Data stored in Azure Health Data Services is automatically and seamlessly encrypted with service-managed keys managed by Microsoft. You can now enable data encryption with customer-managed keys (CMK) for new and existing FHIR® and DICOM® services, providing your organization with improved flexibility to manage access controls.
Data encryption with customer-managed keys for Azure Health Data Services enables you to bring your own key to protect and control access to the key that encrypts your organization’s data at rest. It also allows organizations to implement separation of duties in the management of keys and data. Additionally, you can centrally manage and organize keys using Azure Key Vault. With customer-managed encryption, you’re responsible for and in full control of a key’s lifecycle, key usage permissions, and auditing operations.