UbiSecE: UbiLab’s Secure Cloud Environment for Public Health Research in Microsoft Azure

UbiSecE: UbiLab’s Secure Cloud Environment for Public Health Research in Microsoft Azure

This article has been kindly shared for CPI Student information only. Full article in PDF format after abstract.

Pedro Augusto Miranda# PhD Candidate School of Public Health Science Ubiquitous Health Technology Lab University of Waterloo, ON, Canada Pedro.miranda@uwaterloo.ca

Jasleen Kaur# Postdoctoral Fellow School of Public Health Science Ubiquitous Health Technology Lab University of Waterloo, ON, Canada Jasleen.kaur@uwaterloo.ca

Plinio Morita* Associate Professor School of Public Health Science Ubiquitous Health Technology Lab University of Waterloo, ON, Canada Plinio.morita@uwaterloo.ca

# These authors contributed equally to this work and share the first authorship

*Corresponding Author

Abstract— The use of Personal Health Information (PHI) has become increasingly popular in public health research in recent years. However, many researchers have stored collected PHI in local databases or filesystems with limited centralized storage. This has raised concerns about cybersecurity, the lack of standards, and the absence of a data governance program. To address these issues, a cloud-based infrastructure was developed for public health research over PHI that meets the requirements of Ubilab, a public health research group at the University of Waterloo. UbiSecE, a Secure Cloud-Based Infrastructure for Public Health Research, was designed by adapting Microsoft Azure's cloud infrastructure to meet the needs of Ubilab. Relevant laws, regulations, and standards, such as PIPEDA, GPDR, FIPPA, and PHIPA, that govern the utilization of PHI for public health research were identified. Additionally, the lab's actors, social norms, processes, and collective problems were analyzed to establish the foundation of the data governance program in Azure. Azure's data governance architecture guidelines were followed to provide the primary governance mechanisms for evaluating, guiding, and monitoring UbiSecE resources and processes. To ensure the secure maintenance of PHI, role-based access controls were implemented for all users, and all governance processes were deployed via Azure. Furthermore, NIST 800-53 compliance was integrated for all deployed resources. UbiSecE offers a centralized, private, and secure environment for public health research, which enables different users with different roles to conduct research with PHI.

Keywords—Public health research, Personal health information (PHI), Cloud-based infrastructure, Data governance, Research data security, Data management

ubisece-ubilabs-secure-cloud-environment-for-public-health-research-in-microsoft-azure.pdf