Configuring Retention Strategy for OCI Object Storage Buckets

This topic provides instructions for the AMS team on how to configure retention policies for OCI Object Storage buckets as part of the SaaS deployment. The configuration ensures compliance with data retention requirements and cost optimization by leveraging the OCI Archive Storage.

PHI Logs Retention Policy

As per the Oracle Health Insurance Cloud Services Service Description and Metrics, PHI audit logs must be retained for 7 years. However, these logs are rarely accessed, so using the OCI Archive Storage can help reduce costs.

The retention policy ensures:

  • Logs are retained for 7 years.

  • Logs older than 60 days are moved to Archive Storage to optimize cost.

OCI Lifecycle Policy Configuration

  1. Navigate to OCI Console Object Storage.

  2. Select the Bucket (for PHI logs) Lifecycle Policy Rules.

  3. Click Create Rule and configure the following rules.

Rule 1: Move logs older than 60 days to Archive Storage

  • Lifecycle Action: Move to Archive

  • Number of Days: 60

Rule 2: Delete logs after 7 Years

  • Lifecycle Action: Delete

  • Number of Days: 2555

For more details on lifecycle policies, see OCI Documentation.

Configuring Retention Rules

  1. Navigate to OCI Console Object Storage.

  2. Select the Bucket (for PHI logs) Retention Rules.

  3. Click Create Rule and configure the following rule.

    • Retention Rule Type: Time-Bound

    • Retention Duration: 7 Years

Retention Rules are applied at the Bucket level, and it is not possible to apply them based on the object prefix. Hence, it is recommended to create a separate bucket for PHI logs.

For more details on retention rules, see OCI Documentation.

Non-PHI Logs Retention Policy

The Non-PHI logs such as the data files produced by data transfer IP should be retained for 60 days.

OCI Lifecycle Policy Configuration

  1. Navigate to OCI Console Object Storage.

  2. Select the Bucket (for Non-PHI logs) Lifecycle Policy Rules.

  3. Click Create Rule and configure the following rule.

Rule: Delete logs after 60 days

  • Lifecycle Action: Delete

  • Number of Days: 60

Configuring Retention Rules

  1. Navigate to OCI Console Object Storage.

  2. Select the Bucket (for Non-PHI logs) Retention Rules.

  3. Click Create Rule and configure the following rule:

    • Retention Rule Type: Time-Bound

    • Retention Duration: 60 days