I encrypted healthcare data at a previous job. It was indeed making the app much less efficient. Each health institute had their private keys. I considered to have keypairs per user, but it would have been a bit too much work but more neat.
The indexes were a challenge. I was using some argon2d key derivation algorithm to hash the values to use in some indexes. For example if you want to get all the records with the value "toto" in a field, you derive toto (with some common salt), and then you can look in the index all the documents that have the same derived value.
It did leaks some information and some values couldn't be indexed like this because that would leak too much. So sometimes, we had to fetch all the documents from the database and filter on the application level. We also sometimes didn't encrypt the datetimes so we could do efficient queries on specific time ranges.
To be honest, I did that mostly for fun. I know that some people are content with the managed encryption from their favourite cloud provider.
The indexes were a challenge. I was using some argon2d key derivation algorithm to hash the values to use in some indexes. For example if you want to get all the records with the value "toto" in a field, you derive toto (with some common salt), and then you can look in the index all the documents that have the same derived value.
It did leaks some information and some values couldn't be indexed like this because that would leak too much. So sometimes, we had to fetch all the documents from the database and filter on the application level. We also sometimes didn't encrypt the datetimes so we could do efficient queries on specific time ranges.
To be honest, I did that mostly for fun. I know that some people are content with the managed encryption from their favourite cloud provider.