Skip to content

Test data

Requirement

  • Test data must not have personally identifiable information (PII) or protected health information (PHI) in any non-production environment.

Guidance

  • Test data should be representative of actual data complexities found in the production data sets.
  • Test accounts should be properly maintained to support consumer testing across various roles such as a Veteran, Veteran representative, clinician, or other authorized end-users when your API involves role-based access and authorization.

VA has strict policies prohibiting the use of personally identifiable information (PII) or protected health information (PHI) in any non-production environment. If an API handles PII or PHI, the API design process must include planning for the creation and management of test data. This test data should reflect the complexities of production data, but it must not consist of actual production data.

Visit test data best practices for VA guidance on creation and management of test data.