Step 4: Handle Protected Health Information (PHI)

Documentation
This topic is under construction for the 17.3 release of LabKey Server. For current documentation of this feature, click here.

Data exported from LabKey Server can be protected by:

  • Randomizing participant ids so that the original participant ids are obscured.
  • Shifting date values, such as clinic visits and specimen draw dates. (Note that dates are shifted per participant, leaving their relative relationships as a series intact, thereby retaining much of the scientific value of the data.)
  • Holding back data that has been marked as a certain level of PHI (Protected Health Information).
In this this step we will export data out of the study, modifying and obscuring it in the ways described above.

Examine Study Data

First look at the data to be exported.

  • Navigate to the Security Tutorial > Study folder.
  • Click the Clinical and Assay Data tab. This tab shows the individual datasets in the study. There are currently two datasets: "Participants" and "Physical Exam".
  • Click Physical Exam. Notice that the participant ids are 6 digit numbers, including "110349". When we export this table, we will randomize these ids, obscuring the identity of the subjects of the study.
  • Return to the Clinical and Assay Data tab.
  • Click Participants. Notice the dates in the table are almost all from the last two weeks of April, 2008. When we export this table, we will randomly shift these dates, to obscure when subject data was actually collected.
  • Notice the columns for Country and Gender. We will mark these as "Limited PHI" and "Full PHI" respectively, so that our export will not include them. (Given that there is exactly one male patient from Germany in our sample, he would be easy to identify with only this information.)

Mark PHI Columns

We will mark two columns, "Gender" and "Country" as containing different levels of PHI. This gives us the opportunity to control when they are included in export. If we are exporting for users who are not granted access to any PHI, they would not see the contents of either of these columns.

  • Click the Manage tab. Click Manage Datasets.
  • Click Participants (the dataset, not the tab) and then Edit Definition.
  • Under Dataset Fields select Gender.
  • Click the Advanced tab.
  • As PHI Level, select "Full PHI" for this field.
  • Repeat for the Country field, selecting "Limited PHI".
  • Click Save.

Set up Alternate Participant IDs

Next we will configure how participant ids are handled on export, so that the ids are randomized using a given text and number pattern. Once alternate IDs are specified, they are maintained internally so that different exports and publications from the same study will contain matching alternates.

  • Click the Manage tab.
  • Click Manage Alternate Participant IDs and Aliases.
  • For Prefix, enter "ABC".
  • Click Change Alternate IDs. Click to confirm; these alternates will not match any previously used alternate IDs.
  • Scroll down and click Done.

Notice that you could also manually specify the alternate IDs to use by setting a table of participant aliases which map to a list you provide.

Export/Publish Anonymized Data

Now we are ready to export this data, using the extra data protections in place.

This procedure will "Publish" the study. That is, a new child folder will be created and selected data from the study will be randomized and copied to it.

  • Return to the Manage tab.
  • Scroll down and click Publish Study.
  • Complete the wizard, selecting all participants, datasets, and timepoints in the study. For fields not mentioned here, enter anything you like.
  • On the Publish Options panel, check the following options:
    • Use Alternate Participant IDs
    • Shift Participant Dates
    • Remove PHI Protected Columns
    • You could also check Mask Clinic Names which would protect any actual clinic names in the study by replacing them with a generic label "Clinic."
    • As the PHI Level for Publishing, select "Limited PHI". This means that all columns tagged "Limited PHI" or higher will be excluded.
  • Click Finish.
  • Wait for the publishing process to finish.
  • Navigate to the new published study folder (a child folder under Study).
  • On the Clinical and Assay Data tab, look at the published datasets Physical Exam and Participants. Notice how the participant ids and dates have been randomized. Notice that the Gender and Country fields have been held back (not been published).

If instead you selected "Full PHI" as the level to exclude, you would have seen the "Country" column but not the "Gender" column.

Security for the New Folder

How should you configure the security on this new folder?

The answer depends on your requirements.

  • If you want the general public to see this data, you would add Guests to the Reader role. This allows non-logged-in users to see the folder.
  • If want only members of the study team to have access, you would add Study Group to the Reader role, or a higher role.
For details on the different roles that are available see Security Roles Reference.

Previous Step

What Next?

Discussion

previousnext
 
expand all collapse all