Compliance: Setting PHI Levels on Fields

Premium Feature — Available in the Professional Plus, and Enterprise Editions. Learn more or contact LabKey.

Administrators can mark columns as either Restricted PHI, Full PHI, Limited PHI, or Not PHI. Simply marking fields with a particular PHI level does not restrict access to these fields. To restrict access, administrators must also define how the server handles PHI data with respect to PHI Role assignment and Terms of Use selection. To define PHI data handling, see Compliance: Configure PHI Data Handling.

Note that this system allows administrators to control which fields contain PHI data and how those fields are handled without actually viewing the data in the PHI fields. Access to viewing PHI data is controlled separately and not provided to administrators unless granted explicitly.

Example PHI Levels

Typical PHI-level assignments for fields. These are not recommendations or best practices for PHI assignments. The following table is provided to make the PHI levels more vivid and easily understood. Assignments will vary for different applications and different contexts.

PHI LevelData Fields
Restricted PHIThe most sensitive categories of data.
HIV status
Social Security Number
Credit Card Number
Full PHIAddress
Telephone Number
Clinical Billing Info
Limited PHIZIP Code
Partial Dates
Not PHIHeart Rate
Lymphocyte Count

Annotation Fields with PHI Level

For Developers: Use XML Metadata

As an alternative to the graphical user interface, you can assign a PHI level to a column in the schema definition XML file.

In the example below, the column DeathOrLastContactDate has been marked as "Limited":

<column columnName="DeathOrLastContactDate">

Possible values are:

  • NotPHI
  • Limited
  • PHI
  • Restricted
The default value is NotPHI.

Review the PHI XML Reference.


Was this content helpful?

Log in or register an account to provide feedback

expand all collapse all