Following are the use-case descriptions required for individual consent service operations: viewing, giving, withdrawing and verification of consent as well as getting notifications about changes.
Last updated
Copyright © 2024
UC-C-PIC-I-001: View Agreements
UC-C-PIC-I-002: Give consent to fetching data
Option A: Self-Registration to healthcare application
Option B: Assisted registration to healthcare application
Option C: Individual “holding” the data for registering to healthcare application
UC-C-PIC-I-003: Withdraw or update existing consent
UC-C-PIC-I-004: Consent agreement change notification
Context: Postpartum and infant care
| ID | UC-C-PIC-I-001 |
|---|---|
Diagram Source
There are three alternatives possible for giving consent:
The above are detailed in the subsequent chapters.
Note: Here, the sequence shows the case for assisted registration flow. The same applies also for self-registration.
Diagram Source
| ID | UC-C-PIC-I-002A |
|---|---|
| ID | UC-C-PIC-I-002B |
|---|---|
| ID | UC-C-PIC-I-002C |
|---|---|
| ID | UC-C-PIC-I-003 |
|---|---|
| ID | UC-C-PIC-I-004 |
|---|---|
Name
View agreements - Postpartum and infant care
Description
The use case implements the viewing and understanding consent agreements, data policies applied to personal data processing. This includes obtaining copies of the consent agreement.
Trigger (the event that triggers the use case)
The individual user wishes to view the agreements and policies associated with personal data usage
Preconditions (list of conditions that MUST be met in order for the use case to be successful)
The individual user logged into the healthcare application and have sufficient privileges to use the system
The user has previously registered and signed the consent agreement
The healthcare application has pre-configured consent agreements for the use of personal data
Data inputs
Login credentials
Actors (a person, a company or organisation, a computer program, or a computer system - hardware, software, or both)
Individual user
The health-care provider application. (a computer system)
Optionally: a data intermediary or a data operator.
Normal Course (what happens if the event is triggered and the preconditions have been met)
The individual user invokes the view agreement workflow
Views all configured consent agreements
The user is able to download a copy of agreement
Alternative Course (links to other use cases in case there are different ways how to solve the same use case)
Get data failure scenarios
Download option fails
The individual is able to withdraw consent or update existing consents as the next step of viewing all consent agreements at one place.
Data output
None
Post-Conditions (the success criteria)
The individual is able to view consent agreements that are signed or to be signed.
The individual is also able to download the signed agreement
Exceptions (error situations)
Related BBs (working groups related to that particular use case)
Identity BB (Required for acquiring authentication token)
Registries BB - stores the data agreement data,
Information Mediator BB - providing interfaces
Security BB - supervision
Name
Consent - Postpartum and infant care (Give consent)
Description
The use case allows an end-user to consent to fetch data from existing sources (possibly external to the application) or to manually fill in details during new mother registration.
In this option, the patient is doing a self-registration without any help of a healthcare assistant
Trigger (the event that triggers the use case)
During a registration process, the workflow BB assumes or identifies the need for consent (precondition).
Preconditions (list of conditions that MUST be met in order for the use case to be successful)
UC-C-PIC-001 has defined and published the configuration for the registration workflow.
The individual is already registered into an identity management system (for example a population registry) that holds the user information, as required for consent.
The user has the authority to consent as the owner or delegate to fetch the record.
Data inputs
The unique identifier of the individual that can be verified/used across BBs. E.g. Social Security Number.
Service reference for which the consent is being sought
The consent agreement demonstrates the use of data for which the consent is being sought
Actors (a person, a company or organisation, a computer program, or a computer system - hardware, software, or both)
A consenting individual
The healthcare system application
The data source provides the registration data or credentials for a given identity data.
Normal Course (what happens if the event is triggered and the preconditions have been met)
The healthcare application understands the need for consent via the consent agreement definition.
The individual is presented with the consent agreement together with the data policy for registration, requesting the data to be fetched from an external source, e.g. population register.
The individual agrees (consents / opt-in) to fetch the data. A consent record is created.
The data is fetched from the external source successfully.
Alternative Course (links to other use cases in case there are different ways how to solve the same use case)
Individual cancels fetching the data.
Data output
A consent record is created in the registry.
Post-Conditions (the success criteria)
The registration is completed successfully importing data from a data provider.
Consent Status is registered and can be queried (i.e. made available to the consent mediator)
Exceptions (error situations)
Related BBs (working groups related to that particular use case)
Identity BB
Workflow BB - workflow management
Registries BB - Fetch the applicable data agreement
Information Mediator BB - providing interfaces
Security BB - supervision
Name
Consent - Postpartum and infant care (Give consent)
Description
The use case implements end-user to consent to fetch data from existing sources or to manually fill in details during new mother registration.
In this option, the patient is assisted by a healthcare assistant
Trigger (the event that triggers the use case)
Same as UC-C-PIC-I-002A
Preconditions (list of conditions that MUST be met in order for the use case to be successful)
Same as UC-C-PIC-I-002A
Data inputs
The primary identity is key to the individual. E.g. Social Security Number by the healthcare assistant
Rest same as UC-C-PIC-I-002A
Actors (a person, a company or organisation, a computer program, or a computer system - hardware, software, or both)
A healthcare assistant assisting in the registration process
Rest same as UC-C-PIC-I-002A
Normal Course (what happens if the event is triggered and the preconditions have been met)
The healthcare application understands the need for consent via the consent agreement definition. The healthcare assistant gets notified of the need for consent.
The individual is presented with the consent agreement together with the data policy for registration, requesting the data to be fetched from an external source, e.g. population register.
The individual agrees (consents / opt-in) to fetch the data. A consent record is created.
The data is fetched from the external source successfully.
Alternative Course (links to other use cases in case there are different ways how to solve the same use case)
Individual cancels or opts out of fetching the data
Data output
Same as UC-C-PIC-I-002A
Post-Conditions (the success criteria)
The registration is completed successfully importing data from a data provider.
Exceptions (error situations)
Related BBs (working groups related to that particular use case)
Same as UC-C-PIC-I-002A
Name
Consent - Postpartum and infant care (Give consent)
Description
The use case implements end-user to consent to fetch data from existing sources or to manually fill in details during new mother registration.
In this option, the patient is using a physical or digital document or data card as a data source that is verifiable
Trigger (the event that triggers the use case)
During a registration process, the workflow BB identifies the need for consent.
Preconditions (list of conditions that MUST be met in order for the use case to be successful)
Same as UC-C-PIC-I-002A
Data inputs
Same as UC-C-PIC-I-002A
Actors (a person, a company or organisation, a computer program, or a computer system - hardware, software, or both)
Same as UC-C-PIC-I-002A or UC-C-PIC-I-002B
Normal Course (what happens if the event is triggered and the preconditions have been met)
The healthcare application understands the need for consent via the consent agreement definition.
The individual is presented with the consent agreement together with the data policy for registration, requesting the data to be fetched from a verifiable document (physical or digital)
The individual uses the verifiable document, explicitly consenting to the use of data. A consent record is created.
The data is fetched from the data card (may use an external system as configured in the physical or digital card).
Alternative Course (links to other use cases in case there are different ways how to solve the same use case)
Individual cancels fetching the data.
Data output
A consent record is created in the registry.
Post-Conditions (the success criteria)
The registration is completed successfully importing data from a data provider.
Exceptions (error situations)
Related BBs (working groups related to that particular use case)
Same as UC-C-PIC-I-002A
Name
Withdraw or update existing consent - Postpartum and infant care
Description
The use case implement the withdrawal or updating of existing signed consent agreements.
Trigger (the event that triggers the use case)
The individual user wishes to withdraw or update the existing consent agreement with regard to the use of personal data.
Preconditions (list of conditions that MUST be met in order for the use case to be successful)
The individual user logged into the healthcare application and have sufficient privileges to use the system
The user has previously registered and signed the consent agreement(s).
The healthcare application has pre-configured consent agreements for the use of personal data
Data inputs
Login credentials
Actors (a person, a company or organisation, a computer program, or a computer system - hardware, software, or both)
Individual user
The health-care provider application. (a computer system)
Optionally: a data intermediary or a data operator.
Normal Course (what happens if the event is triggered and the preconditions have been met)
The individual user invokes the view agreement use case (UC-C-PIC-I-001) and views all existing consent agreements
The individual user chooses the particular consent which needs to withdraw consent or update an earlier consent.
The individual user confirms the action
Alternative Course (links to other use cases in case there are different ways how to solve the same use case)
Withdraw or update consent failure scenarios
Connection error scenarios
Data output
NA
Post-Conditions (the success criteria)
The individual is able to view consent agreements that are signed or to be signed.
The individual is able to withdraw consent or update existing consents.
Exceptions (error situations)
Related BBs (working groups related to that particular use case)
Identity BB (Required for acquiring authentication token)
Registries BB - stores the data agreement data,
Information Mediator BB - providing interfaces
Security BB - supervision
Name
Consent agreement change notification- Postpartum and infant care
Description
The use case implement the Consent agreement change notification for existing consent agreements
Trigger (the event that triggers the use case)
The individual user wishes to withdraw or update the existing consent agreement with regard to the use of personal data.
Preconditions (list of conditions that MUST be met in order for the use case to be successful)
The individual user logged into the healthcare application and have sufficient privileges to use the system
The user has previously registered and signed the consent agreement(s).
The healthcare application has pre-configured consent agreements for the use of personal data
Data inputs
Login credentials
Actors (a person, a company or organisation, a computer program, or a computer system - hardware, software, or both)
Individual user
The health-care provider application. (a computer system)
Optionally: a data intermediary or a data operator.
Normal Course (what happens if the event is triggered and the preconditions have been met)
The individual user invokes the view agreement use case (UC-C-PIC-I-001) and views all existing consent agreements
The individual user chooses the particular consent which needs to withdraw consent or update an earlier consent.
The individual user confirms the action
Alternative Course (links to other use cases in case there are different ways how to solve the same use case)
Withdraw or update consent failure scenarios
Connection error scenarios
Data output
NA
Post-Conditions (the success criteria)
The individual is able to view consent agreements that are signed or to be signed.
The individual is able to withdraw consent or update existing consents.
Exceptions (error situations)
Related BBs (working groups related to that particular use case)
Identity BB (Required for acquiring authentication token)
Registries BB - stores the data agreement data,
Information Mediator BB - providing interfaces
Security BB - supervision
