health data (Supphachai Salaeman/

Security framework for protected data allows researchers to tap Oak Ridge supercomputers

A new framework of security protocols will allow researchers to tap into the supercomputers at Oak Ridge National Laboratory’s National Center for Computational Sciences (NCCS) for projects using protected data.

Called CITADEL, the framework features new security controls for handling large datasets containing private or health information as well as data protected by Health Insurance Portability and Accountability Act and the International Traffic in Arms Regulations. This means researchers will soon be able to take advantage of Summit supercomputer and the upcoming Frontier exascale system for data processing.

CITADEL was developed from a framework originally built for big data analysis of health information for the Department of Veterans Affairs’ Million Veteran Program, the research program that analyzes veterans’ health, lifestyle and military background information to understand how genes affect health and illness.

The new framework allows researchers to comply with the Federal Information Security Management Act as they work with highly protected data on supercomputers, according to NCCS Chief Data Architect J. “Robert” Michael. “With CITADEL, we’re utilizing an encrypted parallel file system that improves both performance and security, ensuring that we’re doing this in compliance with all of the regulations that are in place to protect this data.”

 “The challenge with health data is that to do anything with it, you have huge privacy concerns,” said Jeremy Cohen, a program manager for the VA and CMS at NCCS’s Scalable Protected Data Facilities. “So if you’re going to house this data, you have to treat the system as you would a secure environment in terms of the securities and policies that are wrapped around it -- who gets access to the data, what they do with the data, and what can and cannot be moved out of that environment.”

New administrative processes were also established to ensure private data could not be accessed by other researchers or used by other projects. HIPAA-protected data for a project sponsored by the VA, for example, is kept separate from HIPAA-protected data for a project sponsored by the Centers for Medicare and Medicaid Services, ORNL officials said.

About the Author

Susan Miller is executive editor at GCN.

Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.

Miller has a BA and MA from West Chester University and did Ph.D. work in English at the University of Delaware.

Connect with Susan at [email protected] or @sjaymiller.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected