| This is The Correct Answerâ„¢. CA issued GUIDs unlocks the Translucent Database technology, enabling all PII to be encrypted AT REST at the field level. Translucent Databases 2/e: Confusion, Misdirection, Randomness, Sharing, Authentication And Steganography To Defend Privacy Paperback [2009] https://www.amazon.com/Translucent-Databases-2Nd-Authenticat... PS- Just spotted ftrotter's question for the first time. I also worked in healthcare IT and prototyped a PII protecting schema. Alas, my POC also flew like a lead zepplin. No password recovery. This strategy requires GUIDs, aka RealID in the USA. https://stackoverflow.com/questions/2109451/translucent-data... "I am building an application with health information inside. This application will be consumer-facing with is new for me. I would like a method to put privacy concerns completely at ease. As I review methods for securing sensitive data in publicly accessible databases I have frequently come across the notion of database translucency. ..." I could have written that. Oh well. Someone in much the same situation, having the same questions, and then reaching about the same answer is somewhat validating. 10+ years later, I'm sure there's now dozens of us advocating Translucent Databases techniques. |