With field-level encryption, Vault Safety encrypts personal identifiable information.
About Field Encryption
All Vault data is stored on encrypted disks. For sensitive information, Vault offers a second level of encryption for field values.
Vault Safety encrypts standard Personal Identifiable Information (PII) fields captured in an Individual Case Safety Report (ICSR) by default. You can also configure custom field-level encryption on additional object fields. Only authorized users within Vault can access the encrypted information.
Note: Unless an authorized user grants delegate access to Veeva Support, they cannot access data contained in encrypted fields.
PHI and PII Field Encryption
Vault Safety encrypts fields that store Protected Health Information (PHI) and Personally Identifiable Information (PII) on Inbox Items and Cases, and Case-descendant objects, based on the field information and ICH E2B specification and EU GDPR compliance.
For the list of fields that Vault Safety can mask for Masked Distributions, see Generate Masked Safety Reports.
For more information on PII and PHI protection, see Configuring Vault Objects.
Note: Due to a Vault limitation, the Sex and Country fields cannot be encrypted.
The following table lists the fields that are encrypted for PHI and PII by default on Inbox Items, Cases, and Case-descendant objects. Vault Safety also encrypts the MedDRA license key and credentials by default.
| Object | Field |
|---|---|
Case (case_version__v) |
Patient Initials (patient_id_value__v) |
Date of Birth (dob_idate__v) (dob_normalized__v) |
|
Date of Death (dod_idate__v) (dod_normalized__v) |
|
Last Menstrual Period (last_menstrual_idate__v) (last_menstrual_normalized__v) |
|
Gestation (gestation_value__v) (gestation_unit__v) |
|
Specialist MRN (mrn_specialist_value__v) |
|
Investigation MRN (mrn_investigation_value__v) |
|
Hospital MRN (mrn_hospital_value__v) |
|
GP MRN (mrn_gp_value__v) |
|
Pregnancy Conception Date (pregnancy_conception_date__v) |
|
Pregnancy Due Date (pregnancy_due_date__v) |
|
Date of Pregnancy Outcome (date_of_pregnancy_outcome__v) |
|
Number of Fetuses (number_of_fetuses__v) |
|
Para/Parity (para_parity__v) |
|
Gravida/Gravidity (gravida_gravidity__v) |
|
Event Onset (event_onset_idate__v) (event_onset_normalized__v) |
|
Reporter First Name (reporter_first_name__v) |
|
Reporter Last Name (reporter_last_name__v) |
|
Medical History Text (medical_history_text__v) |
|
Race (race__v) |
|
Ethnicity (ethnicity__v) |
|
Pregnant at Exposure (pregnant_at_vaccination__v) |
|
Matching Contents (matching_contents__v) |
|
Case Product Dosage (case_product_dosage__v) |
First Administration (firstadmin_idate__v) (firstadmin_normalized__v) |
Last Administration (lastadmin_idate__v) (lastadmin_normalized__v) |
|
Case Adverse Event (case_adverse_event__v) |
Onset (onset_idate__v) (onset_normalized__v) |
Cessation (resolved_idate__v) (resolved_normalized__v) |
|
Hospital Admission Date (hospital_admission_date__v) |
|
Hospital Discharge Date (hospital_discharge_date__v) |
|
Case Medical History (case_medical_history__v) |
Start Date (startdate_idate__v) (startdate_normalized__v) |
Continuing (continuing_value__v) |
|
End Date (enddate_idate__v) (end_date_normalized__v) |
|
Case Drug History (case_drug_history__v) |
Start Date (startdate_idate__v) (startdate_normalized__v) |
End Date (enddate_idate__v) (end_date_normalized__v) |
|
Case Contact (case_contact__v) |
Title (title_value__v) |
First Name (firstname_value__v) |
|
Middle Name (middlename_value__v) |
|
Last Name (lastname_value__v) |
|
Street (street_value__v) |
|
Street Line 2 (street_line_2_value__v) |
|
City (city_value__v) |
|
Organization (organization_value__v) |
|
Department (department_value__v) |
|
City (city_value__v) |
|
County (county__v) |
|
State/Province (state_province_value__v)Note: State/Province values are only encrypted when a text value is entered. The State/Province object reference field cannot be encrypted due to a Vault limitation. |
|
Postal/Zip (postalcode_value__v) |
|
Email (email_address__v) |
|
Fax (fax__v) |
|
Telephone (telephone_value__v) |
Configure Custom Field-Level Encryption
Note: Vault cannot add additional encryption on system-managed fields, object keys (name__v), formula reference fields, document reference fields, or fields that already have values.
- In the Admin area, go to Configuration > Objects.
- Open the object that contains the fields that you want to encrypt.
- From the Fields tab, open the field that you want to encrypt.
- Select Edit.
- Select Encrypt Field Value.
- Select Save.
Result
Vault will encrypt values entered into fields where you have enabled this option. You can only enable this option for a maximum of ten (10) fields per object. Configuring Vault Objects provides more information about configuring Vault objects.
Field-Level Encryption Limits
Vault enforces certain limits to ensure that you do not experience performance issues:
| Type | Limit |
|---|---|
| Custom Objects | Up to 50 custom objects per Vault |
| Custom Fields on Objects | Up to 300 custom fields assigned to each object |
| Object Types | Up to 10 object types per object |
| Object Records | Up to ten million (10,000,000) records per object |
| Custom Relationships | Up to 20 relationships per object |
If your organization needs higher limits, contact Veeva Support.