1. Administrator's Guide
  2. Manage access to patient or subject records and PII
  3. Read some use cases for more context

Read some use cases for more context

Scenario A

Dr. Smith needs to view all patient and subject data with de-identified PII. She works in an environment where row-level filtering is disabled, meaning assignment to a data access policy is not required.

There is no need to explicitly assign a data access policy to Dr. Smith. In her environment, any user has access to non-PII data for all patients and subjects.

Scenario B

Dr. Chen needs to see patient data in Patient Group 1, including all PII values except patient name and address. She works in an environment where access to patient and subject records is controlled. To give her access:

  1. Create a data access policy for the patient group that Dr. Chen has access to view. Set all patient attribute groups in the policy except Patient name and address to Y.
    BEGIN
VPD_UTIL.ADD_VPD_CONFIG    (I_CONFIG_NAME  =>	'GROUP1_PATIENTS_ALL_PII_EXCEPT_NAME_ADDRESS' ,
	I_PT_ADD     =>	'N'                                    ,
	I_PT_CONSENT =>	'Y'                                    ,
	I_PT_DATE    =>	'Y'                                    ,
	I_PT_DX      =>	'Y'                                    ,
	I_PT_ENC     =>	'Y'                                    ,
	I_PT_HIST    =>	'Y'                                    ,
	I_PT_ID      =>	'Y'                                    ,
	I_PT_MED     =>	'Y'                                    ,
	I_PT_NAME    =>	'N'                                    ,
	I_PT_OBSV    =>	'Y'                                    ,
	I_PT_PROC    =>	'Y'                                    ,
	I_PT_SPEC	 =>	'Y'                                    ,
I_DESCRIPTION  =>	'Configuration with access to GROUP1 patients with PII attributes except Name and Address',
	I_PATIENT_GROUP  =>'GROUP1',
I_EXPIRATION_DATE       => date '2025-12-31'
	);
END;
/
  2. Assign Dr. Chen (jchen12) to the above data access policy.
    BEGIN
VPD_UTIL.ADD_CONFIG_USER
  (I_EXISTING_CONFIG_NAME  => 'GROUP1_PATIENTS_ALL_PII_EXCEPT_NAME_ADDRESS'  ,
   I_USER_NAME             => 'jchen12',
   I_EXPIRATION_DATE       => date '2025-12-31');
END;
/

Scenario C

Dr. Gupta is authorized to see all patient and subject data, including identifiable data.

BEGIN
VPD_UTIL.ADD_CONFIG_USER  
  (I_EXISTING_CONFIG_ID    => 1,
   I_USER_NAME             => 'kgupta',
   I_EXPIRATION_DATE       => date '2025-12-31');
END;
/

Scenario D

Dr. Black needs to see de-identified data in STUDY A and identified data in STUDY B.

  1. Create a data access policy that grants access to de-identified PII data on subjects from STUDY A.

    Note:

    This step is optional when row-level filtering is disabled. 
    BEGIN
VPD_UTIL.ADD_VPD_CONFIG    (I_CONFIG_NAME  =>	'STUDY_A_SUBJECTS_NO_PII' ,
  I_SUBJ_ADD     =>	'N'                                    ,
	I_SUBJ_CONSENT =>	'N'                                    ,
	I_SUBJ_DATE    =>	'N'                                    ,
	I_SUBJ_DX      =>	'N'                                    ,
	I_SUBJ_ENC     =>	'N'                                    ,
	I_SUBJ_HIST    =>	'N'                                    ,
	I_SUBJ_ID      =>	'N'                                    ,
	I_SUBJ_MED     =>	'N'                                    ,
	I_SUBJ_NAME    =>	'N'                                    ,
	I_SUBJ_OBSV    =>	'N'                                    ,
	I_SUBJ_PROC    =>	'N'                                    ,
	I_SUBJ_SPEC	   =>	'N'                                    ,
  I_DESCRIPTION  =>	'Configuration with access to Study A subjects with no PII attribute values',
  I_SUBJECT_STUDY=>'Study A'
	);
END;
/
  2. Create a data access policy that grants access to subjects from STUDY B and their identifiable attribute values:
    BEGIN
VPD_UTIL.ADD_VPD_CONFIG    (I_CONFIG_NAME  =>	'STUDY_B_SUBJECTS_FULL_PII' ,
I_SUBJ_ADD     =>	'Y'                                    ,
	I_SUBJ_CONSENT =>	'Y'                                    ,
	I_SUBJ_DATE    =>	'Y'                                    ,
	I_SUBJ_DX      =>	'Y'                                    ,
	I_SUBJ_ENC     =>	'Y'                                    ,
	I_SUBJ_HIST    =>	'Y'                                    ,
	I_SUBJ_ID      =>	'Y'                                    ,
	I_SUBJ_MED     =>	'Y'                                    ,
	I_SUBJ_NAME    =>	'Y'                                    ,
	I_SUBJ_OBSV    =>	'Y'                                    ,
	I_SUBJ_PROC    =>	'Y'                                    ,
	I_SUBJ_SPEC	   =>	'Y'                                    ,
I_DESCRIPTION  =>	'Configuration with access to Study B subjects with all PII attribute values',
I_SUBJECT_STUDY=>'Study B'
	);
END;
/
  3. Assign Dr. Black to these data access policies:

    Note:

    Assigning STUDY_A_SUBJECTS_NO_PII configuration is optional if row-level filtering is disabled. 
    BEGIN
VPD_UTIL.ADD_CONFIG_USER  
  (I_EXISTING_CONFIG_NAME  => 'STUDY_A_SUBJECTS_NO_PII',
   I_USER_NAME             => 'sblack',
   I_EXPIRATION_DATE       => date '2025-12-31');
END;
/

BEGIN
VPD_UTIL.ADD_CONFIG_USER  
  (I_EXISTING_CONFIG_NAME  => 'STUDY_B_SUBJECTS_FULL_PII',
   I_USER_NAME             => 'sblack',
   I_EXPIRATION_DATE       => date '2025-12-31');
END;
/

Parent topic: Manage access to patient or subject records and PII