Data Governance and Privacy in Healthcare
Expert-defined terms from the Professional Certificate in AI Ethics and Regulatory Compliance in Pharma course at Stanmore School of Business. Free to read, free to share, paired with a professional course.
Access Control – A set of policies and mechanisms that restrict who can v… #
Related terms: authentication, authorization, role‑based access control (RBAC). In a hospital EMR system, access control ensures that only physicians assigned to a patient can view that patient’s chart, while billing staff may access only financial information. Practical application includes implementing RBAC matrices that map job functions to permissible data actions. Challenges involve balancing usability with security, managing dynamic staff roles, and preventing “privilege creep” where users accumulate unnecessary permissions over time.
Algorithmic Transparency – The degree to which the logic, data inputs, an… #
Related terms: explainability, interpretability, auditability. For a predictive analytics tool that flags high‑risk patients for readmission, transparency would require documenting the variables (e.g., age, comorbidities) and weighting used by the model. Practical application includes generating model cards that summarize performance metrics and data provenance. Challenges include protecting proprietary algorithms, avoiding information overload for clinicians, and ensuring that disclosed details do not inadvertently reveal protected health information (PHI).
Anonymization – The process of removing or encrypting personal identifier… #
Related terms: pseudonymization, de‑identification, re‑identification risk. A researcher may anonymize a dataset of patient lab results by stripping names, dates of birth, and ZIP codes, then applying statistical noise to rare disease codes. Practical application involves using standard methods such as the Safe Harbor provision of HIPAA or the European GDPR’s “reasonable means” test. Challenges include assessing residual re‑identification risk, especially when datasets are linked, and maintaining data utility for downstream analytics.
Audit Trail – A chronological record that documents who accessed, modifie… #
Related terms: logging, provenance, compliance monitoring. In a clinical trial management system, an audit trail captures each amendment to a protocol, noting the user ID, timestamp, and rationale. Practical application includes automated alerts when anomalous access patterns are detected, supporting both internal governance and external regulator inspections. Challenges revolve around storage overhead, ensuring tamper‑proof logs, and balancing thoroughness with privacy concerns for staff activity data.
Baseline Privacy Impact Assessment (PIA) – An initial evaluation that ide… #
Related terms: risk assessment, DPIA, data mapping. Before deploying an AI‑driven diagnostic tool, a baseline PIA would catalog data flows, assess legal bases for processing, and propose mitigation measures such as consent mechanisms or data minimization. Practical application includes integrating the PIA into project governance checklists and documenting findings for senior leadership. Challenges include forecasting future uses of data, quantifying intangible harms, and keeping the assessment current as the system evolves.
Business Associate Agreement (BAA) – A legally binding contract required… #
Related terms: covered entity, subcontractor, data use agreement. A cloud‑hosting provider that stores patient imaging files must sign a BAA that specifies security safeguards, breach notification protocols, and permitted uses of the data. Practical application involves negotiating standard clauses, performing due‑diligence audits, and updating the BAA when services change. Challenges include aligning contractual language with rapidly evolving cloud services, ensuring enforceability across jurisdictions, and managing multiple BAAs for a complex vendor ecosystem.
Consent Management – The processes and technologies used to capture, stor… #
Related terms: opt‑in, opt‑out, granular consent. An oncology clinic may implement a digital portal where patients can consent separately to treatment, research, and marketing communications. Practical application includes linking consent records to the data governance platform so that downstream analytics automatically honor the selected permissions. Challenges involve handling legacy data without explicit consent, reconciling differing consent standards across regions, and providing clear, understandable consent language to diverse patient populations.
Data Classification – The systematic categorization of data based on sens… #
Related terms: sensitivity levels, data labeling, tiered storage. In a pharmaceutical company, data may be classified as “public,” “internal,” “confidential,” or “restricted,” with PHI placed in the highest tier. Practical application includes automated tagging of incoming files, applying appropriate encryption, and enforcing tier‑specific access controls. Challenges include maintaining accurate classifications as data is transformed, preventing over‑classification that hampers usability, and aligning classifications with multiple regulatory regimes (e.g., HIPAA, GDPR, ICH).
Data Governance Council – A cross‑functional body that defines policies,… #
Related terms: steering committee, data stewardship, policy framework. A pharma firm may establish a council comprising representatives from clinical research, IT, legal, and compliance to approve data‑sharing agreements and set standards for AI model validation. Practical application involves regular meetings, documented decisions, and escalation paths for data incidents. Challenges include ensuring sufficient authority to enforce decisions, avoiding siloed perspectives, and sustaining engagement amid competing priorities.
Data Minimization – The principle of collecting and retaining only the da… #
Related terms: purpose limitation, retention policy, data pruning. An AI‑enabled patient monitoring device might store heart‑rate trends locally but transmit only aggregated risk scores to the cloud, thereby reducing the amount of PHI transferred. Practical application includes conducting periodic data inventories, establishing retention schedules, and automating deletion of obsolete records. Challenges arise when downstream research needs unforeseen data, when legacy systems lack purge capabilities, and when contractual obligations conflict with minimization goals.
Data Provenance – Documentation of the origin, lineage, and transformatio… #
Related terms: lineage, audit trail, metadata. In a real‑world evidence study, provenance metadata records the source EHR system, extraction date, cleaning scripts, and any imputation methods used. Practical application involves embedding provenance tags in data files and providing traceability for regulatory reviewers. Challenges include managing provenance for high‑velocity streams, ensuring consistency across heterogeneous data sources, and preventing provenance metadata from becoming a privacy liability.
Data Quality Framework – A structured approach to assess, monitor, and im… #
Related terms: data validation, data cleansing, quality metrics. A pharma analytics team may adopt a framework that defines acceptable error rates for lab values, implements automated validation rules, and reports monthly quality scores to the governance council. Practical application includes dashboards that surface anomalies, root‑cause analysis workflows, and remediation plans. Challenges include aligning quality thresholds with clinical significance, handling missing data without biasing AI models, and scaling quality checks across large, multi‑source datasets.
Data Subject Rights (DSR) – Rights granted to individuals under privacy l… #
Related terms: right to access, right to erasure, GDPR. A patient in the EU may request a copy of all health records held by a pharmaceutical sponsor, ask for correction of inaccurate entries, or demand deletion of data no longer needed for the original purpose. Practical application involves establishing request portals, verification procedures, and workflows that route requests to the appropriate data custodians. Challenges include meeting statutory timelines, verifying identity without excessive data collection, and reconciling DSRs with mandatory retention periods for clinical trial data.
De‑identification – The act of removing or altering personal identifiers… #
Related terms: anonymization, pseudonymization, HIPAA Safe Harbor. A dataset of adverse event reports may be de‑identified by replacing patient names with random IDs, shifting dates by a uniform offset, and aggregating rare disease codes. Practical application includes using standardized de‑identification tools and documenting the techniques applied for audit purposes. Challenges involve ensuring that the chosen method meets the legal standard for de‑identification, maintaining data utility for signal detection, and guarding against re‑identification when combined with external datasets.
Data Stewardship – The responsibility for managing data assets to ensure… #
Related terms: data ownership, custodianship, stewardship role. In a clinical data warehouse, a data steward may oversee data ingestion pipelines, enforce metadata standards, and coordinate with privacy officers on consent compliance. Practical application includes assigning stewardship to domain experts, providing training on governance policies, and tracking stewardship activities in a central registry. Challenges include defining clear accountability boundaries, preventing stewardship overload, and integrating stewardship duties with existing job functions.
Data Transfer Impact Assessment (DTIA) – An evaluation that examines the… #
Related terms: cross‑border transfer, adequacy decision, SCC. When a US‑based pharma company shares trial data with a European CRO, a DTIA would assess the legal basis (e.g., Standard Contractual Clauses), encryption in transit, and monitoring mechanisms. Practical application includes embedding the DTIA checklist into the data‑sharing workflow and retaining the assessment for regulator review. Challenges consist of rapidly changing international data‑transfer frameworks, differing interpretations of adequacy, and the need for real‑time compliance monitoring.
Data Use Agreement (DUA) – A contract that governs the terms under which… #
Related terms: material transfer agreement, licensing, confidentiality clause. A university researcher receiving patient‑level genomic data from a pharma sponsor must sign a DUA that restricts analysis to the approved study, prohibits re‑identification, and requires citation of the data source. Practical application includes template DUAs that are customized for each collaboration and tracked in a repository. Challenges involve negotiating clauses that satisfy both academic freedom and commercial protection, handling amendments as projects evolve, and ensuring compliance monitoring.
De‑identification Standard (HIPAA Safe Harbor) – A set of 18 identifiers… #
S. law. Related terms: limited data set, expert determination, PHI. Removing names, full dates, geographic subdivisions smaller than a state, and other identifiers renders the dataset eligible for secondary use without patient authorization. Practical application includes automated scripts that scan and redact the Safe Harbor identifiers before data export. Challenges include dealing with indirect identifiers (e.g., rare disease combinations) that may still enable re‑identification, and keeping the de‑identification process up‑to‑date with evolving privacy guidance.
Differential Privacy – A mathematical technique that adds calibrated nois… #
Related terms: privacy budget, epsilon, noise injection. A health analytics platform might apply differential privacy when releasing population‑level statistics on medication adherence, ensuring that no single patient’s behavior can be inferred. Practical application involves selecting an appropriate privacy budget, integrating noise mechanisms into the reporting engine, and documenting the trade‑off between accuracy and privacy. Challenges include communicating the concept to non‑technical stakeholders, balancing utility for AI training, and managing cumulative privacy loss across multiple queries.
Electronic Health Record (EHR) Integration – The process of linking AI to… #
Related terms: interoperability, HL7 FHIR, API gateway. An AI‑driven sepsis early‑warning system may receive real‑time vitals from the EHR, apply a risk model, and write alerts back into the clinician’s workflow. Practical application includes using standardized FHIR resources, enforcing token‑based authentication, and logging all EHR interactions for audit purposes. Challenges involve navigating legacy EHR interfaces, ensuring that integration does not introduce new privacy exposures, and maintaining performance at scale.
Ethical Review Board (ERB) / Institutional Review Board (IRB) – A committ… #
Related terms: human subjects protection, consent, protocol amendment. Before deploying a machine‑learning model that predicts disease progression, investigators must submit a protocol to the IRB outlining data handling, de‑identification methods, and risk mitigation. Practical application includes providing the IRB with a data flow diagram, privacy impact assessment, and data‑use agreement. Challenges include aligning IRB expectations with rapid AI development cycles, addressing secondary uses of data, and managing multi‑site IRB approvals.
Federated Learning – A machine‑learning approach where models are trained… #
Related terms: privacy‑preserving ML, edge computing, aggregation server. In a network of hospitals, each site trains a local model on its patient cohort, then sends encrypted weight updates to a central server that aggregates them into a global model for disease prediction. Practical application includes implementing secure aggregation protocols, monitoring convergence, and ensuring that updates do not leak sensitive patient information. Challenges involve handling heterogeneous data distributions, dealing with communication latency, and verifying that the aggregated model complies with each site’s privacy policies.
GDPR (General Data Protection Regulation) – The EU’s comprehensive data‑p… #
Related terms: lawful basis, data controller, DPO. A pharmaceutical manufacturer that processes clinical trial data from EU participants must appoint a Data Protection Officer, establish a lawful basis (e.g., consent or public interest), and conduct Data Protection Impact Assessments for high‑risk processing. Practical application includes mapping data flows, implementing mechanisms for data subject access requests, and maintaining records of processing activities. Challenges comprise navigating the extraterritorial scope, reconciling GDPR with other regulations such as HIPAA, and managing the substantial documentation burden.
Health Insurance Portability and Accountability Act (HIPAA) – U #
S. legislation that establishes national standards for the protection of PHI, including the Privacy Rule and Security Rule. Related terms: covered entity, business associate, breach notification. A clinical research organization must ensure that any system handling PHI implements access controls, audit logs, and encryption at rest and in transit. Practical application involves performing regular risk analyses, training staff on the “minimum necessary” principle, and establishing incident‑response procedures. Challenges include adapting HIPAA requirements to cloud environments, addressing emerging threats such as ransomware, and coordinating compliance across multiple affiliates.
Identity Management – The set of policies, processes, and technologies th… #
Related terms: single sign‑on, multi‑factor authentication, identity provider. An AI platform used by both research and clinical teams may rely on an enterprise identity provider to enforce MFA for all users accessing PHI‑linked models. Practical application includes provisioning role‑based groups, enforcing password complexity, and integrating with audit logging. Challenges involve managing lifecycle events (e.g., onboarding, termination), supporting external collaborators with federated identities, and preventing credential reuse across insecure devices.
Informed Consent – A process by which participants are educated about the… #
Related terms: patient autonomy, consent form, opt‑in. For an AI‑driven diagnostic trial, consent documents must disclose that patient imaging data will be used to train algorithms, stored in a secure cloud, and possibly shared with third‑party researchers. Practical application includes using electronic consent platforms that capture timestamps, version control, and audit trails of consent changes. Challenges include ensuring comprehension across diverse literacy levels, handling consent for secondary uses, and updating consent when new data‑processing activities arise.
Incident Response Plan (IRP) – A documented set of procedures for detecti… #
Related terms: breach notification, forensic analysis, root cause. When a ransomware attack encrypts a repository of clinical trial data, the IRP guides the organization to isolate affected systems, engage forensic experts, notify regulators within the mandated timeframe, and restore data from secure backups. Practical application includes regular tabletop exercises, defined roles (e.g., incident commander, communications lead), and post‑incident lessons‑learned reviews. Challenges involve coordinating across legal, compliance, and clinical teams, preserving evidence for potential litigation, and maintaining business continuity while protecting patient safety.
Information Governance (IG) – The overarching strategy that aligns data m… #
Related terms: data governance, records management, policy framework. In a pharma enterprise, IG encompasses policies for data retention, archiving of trial records, and the lifecycle management of AI model artifacts. Practical application includes establishing IG policies, integrating them with enterprise content management systems, and measuring compliance through key performance indicators. Challenges consist of harmonizing IG with multiple regulatory regimes, avoiding siloed governance structures, and ensuring that IG initiatives keep pace with rapid digital transformation.
International Council for Harmonisation (ICH) E6(R2) – The guideline that… #
Related terms: GCP, trial master file, regulatory submission. The ICH E6(R2) emphasizes data integrity, traceability, and auditability, requiring that electronic records be backed by validated systems and that any AI‑derived endpoints be fully documented. Practical application includes mapping AI model documentation to the trial master file, performing validation testing, and ensuring that data provenance satisfies regulator expectations. Challenges include integrating AI outputs into established GCP workflows, meeting the guideline’s stringent audit requirements, and addressing divergent interpretations among regulatory agencies.
Key Management Service (KMS) – A centralized system for generating, stori… #
Related terms: encryption, key rotation, hardware security module (HSM). When encrypting PHI at rest in a cloud data lake, a KMS provides the master key that encrypts data‑encryption keys, which in turn protect the actual records. Practical application involves integrating the KMS with the data‑access layer, enforcing automatic key rotation, and logging all key‑use events for audit purposes. Challenges include ensuring high availability, preventing insider misuse of privileged keys, and complying with jurisdictional restrictions on key storage locations.
Least Privilege – The security principle that users should be granted onl… #
Related terms: role‑based access control, privilege creep, segregation of duties. A data scientist working on a predictive model may receive read‑only access to de‑identified datasets, while a clinical reviewer receives write access to patient notes but not to the underlying raw data. Practical application includes periodic access reviews, automated de‑provisioning when roles change, and monitoring for anomalous privilege escalations. Challenges involve accurately mapping job functions to access needs, preventing excessive restrictions that hinder legitimate work, and managing exceptions in emergency scenarios.
Machine‑Learning Model Registry – A centralized repository that stores mo… #
Related terms: model lifecycle, provenance, compliance metadata. In a pharma AI platform, each model entry includes the training dataset description, performance metrics, intended use, and approved data‑privacy controls such as de‑identification status. Practical application includes enforcing approval workflows before models are promoted to production, providing audit trails of model changes, and integrating with deployment pipelines. Challenges consist of maintaining consistency across multiple teams, ensuring that registry metadata stays synchronized with actual model behavior, and scaling the registry for large numbers of models.
Metadata Management – The discipline of defining, collecting, storing, an… #
Related terms: data catalog, data dictionary, governance metadata. For a clinical data repository, metadata may capture the source system (e.g., EHR), the extraction date, transformation steps, and data‑quality scores. Practical application involves automated metadata harvesting, searchable catalogs for data scientists, and policy enforcement based on metadata tags (e.g., “restricted”). Challenges include integrating metadata from legacy systems, preventing metadata drift as data evolves, and ensuring that metadata itself does not expose sensitive information.
Minimum Necessary Standard – A HIPAA principle that requires covered enti… #
Related terms: need‑to‑know, data reduction, privacy safeguard. When a researcher requests patient lab results for a specific study, the data custodian should provide only the variables directly relevant to the analysis, omitting unrelated identifiers. Practical application includes designing query interfaces that enforce field‑level restrictions, training staff on the standard, and documenting justification for any broader data releases. Challenges involve balancing comprehensive research needs with strict limitation, handling ambiguous requests, and auditing compliance across decentralized data access points.
Patient‑Generated Health Data (PGHD) – Health information created, record… #
Related terms: real‑world data, mHealth, digital biomarkers. An AI model predicting COPD exacerbations may ingest PGHD from a smartwatch that tracks activity levels and oxygen saturation. Practical application requires obtaining explicit consent, ensuring data quality, and integrating PGHD with clinical records via standardized APIs. Challenges include variable data reliability, privacy concerns for continuous monitoring, and regulatory uncertainty regarding the status of PGHD in clinical decision‑making.
Privacy by Design (PbD) – An approach that embeds privacy considerations… #
Related terms: privacy engineering, data protection impact assessment, default privacy. An AI‑enabled radiology workflow might incorporate encryption, role‑based access, and audit logging at the design stage, ensuring that PHI is protected throughout the pipeline. Practical application includes conducting privacy threat modeling during system architecture reviews, documenting privacy controls, and performing regular compliance checks. Challenges involve reconciling PbD with performance requirements, securing buy‑in from product teams, and updating designs as privacy regulations evolve.
Protected Health Information (PHI) – Any individually identifiable health… #
Related terms: individually identifiable health information, ePHI, de‑identification. PHI includes names, dates of birth, medical record numbers, and diagnostic codes when linked to a specific person. Practical application requires that any system storing or processing PHI implement encryption, access controls, and breach‑notification procedures. Challenges encompass managing PHI across hybrid cloud environments, ensuring that de‑identified datasets truly meet privacy thresholds, and handling incidental disclosures during data integration.
Regulatory Sandbox – A controlled environment that allows innovators to t… #
Related terms: pilot study, conditional approval, risk‑based oversight. A pharma company may collaborate with a health authority to trial an AI‑driven triage tool within a limited number of hospitals, collecting real‑world performance data before full market authorization. Practical application includes defining sandbox boundaries, establishing data‑sharing agreements, and setting measurable safety endpoints. Challenges involve aligning sandbox criteria with existing regulations, managing data confidentiality, and transitioning successful pilots into compliant, scalable deployments.
Risk‑Based Approach – A methodology that prioritizes resources and contro… #
Related terms: risk assessment, threat modeling, mitigation strategy. When evaluating a new AI analytics platform, an organization may focus on high‑risk areas such as external data transfers and model interpretability, while applying lighter controls to low‑risk internal reporting. Practical application includes using risk matrices, documenting risk owners, and reviewing risk levels periodically. Challenges include quantifying intangible risks (e.g., reputational harm), avoiding risk fatigue among staff, and ensuring that risk decisions are well‑documented for auditors.
Secure Multiparty Computation (SMC) – A cryptographic technique that enab… #
Related terms: privacy‑preserving analytics, secret sharing, homomorphic encryption. Multiple hospitals could collaboratively train a predictive model on patient data without revealing raw records to each other, using SMC protocols to exchange encrypted partial results. Practical application involves selecting appropriate SMC frameworks, establishing trusted execution environments, and validating the correctness of the joint computation. Challenges include high computational overhead, complexity of protocol implementation, and ensuring that the final model does not leak proprietary or patient information.
Standard Contractual Clauses (SCC) – Model legal provisions approved by t… #
Related terms: data transfer, adequacy decision, GDPR. A pharma sponsor may embed SCCs in contracts with a US‑based cloud provider to ensure that patient data transferred for AI training complies with GDPR requirements. Practical application includes customizing SCCs for specific processing activities, maintaining records of the clauses, and conducting supplementary data‑protection measures such as encryption. Challenges involve keeping SCCs up‑to‑date with evolving EU guidance, addressing divergent national interpretations, and managing the administrative burden of multiple SCCs across many vendors.
Subject Access Request (SAR) – A formal request by an individual exercisi… #
Related terms: right to access, data portability, DSR. A patient may submit a SAR to a pharmaceutical company requesting all clinical trial data, consent forms, and analysis results that pertain to them. Practical application includes establishing a SAR intake portal, verifying identity securely, and delivering the data within statutory timelines while preserving data integrity. Challenges involve locating data across disparate systems, redacting third‑party information, and managing high volumes of requests during large‑scale studies.
Technical Safeguards – Security measures that protect data at the hardwar… #
Related terms: physical safeguards, administrative safeguards, defense‑in‑depth. For a cloud‑based AI platform handling PHI, technical safeguards might include TLS for data in transit, AES‑256 encryption at rest, and continuous vulnerability scanning. Practical application includes configuring security groups, applying patch management policies, and conducting regular penetration tests. Challenges encompass staying ahead of emerging threats, ensuring that safeguards do not degrade model performance, and integrating safeguards across heterogeneous environments.
Third‑Party Risk Management (TPRM) – The systematic process of assessing,… #
Related terms: vendor due diligence, supply chain risk, subcontractor oversight. When a pharma company outsources data annotation to an external service, TPRM involves evaluating the vendor’s security posture, reviewing their BAA, and performing periodic audits. Practical application includes maintaining a vendor risk register, assigning risk owners, and establishing remediation timelines for identified gaps. Challenges include limited visibility into vendor subcontractors, varying security maturity among vendors, and aligning contractual obligations with regulatory expectations.
Traceability Matrix – A tool that maps requirements, design elements, tes… #
Related terms: requirements traceability, compliance mapping, verification. In an AI‑enabled drug‑interaction checker, a traceability matrix links the FDA’s software validation guidance to the model’s data‑quality checks, test scenarios, and documentation artifacts. Practical application includes populating the matrix in a shared repository, updating it as changes occur, and using it during audits to demonstrate comprehensive coverage. Challenges involve maintaining the matrix for rapidly evolving AI models, ensuring that all regulatory references are current, and preventing the matrix from becoming a static, out‑of‑date document.
Trusted Research Environment (TRE) – A secure, controlled setting that en… #
Related terms: data enclave, secure analytics platform, virtual research workspace. A pharma analytics team may use a TRE to explore patient‑level trial data, running AI algorithms on a virtual machine that cannot export raw data, only aggregated results. Practical application includes provisioning role‑based access, logging all query activity, and employing data‑output vetting procedures before results leave the TRE. Challenges include balancing researcher flexibility with stringent security controls, ensuring that the TRE integrates with existing IT infrastructure, and managing user onboarding across multiple institutions.
Use‑Case Prioritization – The process of ranking potential AI or data‑ana… #
Related terms: portfolio management, ROI analysis, risk assessment. A pharma organization may prioritize a use case that predicts adverse events in phase‑III trials because it offers high patient‑safety impact and aligns with regulatory expectations, while deprioritizing exploratory market‑segmentation models with uncertain data‑privacy implications. Practical application includes scoring each use case against defined criteria, involving stakeholders from clinical, legal, and IT, and revisiting the prioritization as new regulations emerge. Challenges involve quantifying qualitative benefits, avoiding bias toward familiar technologies, and ensuring that compliance considerations are weighted appropriately.
Virtual Clinical Trial (VCT) – A trial conducted partially or wholly usin… #
Related terms: decentralized trial, eConsent, digital endpoint. In a VCT for a new diabetes medication, participants use a smartphone app to log glucose readings, while an AI algorithm assesses adherence and flags potential safety concerns. Practical application requires establishing robust data‑privacy safeguards for the collected digital data, obtaining electronic informed consent, and integrating remote data streams into the sponsor’s central database. Challenges include ensuring data integrity across heterogeneous devices, meeting regulatory expectations for remote monitoring, and addressing disparities in patient access to technology.
Zero‑Trust Architecture (ZTA) – A security model that assumes no user or… #
Related terms: micro‑segmentation, conditional access, continuous authentication. In a pharma AI platform, ZTA would require every request to a data lake to be authenticated, authorized, and inspected for anomalies, regardless of whether the request originates from inside the corporate network. Practical application includes deploying identity‑aware proxies, enforcing least‑privilege policies, and integrating real‑time risk scores. Challenges involve redesigning legacy systems to support granular controls, managing performance impacts, and cultivating an organizational culture that embraces perpetual verification.