Explore the LabKey platform free for 30-days! Start your trial >

Regulatory Compliance Support

Ensure audit ready compliance with premium support for HIPAA, FISMA, and CFR Part 11 regulations.

LabKey Server compliance features help biomedical research teams uphold HIPAA, FISMA, and CFR Part 11 Compliance regulations.

Advanced Controls Ensure Appropriate Data Access

Advanced controls in LabKey Server help restrict data access to authorized users and manage user accounts in a FISMA compliant manner.

PHI Flagging Protects Confidential Patient Data

Flagging data as protected health information in LabKey Server allows you to restrict the visibility of confidential information to users explicitly granted access in accordance with HIPAA regulations.

Activity Logging Supports Audit Preparedness

Detailed logging of data access and use, coupled with the ability to snapshot and electronically sign datasets in LabKey Server prepare teams for compliance audits and supports CFR Part 11 compliance.

How it Works

LabKey Server account management allows research teams to set FISMA compliant requirements for user accounts.

Advanced Account Management

Advanced account management features help organizations adhere to FISMA regulations and by allowing administrators to define account expiration dates for short term users and disable inactive accounts after a period of time, as well as, set limits on unsuccessful login attempts, enforce strong password rules and periodic resets, and prevent users from resetting their email addresses if needed. Organizations can also limit identity providers to only those who are FICAM-approved for additional security.

LabKey Server compliance features support PHI access logging and Dynamic terms of user generation prior to data access.

Terms of Use

LabKey Server compliance features allow organizations to require that each user declare their role, IRB number, and the level of PHI they are approved to see prior to providing access to data. After collecting details about the user and their intended use, users are asked to sign a terms of use document that is dynamically assembled by LabKey Server to match the access requested. The specific terms of use agreed to by each user per session is logged with details about their role, what they declared as their intent, and which data they accessed and/or downloaded.

LabKey Server compliance features allow administrators to flag PHI columns to restrict access to sensitive data

Annotation of PHI Fields

Data columns in LabKey Server that contain confidential information can be flagged with the level of protection required: none, limited, full, restricted. Data in protected fields is only shown to users granted access at or above that level. Users can export subsets of data with PHI columns removed, allowing users to highlight significant trends over time without revealing any detail about the patients. Those with appropriate access can also run consolidated PHI reports to illustrate the full picture of protected health information.

LabKey Server compliance features support CFR part 11 regulations with electronic signatures.

Electronic Signatures

LabKey Server allows users to generate a filtered snapshot of data that can be reviewed, approved, and signed by an authenticated user. Electronic signatures are recorded with relevant details including a user entered reason. Any subsequent downloads of signed data snapshots are logged to assist in tracing usage.

LabKey Server compliance features allow audit logging of all data access and activities.

Audit Logging

LabKey Server logs all data access and system activities for administrators to review. Metrics inspire confidence in daily operations and details will assist in the event of audit. Additional detail is provided when any PHI is accessed on screen, by download, or via SQL query, including the specific version of the terms of use signed by the user.

Close Menu
CONTACT US