The massive compliance legislation and guidelines on the storage, administration, and retrieval (SAR) of electronic records [1,2] create major challenges for the healthcare and financial industries. How should investors and customers be shielded from unnecessary confidentiality raids? How should the entire versions of all electronic records (ERs) be made faultless, resistant to denial of modification by users, accessible instantaneously, and impervious to leaks and illegal use?
Burns and Peterson propose secure digital audit trails (SDATs), an authenticated encryption technique (AET), and a secure deletion mechanism (SDM) for acquiring evidence of compliance with SAR regulations of ERs. The SDATs are augmented message authentication codes (MACs) stored at a third party for validating the credibility and legitimacy of the contents of files. This incremental verification scheme offers the third party the advantages of storage space and network bandwidth since SDAT does not obligate circulating all MACs of a file. The AET independently encrypts each file data block to generate the encrypted data block and a stub. The AET produces confirmation facts on each write, and authenticates on each read of a file block. The SDM obliterates bulky data blocks by overwriting the associated small stub block, with no direct contact with the data blocks.
The constructs of SDATs, SDM, and AET have been put into practice in a file versioning and snapshot system (FVSS). The security, storage, and data management features put into place to augment regulatory compliance only minimally degrade performance. Consequently, I highly recommend the FVSS for generating unarguable evidence of compliance with the changing SAR regulations of ERs. The FVSS is a useful tool for reducing the risks of ER legal responsibilities, and for providing security assurance to stakeholders.