HL7 Electronic Health Record System Functional Model, Release 2.1.1
2.1.1 - International flag

HL7 Electronic Health Record System Functional Model, Release 2.1.1, published by HL7 International / Electronic Health Records. This guide is not an authorized publication; it is the continuous build for version 2.1.1 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/mvdzel/ehrsfm-fhir-r5/ and changes regularly. See the Directory of published versions

Requirements: TI.1.5 Non-Repudiation (Function)

Official URL: http://hl7.org/ehrs/uv/ehrsfmr2/Requirements/EHRSFMR2-TI.1.5 Version: 2.1.1
Standards status: Normative Active as of 2025-10-31 Computable Name: TI_1_5_Non_Repudiation

Limit an EHR-S user's ability to deny (repudiate) data origination, transmission or receipt by that user.

Statement N:

Limit an EHR-S user's ability to deny (repudiate) data origination, transmission or receipt by that user.

Description I:

An EHR-S allows data entry to a patient's electronic health record and it can be a sender or receiver of healthcare information. Non-repudiation is a way to guarantee that the source of the data/record cannot later deny that fact; and that the sender of a message cannot later deny having sent the message; and that the recipient cannot deny having received the message. Components of non-repudiation can include:

  • Digital signature, which serves as a unique identifier for an individual (much like a written signature);
  • Confirmation service, which utilizes a message transfer agent to create a digital receipt (providing confirmation that a message was sent, and/or received);
  • Timestamp, which proves that a document existed at a certain date and time;
  • The use of standardized timekeeping protocols (e.g., the Integrating the Healthcare Enterprise (IHE) Consistent Time Profile).
Criteria N:
TI.1.5#01
 dependent
SHALL

The system SHALL capture the identity of the entity taking the action according to scope of practice, organizational policy, and/or jurisdictional law.
TI.1.5#02
 dependent
SHALL

The system SHALL capture time stamp of the initial entry, modification and exchange of data according to scope of practice, organizational policy, and/or jurisdictional law.
TI.1.5#03
 dependent
SHALL

The system SHALL conform to function TI.2 (Audit) to prevent repudiation of data origination, transmission and receipt according to scope of practice, organizational policy, and/or jurisdictional law.
TI.1.5#04
 dependent
SHOULD

The system SHOULD conform to function RI.1.1.4 (Attest Record Entry Content) to ensure integrity of data and data exchange and thus prevent repudiation of data origination, transmission or receipt according to scope of practice, organizational policy, and/or jurisdictional law.