Securely Storing Patient Health Records in Oracle Cloud Infrastructure Object Storage

B.

The best option to meet the requirement of securely storing patient health records in an OCI Object Storage bucket for a period of 5 years without modification, overwrite or deletion is to create an OCI Object Storage time-bound Retention Rule on the HealthRecords bucket and enable Retention Rule Lock on this bucket.

Option A: Creating an OCI Object Storage Lifecycle Policies rule to archive objects in the HealthRecords bucket for five years would not prevent modification, overwriting, or deletion of records during the retention period. This option is not suitable as it does not meet the requirement of maintaining the records unmodified, overwritten or deleted for the entire retention period.

Option C: Enabling encryption on the HealthRecords bucket using your own vault master encryption keys is a good security practice but it does not meet the requirement of maintaining records for 5 years without modification, overwrite or deletion.

Option D: Enabling versioning on the HealthRecords bucket would not prevent modification or overwrite of records. It only provides a history of changes made to the records.

Option B: Creating an OCI Object Storage time-bound Retention Rule on the HealthRecords bucket for five years is the best option because it meets the requirement of maintaining records for a period of 5 years without modification, overwrite or deletion. This option ensures that the records cannot be modified, overwritten, or deleted during the retention period by anyone, including administrators, and ensures that the records are immutable. The Retention Rule Lock feature ensures that the retention period cannot be changed or the retention rule deleted by anyone, including administrators, during the retention period.