Non-repudiable provenance for clinical decision support systems
Authors | |
---|---|
Year of publication | 2021 |
Type | Article in Proceedings |
Conference | Lecture Notes in Computer Science |
MU Faculty or unit | |
Citation | |
Web | https://doi.org/10.1007/978-3-030-80960-7_16 |
Doi | http://dx.doi.org/10.1007/978-3-030-80960-7_10 |
Keywords | data provenance;non-repudiation;health informatics;decision support systems |
Description | Provenance templates are now a recognised methodology for the construction of data provenance records. Each template defines the provenance of a domain-specific action in abstract form, which may then be instantiated as required by a single call to the provenance template service. As data reliability and trustworthiness becomes a critical issue in an increasing number of domains, there is a corresponding need to ensure that the provenance of that data is non-repudiable. In this paper we contribute two new, complementary modules to our template model and implementation to produce non-repudiable data provenance. The first, a module that traces the operation of the provenance template service itself, and records a provenance trace of the construction of an object-level document, at the level of individual service calls. The second, a non-repudiation module that generates evidence for the data recorded about each call, annotates the service trace accordingly, and submits a representation of that evidence to a provider-agnostic notary service. We evaluate the applicability of our approach in the context of a clinical decision support system. We first define a policy to ensure the non-repudiation of evidence with respect to a security threat analysis in order to demonstrate the suitability of our solution. We then select three use cases from within a particular system, Consult, with contrasting data provenance recording requirements and analyse the subsequent performance of our prototype implementation against three different notary providers. |