Advanced research computing

Transcription

1 Advanced research computing HPC in UK health research Alan Real, University of Leeds

2 Outline A bit about me Regional & national activities Healthcare in UK Reality check Ambition Recent initiatives Farr institute Medical bioinformatics Networks, security and access Challenges Summary

3 A bit about me Once a physicist, Fortran & parallel programmer Now head of advanced research computing at Leeds Traditionally HPC, but increasingly broad Technical Director of N8 university consortia Secretary of UK HPC-SIG Represent Universities on National HPC project directors group Has typically run a mile from supporting research involving sensitive data Part of UK delegation at Spring CASC meeting HIPPA session resonated with challenges we face. Recent awards require us to grasp the nettle around handling sensitive data on HPC systems.

4 Leeds facts and figures Member of the Russell Group Worldwide University network member. 31k students, 7.5k postgraduates, 7.5k staff 2012/13 research income 129M Host the Marks & Spencer company archive The Rolling Stones, The Who, Led Zeppelin, Pink Floyd have all played in our refectory. Strong HPC strategy investing ~$1M per annum. Hosts the HPC for the N8 university consortium

5 About N8 HPC Concerns of over-supply of research infrastructure. Regional consortium for sharing capability platforms Awarded 3.5M in 2011 to build shared HPC capability. Facility in Leeds, expertise network coordinated from Manchester Intersects with northern health informatics consortia: HiRC-N8. Desire for HiRC-N8 to leverage shared computational capability.

6 The UK s capability in health informatics research MRC Funding call The NHS contains a wealth of longitudinal health data from cradle to grave on the UK s 62m population. No other country has such a large and rich source of data on the health of its people. In addition, the UK has invested in many large population and disease cohorts which contain repeat measures of biological information as well as lifestyle and environmental factors on the thousands of people who participate in these studies. The potential of using this patient and research data places the UK in an unrivalled position in global health research. A unique asset for UK Plc The many dimensions, complexity and richness are what makes the asset so valuable Mining the asset should involve sophisticated tools and techniques as well as simple ones The information belongs to people in the UK and its use relies on their trust and consent Advances in instrumentation has recently made these data richer and much bigger

7 Reality check A?... = or B?

8 Some myths Doctors know everything IT solves everything The NHS has the best medical knowledge Doctors OR Doctors are hopeless IT projects always fail The NHS is broken Medical knowledge IT

9 e-health records research

10 Information flows in a Paperless NHS I have said that I want the NHS to be paperless by 2018 The ability to access your GP record will be by 2015 At Airedale in Yorkshire, for example, they have completely integrated primary and secondary care GP GP Hospital Patient Patient access to their e-health records via a secure portal to review their personal clinical care. Health Secretary Jeremy Hunt joins Dame Fiona Caldicott as she launches the Caldicott2 Information Governance Review on Friday 26th April icott2-information-governance-review TPP SystmOne e-health records in a secure safe data centre for integrated direct care Health Secretary Jeremy Hunt at Airedale Hospital in January

11 Permanent registered GP patients per census area A single instance, cloud solution the largest EHR in the world 27 million patient records on SystmOne database 120,000 active users, over 4,000 healthcare units Shared patient record - primary & secondary care Centralised model in NHS data centres 640 million transactions per day Top 3 databases on Microsoft SQL Server TPP have > 300 IT staff in Horsforth, Leeds A major research partner for the University of Leeds

12 Information Commissioner s office guidance for research using sensitive records ICO Guidance in Anonymisation: managing data protection risk code of practice (2012) In some cases there may be a high level of risk to individuals should re-identification occur. One example might be health data, where, although there may be no obvious motivation for trying to identify the individual that a particular patient episode relates to, the degree of embarrassment or anxiety that re-identification could cause could be very high. But... And... It is worth stressing that the risk of re-identification through data linkage is essentially unpredictable because it can never be assessed with certainty what data is already available or what data may be released in the future. Clearly the risk of combining information to produce personal data increases as data linkage techniques and computing power develop, and as more potentially match-able information becomes publicly available. So, it is impossible to assess re-identification risk with absolute certainty. So... Limited Access Safe Haven Anonymised e-health records for purposes other than direct care Every HEI will need secure portals to safe havens Information Commission, Anonymisation: managing data protection risk code of practice (November 2012) cation/anonymisation_code.ashx

13 Creating a secure portal and safe haven work at Leeds Researcher Limited Access Anonymised e-health records for purposes other than direct care Anonymisation level required Smith, Xu, Hina and Johnson (2013). GATEway to the Cloud - Case study: A privacy-aware environment for Electronic Health Records research. 7th IEEE International Symposium on Service Oriented System Engineering, SOSE 2013, San Francisco, CA.

14 Farr institute & Medical informatics investments Funded Infrastructure Farr Institute UCLP Manchester Dundee Swansea Medical Bioinformatics UCLP-Crick-Sanger-EBI Leeds Warwick-Swansea Oxford Uganda-Oxford-Sanger Uganda Administrative Data Research Centre Sot on-ucl-ifs-ioe Swansea Edinburgh Belfast Essex (ADS)

15 Farr and Leeds Manchester-led Northern Farr institute & N8 have common partners N8 HPC already in place ehirc N8 infrastructure in Leeds. Not patient-identifiable, but processes to support studies with non-zero risk of patient reidentification. Develop process to deliver HPC into dataset

16 Leeds Medical Bioinformatics

17 National networking activities (1) PoC secure network layer over academic network backbone. NHS IG toolkit compliant BIL2-like. Supporting Farr and ADRC

18 National networking activities (2) Extending moonshot to support second-factor authentication together with University credentials for access.

19 Farr centre accreditations UCL INFORMATION SERVICES DIVISION IT for SLMS SLMS Data Safe Haven awarded internationally recognised Information Security Certificate The IT for SLMS team is pleased to announce that the School of Life and Medical Sciences (SLMS) Data Safe Haven has been awarded an internationally recognised information security certificate (ISO 27001:2013). ISO is an independent information security standard, published by the International Standards Organisation and the International Electrotechnical Commission 1. Certification provides assurance that the confidentiality, integrity and availability of data are properly protected when using the Data Safe Haven. This is more than just a high quality technical infrastructure it covers policies, processes, training and continual improvement of all aspects of the Data Safe Haven. Research within the School of Life and Medical Sciences often relies on collecting and analysing sensitive personal information. This information must be handled ethically and within the law. It is essential to provide assurance to research participants and external bodies that UCL researchers meet the highest standards when it comes to protecting data. The need for good information governance is vital for all organisations that interrogate sensitive data. The Health and Social Care Information Centre (HSCIC), a major supplier and user of research data, recently announced tighter controls around data use that will have implications for all researchers applying for datasets 2. Professor Graham Hart, Dean of the Faculty of Population Health Sciences and SLMS Senior Information Risk Owner, said The successful award of ISO sends a clear message that UCL is committed to the proper management of sensitive data. Our reputation for cutting edge research depends on securing and maintaining the trust of those who agree to the analysis of their personal information. Colleagues using sensitive data can be sure they are working in an environment that is fit for purpose, has been subject to rigorous external scrutiny and independent audit. It gives UCL a competitive edge in this area that few UK universities can match. The IT for SLMS team is to be congratulated on the last three years of hard work that has delivered this superb outcome. The Data Safe Haven is supported by information governance advisory and training services. These services are available to anyone working in the SLMS and provide expert guidance for any researcher working with sensitive data. More details can be found on the IT for SLMS website [ Further information about the SLMS Data Safe Haven or any of the IT for SLMS services IT for SLMS is part of UCL s Information Services Division and provides IT services to support the academic mission of the UCL School of Life and Medical Sciences. Visit the IT for SLMS web site: Or contact: Trevor Peacock, Information Governance Lead, IT for SLMS (t.peacock@ucl.ac.uk) Anthony Peacock, Head of Research, Learning & Teaching, IT for SLMS (a.peacock@ucl.ac.uk) 2 years after Farr funding Walled garden within UCL ISO27001:2013 certificate Can hold identifiable data Secure environment Technology Processes Dean is Senior information risk owner Limited computational capacity Linked to Medical bioinformatics centre to provide capability computing, but on anonymised datasets.

20 Challenges Our HPC centers are evolving Data assurance matters in many new disciplines Walled garden or whole center? Medical: Medical Bioinformatics, Farr institute Broader application: Consumer / business data, administrative data How do I securely deliver HPC into a sensitive dataset? Or, do we certify our full environment including HPC? ISO27001:2013: Process risk assessment, gap analysis, mitigation, liability. Accreditation level: NHS IG toolkit, business impact levels. Scratching the surface, but dealing with this will become the norm. We need to understand our infrastructures and educate accordingly

21 Questions?