Information Analysis Results Imprint

Secure Processing Environment for Health Data (SPE4HD)

Secure processing environments (SPEs) are essential for handling sensitive biomedical data. Given the increasing availability of clinical data for translational research within frameworks like the European Health Data Space (EHDS), secure and compliant data handling platforms are crucial. We introduce SPE4HD (Secure Processing Environment for Health Data), a robust demonstration platform developed as part of the ELIXIR compute platform and the German de.NBI cloud. SPE4HD protects sensitive data while supporting the execution of data analysis workflows. The demo platform is easily transferable to real world applications.

Use-Case

Data controller provides access to sensitive patient data for research projects. Data includes, for example, health records, genetic information or imaging data. Via a SPE4HD instance, researchers can gain indirect access to this sensitive data. It is implemented that researchers cannot extract the data from the environment. The researchers can only access the non-sensitive results.

Architecture

Researchers access the portal and configure the execution of a validated workflow. Authentication and authorization is realized via LS-Login. WESkit monitors the execution of the workflow. The available workflows are validated in such a way that only non-sensitive results are shared with the user. Non-sensitive results are transferred to the object storage via the crawler and are made available to the researchers.

SPE4HD architecture
  • Portal: Lightweight web application allowing workflow configuration and execution
  • WESkit: Implements the GA4GH WES API for executing and managing workflows
  • Result Crawler: Transfers workflow results into the configured object storage
  • Object Storage: Stores the results produced during workflow execution
  • LS-Login: Authentication and authorization infrastructure for secure portal access
  • Execution environments: Supports SLURM, TES-K, Docker, and Kubernetes

Setting up a SPE4HD instance

Please have a look at the WESkit documentation for the setting up a SPE4HD instance.

Steps to be done

  • Deploy the portal
  • Deploy LS-Login
  • Deploy WESkit with execution environment
  • Integrate validated workflows
  • Deploy MinIO for access to results and configure crawler
  • Transfer sensitive data into the secure environment
  • Define usage management

About WESkit

WESkit is an implementation of the Workflow Execution Service (WES) API of the Global Alliance for Genomic Health (GA4GH). The purpose of the API is to provide a standardized programmatic way to run and manage workflows. WESkit focusses on stability and high data throughput. Please see the documentation for further information.

About the de.NBI cloud

The website and the WESkit instance are hosted on the de.NBI Cloud.