A secure method and apparatus for data exchange that allows a client's or patient's financial data, medical records, and other information to be stored on a card-shaped compact disk, with multiple levels of encryption to preserve privacy. The trusted record disc can be read on any computer with a network or internet connection, but access to the information on the disc is restricted according to a password protected hierarchical encryption policy. In order to obtain access to the restricted information, an individual user needs to enter a unique password that is sent to a central server. The server confirms the password and returns an electronic key to the user's computer. The electronic key unlocks the encryption and allow the user to view only the information that is permitted (under federal patient, financial privacy or other laws). Thus, in the medical setting, physicians can review the patient's entire medical record and make changes to it. Nurses, pharmacists, and billing clerks have differing predetermined levels of access.