Administrators can mark columns as either Restricted PHI, Full PHI, Limited PHI, or Not PHI. Simply marking fields with a particular PHI level does not restrict access to these fields. To restrict access, administrators must also define how the server handles PHI data with respect to PHI Role assignment and Terms of Use selection. To define PHI data handling, see
Compliance: Configure PHI Data Handling.
Note that this system allows administrators to control which fields contain PHI data and how those fields are handled without actually viewing the data in the PHI fields. Access to viewing PHI data is controlled separately and not provided to administrators unless granted explicitly.
Example PHI LevelsThe following table provides example PHI-level assignments for fields. These are not recommendations or best practices for PHI assignments.
| PHI Level | Example Data Fields |
|---|
| Restricted PHI | HIV status
Social Security Number
Credit Card Number |
| Full PHI | Address
Telephone Number
Clinical Billing Info |
| Limited PHI | ZIP Code
Partial Dates |
| Not PHI | Heart Rate
Lymphocyte Count |
Annotate Fields with PHI Level
The user interface for editing fields is changing. To mark the PHI level of individual columns in datasets, lists, issues, and specimen data, use the
field properties editor as shown here:
To mark the PHI level of columns in assay data, sample sets, data classes, site user properties, study additional properties, and extensible table definitions, use
Advanced Settings in the new
field editor shown here:
For Developers: Use XML Metadata
As an alternative to the graphical user interface, you can assign a PHI level to a column in the schema definition XML file.
In the example below, the column DeathOrLastContactDate has been marked as "Limited":
<column columnName="DeathOrLastContactDate">
<formatString>Date</formatString>
<phi>Limited</phi>
</column>
Possible values are:
- NotPHI
- Limited
- PHI
- Restricted
The default value is NotPHI.
Review the
PHI XML Reference.
