Hi Kyle
there is an overview of the issues in relation to health data at
https://privacy.org.au/campaigns/myhr/secondaryuse/
It is the context of Australian electronic health records but has a general
discussion of a number of points and links to other sources.
Michael
On Sat, May 12, 2018 at 9:17 AM, Kyle Banerjee <[log in to unmask]>
wrote:
> Howdy all,
>
> We need to share large datasets containing medical imagery without
> revealing PHI. The images themselves don't present a problem due to their
> nature but the embedded metadata does.
>
> What approaches might work ?
>
> Our first reaction was to encrypt problematic fields, embed a public key
> for each item in the metadata, and have that dataset owner hold a separate
> private key for each image that allows authorized users to decrypt fields.
> Keys would be transmitted via the same secure channels that would normally
> be used for for authorized PHI.
>
> There's an obvious key management problem (any ideas for this -- central
> store would counteract the benefits the keys offer), but I'm not sure if we
> really have to worry about that. Significant key loss would be expected but
> since that data disseminated is only a copy, a new dataset with new keys
> could be created from the original if keys were lost or known to be
> compromised.
>
> This approach has a number of flaws, but we're thinking it may be a
> practical way to achieve the effect needed without compromising private
> data.
>
> Any ideas would be appreciated. Thanks,
>
> kyle
>
|