Anonymization
Medical Information Cloud allows you to anonymize certain account information as long as there is no legal hold on any associated Accounts. Medical Information Cloud accommodates this via configurable custom metadata types, flows, and scheduled jobs.
Account anonymization configuration
You can configure which Accounts can be deleted during the anonymization process by editing the Anonymization Deletable Account Source (MED_AnonymizationDeletableAccountSources__c) custom field in the Local Setting (MED_Local_Setting__mdt) custom metadata type.
To configure:
In Setup, search for Custom Metadata Types in the Quick Find box.
Click on the Local Setting (
MED_Local_Setting__mdt) custom metadata type.Under the Custom Fields section, click Edit next to Anonymization Deletable Account Sources.
Add or edit the Default Value under the General Options section.
Note
The Default Value is 'Medical Information Cloud'.
You can also include your custom objects in the anonymization process, using the Anonymizable Object Settings (MED_Anonymizable_Object_Settings) custom metadata type.
Anonymization flows
The Request, Fulfillment, Adverse Event, Interaction, and Product Quality Complaint objects anonymization of record fields are handled by flows, each of which is associated with an object.
Flow label | API name | Object |
|---|---|---|
AE Primary Source: Anonymize | MED_AE_Primary_Source_Anonymize | AE Primary Source |
Fulfillment: Anonymize | MED_Fulfillment_Anonymize | Fulfillment |
Inbound Form: Anonymize | MED_Inbound_Form_Anonymize | Inbound Form |
PQC: Anonymize | MED_PQC_Anonymize | Product Quality Complaint |
Interaction: Anonymize | MED_Case_Anonymize | Interaction |
To add or remove fields to be anonymized, edit the appropriate flow fields.
Note
Prior to v12, this anonymization was handled by workflows. Upgraded Medical Information Cloud Inquiry Management instances need to deactivate the old workflows and activate the new Flows.
Permissions
The Anonymize Account permission set allows users to flag an Account for anonymization within 24 hours. Users who do not have the “Anonymize Account” permission set can select this box, which enables those who do have the “Anonymize Account” permission set to initiate the anonymization process.
Batch jobs
The anonymization batch job is used to clear out data that should not be stored in the system beyond the time period for which it is needed. Once an Interaction is closed the data can be removed from the system. This allows the system to comply with local country laws.
When activated, the job runs hourly and reads from the Anonymization Setting records to determine the set of Interactions that should be anonymized. The job finds any records that are in the configured countries or accounts that have been explicitly marked for anonymization (MED_Anonymize__c=true) and do not have a legal hold (MED_Legal_Hold__c=true).
For each account, the job checks if all cases are closed and fall outside the hold period (close date + hold days). If all cases are closed, then the job marks MED_Anonymize__c as true on the Interaction and all associated Requests, Fulfillments, Adverse Events (including children), and Product Quality Complaints. It then selectively deletes related files/emails/notes according to the Anonymizable Object Settings and flows anonymize the fields on these objects. Finally, the Account is deleted.
Note
Before running or scheduling the anonymization service, check the Anonymization Settings very carefully. Any accounts that meet the criteria there (regardless of the MED_Anonymize__c checkbox) will be immediately anonymized which can cause irrevocable data loss.
Scheduling the batch job
By default, the batch job is not turned on. It can be turned on by executing a command in the developer console’s Execute Anonymous window. Follow these steps to enable the batch job to run every hour:
Note
Ensure the user that is executing these steps has the Bypass Validation permission set; otherwise, the job will fail when it runs.
Open an Execute Anonymous Window. See Salesforce's documentation.
In the Execute Anonymous Window, enter
MED_AnonymizerBatch.scheduleHourlyJob();and then click Execute.
In the Logs tab at the bottom of the developer console, you should see a log with the status Success.
You should also see the Anonymizer job listed under Setup > Jobs> Scheduled Jobs. You can delete the job there if it is no longer required.