Overview
Top  |
|
Data Masking For Biobanking |
Overview |
|
|
To comply with PII, PHI, HIPAA, and Safe Harbor requirements it may be necessary to protect the privacy of individuals by hiding or masking sensitive information from unauthorized Users within LabVantage. Data Masking is a highly configurable module that automatically determines, depending on a Users authority, whether or not to display sensitive information to the current User and if not, in what format.
OOB, Data Masking is configured for Biobanking. The following SDCs and columns have been defined as containing sensitive information in the Masking Policy.
| Field | Description | ||||||
| Subject | When viewing the Subject pages, the following fields will be masked to unauthorized Users.
|
||||||
| Participant | When viewing Participant pages, the following fields will be masked to unauthorized Users.
|
||||||
| ParticipantEvent | When viewing Parthian Events the following fields
|
OOB, the Global "Masking Enabled" property is "No". Once enabled ("Yes"), the columns listed above are masked to all Users according to Masking Rules defined in the Masking Policy. Defining Visibility Rules "Un-masks" this data for authorized Users.
The following sections identify how Data Masking can be applied within Biobanking. For specific details about configuring Data Masking for Biobanking see Data Masking.
Masking Sensitive Information |
|
|
When sensitive information is displayed to an unauthorized User, pre-defined masking techniques are used to mask the information. The following example shows the Subject List page with the Birth Date field masked.
For each Subject listed above, a different level of Masking has been defined according to that Subject's privacy requirements. Each level (High, Medium or Low) defines a particular masking technique.
Subject 1, for example is defined with a "High" Masking Level and shows the text [Restricted] in place of the Subject's Birth Date.
A Default Masking level can be defined at the SDC level and defaults to each SDI, or define a Masking Level specifically for the SDI.
| NOTE: | You may need to expose the Masking Level field within the SDI. |
Subject information can be accessed from many points within Biobanking. Any time that Subject's information is displayed, it will be shown according to the User's authority and the defined Masking Rules. In the example below, an unauthorized User navigates from the Lab Operations Sample List page, to the Subject Maintenance page, where the Birth Date field is masked.
These Data Masking and Visibility Rules will be applied when Reporting sensitive information.
Identify Authorized Users |
|
|
Visibility Rules "unmask" sensitive information to authorized Users. Authorized Users can be identified depending on their Role, Job Type or Department.
A Users ability to view sensitive information can be established in the following ways:
| • | Having a certain Role. The Role "ViewMaskedData" is provided OOB. |
| • | Being within the same Department as the User who created the Study. (User has "ViewMaskedData" operation as "M" for Departmental Security). |
| • | Having the "ViewMaskedData" operation checked in SDI Security for the SDC. |
| • | Having the authority to view Masked Data on a linked SDI. The Security Set of the linked SDI defines visibility for this SDI. |
| • | Have been given specific authority to view Masked Data for an SDI. A Limited DataSet availability concept can be defined. |
These decisions are made using the Masking Policy and within SDCs defined as containing sensitive information. For more information see Data Masking.
Role Based Visibility |
Role based Visibility is the most simple implementation of Data Masking. Within the Masking Policy, Global Settings, the Visibility Rule is defined as "Role Only" and a specific "Role" is defined. Users having that Role can view information considered sensitive. This means that before displaying columns identified as sensitive, LabVantage ensures that the current User has the specified Role. If yes, the User is shown the information. If not, the User is shown masked information.
SDI Security Based Visibility |
Utilizing existing SDI Security measures, LabVantage can automatically determine which Users or Job Types are authorized to view sensitive information.
In the example below a User from Department 1 is not authorized to view sensitive information for Participants in Studies outside his own Department.
When User 1 is the current User, and views the Participant List page, he is authorized to view sensitive information on the Participant record for Study D1 (Department 1), but shown masked Subject information for the Participant of Study D2 (Department 2).
For specific details about configuring this data masking scenario, see the Data Masking, Visibility Determined by SDI Security example.