UC-C-PIC-I: Individual use cases (SERVICES)

Following are the use-case descriptions required for individual consent service operations: viewing, giving, withdrawing and verification of consent as well as getting notifications about changes.

Table of Contents

UC-C-PIC-I-001: View Agreements

UC-C-PIC-I-002: Give consent to fetching data

Option A: Self-Registration to healthcare application

Option B: Assisted registration to healthcare application

Option C: Individual “holding” the data for registering to healthcare application

UC-C-PIC-I-003: Withdraw or update existing consent

UC-C-PIC-I-004: Consent agreement change notification

UC-C-PIC-I-001: View Agreements

Context: Postpartum and infant care

IDUC-C-PIC-I-001

Name

View agreements - Postpartum and infant care

Description

The use case implements the viewing and understanding consent agreements, data policies applied to personal data processing. This includes obtaining copies of the consent agreement.

Trigger (the event that triggers the use case)

  1. The individual user wishes to view the agreements and policies associated with personal data usage

Preconditions (list of conditions that MUST be met in order for the use case to be successful)

  1. The individual user logged into the healthcare application and have sufficient privileges to use the system

  2. The user has previously registered and signed the consent agreement

  3. The healthcare application has pre-configured consent agreements for the use of personal data

Data inputs

  1. Login credentials

Actors (a person, a company or organisation, a computer program, or a computer system - hardware, software, or both)

  1. Individual user

  2. The health-care provider application. (a computer system)

Optionally: a data intermediary or a data operator.

Normal Course (what happens if the event is triggered and the preconditions have been met)

  1. The individual user invokes the view agreement workflow

  2. Views all configured consent agreements

  3. The user is able to download a copy of agreement

Alternative Course (links to other use cases in case there are different ways how to solve the same use case)

  1. Get data failure scenarios

  2. Download option fails

The individual is able to withdraw consent or update existing consents as the next step of viewing all consent agreements at one place.

Data output

None

Post-Conditions (the success criteria)

  1. The individual is able to view consent agreements that are signed or to be signed.

  2. The individual is also able to download the signed agreement

Exceptions (error situations)

Related BBs (working groups related to that particular use case)

  1. Identity BB (Required for acquiring authentication token)

  2. Registries BB - stores the data agreement data,

  3. Information Mediator BB - providing interfaces

  4. Security BB - supervision

Sequence diagram

Diagram Source

There are three alternatives possible for giving consent:

The above are detailed in the subsequent chapters.

Option A: Self-Registration to healthcare application

IDUC-C-PIC-I-002A

Name

Consent - Postpartum and infant care (Give consent)

Description

The use case allows an end-user to consent to fetch data from existing sources (possibly external to the application) or to manually fill in details during new mother registration.

In this option, the patient is doing a self-registration without any help of a healthcare assistant

Trigger (the event that triggers the use case)

  1. During a registration process, the workflow BB assumes or identifies the need for consent (precondition).

Preconditions (list of conditions that MUST be met in order for the use case to be successful)

  1. UC-C-PIC-001 has defined and published the configuration for the registration workflow.

  2. The individual is already registered into an identity management system (for example a population registry) that holds the user information, as required for consent.

  3. The user has the authority to consent as the owner or delegate to fetch the record.

Data inputs

  1. The unique identifier of the individual that can be verified/used across BBs. E.g. Social Security Number.

  2. Service reference for which the consent is being sought

  3. The consent agreement demonstrates the use of data for which the consent is being sought

Actors (a person, a company or organisation, a computer program, or a computer system - hardware, software, or both)

  1. A consenting individual

  2. The healthcare system application

  3. The data source provides the registration data or credentials for a given identity data.

Normal Course (what happens if the event is triggered and the preconditions have been met)

  1. The healthcare application understands the need for consent via the consent agreement definition.

  2. The individual is presented with the consent agreement together with the data policy for registration, requesting the data to be fetched from an external source, e.g. population register.

  3. The individual agrees (consents / opt-in) to fetch the data. A consent record is created.

  4. The data is fetched from the external source successfully.

Alternative Course (links to other use cases in case there are different ways how to solve the same use case)

  1. Individual cancels fetching the data.

Data output

  1. A consent record is created in the registry.

Post-Conditions (the success criteria)

  1. The registration is completed successfully importing data from a data provider.

  2. Consent Status is registered and can be queried (i.e. made available to the consent mediator)

Exceptions (error situations)

Related BBs (working groups related to that particular use case)

  1. Identity BB

  2. Workflow BB - workflow management

  3. Registries BB - Fetch the applicable data agreement

  4. Information Mediator BB - providing interfaces

  5. Security BB - supervision

Sequence diagram

Diagram source

Editable version

Option B: Assisted registration to healthcare application

IDUC-C-PIC-I-002B

Name

Consent - Postpartum and infant care (Give consent)

Description

The use case implements end-user to consent to fetch data from existing sources or to manually fill in details during new mother registration.

In this option, the patient is assisted by a healthcare assistant

Trigger (the event that triggers the use case)

Same as UC-C-PIC-I-002A

Preconditions (list of conditions that MUST be met in order for the use case to be successful)

Same as UC-C-PIC-I-002A

Data inputs

  1. The primary identity is key to the individual. E.g. Social Security Number by the healthcare assistant

Rest same as UC-C-PIC-I-002A

Actors (a person, a company or organisation, a computer program, or a computer system - hardware, software, or both)

  1. A healthcare assistant assisting in the registration process

Rest same as UC-C-PIC-I-002A

Normal Course (what happens if the event is triggered and the preconditions have been met)

  1. The healthcare application understands the need for consent via the consent agreement definition. The healthcare assistant gets notified of the need for consent.

  2. The individual is presented with the consent agreement together with the data policy for registration, requesting the data to be fetched from an external source, e.g. population register.

  3. The individual agrees (consents / opt-in) to fetch the data. A consent record is created.

  4. The data is fetched from the external source successfully.

Alternative Course (links to other use cases in case there are different ways how to solve the same use case)

  1. Individual cancels or opts out of fetching the data

Data output

Same as UC-C-PIC-I-002A

Post-Conditions (the success criteria)

  1. The registration is completed successfully importing data from a data provider.

Exceptions (error situations)

Related BBs (working groups related to that particular use case)

Same as UC-C-PIC-I-002A

Sequence diagram

Diagram source

Editable version

Option C: Individual “holding” the data for registering to healthcare application

IDUC-C-PIC-I-002C

Name

Consent - Postpartum and infant care (Give consent)

Description

The use case implements end-user to consent to fetch data from existing sources or to manually fill in details during new mother registration.

In this option, the patient is using a physical or digital document or data card as a data source that is verifiable

Trigger (the event that triggers the use case)

  1. During a registration process, the workflow BB identifies the need for consent.

Preconditions (list of conditions that MUST be met in order for the use case to be successful)

Same as UC-C-PIC-I-002A

Data inputs

Same as UC-C-PIC-I-002A

Actors (a person, a company or organisation, a computer program, or a computer system - hardware, software, or both)

Same as UC-C-PIC-I-002A or UC-C-PIC-I-002B

Normal Course (what happens if the event is triggered and the preconditions have been met)

  1. The healthcare application understands the need for consent via the consent agreement definition.

  2. The individual is presented with the consent agreement together with the data policy for registration, requesting the data to be fetched from a verifiable document (physical or digital)

  3. The individual uses the verifiable document, explicitly consenting to the use of data. A consent record is created.

  4. The data is fetched from the data card (may use an external system as configured in the physical or digital card).

Alternative Course (links to other use cases in case there are different ways how to solve the same use case)

  1. Individual cancels fetching the data.

Data output

  1. A consent record is created in the registry.

Post-Conditions (the success criteria)

  1. The registration is completed successfully importing data from a data provider.

Exceptions (error situations)

Related BBs (working groups related to that particular use case)

Same as UC-C-PIC-I-002A

Sequence diagram

Note: Here, the sequence shows the case for assisted registration flow. The same applies also for self-registration.

Diagram source

Editable version

IDUC-C-PIC-I-003

Name

Withdraw or update existing consent - Postpartum and infant care

Description

The use case implement the withdrawal or updating of existing signed consent agreements.

Trigger (the event that triggers the use case)

  1. The individual user wishes to withdraw or update the existing consent agreement with regard to the use of personal data.

Preconditions (list of conditions that MUST be met in order for the use case to be successful)

  1. The individual user logged into the healthcare application and have sufficient privileges to use the system

  2. The user has previously registered and signed the consent agreement(s).

  3. The healthcare application has pre-configured consent agreements for the use of personal data

Data inputs

  1. Login credentials

Actors (a person, a company or organisation, a computer program, or a computer system - hardware, software, or both)

  1. Individual user

  2. The health-care provider application. (a computer system)

Optionally: a data intermediary or a data operator.

Normal Course (what happens if the event is triggered and the preconditions have been met)

  1. The individual user invokes the view agreement use case (UC-C-PIC-I-001) and views all existing consent agreements

  2. The individual user chooses the particular consent which needs to withdraw consent or update an earlier consent.

  3. The individual user confirms the action

Alternative Course (links to other use cases in case there are different ways how to solve the same use case)

  1. Withdraw or update consent failure scenarios

  2. Connection error scenarios

Data output

NA

Post-Conditions (the success criteria)

  1. The individual is able to view consent agreements that are signed or to be signed.

  2. The individual is able to withdraw consent or update existing consents.

Exceptions (error situations)

Related BBs (working groups related to that particular use case)

  1. Identity BB (Required for acquiring authentication token)

  2. Registries BB - stores the data agreement data,

  3. Information Mediator BB - providing interfaces

  4. Security BB - supervision

Sequence diagram

Diagram Source

IDUC-C-PIC-I-004

Name

Consent agreement change notification- Postpartum and infant care

Description

The use case implement the Consent agreement change notification for existing consent agreements

Trigger (the event that triggers the use case)

  1. The individual user wishes to withdraw or update the existing consent agreement with regard to the use of personal data.

Preconditions (list of conditions that MUST be met in order for the use case to be successful)

  1. The individual user logged into the healthcare application and have sufficient privileges to use the system

  2. The user has previously registered and signed the consent agreement(s).

  3. The healthcare application has pre-configured consent agreements for the use of personal data

Data inputs

  1. Login credentials

Actors (a person, a company or organisation, a computer program, or a computer system - hardware, software, or both)

  1. Individual user

  2. The health-care provider application. (a computer system)

Optionally: a data intermediary or a data operator.

Normal Course (what happens if the event is triggered and the preconditions have been met)

  1. The individual user invokes the view agreement use case (UC-C-PIC-I-001) and views all existing consent agreements

  2. The individual user chooses the particular consent which needs to withdraw consent or update an earlier consent.

  3. The individual user confirms the action

Alternative Course (links to other use cases in case there are different ways how to solve the same use case)

  1. Withdraw or update consent failure scenarios

  2. Connection error scenarios

Data output

NA

Post-Conditions (the success criteria)

  1. The individual is able to view consent agreements that are signed or to be signed.

  2. The individual is able to withdraw consent or update existing consents.

Exceptions (error situations)

Related BBs (working groups related to that particular use case)

  1. Identity BB (Required for acquiring authentication token)

  2. Registries BB - stores the data agreement data,

  3. Information Mediator BB - providing interfaces

  4. Security BB - supervision

Sequence diagram

Diagram Source

Last updated

Copyright © 2024