On 3/28/19 7:29 AM, Moreno Andreo wrote:
Il 27/03/2019 07:42, Tony Shelver ha scritto:
Not in Europe, but have worked a bit with medical records systems in
the USA, including sharing across providers.
The only other way to do it would be to store the encrypted key value
in both user.id <http://user.id> and medications.user_id. That would
encrypt the data and maintain relational integrity.
Hmmm... if user.id and medications.user_id are the same, I can link user
with medication... and GDPR rule does not apply..... or am I missing
something?
Yes the link means that someone could use the medications.user_id to
fetch the rest of the user information from the user table. Unless you
encrypted that information also, which I gather you do not want to do
for performance reasons.
--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx
