Compliance: Configure PHI Data Handling

2024-03-29

Premium Feature — Available in the Enterprise Edition of LabKey Server. Learn more or contact LabKey.

Compliance features offer several controls at the folder level:

Administrators can control the compliance features for a given folder by navigating to:

(Admin) > Folder > Management. Click the Compliance tab.

Terms of Use

To utilize any terms of use already present in the parent container (project or folder), check the box: Inherit Terms of Use from parent.

Click Terms of Use > to set new terms for this container

Require Activity/PHI Selection and Terms of Use Agreement

When enabled, users will be presented with a PHI level selection popup screen on login. The appropriate Terms of Use will be presented to them, depending on the PHI selection they make.

Require PHI Roles to Access PHI Columns

Role-based PHI handling prevents users from viewing and managing data higher than their current PHI level. Check the box to enable the PHI related roles. When enabled, all users, including administrators, must be assigned a PHI role to access PHI columns.

You can also control the behavior of a column containing PHI when the user isn't permitted to see it. Options:

  • Blank the PHI column: The column is still shown in grid views and is available for SQL queries, but will be shown empty.
  • Omit the PHI column: The column will be completely unavailable to the user.
Note that if your data uses any text choice fields, administrators and data structure editors will be able to see all values available within the field editor, making this a poor field choice for sensitive information.

Note that assay data does not support using PHI levels to restrict access to specific fields. Control of access to assay data should be accomplished by using folder permissions and only selectively copying non-PHI data to studies.

Query Logging

You can select three levels of additional logging, beyond what is ordinarily logged by LabKey Server. Options:

  • Do not add additional logging for query access
  • Log only query access including PHI columns (Default)
  • Log all query access
For logging details, see Compliance: Logging.

Related Topics