Enhancing Security Standards with HITRUST: The University of Florida and FD
With a strategic focus on enhanced security and regulatory compliance, The University of Florida (UF) decided to pursue HITRUST certification for HiPerGator, an advanced high-performance computing (HPC) system. With HITRUST, HiPerGator is held to rigorous security standards, providing an extra layer of assurance in safeguarding sensitive data. The certification also serves as a key demonstration of the university’s compliance with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, showcasing UF’s dedication to maintaining the highest standards of data protection and privacy in alignment with regulatory requirements.
What is HITRUST?
Founded in 2007, HITRUST is a nonprofit responsible for frameworks, standards and methodologies. HITRUST champions programs that safeguard sensitive information and manage data risk and compliance for organizations across all industries, from start to finish.
What is HiPerGator?
HiPerGator is UF’s advanced HPC system, boasting 70,320 CPU cores, 1,800 NVIDIA GPUs and 30 petabytes of fast storage. This clustered environment, comprising interconnected cores, facilitates rapid and intricate calculations, making it the 51 fastest supercomputer globally on Nov 2023. Designed to handle large-scale, data-intensive workloads, HiPerGator is a go-to resource for researchers, scientists and students, offering substantial processing power, memory and storage. Because of its unique open-ended workload flexibility where users write their own software, this type of environment had never been HITRUST-certified.
“With HiPerGator hosting a wide array of data, the HITRUST gold standard in handling PHI proved pivotal. Our decision to pursue certification was not healthcare data driven; HiPerGator has all sorts of data. We needed an external voice that people trust, and HITRUST gave us that.”
– Dr. Erik Deumens | Director, IT Research Computing, & Scientist, UF
UF’s State Pre-HITRUST
Prior to achieving HITRUST certification, the University of Florida’s HiPerGator systems, including versions 1.0 (2013), 2.0 (2015) and 3.0 (2021), were primarily deployed for “open research” purposes. The environment necessitated de-identified data, restricting users from working with sensitive or restricted data. While a secure enclave existed, its use with restricted data imposed limitations on user capabilities. Internal HIPAA assessments were conducted, but the results lacked sufficient confidence. Recognizing the need for a robust security standard, UF opted for HITRUST certification, considering it the gold standard for data security, particularly in the face of ambiguous regulations. The certification not only addressed the security concerns but also instilled confidence in compliance with the HIPAA Security Rule, establishing a valuable benchmark for the university’s data handling practices.
Frazier & Deeter’s HITRUST Approach for HiPerGator
Collaborating with FD went beyond assessment, with team members offering UF strategic support for efficiency and success. The firm guided HiPerGator to surpass stringent certification requirements, with demonstrated expertise and a tailored approach aligned with UF’s unique organizational needs, relevant controls and practices. FD’s team of seasoned HITRUST professionals provided invaluable assistance, fostering close relationships with HITRUST for a seamless certification process.
“UF’s adoption and implementation of the HITRUST framework demonstrates the university’s devoted stance in building a highly secure HiPerGator environment. Certification is the ultimate measure, to which UF should be recognized amongst other universities and applauded for its commitment to security.”
– Andrew Hicks, CCSFP, HCISPP, CRISC, CISA | National HITRUST Practice Leader & Partner, FD
ROI & Value-add
UF recognized the universal applicability of the certification across diverse data types housed on HiPerGator. The decision was strategic, aiming to incorporate an external voice that garners trust, ensuring credibility in data security practices. This certification has proven particularly advantageous for UF’s substantial annual research expenditure, reaching $1 billion last summer. HITRUST allows UF to confidently include HiPerGator in research proposals, enhancing visibility and impact while generating anecdotal success stories. Furthermore, the documentation of processes has improved, contributing to the overall health of research procedures. This not only reduces the likelihood of cyber-attacks but also better prepares the university to respond effectively if such incidents occur. Finally, HITRUST certification provides UF with the ability to showcase remediation efforts, demonstrating a commitment to continuous improvement and resilience in the face of potential challenges.
Applicability to Other Academic Research Institutions
As contracts from various funding agencies increasingly include rigorous “data safeguarding” requirements, UF’s HITRUST certification sets a notable standard that reflects the institution’s commitment to robust data protection measures. This achievement not only aligns with the current trend but also anticipates future requirements, where proof of compliance is likely to become more prevalent. The escalating power and complexity of AI and ML tools, along with the necessity to process large datasets containing restricted data, further emphasize the relevance and applicability of UF’s HITRUST journey for other academic research institutions.
Contributors
Andrew Hicks, National HITRUST Practice Leader & Partner, FD
Explore related insights
-
Complying with the Corporate Transparency Act: What You Need to Know
Read more: Complying with the Corporate Transparency Act: What You Need to Know -
Frazier & Deeter Recognized as Best Firm for Women and Equity in Leadership
Read more: Frazier & Deeter Recognized as Best Firm for Women and Equity in Leadership