Globus offers higher assurance levels for protected data, so subscribers can easily manage this data and share it securely and appropriately with collaborators.

Globus supports protected data e.g. HIPAA

Need to manage HIPAA-regulated data? Working with PII or CUI? No problem. Globus supports management of Protected Health Information (PHI) including data regulated by the Health Insurance Portability and Accountability Act (HIPAA), Personally Identifiable Information (PII), and Controlled Unclassified Information (CUI).

With higher assurance levels for managing restricted data, researchers can easily work with this data and share it securely and appropriately with collaborators, while meeting compliance requirements.

In addition, organizations have the option to enter into a Business Associate Agreement (BAA) with the University of Chicago, for written assurance that the data will be appropriately safeguarded by Globus in environments governed by HIPAA.

Why Use Globus to Manage Protected Data?

  • ​Provide an intuitive, easy to use tool for management of data such as PHI, PII, and CUI
  • Comply with HIPAA and NIST standards
  • Access protected and other research data via a unified interface
  • Safeguard the data that researchers use and ensure requirements from data use agreements are met
  • Help researchers focus on new insights and discoveries, not on compliance and security
  • Leverage enhanced data management capabilities for protected data at a lower cost than other offerings

Key Features for Managing Protected Data:

Authentication

  • Multi-factor authentication and federated login, with OAuth2 based security
  • High assurance policy that requires users to login with credentials from a specific identity provider (instead of a shared or linked identity)
  • Re-authentication required after an administrator-configured timeout for continued protected data access
  • Authentication and consents are tied to a specific instance of the application, ensuring that compromise of one application instance does not enable access to resources from another instance

Authorization

  • Fine-grained authorization for data access and sharing
  • Authorization model that requires explicit grant of permissions
  • Layered authorization combining local security governed by system administrator with permissions set by the user to control access to protected data.

Audit

  • Enhanced stewardship capabilities through detailed audit trails that allow close monitoring of all data access and sharing
  • Self-administered access and retention policies of audit logs, with ability to integrate into existing analysis tools

Data confidentiality, integrity, and availability

  • Enforced encryption to ensure data privacy
  • Data integrity verification can be performed after every transfer
  • Secure, reliable, compliant operation of Globus services for use in regulated environments

Request pricing information

Access product documentation

Get Started

Learn about subscription tiers or request pricing details for protected data.

What's New

GlobusWorld Program Announced: Speakers include NIH, NCSA, ORNL, LRZ, NCAR, ESnet and many more!

Ian Foster Wins Babbage Award: Read the announcement

Globus Auth Blog: XSEDE uses Auth for their Web SSO

Protected Data Webinar: Live Q&A with Head of Products Rachana Ananthakrishnan

"Using Globus to manage protected data solves an urgent need for my research and for the biomedical research community across the world."

Jonathan C. Silverstein
Chief Research Informatics Officer, University of Pittsburgh School of Medicine

Read full testimonial in the press release.

Resources

Protected Data Press Release: Globus now supports HIPAA and other data requiring higher security assurance

Protected Data Blog: Who benefits, and what's different?

Protected Data Documentation: Get details on the new release

Pricing Inquiry: Request details on Globus High Assurance and BAA tiers