{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,5]],"date-time":"2026-01-05T22:25:44Z","timestamp":1767651944384,"version":"3.37.3"},"reference-count":20,"publisher":"Oxford University Press (OUP)","issue":"3","license":[{"start":{"date-parts":[[2017,10,6]],"date-time":"2017-10-06T00:00:00Z","timestamp":1507248000000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc\/4.0\/"}],"funder":[{"DOI":"10.13039\/100006132","name":"Office of Science","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100006132","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018,3,1]]},"abstract":"Abstract<\/jats:title>\n \n Objective<\/jats:title>\n We describe a detailed solution for maintaining high-capacity, data-intensive network flows (eg, 10, 40, 100 Gbps+) in a scientific, medical context while still adhering to security and privacy laws and regulations.<\/jats:p>\n <\/jats:sec>\n \n Materials and Methods<\/jats:title>\n High-end networking, packet-filter firewalls, network intrusion-detection systems.<\/jats:p>\n <\/jats:sec>\n \n Results<\/jats:title>\n We describe a \u201cMedical Science DMZ\u201d concept as an option for secure, high-volume transport of large, sensitive datasets between research institutions over national research networks, and give 3 detailed descriptions of implemented Medical Science DMZs.<\/jats:p>\n <\/jats:sec>\n \n Discussion<\/jats:title>\n The exponentially increasing amounts of \u201comics\u201d data, high-quality imaging, and other rapidly growing clinical datasets have resulted in the rise of biomedical research \u201cBig Data.\u201d The storage, analysis, and network resources required to process these data and integrate them into patient diagnoses and treatments have grown to scales that strain the capabilities of academic health centers. Some data are not generated locally and cannot be sustained locally, and shared data repositories such as those provided by the National Library of Medicine, the National Cancer Institute, and international partners such as the European Bioinformatics Institute are rapidly growing. The ability to store and compute using these data must therefore be addressed by a combination of local, national, and industry resources that exchange large datasets. Maintaining data-intensive flows that comply with the Health Insurance Portability and Accountability Act (HIPAA) and other regulations presents a new challenge for biomedical research. We describe a strategy that marries performance and security by borrowing from and redefining the concept of a Science DMZ, a framework that is used in physical sciences and engineering research to manage high-capacity data flows.<\/jats:p>\n <\/jats:sec>\n \n Conclusion<\/jats:title>\n By implementing a Medical Science DMZ architecture, biomedical researchers can leverage the scale provided by high-performance computer and cloud storage facilities and national high-speed research networks while preserving privacy and meeting regulatory requirements.<\/jats:p>\n <\/jats:sec>","DOI":"10.1093\/jamia\/ocx104","type":"journal-article","created":{"date-parts":[[2017,8,31]],"date-time":"2017-08-31T03:11:46Z","timestamp":1504149106000},"page":"267-274","source":"Crossref","is-referenced-by-count":11,"title":["The medical science DMZ: a network design pattern for data-intensive medical science"],"prefix":"10.1093","volume":"25","author":[{"given":"Sean","family":"Peisert","sequence":"first","affiliation":[{"name":"Computational Research Division, Lawrence Berkeley National Laboratory, Berkeley, CA, USA"},{"name":"Department of Computer Science, University of California Davis, Davis, CA, USA"},{"name":"Corporation for Education Network Initiatives in California (CENIC), Berkeley, CA, USA"}]},{"given":"Eli","family":"Dart","sequence":"additional","affiliation":[{"name":"ESnet, Lawrence Berkeley National Laboratory, Berkeley, CA, USA"}]},{"given":"William","family":"Barnett","sequence":"additional","affiliation":[{"name":"Indiana Clinical and Translational Sciences Institute and Regenstrief Institute, Indiana University, Indianapolis, IN, USA"}]},{"given":"Edward","family":"Balas","sequence":"additional","affiliation":[{"name":"Global Research Network Operations Center, Indiana University, Bloomington, IN, USA"}]},{"given":"James","family":"Cuff","sequence":"additional","affiliation":[{"name":"Research Computing, Harvard University, Cambridge, MA, USA"}]},{"given":"Robert L","family":"Grossman","sequence":"additional","affiliation":[{"name":"Center for Data Intensive Science, University of Chicago, Chicago, USA"}]},{"given":"Ari","family":"Berman","sequence":"additional","affiliation":[{"name":"BioTeam, Middleton, MA, USA"}]},{"given":"Anurag","family":"Shankar","sequence":"additional","affiliation":[{"name":"Pervasive Technology Institute, Indiana University, Bloomington, IN, USA"}]},{"given":"Brian","family":"Tierney","sequence":"additional","affiliation":[{"name":"ESnet, Lawrence Berkeley National Laboratory, Berkeley, CA, USA"}]}],"member":"286","published-online":{"date-parts":[[2017,10,6]]},"reference":[{"volume-title":"What Is Big Data?","key":"2020110612240181000_ocx104-B1"},{"volume-title":"NCI Cloud Resources","key":"2020110612240181000_ocx104-B2"},{"key":"2020110612240181000_ocx104-B3","doi-asserted-by":"crossref","first-page":"195","DOI":"10.1136\/amiajnl-2013-002059","article-title":"Leveraging the national cyberinfrastructure for biomedical research","volume":"21","author":"LeDuc","year":"2014","journal-title":"J Am Med Inform Assoc."},{"volume-title":"Open Science Grid","year":"2015","key":"2020110612240181000_ocx104-B4"},{"volume-title":"HIPAA Security Rule","year":"2015","author":"US Department of Health and Human Services","key":"2020110612240181000_ocx104-B5"},{"volume-title":"Guide for Conducting Risk Assessments \u2014 NIST Special Publication 800-30 Rev. 1","author":"National Institute of Standards and Technology","key":"2020110612240181000_ocx104-B6"},{"volume-title":"Science DMZ Network Architecture","year":"2015","key":"2020110612240181000_ocx104-B7"},{"key":"2020110612240181000_ocx104-B8","doi-asserted-by":"crossref","DOI":"10.1145\/2503210.2503245","article-title":"The Science DMZ: A Network Design Pattern for Data-Intensive Science","volume-title":"Proc IEEE\/ACM Annual SuperComputing Conference (SC13)","author":"Dart","year":"2013"},{"volume-title":"Campus Cyberinfrastructure","year":"2017","author":"National Science Foundation","key":"2020110612240181000_ocx104-B9"},{"issue":"6","key":"2020110612240181000_ocx104-B10","doi-asserted-by":"crossref","first-page":"1199","DOI":"10.1093\/jamia\/ocw032","article-title":"The Medical Science DMZ","volume":"23","author":"Peisert","year":"2016","journal-title":"J Am Med Inform Assoc."},{"volume-title":"Guidelines on Firewalls and Firewall Policy \u2013 NIST Special Publication 800-41, revision 1","author":"National Institute of Standards and Technology","key":"2020110612240181000_ocx104-B11"},{"issue":"23","key":"2020110612240181000_ocx104-B12","doi-asserted-by":"crossref","first-page":"2435","DOI":"10.1016\/S1389-1286(99)00112-7","article-title":"Bro: a system for detecting network intruders in real-time","volume":"31","author":"Paxson","year":"1999","journal-title":"Comput Networks."},{"volume-title":"The Bro Network Security Monitor","year":"2015","key":"2020110612240181000_ocx104-B13"},{"volume-title":"Snort \u2013 Network Intrusion Detection & Prevention System","year":"2017","key":"2020110612240181000_ocx104-B14"},{"volume-title":"GlobalNOC","year":"2015","key":"2020110612240181000_ocx104-B15"},{"volume-title":"SciPass","year":"2015","key":"2020110612240181000_ocx104-B16"},{"volume-title":"Security and Privacy Controls for Federal Information Systems and Organizations \u2013 NIST Special Publication 800-66, revision 1. An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule","author":"National Institute of Standards and Technology","key":"2020110612240181000_ocx104-B17"},{"volume-title":"Security and Privacy Controls for Federal Information Systems and Organizations \u2013 NIST Special Publication 800-53, revision 4","author":"National Institute of Standards and Technology","key":"2020110612240181000_ocx104-B18"},{"issue":"2","key":"2020110612240181000_ocx104-B19","doi-asserted-by":"crossref","first-page":"69","DOI":"10.1145\/1355734.1355746","article-title":"Openflow: enabling innovation in campus networks","volume":"38","author":"McKeown","year":"2008","journal-title":"ACM SIGCOMM Comput Commun Rev."},{"key":"2020110612240181000_ocx104-B20","first-page":"241","article-title":"PerfSONAR: A service oriented architecture for multi-domain network monitoring","author":"Hanemann","year":"2005"}],"container-title":["Journal of the American Medical Informatics Association"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/academic.oup.com\/jamia\/article-pdf\/25\/3\/267\/34149924\/ocx104.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"http:\/\/academic.oup.com\/jamia\/article-pdf\/25\/3\/267\/34149924\/ocx104.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,6]],"date-time":"2020-11-06T17:31:08Z","timestamp":1604683868000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/jamia\/article\/25\/3\/267\/4367749"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,10,6]]},"references-count":20,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2017,10,6]]},"published-print":{"date-parts":[[2018,3,1]]}},"URL":"https:\/\/doi.org\/10.1093\/jamia\/ocx104","relation":{},"ISSN":["1067-5027","1527-974X"],"issn-type":[{"type":"print","value":"1067-5027"},{"type":"electronic","value":"1527-974X"}],"subject":[],"published-other":{"date-parts":[[2018,3]]},"published":{"date-parts":[[2017,10,6]]}}}