How do I disable the CTRL Find feature within a workbook.

Copper Contributor

I am producing records within a workbook that are HIPAA protected.  Thus, we have to redact our workbook.  However, if you use the feature CTRL find it will still go to that cell that was redacted.  We need to disable and protect the workbook to be HIPAA compliant.  Any suggestions on how I should do this?  All I need is to disable this function, then protect the workbook so no one can change, alter or use search features.  Let me know the best way to do this.  Thanks for your help! 

4 Replies
I am curious what you mean by not HIPAA compliant. What regulation/rule are you basing that on? I'm no expert so I ask because my understanding is that HIPAA is about risk mitigation not risk removal. By that I mean you need to do best efforts to minimize potential HIPAA exposure. So anyone with access to that spreadsheet better be an employee with HIPAA access permissions and trained in proper usage and non-usage. So if you have your sheet locked down and they have to enter xyz code to say who they are and then select records they have permission to look at, that is all great but Excel is NOT high encryption secure so you are still relying on them to not circumvent intended measures put in place to prevent accidental exposure.
That all said, I don't know that you can block the built in FIND function however, you can bury the data onto hidden sheets so they can't find it. For example I have a training matrix workbook i created where the fully matrix of all the data is on a hidden sheet. I then have a "login" sheet where they enter their credentials. If the credentials match credentials on another hidden sheet then yet another hidden sheet pulls the corresponding data for that person. Finally a visible sheet pulls all the data from that last hidden sheet to display to the user. I would NOT consider this high security but more like those tiny locks you put on luggage to keep the honest people out. :)

@mtarler 

 

When I mean HIPAA compliant, it is in reference to health/medical information contained within the spreadsheet, thus the redaction of that information that should not be disclosed. When producing, the subpoena request, we can only give information related to their request.  The information contained within the spreadsheet has other patient information that is unrelated to their case, thus the redaction of this information to maintain privacy.  However, if the party we are sending information to knows other patients that may be on the spreadsheet and/or other doctor's names that could be referenced, they could still use the CTRL F key to take them to that location of the spreadsheet even though it may be redacted out.  This gives them an idea that there may be additional discoverable information contained within the spreadsheet.  We want to eliminate this deduction.  

 

I thought there was a way to toggle off this function when I lock the spreadsheet.  If not, no worries, I can save as a PDF and eliminate it that way.  However; it would be nice to have this option.

Thank you, but I'm actually very well versed in HIPAA and the point in my reply was you absolutely should NOT send an Excel Spreadsheet out with HIPAA information they shouldn't access regardless of how well you 'lock it down' because Excel is NOT highly encrypted. Just do a search on this site for all the people that have forgotten their passwords and needed help unlocking their sheets. If it is for INTERNAL use and using such security measures to implement the HIPAA policy of minimal exposure (e.g. instead of nurse A looking at all the patients on the floor they only see their patients) then it is ok. Furthermore I gave an example how you can make it more secure from accidental exposure using hidden sheets. But ABSOLUTELY remove any non-relevant information before sending a sheet out. you could copy the relevant info into a new workbook (don't just delete the other info and hit save because prior values could be retained in hidden areas depending on settings) but I would still recommend going with the pdf for better security/control.
This sounds like something that might be better suited being a secured Adobe Acrobat PDF.