Обсуждение: Re: Key encryption and relational integrity
On 3/28/19 7:29 AM, Moreno Andreo wrote: > Il 27/03/2019 07:42, Tony Shelver ha scritto: >> Not in Europe, but have worked a bit with medical records systems in >> the USA, including sharing across providers. >> The only other way to do it would be to store the encrypted key value >> in both user.id <http://user.id> and medications.user_id. That would >> encrypt the data and maintain relational integrity. > Hmmm... if user.id and medications.user_id are the same, I can link user > with medication... and GDPR rule does not apply..... or am I missing > something? Yes the link means that someone could use the medications.user_id to fetch the rest of the user information from the user table. Unless you encrypted that information also, which I gather you do not want to do for performance reasons. -- Adrian Klaver adrian.klaver@aklaver.com
Il 28/03/2019 15:45, Adrian Klaver ha scritto: > On 3/28/19 7:29 AM, Moreno Andreo wrote: >> Il 27/03/2019 07:42, Tony Shelver ha scritto: >>> Not in Europe, but have worked a bit with medical records systems in >>> the USA, including sharing across providers. > >>> The only other way to do it would be to store the encrypted key >>> value in both user.id <http://user.id> and medications.user_id. >>> That would encrypt the data and maintain relational integrity. >> Hmmm... if user.id and medications.user_id are the same, I can link >> user with medication... and GDPR rule does not apply..... or am I >> missing something? > > Yes the link means that someone could use the medications.user_id to > fetch the rest of the user information from the user table. Unless you > encrypted that information also, which I gather you do not want to do > for performance reasons. > > Yes, but to be GDPR compliant I _have_ to remove that link. As you reported in an earlier email, they say that you can't link patient and medication if not with an external resource. In this case we are linking them without an external resource.... Wandering on the web I also bumped on an article that suggested to have the tables on 2 databases on 2 different servers with different credentials.... Interesting, but still without RI. I think I have to answer this question: "is it acceptable to have this kind of master-detail structure in a database without RI?" (The example is about 2 tables, obviously in the real world the master will have 50+ detail tables) Thanks Moreno.
> Yes, but to be GDPR compliant I _have_ to remove that link. As you > reported in an earlier email, they say that you can't link patient and > medication if not with an external resource. In this case we are linking > them without an external resource.... I REALLY doubt that. I believe you when you say "they say that ..." but I truly doubt that GDPR intended to make data processing fully impractical. (I work in the medical field) Karsten
> I believe you when you say "they say that ..." but I truly doubt that > GDPR intended to make data processing fully impractical. > > (I work in the medical field) In Germany, that is, which usually takes things to the extreme, for better or worse. Karsten