I'm encountering something in QC as an admin and wondered how others deal with it.

In my previous job at a large financial institution we regularly dealt with SSNs and various financial data. The company was understandably very careful with it and we made sure to have no production data in a test system.

My current employer is in the health industry and we have no shortage of production data w/ SSNs and various personal health information.

I think that some testers, in some instances (bug found in Prod for example), want to enter a bug in Quality Center and in the steps use the real live data that were found to expose the problem.

Is Quality Center considered "secure" enough to stand up to most privacy/security audits for securing this kind of information?