Non-repudiable provenance for clinical decision support systems

Warning

This publication doesn't include Institute of Computer Science. It includes Faculty of Informatics. Official publication website can be found on muni.cz.
Authors

FAIRWEATHER Elliot WITTNER Rudolf CHAPMAN Martin HOLUB Petr CURCIN Vasa

Year of publication 2021
Type Article in Proceedings
Conference Lecture Notes in Computer Science
MU Faculty or unit

Faculty of Informatics

Citation
Web https://doi.org/10.1007/978-3-030-80960-7_16
Doi http://dx.doi.org/10.1007/978-3-030-80960-7_10
Keywords data provenance;non-repudiation;health informatics;decision support systems
Description Provenance templates are now a recognised methodology for the construction of data provenance records. Each template defines the provenance of a domain-specific action in abstract form, which may then be instantiated as required by a single call to the provenance template service. As data reliability and trustworthiness becomes a critical issue in an increasing number of domains, there is a corresponding need to ensure that the provenance of that data is non-repudiable. In this paper we contribute two new, complementary modules to our template model and implementation to produce non-repudiable data provenance. The first, a module that traces the operation of the provenance template service itself, and records a provenance trace of the construction of an object-level document, at the level of individual service calls. The second, a non-repudiation module that generates evidence for the data recorded about each call, annotates the service trace accordingly, and submits a representation of that evidence to a provider-agnostic notary service. We evaluate the applicability of our approach in the context of a clinical decision support system. We first define a policy to ensure the non-repudiation of evidence with respect to a security threat analysis in order to demonstrate the suitability of our solution. We then select three use cases from within a particular system, Consult, with contrasting data provenance recording requirements and analyse the subsequent performance of our prototype implementation against three different notary providers.

You are running an old browser version. We recommend updating your browser to its latest version.

More info