distributed 'grid' structure
each dbase can communicate with another through a rest structure in order to create a single large dbase that can operate over both lan and geographic networks, enabling the avoidance of data allocation in a single physical location
Data structure
the general part contains all the data but purged of any personal information so as to obtain a consistent but anonymized database.
For example:
- place of birth will be replaced by a generic definition of geographic area.
- the date of birth will be replaced by the simple year of birth
- first and last name will be replaced by a random first and last name
the encrypted part will instead contain the real data but saved using an asymmetric elliptic key encryption
obfuscator
for each piece of data entered to db, it is possible to create an obfuscator, which is nothing more than a module capable of reading the individual piece of information to generate an anonymized version:
- the city will be replaced with a geographic area
- the name will be randomly generated,
- etc.
patient key
each patient has a public key and a private key
the public key is issued in order to encrypt the data when it is entered and is saved at the same time as the patient information
whenever information is saved it is filtered, a part is filtered and saved as if it were in a normal dbase, the actual unfiltered data is saved encrypted using the public key.
each read occurs they release a private key (to be able to read the data) and a new public key to save the data again after reading it
general architecture
