PIIhealth

Last updated: June 9, 2026

The PIIhealth policy check identifies highly-sensitive health, hospital, and physician information in your database changelogs, helping prevent PHI (Protected Health Information) and PII data exposure. This check employs the Phileas library of Identifiers to scan INSERT and UPDATE SQL statements in your changesets for health-related identifiers such as hospital names, hospital abbreviations, and physician names. When the check detects potential health data, it flags the changelog and can block deployment, protecting your organization from accidentally committing sensitive health information to version control or deploying it to your databases. This check is especially valuable in healthcare and life sciences environments subject to HIPAA and similar regulations.

Scope

Database

changelog

Any SQL database

Before you begin

  • Create a Check Settings file

  • Update any existing Check Settings file to 5.2+ by running liquibase checks show --auto-update=ON to ensure the PIIhealth check appears on the list of checks.

  • (Maven users only) Add the liquibase-checks dependency to your pom.xml file. See Add extensions with Maven for more information.

  • Ensure you have Java 17+ installed. If you used the Liquibase Installer, Java is included automatically. Otherwise, you must install Java manually.

Procedure

1

Enable the PIIhealth check

This check is disabled by default. To enable it, run the checks enable command: liquibase checks enable --check-name=PIIhealth

2

Customize the check.

After enabling PIIhealth, run checks customize to configure the check's behavior. This command lets you set which health identifiers to scan for and the message displayed when a violation is found.

Command: liquibase checks customize --check-name=PIIhealth

Liquibase prompts you to set these parameters:

  1. Severity — The return code generated on a violation. Options: INFO|0, MINOR|1, MAJOR|2, CRITICAL|3, BLOCKER|4. Default: INFO.

  2. HEALTH_IDENTIFIERS — The health data types to scan for. Accepts ALL or a comma-separated list of: HOSPITAL, HOSPITAL_ABBREVIATION, PHYSICIAN_NAME. Default: ALL.

  3. MESSAGE — The message displayed when a violation is found. The default message includes the detected data type, statement type, statement number, line number, and position.

Example output:

Short Name

Category

Description

Customization

Status

Severity

Scope

Type

PIIhealth

Sensitive Data

Identifies highly-sensitive Health, Hospital and Doctor information, helping avoid PII data exposure in highly-regulated environments.

HEALTH_IDENTIFIERS = ALL MESSAGE = Policy violation: raw {filter_type} detected in {stmt_type} at statement #{statement_number}, line {line_number}, positions {start}-{end}.{file_line_info}

enabled

0

changelog

sql, xml, yaml, json

3

Run the checks run command

After enabling and customizing the PIIhealth check, run it against your changelog to detect the health identifiers you have configured. Your customized check is stored in your checks settings file.

To run checks with a custom settings file, use the --checks-settings-file parameter. If you don't specify this parameter, Liquibase uses the default liquibase.checks-settings.conf file. You can also use the --changelog-file flag to target a specific changelog.

Checks settings file example: liquibase checks run --checks-settings-file=path_to_my_file_name.yaml

Checks settings file and specific changelog file example: liquibase checks run --checks-settings-file=<path_to_my_file_name>.yaml --changelogfile --<your_changelog_here>.sql

Note: If you run liquibase update with a checks settings file configured, the checks run automatically as part of the update process.

liquibase checks run --checkname < yourCustomizedCheckName > --changelogfile --< yourChangelogHere >.sql

liquibase checks run --checks-settings-file=my_file_name.yaml
4

Analyze the results in the terminal output.

When the PIIhealth check finds sensitive data in the changelog, you will see output similar to this in the terminal:

CHANGELOG CHECKS ---------------- Checks completed validation of the changelog and found the following issues: Check Name: PII (Health) Information detection (PIIhealth) Changeset ID: health-1 Changeset Filepath: my-changelog.sql Check Severity: INFO (Return code: 0) Message: Policy violation: raw HOSPITAL detected in INSERT at statement #1, line 1, positions 70-81. Check Name: PII (Health) Information detection (PIIhealth) Changeset ID: health-2 Changeset Filepath: my-changelog.sql Check Severity: INFO (Return code: 0) Message: Policy violation: raw PHYSICIAN-NAME detected in INSERT at statement #1, line 1, positions 64-78. Changesets Validated: in my-changelog.sql ID: health-1; Author: test ID: health-2; Author: test Checks run against each changeset: PII (Health) Information detection (Short names: PIIhealth)

The output identifies the check name, changeset ID, file path, severity, and the exact location of the detected health data in the changelog.

Results

Now you can see how the check runs and what the results look like when it flags an issue within the changelog.

You can then remove, mask, or handle the sensitive health information appropriately before committing changes to your database.