organization?
3030
DMCADMCABackgroundBackground
Attempts to bring copyright law into the Attempts to bring copyright law into the Internet AgeInternet Age
In “traditional” copyright law, the copyright owner is In “traditional” copyright law, the copyright owner is granted exclusive rights to reproduce, display, perform, granted exclusive rights to reproduce, display, perform, transmit, or otherwise distribute the work, as well the transmit, or otherwise distribute the work, as well the rights to prepare derivative works rights to prepare derivative works
ISP’s, search engines, and web sites can easily infringe ISP’s, search engines, and web sites can easily infringe upon traditional copyright protectionsupon traditional copyright protections
Case in point: Google caching web pages that it has Case in point: Google caching web pages that it has indexed, and allowing them to be re-displayed to users indexed, and allowing them to be re-displayed to users violateviolate
Another case in point: The ISP whose users use the ISP’s Another case in point: The ISP whose users use the ISP’s infrastructure to illegally re-distribute copyrighted infrastructure to illegally re-distribute copyrighted material could be held liable for contributing to the material could be held liable for contributing to the infringing activitiesinfringing activities
3131
DMCADMCAProvisionsProvisions
Two primary considerations (for our Two primary considerations (for our purposes, at least)purposes, at least) Provisions that restrict, except under certain Provisions that restrict, except under certain
fair use conditions, circumvention of anti-fair use conditions, circumvention of anti-copying and access control mechanisms (Titles copying and access control mechanisms (Titles I and II); and,I and II); and,
““Safe harbors” that provide a means for online Safe harbors” that provide a means for online service providers to indemnify themselves service providers to indemnify themselves from the actions of their users (Title II).from the actions of their users (Title II).
3232
DMCADMCASafe HarborsSafe Harbors
Under certain conditions, service providers Under certain conditions, service providers can be held harmless for the following:can be held harmless for the following:
Transitory communications, such as when data is being Transitory communications, such as when data is being transferred between systems in the grid;transferred between systems in the grid;
System caching, such as when transient data is System caching, such as when transient data is temporarily stored on a grid system to prevent it from temporarily stored on a grid system to prevent it from having to be re-transmitted across the network;having to be re-transmitted across the network;
Storage of information on grid systems at the direction Storage of information on grid systems at the direction of users; and,of users; and,
Information location tools, such as registries that keep Information location tools, such as registries that keep track of data and resources on the grid.track of data and resources on the grid.
3333
DMCADMCAService Provider QualificationsService Provider Qualifications
A service provider must meet the following A service provider must meet the following tests to qualify for the safe harbors:tests to qualify for the safe harbors:
Establish and reasonably implement a policy of Establish and reasonably implement a policy of removing or disabling the distribution of infringing removing or disabling the distribution of infringing content upon notification of infringement by copyright content upon notification of infringement by copyright holders, and terminating in appropriate circumstances holders, and terminating in appropriate circumstances the accounts of grid user who are repeat infringers; and,the accounts of grid user who are repeat infringers; and,
Accommodate and not interfere with “standard technical Accommodate and not interfere with “standard technical measures” that copyright owners use to identify or measures” that copyright owners use to identify or protect copyrighted works. protect copyrighted works.
Must not have prior knowledge that the grid user was Must not have prior knowledge that the grid user was infringing copyrightsinfringing copyrights
3434
PharmaceuticalsPharmaceuticals
SustainableSustainableCompetitiveCompetitiveAdvantageAdvantage
TECHNICALTECHNICAL
CULTURALCULTURAL
BUSINESSBUSINESS
LEGAL &LEGAL ®ULATORYREGULATORY
21 CFR Part 11: How can the 21 CFR Part 11: How can the FDA insure that pharmas FDA insure that pharmas are properly protecting are properly protecting
electronic records electronic records associated with new drug associated with new drug
applications?applications?
3535
21 CFR Part 1121 CFR Part 11BackgroundBackground
Applies to the pharmaceutical Applies to the pharmaceutical industryindustry Currently, only required in development, Currently, only required in development,
clinical trials, and manufacturingclinical trials, and manufacturing Does not currently apply to drug discovery, but Does not currently apply to drug discovery, but
may apply in the futuremay apply in the futureSee Vioxx, Baycol, etc...See Vioxx, Baycol, etc...
3636
21 CFR Part 1121 CFR Part 11PurposePurpose
Define a framework in which Define a framework in which pharmaceutical companies can make pharmaceutical companies can make submissions to the FDA with submissions to the FDA with electronic records without electronic records without compromising public healthcompromising public health Before this, massive amounts of hardcopy Before this, massive amounts of hardcopy
paperwork had been required to submit New paperwork had been required to submit New Drug Applications (NDA) to the FDADrug Applications (NDA) to the FDA
21 CFR Part 11 allowed companies to increase 21 CFR Part 11 allowed companies to increase the efficiency of the submission process by the efficiency of the submission process by reducing time to market and costs. reducing time to market and costs.
3737
21 CFR Part 1121 CFR Part 11Applicable RegulationsApplicable Regulations
Section 11.10(a) – Validation of systems to insure accuracy, Section 11.10(a) – Validation of systems to insure accuracy, reliability, consistency of intended performance, and the ability to reliability, consistency of intended performance, and the ability to detect invalid or altered records; detect invalid or altered records;
Section 11.10(b) – Generation of accurate and complete copies of Section 11.10(b) – Generation of accurate and complete copies of records in both human readable and electronic form, suitable for records in both human readable and electronic form, suitable for inspection and copying;inspection and copying;
Section 11.10(c) – Employment of procedures and controls that Section 11.10(c) – Employment of procedures and controls that insure the authenticity, integrity, and confidentiality of electronic insure the authenticity, integrity, and confidentiality of electronic records, including digital signatures that cannot be repudiated records, including digital signatures that cannot be repudiated and protection of electronic records that enables their accurate and protection of electronic records that enables their accurate and timely retrieval during the required retention period;and timely retrieval during the required retention period;
Section 11.10(d) – Limiting system access to authorized Section 11.10(d) – Limiting system access to authorized individuals; andindividuals; and
Section 11.10(e) – Creation of secure, computer-generated, time-Section 11.10(e) – Creation of secure, computer-generated, time-stamped audit trails that are kept as long as the subject electronic stamped audit trails that are kept as long as the subject electronic records are stored.records are stored.
3838
21 CFR Part 1121 CFR Part 11RequirementsRequirements
System validationSystem validation Documentation of system hardware, OS and Documentation of system hardware, OS and
application setup and modifications so that application setup and modifications so that computational results can be recreated at a computational results can be recreated at a future date if necessaryfuture date if necessary
All grid participants must commit to standard All grid participants must commit to standard operational practices insure systems are operational practices insure systems are validatedvalidated
3939
21 CFR Part 1121 CFR Part 11RequirementsRequirements
Authentication and non-repudiationAuthentication and non-repudiation Users must be uniquely identifiedUsers must be uniquely identified Data and programs should be digitally signedData and programs should be digitally signed In a grid, all participants must agree upon a In a grid, all participants must agree upon a
Certificate Authority that implements a Certificate Authority that implements a mutually acceptable Certification Practice mutually acceptable Certification Practice StatementStatement
4040
21 CFR Part 1121 CFR Part 11RequirementsRequirements
Authorization and access controlAuthorization and access control Least privilege access model should be Least privilege access model should be
employedemployed Grid must translate between global identity Grid must translate between global identity
and local identity, mapping access rights and local identity, mapping access rights appropriatelyappropriately
4141
21 CFR Part 1121 CFR Part 11RequirementsRequirements
Audit trailsAudit trails Must track transactions across all nodes in the Must track transactions across all nodes in the
gridgrid Requires combining accounting records from Requires combining accounting records from
across the gridacross the gridDifficulty increases with heterogeneityDifficulty increases with heterogeneity
Timestamps must be consist to insure an Timestamps must be consist to insure an accurate representation of activitiesaccurate representation of activities
4242
Public CompaniesPublic Companies
SustainableSustainableCompetitiveCompetitiveAdvantageAdvantage
TECHNICALTECHNICAL
CULTURALCULTURAL
BUSINESSBUSINESS
LEGAL &LEGAL ®ULATORYREGULATORY
SOX: If a grid is used to SOX: If a grid is used to process financial info process financial info that is material to the that is material to the
performance of the firm, performance of the firm, how can the results be how can the results be
verified?verified?
4343
Sarbanes-Oxley (SOX) ActSarbanes-Oxley (SOX) ActBackground and PurposeBackground and Purpose
Instituted in response to corporate Instituted in response to corporate scandals to make corporate officers scandals to make corporate officers and board members accountable for and board members accountable for financial reportingfinancial reporting Applies to all public companiesApplies to all public companies
4444
Sarbanes-Oxley (SOX) ActSarbanes-Oxley (SOX) ActRequirementsRequirements
Section 404 defines the need for IT Section 404 defines the need for IT controlscontrols Must insure the integrity, authenticity, and Must insure the integrity, authenticity, and
non-repudiation of information concerning non-repudiation of information concerning assets and transactionsassets and transactions
Requirements are similar to those seen for 21 Requirements are similar to those seen for 21 CFR Part 11, so it similar solutions may be CFR Part 11, so it similar solutions may be employedemployed
4545
HealthcareHealthcare
SustainableSustainableCompetitiveCompetitiveAdvantageAdvantage
TECHNICALTECHNICAL
CULTURALCULTURAL
BUSINESSBUSINESS
LEGAL &LEGAL ®ULATORYREGULATORY
HIPAA: How can the privacy of HIPAA: How can the privacy of individuals be protected if individuals be protected if
data that identifies patients is data that identifies patients is used on a grid that includes used on a grid that includes
external resources?external resources?
4646
HIPAAHIPAABackground and PurposeBackground and Purpose
Applies to the healthcare industryApplies to the healthcare industry Therapeutic and research areas, basically Therapeutic and research areas, basically
wherever there are patient recordswherever there are patient records Overseen by DHHSOverseen by DHHS
Two TitlesTwo Titles Title I – Requires insurance portability (not Title I – Requires insurance portability (not
applicable to our discussion)applicable to our discussion) Title II – Administrative simplificationTitle II – Administrative simplification
4747
HIPAAHIPAATitle II PurposeTitle II Purpose
To protect and enhance the rights of consumers by To protect and enhance the rights of consumers by providing them access to their health information providing them access to their health information and controlling the inappropriate use of that and controlling the inappropriate use of that information;information;
To improve the quality of health care in the U.S. by To improve the quality of health care in the U.S. by restoring trust in the health care system among restoring trust in the health care system among consumers, health care professionals, and the consumers, health care professionals, and the multitude of organizations and individuals multitude of organizations and individuals committed to the delivery of care; andcommitted to the delivery of care; and
To improve the efficiency and effectiveness of health To improve the efficiency and effectiveness of health care delivery by creating a national framework for care delivery by creating a national framework for health privacy protection that builds on efforts by health privacy protection that builds on efforts by states, health systems, and individual organizations states, health systems, and individual organizations and individuals.and individuals.
4848
HIPAAHIPAATitle II StrategyTitle II Strategy
Protection of privacy;Protection of privacy;
Protection of security; and,Protection of security; and,
Standardization of electronic data Standardization of electronic data interchange (EDI) in health care interchange (EDI) in health care transactions.transactions.
4949
HIPAAHIPAATitle II Privacy RequirementsTitle II Privacy Requirements
Protect patient identifiable Protect patient identifiable informationinformation Information can be “de-identified” or sanitizedInformation can be “de-identified” or sanitized Process of sharing information has to approved Process of sharing information has to approved
by an Institutional Review Board (IRB)by an Institutional Review Board (IRB) In a grid, each organization likely has its own In a grid, each organization likely has its own
IRB, and each IRB is free to interpret HIPAA IRB, and each IRB is free to interpret HIPAA rules as strictly as they see fitrules as strictly as they see fit
Grid participants should coordinate their Grid participants should coordinate their approaches to their IRBs as much as possible approaches to their IRBs as much as possible (see BIRN project)(see BIRN project)
5050
Financial ServicesFinancial Services
SustainableSustainableCompetitiveCompetitiveAdvantageAdvantage
TECHNICALTECHNICAL
CULTURALCULTURAL
BUSINESSBUSINESS
LEGAL &LEGAL ®ULATORYREGULATORY
GLB: How can individual GLB: How can individual financial records be protected, financial records be protected,
if a financial services uses a if a financial services uses a grid for portfolio analysis grid for portfolio analysis
(basically a parameter space (basically a parameter space study problem)? study problem)?
5151
Gramm-Leach-Bliley ActGramm-Leach-Bliley ActBackground and PurposeBackground and Purpose
A.K.A. Financial Modernization ActA.K.A. Financial Modernization Act Provides a framework for using electronic Provides a framework for using electronic
records in the financial industryrecords in the financial industry Overseen by the FTCOverseen by the FTC
Two Primary RegulationsTwo Primary Regulations Financial Privacy RuleFinancial Privacy Rule Safeguards RuleSafeguards Rule Again, parallels can be drawn to HIPAA, etc...Again, parallels can be drawn to HIPAA, etc...
5252
Questions or Comments?Questions or Comments?
Please feel free to contact me:Please feel free to contact me:
Chuck KeslerChuck Kesler
Director, Grid & Data Center ServicesDirector, Grid & Data Center ServicesMCNCMCNC
[email protected]@mcnc.org