Digitally signing a record...

[Darkbob]

I'm writing a medical application. It's important that the doctor is able to prove that he hasn't tampered with his records should things head to court.

The data is stored in a series of fields. I'd like to run some type of hash on the fields to come up with a "check sum" then store the check sum in a field. If a record is changed the user would need to also change the check sum - and since they don't know the check sum algorithm they won't be able to do that.

So any suggestions on a good hashing algorithm? One that's fast to perform but not something simple like adding up all the ASCII values?

Of course there's nothing to stop the user (if he has the password) from deleting records... but I'm working on that one. Any advice here?

Many thanks in advance.

--DB

[Hack]

I don't know about your check sum algorithm, but I'm also working on an application in which the data could get audited by the state or federal government and we flat do not allow records to be deleted at all.

We have a "delete flag" field in all of our data tables. If that field is updated with a "Y", the system consideres the record to be deleted. It will not show up on any reports/screens/record counts/etc, but it is still there.

Only system administrators can "delete" records so if a user wants one removed, they have to submit a request, in writing, specifically stating why they want it deleted. If granted, their name/date and reason is logged with the record.