...
- List use cases/descriptions -
- Use Case Requirements
- use case flows
- Framework and use case
- DIACC
- PCTF
- Notice & Consent Framework
- NIST - Security and Privacy Controls for Information Systems and Organizations 800-53v5
Use-Case Requirements
Dimensions of the use-cases
- Whether there are different domains (hospitals, countries)
- Whether data is pre-anonymised (notably for medical research)
- Whether there is an established identity system able to authenticate and receive requests
Actors
- The subject
- The healthcare organisations holding EHRs
- Requesting parties
- Countries or jurisdictions
Use-Cases
From simplest to comprehensive
- Within a single domain, subject agrees to share anonymised medical data for research
- Across two domains, subject agrees to share anonymised medical data for research
- Across two domains with federated identity, subject authenticates and allows access to EHRs
- Across two domains over which no common identity system exists, subject agrees to share EHRs
- Across two different countries, and necessarily two different domains, subject agrees to share EHRs and use part of that information to comply with public notification requirements