This checklist provides step-by-step instructions for setting up and using the Compliance and ComplianceActivities modules.
- Acquire a distribution that includes the compliance modules
- Unlike most modules, administrators don't have to explicitly enable the compliance modules in individual folders. The compliance modules are treated as enabled for all folders on a server if they are present in the distribution.
- To ensure that the compliance modules are available, go to (Admin) > Site > Admin Console and click Module Information. Confirm that Compliance and ComplianceActivities are included in the list of modules. If not, contact us.
- Define account and login behavior
- Limit unsuccessful login attempts, set account expiration dates, etc.
- Documentation: Compliance: Settings
- Set PHI levels on fields:
- Determine which fields in your data (Datasets and List) hold PHI data, and at what level.
- Documentation: Protecting PHI Data
- Assign user roles
- Assign PHI-related security roles to users, including administrators. No user is automatically granted access to PHI due to logging requirements.
- Documentation: Compliance: Security Roles
- Enable compliance features in a folder
- Require PHI roles to access PHI data.
- Determine logging behavior.
- Documentation Compliance: Configure PHI Data Handling
- Test and check logs
- Test by impersonating users.
- Determine if PHI columns are being displayed or hidden in the appropriate circumstances.
- Documentation: Compliance: Logging