Controlling access to clinical data analyzed by remote computing resources

摘要

A method for controlling access to data being processed by a remote computing resource includes issuing a public encryption key for a data creator from a public certificate authority, detecting an encounter with a data owner, creating private encryption keys for the data creator and the data owner in response to detecting the encounter, encrypting data being sent to the remote computing resource with the public encryption key, the data creator's private encryption key, and the data owner's private encryption key, decrypting the data based on public verification of the public encryption key and local verification of the data creator's private encryption key and the data owner's private encryption key at the remote computing resource, and controlling the data creator's access to the data by altering the permission of at least one of the public encryption key and data creator's private encryption key.

主权项

1. A method for controlling access to data being processed by a remote computing resource, the method comprising:
issuing a first encryption key for a data creator from a first certificate authority located outside the remote computing resource; detecting an encounter with a data owner; creating, by a second certificate authority of the remote computing resource, a second encryption key for the data creator and an encryption key for the data owner in response to detecting the encounter; the data creator encrypting data being sent to the remote computing resource with the first encryption key, the data creator's second encryption key, and the data owner's encryption key; decrypting and storing the data based on verification of the first encryption key by a verification authority located outside the remote computing resource and based on a verification of at least one of the data creator's second encryption key and the data owner's encryption key at the remote computing resource; and controlling the data creator's access to the data by altering the permission of at least one of the data creator's first and second encryption key.