Managing Protected Data

Globus offers a higher assurance level for protected data, including HIPAA compliance for PHI, so subscribers can easily manage this data and share it securely and appropriately with collaborators.

Why Use Globus to Manage Protected Data?

• Provide a secure, intuitive, easy to use tool for management of data such as PHI, PII, and CUI
• Comply with HIPAA regulations, NIST standards, and data use agreements
• Access all your data, including your protected data, via a unified interface
• Help researchers focus on new insights and discoveries, not on compliance and security

Globus supports management of Protected Health Information (PHI) data regulated by the Health Insurance Portability and Accountability Act (HIPAA), Personally Identifiable Information (PII), and Controlled Unclassified Information (CUI).

In addition, organizations have the option to enter into a Business Associate Agreement (BAA) with the University of Chicago for written assurance that Protected Health Information stored by Globus will be appropriately safeguarded.

Key Features for Managing Protected Data:

Authentication and Authorization

• Multi-factor authentication and federated login, with OAuth2 based security
• High assurance policy that requires users to login with credentials from a specific identity provider (instead of a shared or linked identity)
• Re-authentication required by a specific identity from a specific application, after an administrator-configured timeout for continued protected data access
• Authentication and consents tied to a specific instance of the application, ensuring that compromise of one application instance does not enable access to resources from another instance
• Fine-grained authorization for data access and sharing
• Authorization model that requires explicit grant of permissions
• Layered authorization combining local security governed by system administrator with permissions set by the user to control access to protected data

Audit and Logging

• Enhanced stewardship capabilities through detailed audit trails that allow close monitoring of all data access and sharing
• Self-administered access and retention policies of audit logs, with ability to integrate into existing analysis tools
• Management console for real-time audit and controls

Data confidentiality, integrity, and availability

• Enforced encryption to ensure data privacy
• Data integrity verification can be performed after every transfer
• Secure, reliable, compliant operation of Globus services for use in regulated environments