When a user signs into a folder where Compliance features have been activated, they must first declare information about the activity or role they will be performing.
- A Role must be provided.
- An IRB (Institutional Review Board) number must be provided for many roles.
- Users declare the PHI level of access they require for the current task. The declared PHI level affects the data tables and columns that will be shown to the user upon a successful login.
PHI Data Access
The compliance module lets you annotate each column (for Lists and Datasets) with a PHI level. Possible PHI levels include:
- Not PHI - This column is visible for all PHI level declarations.
- Limited PHI - Visible for users declaring Limited PHI and above.
- Full PHI - Visible for user declaring Full PHI.
- Restricted - Visible for users who have been assigned the Restricted PHI role. Note that no declaration made during login allows users to see Restricted columns.
The Query Browser is also sensitive to the user's PHI access level. If the user has selected non-PHI access, the patient tables are shown, but the PHI columns will be hidden or shown with the data blanked out
. For instance, if a user selects "Coded/No PHI" during sign on, the user will still be able to access patient data tables, but will never see data in the columns marked at any PHI level.
Search and API
Search results follow the same pattern as accessing data grids. Search results will be tailored to the users PHI-role and declared activity. Similarly, for the standard LabKey API (e.g., selectRows(), executeSql()).
Grid View Sharing
When saving a custom grid, you have the option to share it with a target group or user. If any target user does not have access to PHI data in a shared grid/filter, they will be denied access to the entire grid. Grid and filter sharing events are logged.
Export actions respect the same PHI rules as viewing data grids. If you aren't allowed to view the column, you cannot export it in any format.
- Which users have seen a given patient's data? What data was viewed by each user?
- Which patients have been seen by a particular user? What data was viewed for each patient?
- Which roles and PHI levels were declared by each user? Were those declarations appropriate to their job roles & assigned responsibilities?
- Was the data accessed by the user consistent with the user's declarations?
The screenshot below shows how the audit log captures which SQL queries containing PHI have been viewed.
Note that PIVOT queries cannot be used with the compliance module's logging of all query access. Logging is based on PHI access being checked by row linked to a participant. Because PIVOT queries aggregate data from multiple rows, and thus multiple participants, this access cannot be accurately logged, so the query will raise an "unauthorized" error.