Patient data often moves across screens, exports, and integrations. Each interaction increases the risk of unintended PHI exposure. This article gives an overview of how to use Patient Manager de-identification to mask PHI end-to-end across your workflow.
This functionality is available to Super Admins and can be configured from Settings. For more information on Scispot’s role-based access, you can refer to the community article:
Overview
Patient de-identification is now available in Patient Manager, so that the Protected Health Information (PHI) can be masked throughout the workflow.
Super Admins can choose which patient fields should be treated as PHI.
Once enabled, selected PHI fields are masked end-to-end.
Masking stays consistent across the platform, including Labsheets and Labspaces.
Only authorized users can view unmasked PHI, based on role-based access.
This supports HIPAA and other privacy requirements.
How to configure and mask fields in Patient Manager.
Creating the Patient Manager Labsheet.
Go to the Labsheets section on Scispot.
Click Create, then select Discover Templates.
Choose the template that includes Patient Manager. Click Use Template to create the labsheet.
This labsheet is now eligible for PHI masking.
Note: PHI masking applies only to labsheets created using the Patient Manager template. Make sure the labsheet is created this way for de-identification to work correctly.
2. Masking fields through Super Admin role
Open the Patient Manager labsheet you created in Step 1.
Click the Settings icon in the top-right corner.
In the right-side panel, click PHI/PII Columns.
You will see the list of columns available in your labsheet.
Note: Only columns with Text and Number data types are currently supported for PHI masking.For each column, use the enable/disable toggle to turn PHI marking on or off. Enable marking for the fields you want to protect.
Click OK to save.
As a Super Admin, PHI-enabled columns will appear colored. This helps you quickly spot which fields are treated as PHI.
Role-Based View of PHI Across Labsheets and Labspaces
PHI enabled Labsheets for Admins and Members
Go to Labsheets and open the PHI-enabled labsheet.
As an Admin or Member, PHI columns appear as Protected. You will not see the actual values.
PHI fields are not available to view or edit.
PHI fields cannot be updated using Bulk Update.
When printing a barcode, if you select a PHI field, it will print as a masked value.
Exporting labsheet data containing PHI values by Admins and Members
Go to Labsheets and open the PHI-enabled labsheet.
From the top-right corner, click Export.
Select the export type (Current View or Full Table), then choose the supported file type (CSV).
Open the downloaded file.
You will notice that PHI fields remain masked in the exported file, so protected values are not visible outside the platform as well.
Importing data into PHI enabled labsheets by Admins and Members
Go to Labsheets and open the PHI-enabled labsheet.
Click Import at the top of the labsheet.
Upload your file, click Next, and confirm the file.
The system will begin mapping your file columns to the existing labsheet columns.
After mapping, you will see a message showing how many PHI fields exist in the labsheet.
The message also confirms that PHI fields will not be imported into the labsheet, ensuring that protected information remains secure during the import process.
Click Continue to import the remaining non-PHI data.
Linking Labsheets Containing PHI Data: Admin and Member View
Go to Labsheets and open the labsheet where the PHI-enabled labsheet needs to be linked.
Create a new column and link the PHI-enabled labsheet, if it is not already linked.
Select the required lookup columns.
Complete the linking process.
Once linked, you will observe that all PHI-marked columns remain masked in this labsheet as well, ensuring consistent protection across linked data.
PHI enabled Labspaces for Admins and Members
Labsheets embedded within protocols or experiments inside a Labspace will also display PHI fields as masked.
Admins and Members will see PHI columns marked as Protected, with no access to those values.
This ensures PHI protection remains consistent even when data is viewed through embedded Labsheets in Labspaces.
Viewing embedded PHI labsheet in a protocol:
Go to Labspaces and open the protocol or experiment that contains the PHI-enabled labsheet.
Click the arrow next to the number of entries to expand and view the embedded labsheet.
You will observe that the PHI fields remain masked here as well, maintaining consistent protection within Labspaces.
Why PHI Masking Matters for Compliance
Minimum necessary access: Limits PHI visibility to only approved roles.
Lower breach risk: Reduces accidental exposure in views, exports, and linked records.
Audit readiness: Makes it easier to show consistent privacy controls during audits.
Regulatory alignment: Supports HIPAA and similar privacy requirements across workflows.
Conclusion
PHI masking in Patient Manager helps teams protect sensitive patient data without slowing down daily work.
By applying consistent de-identification across Labsheets, Labspaces, exports, and imports, Scispot ensures PHI stays protected at every step.
This approach reduces compliance risk, supports regulatory requirements, and makes audits simpler, while still allowing teams to work efficiently with the data they need.