Vault encrypts Personally Identifiable Information (PII) and Protected Health Information (PHI) at the field level.
About Field Encryption
All Vault data is stored on encrypted disks. For sensitive information, there is a second level of encryption for field values. Vault encrypts standard PII and PHI fields captured in Individual Case Safety Reports (ICSRs). You can also configure custom encryption on additional Case object fields. Only authorized users within Vault can access the encrypted information.
Note: Unless an authorized user grants delegate access to Veeva Support, they cannot access data contained in encrypted fields.
PII and PHI Field Encryption
Vault encrypts fields that store PII and PHI on Inbox Items, Cases, and Case-descendant objects, based on the field information, ICH E2B specifications, and EU GDPR compliance. For the list of fields that Vault can mask for masked distributions, see Generate Masked Safety Reports. For more information on PII and PHI protection, see Configuring Vault Objects.
Note: Due to a Vault limitation, the Sex and Country fields cannot be encrypted.
Encrypted Case Fields
The following table lists the Case and Case-descendant object fields that Vault encrypts for PII and PHI. Vault also encrypts the MedDRA license key and credentials. For each of these fields, you can determine whether masking is enabled.
| Object | Field |
|---|---|
Case (case_version__v) |
Patient Initials (patient_id_value__v) |
Date of Birth (dob_idate__v) (dob_normalized__v) |
|
Date of Death (dod_idate__v) (dod_normalized__v) |
|
Last Menstrual Period (last_menstrual_idate__v) (last_menstrual_normalized__v) |
|
Gestation (gestation_value__v) (gestation_unit__v) |
|
Specialist MRN (mrn_specialist_value__v) |
|
Investigation MRN (mrn_investigation_value__v) |
|
Hospital MRN (mrn_hospital_value__v) |
|
GP MRN (mrn_gp_value__v) |
|
Pregnancy Conception Date (pregnancy_conception_date__v) |
|
Pregnancy Due Date (pregnancy_due_date__v) |
|
Date of Pregnancy Outcome (date_of_pregnancy_outcome__v) |
|
Number of Fetuses (number_of_fetuses__v) |
|
Para/Parity (para_parity__v) |
|
Gravida/Gravidity (gravida_gravidity__v) |
|
Event Onset (event_onset_idate__v) (event_onset_normalized__v) |
|
Reporter First Name (reporter_first_name__v) |
|
Reporter Last Name (reporter_last_name__v) |
|
Medical History Text (medical_history_text__v) |
|
Race (race__v) |
|
Ethnicity (ethnicity__v) |
|
Pregnant at Exposure (pregnant_at_vaccination__v) |
|
Matching Contents (matching_contents__v) |
|
Case Product Dosage (case_product_dosage__v) |
First Administration (firstadmin_idate__v) (firstadmin_normalized__v) |
Last Administration (lastadmin_idate__v) (lastadmin_normalized__v) |
|
Case Adverse Event (case_adverse_event__v) |
Onset (onset_idate__v) (onset_normalized__v) |
Cessation (resolved_idate__v) (resolved_normalized__v) |
|
Hospital Admission Date (hospital_admission_date__v) |
|
Hospital Discharge Date (hospital_discharge_date__v) |
|
Case Medical History (case_medical_history__v) |
Start Date (startdate_idate__v) (startdate_normalized__v) |
Continuing (continuing_value__v) |
|
End Date (enddate_idate__v) (end_date_normalized__v) |
|
Case Drug History (case_drug_history__v) |
Start Date (startdate_idate__v) (startdate_normalized__v) |
End Date (enddate_idate__v) (end_date_normalized__v) |
|
Case Contact (case_contact__v) |
Title (title_value__v) |
First Name (firstname_value__v) |
|
Middle Name (middlename_value__v) |
|
Last Name (lastname_value__v) |
|
Street (street_value__v) |
|
Street Line 2 (street_line_2_value__v) |
|
City (city_value__v) |
|
Organization (organization_value__v) |
|
Department (department_value__v) |
|
City (city_value__v) |
|
County (county__v) |
|
State/Province (state_province_value__v)Note: State/Province values are encrypted only when a text value is entered. The State/Province object reference field cannot be encrypted due to a Vault limitation. |
|
Postal/Zip (postalcode_value__v) |
|
Email (email_address__v) |
|
Fax (fax__v) |
|
Telephone (telephone_value__v) |
Encrypted Inbox Item Fields
The following table lists the Inbox Item fields that Vault encrypts for PII and PHI. Unlike Case fields, you cannot configure which Inbox Item fields Vault encrypts.
| Section | Field |
|---|---|
| Case Contacts | Title (title_value__v) |
First Name (firstname_value__v) |
|
Middle Name (middlename_value__v) |
|
Last Name (lastname_value__v) |
|
Street (street_value__v) |
|
Street Line 2 (street_line_2_value__v) |
|
City (city_value__v) |
|
Organization (organization_value__v) |
|
Department (department_value__v) |
|
County (county__v) |
|
Country (country_value__v) |
|
State/Province (state_province_value__v)Note: State/Province values are encrypted only when a text value is entered. The State/Province object reference field cannot be encrypted due to a Vault limitation. |
|
Postal/Zip (postalcode_value__v) |
|
Email (email_address__v) |
|
Fax (fax__v) |
|
Telephone (telephone_value__v) |
|
| Patient | Patient Initials (patient_id_value__v) |
Date of Birth (dob_idate__v) (dob_normalized__v) |
|
Date of Death (dod_idate__v) (dod_normalized__v) |
|
Last Menstrual Period (last_menstrual_idate__v) (last_menstrual_normalized__v) |
|
Gestation (gestation_value__v) (gestation_unit__v) |
|
MRN - Specialist (mrn_specialist_value__v) |
|
MRN - Investigation (mrn_investigation_value__v) |
|
MRN - Hospital (mrn_hospital_value__v) |
|
MRN - GRP (mrn_gp_value__v) |
|
Pregnancy Due Date (pregnancy_due_date__v) |
|
Date of Pregnancy Outcome (date_of_pregnancy_outcome__v) |
|
Number of Fetuses (number_of_fetuses__v) |
|
Pregnant at Exposure (pregnant_at_vaccination__v) |
|
Para/Parity (para_parity__v) |
|
Gravida/Gravidity (gravida_gravidity__v) |
|
Race (race__v) |
|
Ethnicity (ethnicity__v) |
|
Matching Contents (matching_contents__v) |
|
Height (height_value__v) (height_unit__v) (height_normalized_cm__v) |
|
Age Group (age_group__v) |
|
Age (age_value__v) (age) (age_normalized_year__v) |
|
| Products > Case Product | Indication (child_indication_data__v) (name_meddra__v) (name_meddra_coding_method__v) (name_reported__v) |
Start Date (startdate_idate__v) (startdate_normalized__v) |
|
End Date (enddate_idate__v) (end_date_normalized__v) |
|
| Products > Case Product Dosage | First Admin Date (firstadmin_idate__v) (firstadmin_normalized__v) |
Last Admin Date (lastadmin_idate__v) (lastadmin_normalized__v) |
|
Duration (duration_unit__v) (duration_number__v) (duration_calculation_status__v) |
|
| Medical Events | Onset (onset_idate__v) (onset_normalized__v) |
Cessation (resolved_idate__v) (resolved_normalized__v) |
|
Hospital Admission Date (hospital_admission_date__v) |
|
Hospital Discharge Date (hospital_discharge_date__v) |
|
Start Date (startdate_idate__v) (startdate_normalized__v) |
|
Continuing (continuing_value__v) |
|
End Date (enddate_idate__v) (end_date_normalized__v) |
Configure Custom Field-Level Encryption
Note: Vault cannot add additional encryption on system-managed fields, object keys (name__v), formula reference fields, document reference fields, or fields that already have values.
- In the Admin area, go to Configuration > Objects.
- Open the object that contains the fields that you want to encrypt.
- From the Fields tab, open the field that you want to encrypt.
- Select Edit.
- Select Encrypt Field Value.
- Select Save.
Result
Vault will encrypt values entered into fields where you have enabled this option. You can only enable this option for a maximum of ten (10) fields per object. Configuring Vault Objects provides more information about configuring Vault objects.
Field-Level Encryption Limits
Vault enforces certain limits to ensure that you do not experience performance issues:
| Type | Limit |
|---|---|
| Custom Objects | Up to 50 custom objects per Vault |
| Custom Fields on Objects | Up to 300 custom fields assigned to each object |
| Object Types | Up to 10 object types per object |
| Object Records | Up to ten million (10,000,000) records per object |
| Custom Relationships | Up to 20 relationships per object |
If your organization needs higher limits, contact Veeva Support.