Securing of PPI via bidirectional hybrid encryption

[fguitton]

I was having a conversation this morning with Paul Matthews. We were talking about the handling of patient information in OPTIMISE as well as the different compliance roads that would be taken by a hospital. We came to the conclusion that some amount of PPI MUST be stored by the application: Things like the NHS number or name (#22) will be useful for consent handling and erasure recording (#146, #147, #149).

Nevertheless we must make sure these data do not get stored in clear text and uses some sort of hospital controlled unlocking mechanism (Possibly though use of a AES/RSA combo and irreversible hash)

[sou-chon]

did paul say what the hospital will use as the id when they create a patient record / add patient data? is it just the nhs number? also are people allowed to search with names then? (like john smith)

[fguitton]

@sou-c From what I gathered, hospitals would typically want to enter NHS numbers / Local Hospital ID / National ID / Full Name. This is because not everybody has an NHS number, nor would it be automatically available to the consulting nurses.

I mentionned to Paul we would have to go back to him and participating hospitals in understanding this, but the keep here is to make sure we provide a feature that would allow us to securly store encrypted patient information in such a way that gives decryption control to the hospitals.

[elen-oui]

Search by Patient ID and Anonymised ID is available in v1.9.30. Currently, the user cannot search by any PII.