WARRANT

Literary Warrant for Functional Requirement #12a

This requirement derives from the law, customs, standards and professional best practices accepted by society and codified in the literature of different professions concerned with records and recordkeeping. The warrant is as follows:

Citation Department of Health and Human Services Food and Drug Administration 21 CFR Part 11 [Docket No. 92N-0251] Electronic Signatures; Electronic Records
Pages 11.10
Extract Controls for closed systems. Closed systems used to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the signed record as not genuine. Such procedures and controls shall include the following: (c) Protection of records to enable their accurate and ready retrieval throughout the records retention period.

Citation Ian B. Gilhooley Information Systems Management, Control and Audit (Altamonte Springs, Fla.: The Institute of Internal Auditors 1991)
Pages 94
Extract Not only must the information systems security measures control the availability of data, they must also ensure that the data is available in the first place. Unavailability of data may be as a result of a loss of data for reasons previously defined. It may also be the case that the data exists but has not been set up to be accessed by those who have a legitimate need for access. Unavailability in this situation may simply be the result of having set the wrong access levels for particular individuals.

Citation Ian B. Gilhooley Information Systems Management, Control and Audit (Altamonte Springs, Fla.: The Institute of Internal Auditors 1991)
Pages 338
Extract LACK OF ACCESSABILITY The final objective of data management is to make information available to those who have a right to this information. A great deal of time is spent discussing the prevention of access. However, just as much thought should go into the granting of access and making sure that barriers to access are not built inadvertently. Barriers to access can result from a variety of reasons, including: * The data is not available within the data base. * The user has not been granted access to the data elements that produce the required information. * The data base has been structured incorrectly. For example, allowing users access to information to which they are entitled would mean having to grant access to data to which they are not entitled.

Citation "Guideline for the Analysis of Local Area Network Security" Category: Computer Security; Subcategory: Risk Analysis and Contingency Planning. Federal Information Processing Standards Publication 191 (U.S. Department of Commerce/Technology Administration and National Institute of Standards and Technology, 9 November 1994)
Pages 9
Extract The following goals should be considered to implement effective LAN security.... Maintain the availability of data stored on a LAN, as well as the ability to process and transmit the data in a timely fashion;

Citation Condition of Participation: Medical Records Services, Health Care Financing Administration, 42 CFR, Chapter 4, 482.24
Extract (2) The hospital must have a system of coding and indexing medical records. The system must allow for timely retrieval by diagnosis and procedure, in order to support medical care evaluation studies.

Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology Systems: "Part II: Performance Guideline for the Acceptance by Government Agencies of Records Produced by Information Technology Systems;" Technical Report ANSI/AIIM TR31-1993; Association for Information and Image Management.
Pages 11
Extract 3.5.1 Availability of records Records must be available for inspection for the full period required by law. The life expectancy of the media, per se, has no bearing on the legal status or legal acceptance of the records. The information maintained on the media and the system used to produce the records must achieve the required retention period. This means that for some technologies it may be necessary to periodically convert, regenerate, copy or transfer the information from one medium or technology to another to preserve the information for the required period.