Re: [Gnumed-devel] CCHIT - access restrictions per SOAP note

[Sebastian Hilbert]

Am Samstag 07 November 2009 20:47:14 schrieb Karsten Hilbert:
> On Sat, Nov 07, 2009 at 07:04:15PM +0100, Hilbert, Sebastian wrote:
> > requirement:
> >
While that would work I am not sure that is what they had in mind. I guess 
they accept it being clear text in the database and delegating the 
confidentiality stuff to the application level.

I wonder if on the fly encryption is possible. Supposedly there is a pg_crypto 
module. However, the data becomes inaccessible when the key / password changes 
unless all data is reencrypted during a planned key / password change. 

I guess they would accept using different sql queries / views for that. When 
flagged _is_confidential the returned value would be 'confidential' 
On selecting 'show confidential record' one would be asked for the password 
again which would trigger the other view or sql query.

Still not encrypted but I doubt the other vendors do it any different. 
Eventually we should surpass the requirements :-)

Sebastian