1

I am writing a medical application, and I want to encrypt the name of the patient from everyone except the doctor, his secretary, and the patient himself. I want to encrypt it in a way that even I (the website administrator) can't decrypt this info, and thus in case of a hack, the names of the patients would be safe.

My initial idea was to encrypt the name with the key being the plain password of the patient, but then i had no way of decrypting it from the doctor's side, then I thought I would forget about the patient and encrypt it's name with the doctor's plain password and have him do the account creation for the patient, but then there was the problem of his secretary not being able to decrypt it, and also, if I am to do a search functionnality, I can't search for the patients' names if they were encrypted.

Any ideas?

Khaledman
  • 91
  • 1
  • 3
  • 1
    Possible duplicate of [How do you Encrypt and Decrypt a PHP String?](https://stackoverflow.com/questions/16600708/how-do-you-encrypt-and-decrypt-a-php-string) – Ronnie Oosting Aug 14 '18 at 12:31
  • 2
    Technically, the admin will always be able to decrypt it if you're using a server-side (PHP) encryption solution. You would need to encrypt/decrypt everything client side to avoid that. Just because you don't store their key doesn't mean someone with server access can't log their key or intercept it with the request. – Devon Bessemer Aug 14 '18 at 12:39
  • check to this link : https://stackoverflow.com/questions/2707967/php-how-can-i-generate-a-hmacsha256-signature-of-a-string – Abd Abughazaleh Aug 14 '18 at 12:49
  • The information security section is probably a better place for this question. Are you actually required to encrypt the patients name? What about other sensitive data in the database? Seems more like this is up to policy and recording who access data, including when an admin access the server and log all queries. A medical database should probably also be in a controlled environment which the developer have no access to – rypskar Aug 14 '18 at 13:02
  • What you are describing is role-based security and key management. Such a question is simply way too broad for stack overflow. As for searching cipher, that is again a very tricky thing, the subject of homomorphic encryption research and [other](https://www.sitepoint.com/how-to-search-on-securely-encrypted-database-fields/) techniques. – President James K. Polk Aug 14 '18 at 15:31

1 Answers1

0

You have placed a few requirements which would have some serious consequences

medical application, and I want to encrypt the name of the patient from everyone except the doctor, his secretary, and the patient himself.

As soon as you require that only certain addressees can decrypt data, that implies using asymmetric encryption (RSA or ECC). You could encrypt data (e.g. a name) with a random key and then encrypt the key for each intended addressee (assuming the addressees' public key is known)

To be considered - can require that the patient is having a client certificate (e.g. a crypto card)? In some states it is standard, somewhere you simply cannot place such a requirement. If you cannot enforce using any asymmetric encryption by patients, then the access needs to be controlled by the application and at the end administrators would be able to access the raw data (encryption key)

I can't search for the patients' names if they were encrypted.

Homomorphic encryption should solve this problem, but honestly i haven't seen any effective implementation yet. Imho - searching by patient name would break the premise the patient name and records are decoupled

gusto2
  • 11,210
  • 2
  • 17
  • 36