Search through encrypted data

Roman_Kagan · July 16, 2021, 3:14pm

Hello:

Apparently, in healthcare, the new stipulation evolving - to encrypt the PHI data (no, not the disk - data) - so no one would be able to get the data in cleartext. I know, I know devs can decrypt the data if they have the right key to use for it. I am not here to debate about

the stupidity

of such requirement. I wonder if it would be possible to search for encrypted text? I am not sure what encryption mechanism will be used, perhaps the weakest one (due to no restriction from ISO on exactly how we have to do that).
By the way, the same requirement is imposed on DBMS(es). I know - perhaps all tech people should quit working for healthcare.... but there are always suckers like me to stay.

Many, many thanks in advance.

TimV · July 22, 2021, 4:41am

The cryptographic concept you are looking for is Homomorphic encryption.
However, Elasticsearch does not have any support for Homomorphic encryption.

"Solving" these sorts of problems (where solving means, "working out what is actually allowed by the regulations, and how the regulator expects you to comply") is a tricky business.

Sorry, I don't have much more to offer - unfortunately it's not something that can really be solved in a one-size-fits-all manner. It depends on what sort of search capabilities you need, how your data ingestion work, how transparent it needs to be for clients, etc.

Topic		Replies	Views
How can i do Elastic Search on Encrypted data Elasticsearch	7	8859	August 31, 2017
ElasticSearch Encryption Elasticsearch elastic-stack-security	5	834	November 20, 2019
Encryption Options Elasticsearch	8	19051	May 28, 2019
Encrypt the index data? Elasticsearch	5	9375	June 7, 2017
Why Elastic search doesn't support storing encrypted data Elasticsearch	2	340	December 3, 2020

Search through encrypted data

Related topics