Short answer: Yes.
Before you go to the trouble of doing this, you may want to consider whether it is necessary. There is already, of course, an implicit understanding and ethical obligation that doctors act appropriately. Adding additional technology measures to limit where a user can send a report adds undue complexity to the app. We feel it is far easier for a doctor to use the existing built-in address book (on the phone) to email reports to people they know and trust.
However, we understand that, in certain situations, it may be appropriate to limit where a user can send a PicSafe report.
If you manage the IT department of an institution and it is vital to limit sharing of "reports" outside of your organization, you will need to set up a private "Key Server".
When a user composes a "report" in the app and presses the "Submit" button, the following happens.
If you decide to run a private Key Server, it is possible to put a rule in there that means the key server will only give the key to decrypt reports to PicSafe users who have an email address that ends in "@myhospital.com" (for example).
To set up a private Key Server, PicSafe provides a turnkey Docker image. It allows you to set up and host a private Key Server quickly and can be easily configured to whitelist or blacklist individual email addresses or domains. For example, you could add a rule that says only PicSafe users that have an email address that ends in "@myhospital.com" can access the key to unlock reports.
TThe final step is to tell your users to use the Key Server you have set up. To do this, they have to do the following:
Now you can send reports, and it will be encrypted using the Key Server you set up.
For more details on how to setup a private Key Server, please see the Integrations Section of this website.