Following are the use-case specifications required by the organisation IT administrators for updating Data Policies required for an identified Consent Agreements (within postpartum and infant care)
UC-C-PIC-A-001: Postpartum and infant care (Configuration CREATE)
UC-C-PIC-A-002: Postpartum and infant care (Configuration UPDATE)
UC-C-PIC-A-003: Postpartum and infant care (Configuration READ)
UC-C-PIC-A-004: Postpartum and infant care (Configuration DELETE)
UC-C-PIC-A-005: Postpartum and infant care (Configuration NOTIFICATIONS)
The following sequence diagrams details the role of the Independent Authority and the DPIA (Data Protection Impact Assessment) as the document upon which the postpartum infant care program can rely to parametrise the healthcare application for interacting with the Consent BB.
ID
UC-C-PIC-001
Name
Postpartum and infant care (Configuration CREATE)
Description
The use case implements configuration of a consent agreement towards infant care use case scenarios. This results in a saved configuration to be issued to all mothers requiring infant care.
Trigger (the event that triggers the use case)
The (healthcare) application admin/user wishes to configure the policies associated with the data usage.
Any change in the pre-condition that requires a re-configuration.
Preconditions (list of conditions that MUST be met in order for the use case to be successful)
The (healthcare) application admin/user is logged into the system and has sufficient privileges to use the system
A healthcare policy exists, and is based on existing data laws for healthcare.
Assumption: consent is needed for pulling data from another system of the mother needing care.
Data inputs
Existing data policies relevant to the healthcare scenario
Any legal information, standards.
Actors (a person, a company or organisation, a computer program, or a computer system - hardware, software, or both)
The (healthcare) application admin/user configures the data usage policy. (a person, IT admin)
The health-care provider application. (a computer system)
DPO, Auditors (A person, or an independent authority)
Optionally: a data intermediary or a data operator.
Normal Course (what happens if the event is triggered and the preconditions have been met)
The healthcare application user is able to invoke the configuration workflow.
The healthcare user uses the existing policy relevant to registering for postpartum and infant care. This could be signed off by the organisation's DPO, for example.
The data required are:
Usage purpose
Data policies and rules
Define what data is being collected
The configuration is saved.
Once the DPO approves, the configuration is published towards the end-use case. I.e. registration system.
Alternative Course (links to other use cases in case there are different ways how to solve the same use case)
Data configuration error scenarios
DPO disapproves and the configuration is re-submitted for review and approval.
Data output
The consent configuration data
Post-Conditions (the success criteria)
The data usage policy is saved in the system and is available for the month to consent to during the registration process.
The system is now configured and ready for collecting user consent during a registration workflow.
Exceptions (error situations)
(TBD - Should align with other error scenarios.)
Related BBs (working groups related to that particular use case)
Identity BB (Required for acquiring authentication token)
Workflow BB - workflow management
Information Mediator BB - providing interfaces
Security BB - supervision
ID
UC-C-PIC-002
Name
Postpartum and infant care (Configuration UPDATE)
Description
Here, an organisation Administrator updates Consent Agreement based on the Data Policy requirements..
Trigger (the event that triggers the use case)
The (healthcare) application admin/user wishes to configure the policies associated with the data usage.
Any change in the pre-condition that requires a re-configuration.
Preconditions (list of conditions that MUST be met in order for the use case to be successful)
The (healthcare) application admin/user is logged into the system and has sufficient privileges to use the system
A healthcare policy exists, and is based on existing data laws for healthcare.
Assumption: consent is needed for pulling data from another system of the mother needing care.
Data inputs
Existing data policies relevant to the healthcare scenario
Any legal information, standards.
Actors (a person, a company or organisation, a computer program, or a computer system - hardware, software, or both)
The (healthcare) application admin/user configures the data usage policy. (a person, IT admin)
The health-care provider application. (a computer system)
DPO, Auditors (A person, or an independent authority)
Optionally: a data intermediary or a data operator.
Normal Course (what happens if the event is triggered and the preconditions have been met)
TBD
Alternative Course (links to other use cases in case there are different ways how to solve the same use case)
Data configuration error scenarios
DPO disapproves and the configuration is re-submitted for review and approval.
Data output
Updated consent configuration data, Revision
Post-Conditions (the success criteria)
The data usage policy is saved in the system and is available for the month to consent to during the registration process.
The system is now configured and ready for collecting user consent during a registration workflow.
Exceptions (error situations)
(TBD - Should align with other error scenarios.)
Related BBs (working groups related to that particular use case)
Identity BB (Required for acquiring authentication token)
Workflow BB - workflow management
Registries BB - stores the data agreement data,
Information Mediator BB - providing interfaces
Security BB - supervision