 |
 |
Howdy all, We need to share large datasets containing medical imagery without revealing PHI. The images themselves don't present a problem due to their nature but the embedded metadata does. What approaches might work ? Our first reaction was to encrypt problematic fields, embed a public key for each item in the metadata, and have that dataset owner hold a separate private key for each image that allows authorized users to decrypt fields. Keys would be transmitted via the same secure channels that would normally be used for for authorized PHI. There's an obvious key management problem (any ideas for this -- central store would counteract the benefits the keys offer), but I'm not sure if we really have to worry about that. Significant key loss would be expected but since that data disseminated is only a copy, a new dataset with new keys could be created from the original if keys were lost or known to be compromised. This approach has a number of flaws, but we're thinking it may be a practical way to achieve the effect needed without compromising private data. Any ideas would be appreciated. Thanks, kyle