This checklist provides step-by-step instructions for setting up and using the Compliance and ComplianceActivities modules.
Checklist
- Acquire a distribution that includes the compliance modules
- Unlike most modules, administrators don't have to explicitly enable the compliance modules in individual folders. The compliance modules are treated as enabled for all folders on a server if they are present in the distribution.
- To ensure that the compliance modules are available, go to (Admin) > Site > Admin Console and click Module Information. Confirm that Compliance and ComplianceActivities are included in the list of modules. If not, contact us.
- Define settings for accounts, login, session expiration, project locking, and more
- Limit unsuccessful login attempts, set account expiration dates.
- Audit processing failure notifications
- Login parameters, like number of attempts allowed
- Obscuring data after session timeout
- Project locking and review workflow
- Documentation: Compliance: Settings
- Set password strength and expiration
- Set PHI levels on fields:
- Determine which fields in your data (Datasets and List) hold PHI data, and at what level.
- Documentation: Protecting PHI Data
- Define terms of use:
- Define the terms of use that users are required to sign before viewing/interacting with PHI data.
- Documentation: Compliance: Terms of Use
- Assign user roles
- Assign PHI-related security roles to users, including administrators. No user is automatically granted access to PHI due to logging requirements.
- Documentation: Compliance: Security Roles
- Enable compliance features in a folder
- Require users to declare activiy (such as IRB number) and signing of Terms of Use.
- Require PHI roles to access PHI data.
- Determine logging behavior.
- Documentation Compliance: Configure PHI Data Handling
- Test and check logs
- Test by impersonating users.
- Determine if the correct Terms of Use are being presented.
- Determine if PHI columns are being displayed or hidden in the appropriate circumstances.
- Documentation: Compliance: Logging
Related Topics