Search through encrypted data


Apparently, in healthcare, the new stipulation evolving - to encrypt the PHI data (no, not the disk - data) - so no one would be able to get the data in cleartext. I know, I know devs can decrypt the data if they have the right key to use for it. I am not here to debate about

the stupidity

of such requirement. I wonder if it would be possible to search for encrypted text? I am not sure what encryption mechanism will be used, perhaps the weakest one (due to no restriction from ISO on exactly how we have to do that).
By the way, the same requirement is imposed on DBMS(es). I know - perhaps all tech people should quit working for healthcare.... but there are always suckers like me to stay.

Many, many thanks in advance.

The cryptographic concept you are looking for is Homomorphic encryption.
However, Elasticsearch does not have any support for Homomorphic encryption.

"Solving" these sorts of problems (where solving means, "working out what is actually allowed by the regulations, and how the regulator expects you to comply") is a tricky business.

Sorry, I don't have much more to offer - unfortunately it's not something that can really be solved in a one-size-fits-all manner. It depends on what sort of search capabilities you need, how your data ingestion work, how transparent it needs to be for clients, etc.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.