EHRS-FM IG

ISO/HL7 10781 - Electronic Health Record System Functional Model, Release 2.1
0.14.0 - CI Build

ISO/HL7 10781 - Electronic Health Record System Functional Model, Release 2.1 - Local Development build (v0.14.0) built by the FHIR (HL7® FHIR® Standard) Build Tools. See the Directory of published versions

Requirements: TI.1.5 Non-Repudiation (Function)

Active as of 2024-06-01
Statement N:

Limit an EHR-S user's ability to deny (repudiate) data origination, transmission or receipt by that user.

Description I:

An EHR-S allows data entry to a patient's electronic health record and it can be a sender or receiver of healthcare information. Non-repudiation is a way to guarantee that the source of the data/record cannot later deny that fact; and that the sender of a message cannot later deny having sent the message; and that the recipient cannot deny having received the message. Components of non-repudiation can include:

  • Digital signature, which serves as a unique identifier for an individual (much like a written signature);
  • Confirmation service, which utilizes a message transfer agent to create a digital receipt (providing confirmation that a message was sent, and/or received);
  • Timestamp, which proves that a document existed at a certain date and time;
  • The use of standardized timekeeping protocols (e.g., the Integrating the Healthcare Enterprise (IHE) Consistent Time Profile).
Criteria N:
TI.1.5#01 dependent SHALL

The system SHALL capture the identity of the entity taking the action according to scope of practice, organizational policy, and/or jurisdictional law.

TI.1.5#02 dependent SHALL

The system SHALL capture time stamp of the initial entry, modification and exchange of data according to scope of practice, organizational policy, and/or jurisdictional law.

TI.1.5#03 dependent SHALL

The system SHALL conform to function [[TI.2]] (Audit) to prevent repudiation of data origination, transmission and receipt according to scope of practice, organizational policy, and/or jurisdictional law.

TI.1.5#04 dependent SHOULD

The system SHOULD conform to function [[RI.1.1.4]] (Attest Record Entry Content) to ensure integrity of data and data exchange and thus prevent repudiation of data origination, transmission or receipt according to scope of practice, organizational policy, and/or jurisdictional law.