Hi,
We work with human EEG data for our research. Because of this our data has indentifying information. This means that we are only allowed to upload raw data if the website/cloud/server is HIPAA compliant.
Is this the case? If not, I am pretty sure that most IRBs of most universities would have problems with using this platform.
JupyterHub can be installed on your own server, whether in the public/private cloud or on an internal physical server. This means you can have full control over it. Does this answer your question?
Thank you for the answer. I am not sure if it entirely solves my problem. Am I correct to say, that other than some other platforms, since you don’t run the code on your own computer, you need to upload the data to some place. And this place can be a secure as you need it to be depending on how you create it yourself?
Because if that is the case, then I guess the only way to prevent these violations is to first spent time and probably money to create this environment
That’s right, you’d be responsible for securing your JupyterHub installation, as indicated in the link from @willingc. I’d expect this will apply to all multiuser systems with remote access.
If you just want to run code on your own computer you don’t need JupyterHub, you can run JupyterLab or Notebook instead.
Thank you @willingc and @manics this clarifies a lot. I guess my confusing came mainly from thinking that you needed to do everything online (and the paper clarified a lot on that end). But when we run it on our own computer we don’t need to upload data, so it’s safe anyway.
But: open source software usually carries big shouty letters like IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES, and is unlikely going to be able to tell you “oh sure, you’re good for <insert law here>,” with a straight face.