skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: The medical science DMZ: a network design pattern for data-intensive medical science

Abstract

We describe a detailed solution for maintaining high-capacity, data-intensive network flows (eg, 10, 40, 100 Gbps+) in a scientific, medical context while still adhering to security and privacy laws and regulations.High-end networking, packet-filter firewalls, network intrusion-detection systems.We describe a "Medical Science DMZ" concept as an option for secure, high-volume transport of large, sensitive datasets between research institutions over national research networks, and give 3 detailed descriptions of implemented Medical Science DMZs.The exponentially increasing amounts of "omics" data, high-quality imaging, and other rapidly growing clinical datasets have resulted in the rise of biomedical research "Big Data." The storage, analysis, and network resources required to process these data and integrate them into patient diagnoses and treatments have grown to scales that strain the capabilities of academic health centers. Some data are not generated locally and cannot be sustained locally, and shared data repositories such as those provided by the National Library of Medicine, the National Cancer Institute, and international partners such as the European Bioinformatics Institute are rapidly growing. The ability to store and compute using these data must therefore be addressed by a combination of local, national, and industry resources that exchange large datasets. Maintaining data-intensive flows that comply with themore » Health Insurance Portability and Accountability Act (HIPAA) and other regulations presents a new challenge for biomedical research. We describe a strategy that marries performance and security by borrowing from and redefining the concept of a Science DMZ, a framework that is used in physical sciences and engineering research to manage high-capacity data flows.By implementing a Medical Science DMZ architecture, biomedical researchers can leverage the scale provided by high-performance computer and cloud storage facilities and national high-speed research networks while preserving privacy and meeting regulatory requirements.« less

Authors:
 [1];  [2];  [3];  [4];  [5];  [6];  [7];  [8];  [2]
  1. Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States); Univ. of California, Davis, CA (United States). Dept. of computer Science; Corporation for Education Network Initiatives in California (CENIC), Berkeley, CA (United States)
  2. Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States). ESnet
  3. Indiana Univ., Indianapolis, IN (United States). Indiana Clinical and Translational Sciences Inst., Regenstrief Inst.
  4. Indiana Univ., Bloomington, IN (United States). Global Research Network Operations Center
  5. Harvard Univ., Cambridge, MA (United States). Research Computing
  6. Univ. of Chicago, IL (United States). Center for Data Intensive Science
  7. BioTeam, Middleton, MA (United States)
  8. Indiana Univ., Bloomington, IN (United States). Pervasive Technology Inst.
Publication Date:
Research Org.:
Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States)
Sponsoring Org.:
USDOE Office of Science (SC), Advanced Scientific Computing Research (ASCR) (SC-21)
OSTI Identifier:
1415972
DOE Contract Number:
AC02-05CH11231
Resource Type:
Journal Article
Resource Relation:
Journal Name: Journal of the American Medical Informatics Association; Journal Volume: Oct; Journal Issue: 2017
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING; 59 BASIC BIOLOGICAL SCIENCES

Citation Formats

Peisert, Sean, Dart, Eli, Barnett, William, Balas, Edward, Cuff, James, Grossman, Robert L., Berman, Ari, Shankar, Anurag, and Tierney, Brian. The medical science DMZ: a network design pattern for data-intensive medical science. United States: N. p., 2017. Web. doi:10.1093/jamia/ocx104.
Peisert, Sean, Dart, Eli, Barnett, William, Balas, Edward, Cuff, James, Grossman, Robert L., Berman, Ari, Shankar, Anurag, & Tierney, Brian. The medical science DMZ: a network design pattern for data-intensive medical science. United States. doi:10.1093/jamia/ocx104.
Peisert, Sean, Dart, Eli, Barnett, William, Balas, Edward, Cuff, James, Grossman, Robert L., Berman, Ari, Shankar, Anurag, and Tierney, Brian. Fri . "The medical science DMZ: a network design pattern for data-intensive medical science". United States. doi:10.1093/jamia/ocx104. https://www.osti.gov/servlets/purl/1415972.
@article{osti_1415972,
title = {The medical science DMZ: a network design pattern for data-intensive medical science},
author = {Peisert, Sean and Dart, Eli and Barnett, William and Balas, Edward and Cuff, James and Grossman, Robert L. and Berman, Ari and Shankar, Anurag and Tierney, Brian},
abstractNote = {We describe a detailed solution for maintaining high-capacity, data-intensive network flows (eg, 10, 40, 100 Gbps+) in a scientific, medical context while still adhering to security and privacy laws and regulations.High-end networking, packet-filter firewalls, network intrusion-detection systems.We describe a "Medical Science DMZ" concept as an option for secure, high-volume transport of large, sensitive datasets between research institutions over national research networks, and give 3 detailed descriptions of implemented Medical Science DMZs.The exponentially increasing amounts of "omics" data, high-quality imaging, and other rapidly growing clinical datasets have resulted in the rise of biomedical research "Big Data." The storage, analysis, and network resources required to process these data and integrate them into patient diagnoses and treatments have grown to scales that strain the capabilities of academic health centers. Some data are not generated locally and cannot be sustained locally, and shared data repositories such as those provided by the National Library of Medicine, the National Cancer Institute, and international partners such as the European Bioinformatics Institute are rapidly growing. The ability to store and compute using these data must therefore be addressed by a combination of local, national, and industry resources that exchange large datasets. Maintaining data-intensive flows that comply with the Health Insurance Portability and Accountability Act (HIPAA) and other regulations presents a new challenge for biomedical research. We describe a strategy that marries performance and security by borrowing from and redefining the concept of a Science DMZ, a framework that is used in physical sciences and engineering research to manage high-capacity data flows.By implementing a Medical Science DMZ architecture, biomedical researchers can leverage the scale provided by high-performance computer and cloud storage facilities and national high-speed research networks while preserving privacy and meeting regulatory requirements.},
doi = {10.1093/jamia/ocx104},
journal = {Journal of the American Medical Informatics Association},
number = 2017,
volume = Oct,
place = {United States},
year = {Fri Oct 06 00:00:00 EDT 2017},
month = {Fri Oct 06 00:00:00 EDT 2017}
}