This checklist provides step-by-step instructions for setting up and using the Compliance and ComplianceActivities modules.

Checklist

• Acquire a distribution that includes the compliance modules
• Unlike most modules, administrators don't have to explicitly enable the compliance modules in individual folders. The compliance modules are treated as enabled for all folders on a server if they are present in the distribution.
• To ensure that the compliance modules are available, go to (Admin) > Site > Admin Console and click Module Information. Confirm that Compliance and ComplianceActivities are included in the list of modules. If not, contact us.
• Define account and login behavior
• Limit unsuccessful login attempts, set account expiration dates, etc.
• Documentation: Compliance: User Accounts and Login
• Set PHI levels on fields:
• Determine which fields in your data (Datasets and List) hold PHI data, and at what level.
• Documentation: Compliance: Setting PHI Levels on Fields
• Define terms of use:
• Define the terms of use that users are required to sign before viewing/interacting with PHI data.
• Documentation: Compliance: Terms of Use
• Assign user roles
• Assign PHI-related security roles to users, including administrators. No user is automatically granted access to PHI due to logging requirements.
• Documentation: Compliance: Security Roles
• Enable compliance features in a folder
• Require users to declare activiy (such as IRB number) and signing of Terms of Use.
• Require PHI roles to access PHI data.
• Determine logging behavior.
• Documentation Compliance: Configure PHI Data Handling
• Test and check logs
• Test by impersonating users.
• Determine if the correct Terms of Use are being presented.
• Determine if PHI columns are being displayed or hidden in the appropriate circumstances.
• Documentation: Compliance: Logging