Background:
The Evidence Emitter Architectural Building Block enables National Contact Points to generate and emit electronic evidence used for non-repudiation purposes, based on each domain respective regulations and technological need.
Non-Repudiation (brief description):
- Νon-repudiation services are mandated to generate, collect, maintain, make available and validate evidence concerning a claimed event or action in order to resolve disputes about the occurrence or non-occurrence of the event or action. [1]
Audit Logs (brief description):
- An audit log is a full historic record of system activities to enable the reconstruction and examination of the sequence of events and/or changes. Logs contain information on user events, content events, login attempts, etc. [1]
Why non-repudiation is needed?
When NCPs exchange messages, they should produce enough evidence for further investigation in case of disputes. Here are some examples of the cases when this might be needed:
- In ePrescription, the patient returns to the home country and claims reimbursement of 3 packages of the drug purchased abroad. The dispensation only shows that 1 package was dispensed. The organization of NCP A now needs to prove that erroneous information was received from NCP B and was not generated while processing the dispensation information in the NCP or NI software. A similar case arises when the patient claims they only purchased 1 package out of 3, and there should be still some available amount on the prescription. The NCP A needs to show that the information received from NCP B was wrong.
- In Patient Summary, a drug is administered to the patient, and the patient suffers a severe allergic reaction. The allergy to the drug was mentioned on the patient summary, but the doctor claims that this information was not delivered and shown to them. Now NCP B wants to demonstrate that this information was indeed not received from Country A.
In these cases, the contents of the documents exchanged by the NCPs should be available for later examination during dispute resolution.
Questions to be adressed to L&O:
- What information can be stored in Audit Logs for Non-Repudiation purposes?
- What possible legal disputes could we have concerning these types of situations?
- Where could the information be stored, to be compliant with legal aspects? In the NCP itself? Or in the Nation Infrastructure, i.e., each country stores the info regarding the information exchanged in its own NCP?
...
Bibliography:
1 http://wiki.ds.unipi.gr/display/ESENS/Whitepaper+-+Non+Repudiation