Provenance Requirements in the Medical Domain
Author: Simon Miles
Project: This work was conducted as part of the PASOA project (EPSRC GR/S67623/01)
Last modified: 27th October 2004
This document describes some particular provenance use cases related to the medical domain and processing of clinical data. We are grateful to Dr. Dipak Kalra of the Centre for Health Informatics and Multiprofessional Education at University College London for these requirements.
Use of provenance 1: Assurance of deletion
Because the clinical data and the traces of its use are so sensitive, services may have to provide assurances that caches of that data used in processing have been deleted after the process has taken place. Provenance data stores will have to abide by these assurances, and the assurances themselves may be useful in determining why provenance data is not present in the service.
Use of provenance 2: Confidential data
When clinical data is involved, access to provenance data and metadata must have access restricted and only be communicated securely. Provenance data submitted to storage must also be sent securely.
Use of provenance 3: Human authorisation
There is a need, in healthcare communications, to document the human authorities sanctioning a process and their delegation of authority to administrative staff and software. Humans should be included in the provenance trace along with software services as they instigate interactions.