Table of Contents
Information Governance
Configure how your team stores patient data, enforces security, and controls access windows — including the operational day start hour.
Information Governance
The Information Governance page is where your team owner sets up data handling rules, security requirements, and operational time settings — all in one place.
Overview
The Information Governance section lives within Team Settings and is visible only to the team owner and team owners designated as administrators. It covers four main areas:
- PID Checklist — a step-by-step process to enable storage of Patient Identifiable Data (PID)
- Store PID — toggle to turn PID storage on or off once the checklist is complete
- Enforce Two Factor Authentication — require all team members to use 2FA when signing in
- Data Access Settings — control how long team members can view and edit jobs, and configure the operational day start hour
Before You Start
- You must be the team owner to access and change these settings. Team administrators cannot see or modify the Information Governance section.
- Navigate to Team Settings (the link in the sidebar) and scroll down to the Information Governance section.
PID Checklist
Before your team can store patient names, dates of birth, addresses, and other identifiable information, IndieBase requires you to complete a short checklist. Each item must be ticked before PID storage can be enabled.
The checklist items are:
| Item | What it requires |
|---|---|
| IndieBase Pro/Team Subscription | Your team must be on a paid Pro or Team plan |
| ICO Registration Number | A valid, current ICO registration must be recorded on your account |
| Accept Terms of Use | The team owner must read and accept the Terms of Use |
| Accept Terms of Service | The team owner must read and accept the Terms of Service |
| Accept PID Attestations | The team owner must read and accept the PID Attestations |
Completed items show a green tick. Incomplete items appear as clickable buttons that take you to the relevant action.
Clicking an incomplete checklist item either scrolls you to the relevant section (for subscription and ICO) or opens a modal where you can read and accept the document.
Store PID
Once all five checklist items are complete, the Store PID panel becomes active. Use the checkbox to enable or disable PID storage for your team.
- PID Storage Enabled — team members can record patient names, dates of birth, and addresses on patient records. These fields are encrypted at rest.
- PID Storage Disabled — PID fields are hidden from patient records, and no identifiable data is stored.
Enabling PID storage automatically enables Two Factor Authentication enforcement (see below). You cannot disable 2FA while PID storage is active.
If the checklist is not yet complete, the Store PID panel shows a message prompting you to complete the checklist first.
Enforce Two Factor Authentication
This toggle requires all team members to set up and use two-factor authentication (2FA) when signing in to IndieBase.
- If PID Storage is enabled, 2FA enforcement is locked on automatically — you cannot disable it while storing PID.
- If PID Storage is disabled, you can choose independently whether to enforce 2FA for your team.
When enforcement is active, any team member who has not yet configured 2FA will be redirected to the 2FA setup screen the next time they sign in.
Data Access Settings
The Data Access Settings panel has three numeric fields that control when jobs become read-only and how IndieBase structures the day.
Days to View
The number of days after a job is created that non-administrator team members can view that job. After this period, the job is hidden from their view.
- Minimum: 1 day
- Maximum: 9,999 days
- Must be greater than or equal to Days to Edit
- Administrators can always view jobs regardless of this setting
Days to Edit
The number of days after a job is created that non-administrator team members can edit that job. After this period, the job becomes read-only.
- Minimum: 1 day
- Maximum: 9,999 days
- Must be less than or equal to Days to View
- Administrators can always edit jobs regardless of this setting
Operational Day Start Hour
This setting controls where IndieBase draws the boundary between one operational day and the next. It is an hour value between 0 and 23 (using 24-hour time).
Default: 6 (06:00)
The operational day runs from the configured hour on one date through to the same hour on the following date. For example:
| Start Hour | Operational day runs from | Through to |
|---|---|---|
| 6 (default) | 06:00 Monday | 05:59 Tuesday |
| 0 | 00:00 Monday (midnight) | 23:59 Monday |
| 20 | 20:00 Monday | 19:59 Tuesday |
This affects:
- The home page — which jobs and crews are shown as belonging to "today"
- Standalone shifts — when a job is created without being attached to an event, IndieBase automatically assigns it to the correct operational day shift based on this setting
- Incidents — standalone incident records are grouped by operational day using the same boundary
Jobs created before the configured start hour are treated as belonging to the previous operational day, not the current one. For example, if your start hour is 06:00 and a job comes in at 03:00, it appears under yesterday's operational day.
Choosing the right start hour
For most teams, the default of 06:00 works well — it keeps overnight jobs together and reflects a typical shift pattern where work from a night shift is considered part of the same operational day as the preceding evening.
Teams that operate primarily in the evening and overnight (for example, covering late-night events or providing night-time standby) may prefer a later start hour such as 20:00 or 22:00. This ensures that activity from, say, 22:00 Friday through to 21:59 Saturday is treated as a single operational day rather than being split across two calendar dates.
Changes to the operational day start hour take effect immediately for new standalone jobs and crews. Existing records are not retroactively reassigned to a different shift.
Tips & Best Practices
- Set the operational day start hour before your first event. Once jobs are being created, changing the start hour will affect how the home page groups activity going forward, but existing records won't move.
- Use a start hour that reflects your handover time. If your team starts a shift at 07:00, setting the operational day to start at 07:00 means each "day" in IndieBase aligns with a real operational handover.
- Don't set Days to Edit higher than Days to View. IndieBase will not allow it — the validation will block the save and show an error.
- Complete the PID checklist early. If you plan to store patient names and DOBs, work through the checklist before your first event. You won't be able to enable PID storage mid-event without completing it first.
Troubleshooting
The Information Governance section is not visible on the Team Settings page.
This section is only visible to the team owner. If you're a team administrator (not the owner), you won't see it. Ask your team owner to make any changes to these settings.
The Store PID checkbox is greyed out.
The Store PID checkbox only becomes active once all five items in the PID Checklist are complete. Check which items still show as incomplete and work through them in order.
I can't disable Two Factor Authentication.
If your team has PID storage enabled, 2FA enforcement is locked and cannot be disabled. To remove the 2FA requirement, you would first need to disable PID storage.
Days to Edit is showing a validation error.
The Days to Edit value must be less than or equal to Days to View. If you're trying to increase Days to Edit beyond the current Days to View value, increase Days to View first, then set Days to Edit.
The operational day start hour change doesn't seem to have made a difference.
The change takes effect for new standalone jobs and crews from the moment you save it. Jobs that were already created before the change will remain in whichever shift they were assigned to at the time. If you're testing the change, create a new job and check which shift it appears under on the home page.
- Understanding Shifts — how the operational day boundary affects shifts and job grouping
- The Home Page — how the operational day is displayed on your team's dashboard
- Data Security — how IndieBase handles and protects your team's patient data
- Subscription — plan requirements for enabling PID storage