Date encrytion

  • I have this situation where I need to retrieve information for a particular, date or a range of dates. My problem is I cannot display the dates in the extracted information, in a sense need to encrypt the date but get the information pertaining to that date/dates. Is there a way to do it ?

  • I think what you are saying is you have a table with some fields including a date field. You want to return records based on the date, but do not want to display the actual date information. If that is the case, just don't return the date:

    SELECT MyField1, MyField2

    FROM MyTable

    WHERE MyDate BETWEEN '1/1/2007' AND '2/1/2007'

  • They need the date but in a de-identifiable format. For example if I need how many people born between 01/01/07 to 03/01/07 , then it has to be displayed with the actual date format.Has to be unique but not identifiable.Hope it makes sense.

  • I guess I do not understand. You need the date, but you need it returned in a way that nobody can figure out what the date actually is.

    I do not think I can help you with this.

  • i'd go with Michaels suggestion. don't display the date at all. either print something like 'xx/xx/xxxx', or don't display it. munging it into the number of seconds, or turning it into a hex string are all options, but what for? if you don't want them to be able to see/deduce the date, don't display it.

    Lowell


    --help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

  • Ok here is my situation. I work in a hospital where patient information like dob, date of admission, etc cannot be revealed due to HIPAA regulations. I work in the research dept. So my situation is suppose a doctor wants to know that a patient X has had treatments done from 01/01/07 to 03/01/07 , then I should not display in the date format. So I have to mask it in such a way like maybe janoneoseven .But this can easily identified by a lay man walking in the hospital , if someone takes a print out and leaves it on the table. So I have to mask or de-identify the date in such a way where the developer or the reasearcher can identify but a lay man cannot. Hope this makes sense and hope someone can help me.

  • Put an episode number on the form, and throw all of the other identifiable info away. You have access to the episode number lookup table, but no one else does.

    And....break anyone's hands who leaves clinical data on the table. PHI or no. There's no reason you should have clinical data in any area that a lay person can get to it unless you have a procedural lapse.

    ----------------------------------------------------------------------------------
    Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?

  • Thanks but I am not sure if it work if I need multiple procedures for the same patient . For example a patient with the same DOB could have had multiple occurances or procedures on different dates. How do I uniquely identify that ?

    Thanks

  • At the hospital I worked at episode number = a serial number assigned by patient stay. Each time they left, or if they got transferred from outpatient to inpat - it changed. the beautiful thing was - since it's serial in nature - there's no way (short of hacking the DB) to find out who that was based on what you have on the piece of paper.

    The purpose here was to hide the patient info, not necessarily to uniquely identify each procedure. If you need a unique procedure ID - that would be another serial ID.

    ----------------------------------------------------------------------------------
    Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?

  • Thanks. Any input as to how you did that ? Do you have a function/procedure ? The other concern is to scramble the date fields and then descramble it back. Any thoughts hugely appreciated.

    Thanks

  • No function - it came directly from a table we maintained. Each time one of those situations occurred, the previous episode was "closed" and the the new one opened. The backend table had foreign keys to the person table (with name, MRN, etc...)

    We just provided a secure "lookup" interface for the Healthcare professionals to go "look up an episode".

    Once you remove the patient info (name, SSN, DOB) - why would you care to encrypt anything? The date of service itself isn't PHI.

    ----------------------------------------------------------------------------------
    Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?

  • Ok the problem is that the research dept wants date information to do some kind of analysis work but without the actual date being shown in their analysis. So I want to descramble the date fields not necessarily just the DOB.

    Thanks for all the help

  • Then use the procedure ID concept. Make a serial number uniquely identifying all procedures, and put THAT on the form. Anything "decryptable" without some machine process isn't worth encrypting.

    ----------------------------------------------------------------------------------
    Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?

  • Thanks for your input but I still believe we need the date but in a de-identifiable format

  • Julian!!!!

Viewing 15 posts - 1 through 15 (of 22 total)

You must be logged in to reply to this topic. Login to reply