Trace Id is missing
July 08, 2021

University of Pittsburgh innovates in biomedical research by securing data in the cloud

Researchers in the University of Pittsburgh’s Department of Biomedical Informatics needed to grant multiple outside researchers access to sensitive biomedical data that would speed treatment to patients in need. They collaborated with Microsoft cloud solution architects through Pitt Information Technology, the university’s central IT department, to deploy a secure research enclave in record time using Microsoft Azure. Now, the university has a blueprint for replicating this secure environment, creating broad, secure access to sensitive data from multiple sources. University officials expect this will accelerate clinical trial approvals and access to funding for Pitt’s vast research community.

University of Pittsburgh

To this day, “Pitt” (as those connected to the University affectionately call it) continues its tradition of service-related research by focusing its resources on solving the challenges of the 21st century. Since its founding, research has been a core tenet of the university’s mission. Pitt researchers are credited with eradicating polio, unlocking the secrets of DNA, and leading the world in organ transplants. Today, they are emerging as leaders in creating a COVID-19 vaccine and researching a cure for Alzheimer’s disease. Those are just a few of the many areas, both past and present, where their cutting-edge research is not only making a difference but also changing lives.

In summer 2020, Jonathan Silverstein, M.D., Chief Research Informatics Officer at the University’s Schools of Health Sciences, launched an unprecedented research initiative to collect and analyze nationally-critical biomedical health data. He approached Pitt IT with a challenge: spin up a secure research environment that could handle sensitive health information, be accessed by multiple collaborators, and stay sealed against data leaks—all within a four- to six-week period. The technical requirements alone were difficult enough. And the researchers questioned the feasibility of the tight timeline.

Silverstein and his colleagues were accustomed to handling sensitive health data. The Department of Biomedical Informatics leads multiple high-profile, nationally-funded research studies designed to analyze data on cancer treatment, disease prevention, and advanced medical imaging. Typically, this data had been stored on premises to ensure that proper security protocols were in place and that HIPAA regulations—federally mandated safeguards that ensure patient privacy—were being followed. But this was different: numerous outside investigators would need access and storing data on site was not a realistic solution.

Silverstein and his team connected with Lou Passarello, Pitt IT’s Director of Operations, along with Enterprise Architects Brian Pasquini and Jay Graham to collaborate on a solution. This was a rare opportunity for Pitt IT. If they could deliver, they knew it would elevate their reputation and enhance their ability to advance the world-renowned research conducted throughout the university. But the deadline was challenging.

Building on Microsoft Azure for secure data access

Graham had a relationship with Microsoft dating back to the 1990s, when the university launched its web infrastructure. Over the years, Pitt IT has progressed through their digital transformation, deploying several Microsoft Azure solutions. To brainstorm the possibilities for the secure data environment, the team engaged with Microsoft Senior Cloud Solution Architects specializing in educational environments.

Initially, Pitt’s Information Security Team was wary about moving sensitive medical data to the cloud rather than keeping it on premises where the research team could “keep their hands on it.” Nevertheless, Pasquini, Graham, and the Microsoft team moved forward with creating an architecture based on the university’s existing Azure deployments that satisfied the security experts. “From the very first call where we presented the architecture and talked them through it, the whole mood changed,” recalled Microsoft Senior Cloud Solution Architect Clayton Barlow. “They became these hardcore believers.”

Building on existing infrastructure was key to meeting the deadline. The university already had a “really good implementation of Azure Virtual Desktop,” explains Barlow. The team used that as a secure access point for third-party researchers. “It was just fantastic,” continues Barlow, “because it was something they already knew, and it was pretty straightforward.” 

Pasquini agrees. “We had a lot of experience launching Azure Virtual Desktop and putting controls around it from when we implemented our virtual student labs because of COVID,” he notes. “It was also nice,” he continues, “because there wasn't a lot of burden put on our operations team since we were integrating into existing solutions. From a security standpoint, simpler is better.” 

Creating a locked-down data enclave in the cloud

From there, the Microsoft team added Azure Logic Apps, Azure Data Factory, Azure Security Center, and Azure Policy. "We actually were very leery about using Data Factory because we weren't familiar with it," recalls Pasquini. “But once our Microsoft colleagues started walking us through it, we realized how easy it was to take advantage of,” he notes. “That allowed us to have a controlled ingress and egress of the data sets into this environment, which was extremely locked down.”

Within the six-week period, Pitt IT had created a secure environment where researchers from multiple organizations could run machine learning models on HIPAA-compliant, research-ready medical data, with no chance of data leakage. The data enclave was up and running even before the team had access to the data. “The Microsoft Azure technology actually beat the data implementation,” Silverstein observed.

“It was refreshing to work with a group that appreciated the needs of both the technologists and the researchers,” said Silverstein. And despite initial concerns, Azure provided a tighter, more controlled environment than the team’s previous on-premises storage. “It was a flip-flop,” said Pasquini. “We actually have more controls in the cloud, building up this secure enclave in Azure, than we can on-prem.” 

Empowering innovative and secure research

The impact extends well beyond the technical requirements of Silverstein’s specific project. From the start, Pasquini wanted to develop a solution that not only supported the Department of Biomedical Informatics but could also be “productized,” as he describes it “into something that was applicable to a more general audience.” In fact, Pitt IT has continued using Azure Data Factory in other projects, too. “It was kind of neat how this one service that became one of the linchpins for this environment was introduced through this project,” adds Pasquini.

This secure research enclave benefits the entire Department of Biomedical Informatics. “Probably the most important thing is that what is inside that enclave is completely flexible,” explains Silverstein. It can handle multiple combinations of sensitive data, computing requirements, and the parties who access the data.

Having a blueprint for creating secure data enclaves will also speed time to research and results university-wide. Now any researcher can fast-track building an environment to accept sensitive data. Having such an enclave in place, with strict data controls and HIPAA compliance, might also help streamline review and approval processes with the university’s Institutional Review Board, which oversees all human subject research. 

This innovative project has enhanced Pitt IT’s reputation with other researchers throughout the university. The team is currently collaborating with Microsoft to develop a next-generation high-performance computing model as a showcase for senior leadership in both IT and research departments. 

As the world pushes further into digital, Pitt is looking ahead to advance scientific knowledge. As Strategic Research Liaison Sandra Brandon describes it, “we make sure that our faculty and students can engage in research and impact, not only for their departments and their schools, but also for the greater good of the university, our communities, and globally.”

“Once our Microsoft colleagues started walking us through [Azure Data Factory], we realized how easy it was to take advantage of. That allowed us to have a controlled ingress and egress of the data sets into this environment, which was extremely locked down.”

Brian Pasquini, Enterprise Architect, Pitt Information Technology

Take the next step

Fuel innovation with Microsoft

Talk to an expert about custom solutions

Let us help you create customized solutions and achieve your unique business goals.

Drive results with proven solutions

Achieve more with the products and solutions that helped our customers reach their goals.

Follow Microsoft