Security and Compliance

The platform adheres to guidelines established by international regulatory bodies for data security and privacy protection. The software has been designed to be in accordance with current data protection laws such as GDPR and HIPAA. In order to prevent breaches in data privacy, users should follow guidance and best practices regarding the storage of PHI as indicated below.

General Guidance

Data can be brought to the platform through several mechanisms. Care should be taken when specifying data to be uploaded or connected to avoid unintentional privacy breach when dealing with sensitive data.

  • Ensure AWS S3 key prefixes are properly specified when creating a storage configuration and that all S3 objects under the prefix shall be made available

  • Take care when deleting data from the platform sourced from AWS S3 connected storage configurations as the delete operation will delete the object from the source AWS S3 bucket.

  • Ensure the path to the source data is correct and does not include unintended files when performing uploads through the service connector or command-line interface

Health Insurance Portability and Accountability Act (HIPAA)

File content is the only place where users may safely store Protected Health Information (PHI). Personal data should not be stored in metadata or path names. Note that, to operate in a HIPAA compliant manner, you will also need a BAA with Illumina. Contact your account manager or Illumina Technical Support for more information. If you need to request an audit trail, contact Illumina Technical Support with the information you need.

General Data Protection Regulation (GDPR)

Data file content is the only place where users may safely store Personal Data is in file content. Personal data should not be stored in metadata or path names.

Last updated