HL7 Electronic Health Record System Functional Model, Release 2.1.1
2.1.1-ballot - Normative Ballot International flag

This page is part of the HL7 Electronic Health Record System Functional Model, Release 2.1.1 (v2.1.1-ballot: Normative 1 Ballot 1) based on FHIR (HL7® FHIR® Standard) v5.0.0. No current official version has been published yet. For a full list of available versions, see the Directory of published versions

Requirements: TI.1.5 Non-Repudiation (Function)

Page standards status: Informative
Statement N:

Limit an EHR-S user's ability to deny (repudiate) data origination, transmission or receipt by that user.

 Description I:

An EHR-S allows data entry to a patient's electronic health record and it can be a sender or receiver of healthcare information. Non-repudiation is a way to guarantee that the source of the data/record cannot later deny that fact; and that the sender of a message cannot later deny having sent the message; and that the recipient cannot deny having received the message. Components of non-repudiation can include:

  • Digital signature, which serves as a unique identifier for an individual (much like a written signature);
  • Confirmation service, which utilizes a message transfer agent to create a digital receipt (providing confirmation that a message was sent, and/or received);
  • Timestamp, which proves that a document existed at a certain date and time;
  • The use of standardized timekeeping protocols (e.g., the Integrating the Healthcare Enterprise (IHE) Consistent Time Profile).
 Actors:
ehr Criteria N:
TI.1.5#01 dependent SHALL

The system SHALL capture the identity of the entity taking the action according to scope of practice, organizational policy, and/or jurisdictional law.
TI.1.5#02 dependent SHALL

The system SHALL capture time stamp of the initial entry, modification and exchange of data according to scope of practice, organizational policy, and/or jurisdictional law.
TI.1.5#03 dependent SHALL

The system SHALL conform to function TI.2 (Audit) to prevent repudiation of data origination, transmission and receipt according to scope of practice, organizational policy, and/or jurisdictional law.
TI.1.5#04 dependent SHOULD

The system SHOULD conform to function RI.1.1.4 (Attest Record Entry Content) to ensure integrity of data and data exchange and thus prevent repudiation of data origination, transmission or receipt according to scope of practice, organizational policy, and/or jurisdictional law.