On 3/28/19 7:29 AM, Moreno Andreo wrote:
> Il 27/03/2019 07:42, Tony Shelver ha scritto:
>> Not in Europe, but have worked a bit with medical records systems in
>> the USA, including sharing across providers.
>> The only other way to do it would be to store the encrypted key value
>> in both user.id <http://user.id> and medications.user_id. That would
>> encrypt the data and maintain relational integrity.
> Hmmm... if user.id and medications.user_id are the same, I can link user
> with medication... and GDPR rule does not apply..... or am I missing
> something?
Yes the link means that someone could use the medications.user_id to
fetch the rest of the user information from the user table. Unless you
encrypted that information also, which I gather you do not want to do
for performance reasons.
--
Adrian Klaver
adrian.klaver@aklaver.com