NEIC TRYGGVE – NORDIC SERVICES FOR SENSITIVE DATA

Antti Pursula, antti.pursula@csc.fi https://wiki.neic.no/tryggve

USE OF HUMAN DATA IN BIOMEDICAL RESEARCH HAS GREAT POTENTIAL

PERSONALIZED MEDICINE

CURE OF DISEASES

IMPROVED LIFE QUALITY

Data is collected by: Biobanks Research institutes Large genome studies Register organizations, Hospitals, Personal health apps, etc.

Society benefits when these data collections are made available for research!

PROTECT PRIVACY OF THE INDIVIDUAL

Research use of health data requires: Data protection Secure data transfer Secure analysis environments Ethical considerations Effective legislation

CHALLENGE IS TO PREVENT NON-AUTHORIZED USE OF DATA WHILE UTILIZING THE DATA FOR THE BENEFIT OF SOCIETY AND INDIVIDUALS

Health and well-being data on humans is sensitive, personal data that needs to be protected, even after de-identification

NEED FOR SECURE IT SERVICESTHAT CAN IMPLEMENT THE NECESSARY PRECONDITIONS

ELIXIR Nodes in Finland, Denmark, Norway and Sweden have teamed up to develop and scale up services for sensitive research data, within the NORDIC TRYGGVE PROJECT

TRYGGVE PROJECT COLLABORATION FOR SENSITIVE BIOMEDICAL DATA

Project aims to strengthen biomedical research by facilitating use of sensitive data in cross-border projects

Partners and funders are NeIC and ELIXIR Nodes in Denmark, Finland, Norway and Sweden

3-year project with volume of ca. 100 PMs /year (ends in Oct 2017)

Project will build on strong existing capacities and resources in Nordic countries

PRAGMATIC APPROACHImplement solutions that support various use cases and varying local terms and conditions

MOBILITYEnhancing cross-border mobility of: data, users and analysis pipelines

ACCESSIBLEServices for sensitive data should be accessible to users across Nordics regardless of their location

TRYGGVE TARGETS IN A NUTSHELL

SECURE COMPUTING AND DATA ENVIRONMENTS

Tryggve service development relies on secure computing and data environments at ELIXIR Nodes at the participating countries

TSD 2.0 service at USIT

Mosler service at NBIS

ePouta secure cloud at CSC

Computerome at DTU

SECURE CLOUD Infrastructure for data and computing (ePouta, Computerome)

SECURE REMOTE DESKTOPbacked up with computing resources (TSD, Mosler, Computerome)

8

SECURE SYSTEMS IN TRYGGVE

Secure systems available through Nordic Tryggve project:• TSD 2.0 service at USIT, Norway

– PaaS, accessible through remote desktop• Mosler service at BILS, Sweden

– PaaS, accessible through remote desktop• ePouta IaaS at CSC, Finland

– IaaS, secure cloud infrastructure connected securely to customer’s system• Computerome at DTU, Denmark

– Iaas / PaaS, both access through remote desktop and connected to customer’s system

• All provide secured area for research projects, isolated both from external networks and from other users of the systems

SECURE SYSTEMS THE USER STAYS IN CONTROL

TAKING INTO USE EXTERNAL SECURE SERVICE DOES NOT IMPLYTRANSFERRING THE CONTROL OVER THE DATA TO THE PROVIDER!

Where the data is analyzed or stored and who has the control over the data are different thingsService providers offer secure environment for storing and analyzing their data

Data handler contracts define the roles

Ability to combine data from several sources and countries

MOBILITY OF DATA

MOBILITY OF USERS

Ability to use the service best suited for the research project, regardless if it is in the same country

Ability to deploy the preferred analysis pipeline on the system being used

Access the same system and data that collaborators in another country use

MOBILITY OF ANALYSIS PIPELINES

Pool data from several countries to achieve larger sample sizes

Data in several locations but can not be pooled; run standardized analyses on all partial data sets

POSSIBLE USE CASES:

MOBILITY ACROSS BORDERS

11

• Mosler remote desktop connected to CSC ePouta secure cloud infrastructure:– No degradation of performance when moving data

between countries

DEMONSTRATION OF THE USE OF SECURE CLOUD ACROSS BORDERS

GETTING STARTED USING THE TRYGGVE SERVICES

Aimed for Nordic research teams

Backed by ELIXIR Nodes and NeIC

CURRENTLY ACTIVE USE CASES

Use of the systems not limited To Nordic countries!

CALL FOR NEW USE CASES

CONTACT INFORMATION TO SERVICES ON THE TRYGGVE WEB SITE https://wiki.neic.no/wiki/Tryggve_Getting_Started

Trans-Nordic Gene-Environment Analyses in Schizophrenia

Scandinavian Genetics Collaboration for Olink Biomarkers

CASE EXAMPLE ON TRYGGVE SUPPORT FOR A USE CASE

PROCESSING SENSITIVE DATA FORSCHIZOPHRENIA RESEARCH

More info and interview of Prof. Sullivan athttp://www.inthefieldstories.net/processing-sensitive-data-for-schizophrenia-research/

Research on the gene-environmental interaction and causes for schizophrenia, led by professor Patrick Sullivan, KI.

Large amount of samples are available in the Nordic countries.

Secure place to conduct harmonized analyses is crucial.

Professor Sullivan, with the assistance of Tryggve security experts, is now combining data sets from Denmark, Norway, Sweden and Estonia to create a joint data set with a total of 6000 cases and 8750 controls.

FUTURE VISIONSFOR A COLLABORATIVE EFFORT

Create Data Platforms that are internationally interoperable

Support data submission, archiving and sharing processes

Integrate with secure cloud services for data processing

Enable sharing of data to third parties who have the appropriate access permissions

Creating such data platforms is a collaborative effort between (at least) the research community, IT infrastructure providers and data collecting organizations

aINFORMATION COMMONSAND THE DEVELOPMENTS IN TRYGGVE / CSC

Information commons slide by Joakim Dillner, NIASC

CSC REMS access management

“Local EGA” Secure repository

Secure Gateway module

CSC ePouta secure cloud infrastructure

AUTHORIZATION MANAGEMENT WITH REMS

• REMS provides complete process for managing entitlements • Demo available at https://remsdemo.csc.fi/

Principalinvestigator

Applicant

Research groupMembers of the

application

Metadata on dataset 1&2

Dataset 1

Dataset 2

DAC 1Approver

DAC 2Approver

REMS

Workflow

Reports

Entitlements

IdP

IdP

IdP

SP

1. Apply for access

4. Approve

5. Access

3. Circulate to approver

2. Commit to licence terms

SUMMARYTRYGGVE PROVIDES SECURE SERVICES ACROSS BORDERS

A Secure private cloud is an infrastructure operated solely to provide an

on demand specific use case service transparent to the end user

Nordic ELIXIR Nodes collaborate to create a region where all the secure services are accessible to users regardless of their location

Pragmatic: mobility of data, mobility of users, mobility of pipelines

Based on secure data and computing environments in each participating country

Cross-border use cases are in operation

18

CONTACT INFO

Project Manager:Antti Pursulaantti.pursula@csc.fi

Website:https://wiki.neic.no/Tryggve

Local contact points:Denmark: Ali Syed (DTU) alisyed@cbs.dtu.dkFinland: Antti Pursula (CSC) antti.pursula@csc.fiNorway: Francesca Iozzi (UiO) m.f.iozzi@usit.uio.noSweden: Niclas Jareborg (NBIS) niclas.jareborg@bils.se