The following describes how the compliance module works with respect to:
- user login
- PHI data access
- logging that lets auditors determine which users have accessed which data, and for what reasons
When a user signs into a folder where Compliance features have been activated, they must first declare information about the activity or role they will be performing.
- A Role must be provided.
- An IRB (Institutional Review Board) number must be provided.
- Users declare the PHI level of access they require for the current task. The declared PHI level affects the data tables and columns that will be shown to the user upon a successful login.
The compliance module lets you annotate each column (for Lists and Datasets) with a PHI level. Possible PHI levels include:
- Not PHI - This column is visible for all PHI level declarations.
- Limited PHI - Visible for users declaring Limited PHI and above.
- Full PHI - Visible for user declaring Full PHI.
- Restricted - Visible for users who have been assigned the Restricted PHI role. Note that no declaration made during login allows users to see Restricted columns.
The Query Browser is also sensitive to the user's PHI access level. If the user has selected non-PHI access, the patient tables are shown, but the PHI columns will be hidden or shown with the data blanked out. For example, if a user selects "Coded/No PHI" during sign on, the user will still be able to access patient data tables, but the PHI columns will be hidden.
Search and API
Search results follow the same pattern as accessing data grids. Search results will be tailored to the users PHI-role and declared activity. Similarly, for the standard LabKey API (e.g., selectRows(), executeSql()).
Grid View Sharing
Sharing of customized data grids. When saving a grid, you have the option to share it with a target group or user. When the target user does not have access to PHI data in a shared grid/filter, they will be denied access to the entire grid. Grid and filter sharing events are logged.
Export actions respect the same PHI rules as viewing data grids. If you aren't allowed to view the column, you cannot export it in any format.
- Which users have seen a given patient's data? What data was viewed by each user?
- Which patients have been seen by a particular user? What data was viewed for each patient?
- Which roles and PHI levels were declared by each user? Were those declarations appropriate to their job roles & assigned responsibilities?
- Was the data accessed by the user consistent with the user's declarations?
The screenshot below shows how the audit log captures which SQL queries have been viewed.