Users of your application must first sign "Terms of Use" before they enter and see data. The compliance module can be configured to display different Terms of Use documents depending on declarations made by the user before entering the data environment. This topic explains how to configure the various Terms of Use available to users, and how to dynamically produce Terms of Use depending on user declarations at login.

Each 'term' of a term of use document can be defined separately, enabling you to create a modular document structure one paragraph at a time. Some paragraphs might common to all users and some specific only to a single role and PHI level.

Configure Terms of Use

First confirm that both the Compliance and ComplianceActivities modules are present on your server and enabled in your container. Check this on the (Admin) > Folder > Management > Folder Type tab.

Administrators enter different elements and paragraphs, elements which are used to dynamically construct a Terms of Use based on user assertions at login.

You can define Terms of Use in the current folder, or in the parent folder. If defined in a parent folder, the Terms of Use can be inherited in multiple child folders. Terms of Use defined in the parent folder can be useful if you are building multiple child data portals for different audiences, such as individual data portals for different clinics, or different sets of researchers, etc.

The configuration described below shows how to define Terms of Use in a single folder. This configuration can be re-used in child folders if desired.

• Go to Admin > Folder > Management and click the Compliance tab.
• To reuse a pre-existing Terms of Use that already exist in the parent folder, select Inherit Terms of Use from parent.
• To configure new Terms of Use element for the current folder, click Terms of Use.

• On the Terms of Use grid, select (Insert data) > Insert New Row
• Or select Import Bulk Data to enter multiple terms using an Excel spreadsheet or similar tabular file.

• Activity: Activity roles associated with the Terms of Use element. By selecting an activity, terms will only be displayed for the corresponding PHI security role. Note that the Activity dropdown is populated by values in the ComplianceActivities module. Default values for the dropdown are:
• RESEARCH_WAIVER - For a researcher with a waiver of HIPAA Authorization/Consent.
• RESEARCH_INFORMED - For a researcher with HIPAA Authorization/Consent.
• RESEARCH_OPS - For a researcher performing 'operational' activities in the data portal, that is, activities related to maintenance and testing of the data portal itself, but not direct research into the data.
• HEALTHCARE_OPS - For non-research operations activities, such as administrative and business-related activities.
• QI - For a user performing Quality Improvement/Quality Control of the data portal.
• PH - For a user performing Public Health Reporting tasks.
• IRB: The Internal Review Board number under which the user is entering the data environment. Terms with an IRB number set will only be shown for that IRB number.
• PHI: If a checkmark is added, this term will be shown only if the user is viewing PHI. To have this term appear regardless of the activity/role or IRB number, leave this unchecked.
• Term: Text of the Terms of Use element.
• Sort Order: If multiple terms are defined for the same container, activity, IRB, and PHI level, they will be displayed based on the Sort Order number defined here.

The following Terms of Use element will be displayed to users that assert an activity of Research Operations, an IRB of 2345, and a PHI level of Limited PHI or Full PHI. It will also be displayed as the third paragraph in the dynamically constructed Terms of Use.

Dynamic Terms of Use: Example

Assume that an administrator has set up the following Terms of Use elements. In practice the actual terms paragraphs would be far more verbose.

And assume that a user makes the following assertions before logging in.

The terms applicable to information entered are concatenated in the order specified. The completed Terms of Use document will be constructed and displayed to the user for approval.

Related Topics

• Compliance
• Establish Terms of Use - Set at project-level or site-level based on specially named wikis. Note that this is a separate, non-PHI related mechanism for establishing terms of use before allowing access to the server.