You are here:
Data Protection and Privacy - Health Cloud and Life Sciences Cloud
To help maintain the privacy of your users’ data, verify that data protection details are available for lead, contact, and person account records for Health Cloud and Life Sciences Cloud customers.
Control Overview
Enables metadata in Health Cloud and Life Sciences Cloud records to document data protection measures like encryption, access controls, and consent tracking, to support compliance with HIPAA, GDPR, and FHIR standards for sensitive health data.
Description
This Salesforce feature adds structured metadata fields to records (for example, patient profiles, care plans) to record privacy details such as data classification, retention policies, and handling instructions, visible via reports or APIs for audits.
Recommended Configuration
Select 'Make data protection details available in records' in Setup>Health Cloud/Life Sciences Cloud Settings.
Security Impact
Embeds privacy controls directly into data records, reducing unauthorized access risks and providing auditable proof of protection for PHI/ePHI, aligning with shared responsibility models in cloud environments.
Business Impact
Streamlines regulatory audits, accelerates patient care coordination via unified profiles, and minimizes compliance costs by automating consent and access logging across departments.
Security Risk If Not Configured
Missing data protection details in record metadata leads to incomplete audit trails, potential HIPAA or GDPR violations, and exposure of sensitive health data during inspections or breaches.
Threat Scenarios
Weak data protection and privacy controls fail to enforce consent requirements and data handling policies, creating regulatory compliance violations and exposure.
Estimated CVSS Score Range
High (7.0–8.9).
Risk Impact Considerations
Factor in data volume from EHR integrations and multitenant access; higher exposure in environments with frequent clinical data exchanges.
Higher Risk When
Used with unencrypted fields, no Shield integration, or high-velocity data from FHIR APIs without classification labeling; multi-cloud setups amplify third-party risks.
Low Risk When
Combined with Salesforce Shield (encryption, audit trails), role-based access, and regular compliance reports; internal users only with strict least privilege permissions.
Business and Integration Considerations
Strongly recommended. Integrates seamlessly with Data Cloud for unified profiles, FHIR for EHRs, and external SIEMs—test in sandboxes to avoid disrupting care workflows.
Security Health Review Guidance
Strongly recommended for Health Cloud and Life Sciences customers with HIPAA requirements.
Who Is Impacted
Org admins configuring Health Cloud/Life Sciences Cloud, compliance teams, care coordinators, and external partners accessing patient records via APIs or portals.
