Hi,
We have gone through the NDHB document and the APIs provided for the sandbox, and it is not clear how a patient’s data is to be stored. We wanted to know if the patient’s data is stored in an encrypted format. If yes, whose key is used for this encryption? If no, wouldn’t this be vulnerable and could result in a breach of privacy?
Thanks,
Mukul
If you are asking about encryption during Health Data Exchange, NDHM protocols use DF Key Change where HIUs would create keys and send over to HIP during data flow and HIP would use the key materials, (in combination of its own keys) and send over to the HIU as keymaterial, which HIU can use to decrypt. Please refer to the sandbox documentation for details
The documentation provides examples in Java and C#
Once the data is received at HIU, and decrypted - its upto the HIU to figure out means of keeping the data safe and secure. HIU should use its own means/keys. We strongly advise that you keep data in a secure and encrypted storage - e.g. encrypted databases, encrypted files, even secure manage the key itself. As per consent given, the HIU is obligated to keep the data secure and accessible for intended purpose and target users, and also remove the data when expiry as per consent happens or when consent is revoked by patient.
Thanks for this information.
But, I wanted to know about encryption for data storage at HIP. I believe it will be similar to how it should be stored at HIU as you mentioned. So, HIP will use its own key for encryption of health data. Is that correct?
You are talking about security at HIP end, basically at the EMR/EHR/HIMS system.
For that there are already defined EHR guidelines by NRCeS.
please refer to NRCeS website for guidelines. For example here