3 Replies Latest reply on May 4, 2017 10:49 AM by Hope Stiles

    Using Tableau Server and Health Information

    Jeffrey Lutomski

      Currently our ORG that is a College and Med Center is primarily using Tableau for Student related stats.

      But as we might start using it for PHI or need HIPAA  compliance, I am wondering what others are doing in regard to data protection.

      So far I have started with this list Security Hardening Checklist



        • 1. Re: Using Tableau Server and Health Information
          Christopher Mull

          We have put disclaimers on the dashboards where the underlying data contains PHI.  We are also monitoring who downloads any PHI from any of the dashboards.  Hope this helps!

          • 2. Re: Using Tableau Server and Health Information
            Simon Beaumont

            Hi Jeffrey,


            We had exactly the same dilemma when visualising patient level information in our organisation and one way we found of mitigating the risk was to only display the internal System ID of the patient rather than any name, national number of sensitive data and then we use a dynamic hyperlink (We have branded it Click and Correct as we want to improve data quality this way by encouraging people to click on the record and correct any data quality errors in the source Patient System) by embedding the System ID Tableau Dimension into the web string to allow people to click directly from the Tableau workbook into the Patient System, from where they can view the sensitive info.


            I have also raised an idea with Tableau to allow us to turn off subscriptions at a workbook and view level so we can stop users subscribing to workbooks that have patient identifiable data within them.https://community.tableau.com/ideas/6953


            Hope that helps in some way.



            • 3. Re: Using Tableau Server and Health Information
              Hope Stiles

              You can also restrict the server users ability to view the underlying data.  We have done that with some dashboards where the PHI is not displayed in the view.  We don't want them to grab it from the underlying data either.