PHI - Patient Health Information

stephanievospet
Kilo Explorer

‎07-08-2015 07:03 PM

How are you protecting PHI in the system?   Often for incident investigation and problem solving PHI is needed for reference by analysts.

  • Do you take application security measures so that some IT staff are not authorized to view certain types of work where PHI may be or is confirmed present?
  • How do you handle security when this information may be emailed after it's added to a work note?

Thank you!

0 Helpfuls
  • 2,208 Views
3 REPLIES 3

bernyalvarado
Mega Sage

‎07-08-2015 10:17 PM

Sensitive data can be secured through ACLs : http://wiki.servicenow.com/index.php?title=Using_Access_Control_Rules#gsc.tab=0



Make sure that these ACLs have an admin overwrite unchecked. That will prevent even admins from accessing the data. In case someone changes the ACL system configuration, the system will keep trace of the user and the date/time on which the change was performed.



Thanks,


Berny


0 Helpfuls

Brett Baier
ServiceNow Employee
ServiceNow Employee

‎02-27-2018 10:01 AM

I have written a utility to handle moving secure data to a special table with breakglass tracking.  See the Share here 

Secure Data Extension

I also have a video demo for it listed on the site as well...

0 Helpfuls

Cindy Dixon
Tera Contributor
In response to Brett Baier

‎02-03-2023 06:13 AM

hi - do you still have this available? 

0 Helpfuls