The situation is this:
Radiology images stored on PACS [picture archiving and communications system] need to be transfered to somewhere else for a doctor to review - perhaps images taken while patient on holiday etc.
PACS vendors provide the facility to burn the images onto a CD, along with a viewer to allow the recipient doctor to look at the images on his office PC [for full diagnostic purposes, the images will be imported from the CD to the PACS at the receiving hospital].
Due to some spectacular data losses in UK, we now have to encrypt all the CDs used for this.
None of the PACS vendors currently supplying the NHS in UK have a facility to burn an encrypted CD directly from the PACS workstation, so I have written some scripts that take the files destined for the CD [including the viewer], encrypt them, and add a menu program to the CD that runs the decryption [using 7-zip]. The decrypted files are placed in a folder on the hard drive of the recipient, and the whole folder is deleted [including the images AND the viewer] when the viewer is closed or the menu shut down.
Most of the viewers will run from the folder, though one needs to be in the root of a drive, so can use DOS Sust command to do this.
The one I'm currently working on will only run from a removable drive. Whilst I appreciate that the vendor doesn't want his viewer stolen and used for other purposes, in the scenario above it is only being used to view the images from the CD [as the vendor intends] anf the hard drive copy is deleted when viewing is complete - so I feel I'm keeping within the spirit of the original usage intentions.
I have considered a virtual drive, but can't find one that doesn't need software to be installed on the recipients' PCs - which is too intrusive, and at many hospitals is blocked by security policies [quite rightly].
Truecrypt can produce a virtual drive effect, but its use is not practical - mainly because there is no provision to craete a truecrypt vault from the command line, and also because it is incredibly slow, and users will abandon the attempt.
I hope this explanation allays your concerns, and if you can suggest any way round my problem, I'd be grateful [as would the administrators who have to breach rules and send CDs unencrypted, and any patients whose CDs might go astray!
Regards,
William