Provenance Requirements in the Medical Domain

Author: Simon Miles
Project: This work was conducted as part of the PASOA project (EPSRC GR/S67623/01)
Last modified: 27th October 2004

This document describes some particular provenance use cases related to the medical domain and processing of clinical data. We are grateful to Dr. Dipak Kalra of the Centre for Health Informatics and Multiprofessional Education at University College London for these requirements.

Use Cases

Use of provenance 1: Assurance of deletion

Because the clinical data and the traces of its use are so sensitive, services may have to provide assurances that caches of that data used in processing have been deleted after the process has taken place. Provenance data stores will have to abide by these assurances, and the assurances themselves may be useful in determining why provenance data is not present in the service.

Use of provenance 2: Confidential data

When clinical data is involved, access to provenance data and metadata must have access restricted and only be communicated securely. Provenance data submitted to storage must also be sent securely.

Use of provenance 3: Human authorisation

There is a need, in healthcare communications, to document the human authorities sanctioning a process and their delegation of authority to administrative staff and software. Humans should be included in the provenance trace along with software services as they instigate interactions.