Potential HIPAA Violations when Uploading data

We work with human EEG data for our research. Because of this our data has indentifying information. This means that we are only allowed to upload raw data if the website/cloud/server is HIPAA compliant.

Is this the case? If not, I am pretty sure that most IRBs of most universities would have problems with using this platform.

Thank you so much!


JupyterHub can be installed on your own server, whether in the public/private cloud or on an internal physical server. This means you can have full control over it. Does this answer your question?

Thank you for the answer. I am not sure if it entirely solves my problem. Am I correct to say, that other than some other platforms, since you don’t run the code on your own computer, you need to upload the data to some place. And this place can be a secure as you need it to be depending on how you create it yourself?

Because if that is the case, then I guess the only way to prevent these violations is to first spent time and probably money to create this environment

Thanks again for your time and help.

This recent paper should help answer some of your HIPAA and JupyterHub questions: https://conference.scipy.org/proceedings/scipy2020/72_lu.html


That’s right, you’d be responsible for securing your JupyterHub installation, as indicated in the link from @willingc. I’d expect this will apply to all multiuser systems with remote access.

If you just want to run code on your own computer you don’t need JupyterHub, you can run JupyterLab or Notebook instead.

1 Like

Thank you @willingc and @manics this clarifies a lot. I guess my confusing came mainly from thinking that you needed to do everything online (and the paper clarified a lot on that end). But when we run it on our own computer we don’t need to upload data, so it’s safe anyway.


Expired link. Anyone still have access to this, or similar guidance?

Here’s a wayback machine link:


But: open source software usually carries big shouty letters like IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES, and is unlikely going to be able to tell you “oh sure, you’re good for <insert law here>,” with a straight face.

1 Like