Compliance: Checklist

2024-03-29

Premium Feature — Available in the Enterprise Edition of LabKey Server. Learn more or contact LabKey.

This checklist provides step-by-step instructions for setting up and using the Compliance and ComplianceActivities modules.

Checklist

  • Acquire a distribution that includes the compliance modules
    • Unlike most modules, administrators don't have to explicitly enable the compliance modules in individual folders. The compliance modules are treated as enabled for all folders on a server if they are present in the distribution.
    • To ensure that the compliance modules are available, go to (Admin) > Site > Admin Console and click Module Information. Confirm that Compliance and ComplianceActivities are included in the list of modules. If not, contact us.
  • Define settings for accounts, login, session expiration, project locking, and more
    • Limit unsuccessful login attempts, set account expiration dates.
    • Audit processing failure notifications
    • Login parameters, like number of attempts allowed
    • Obscuring data after session timeout
    • Project locking and review workflow
    • Documentation: Compliance: Settings
    • Set password strength and expiration
  • Set PHI levels on fields:
    • Determine which fields in your data (Datasets and List) hold PHI data, and at what level.
    • Documentation: Protecting PHI Data
  • Define terms of use:
    • Define the terms of use that users are required to sign before viewing/interacting with PHI data.
    • Documentation: Compliance: Terms of Use
  • Assign user roles
    • Assign PHI-related security roles to users, including administrators. No user is automatically granted access to PHI due to logging requirements.
    • Documentation: Compliance: Security Roles
  • Enable compliance features in a folder
    • Require users to declare activiy (such as IRB number) and signing of Terms of Use.
    • Require PHI roles to access PHI data.
    • Determine logging behavior.
    • Documentation Compliance: Configure PHI Data Handling
  • Test and check logs
    • Test by impersonating users.
    • Determine if the correct Terms of Use are being presented.
    • Determine if PHI columns are being displayed or hidden in the appropriate circumstances.
    • Documentation: Compliance: Logging

Related Topics