Versions Compared

Old Version 24

changes.mady.by.user Alec Laws

Saved on

compared with

New Version 25

changes.mady.by.user Alec Laws

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Do we want to submit this for any conferences:

...

  1. Intro/Scope statement - what this report will cover
    1. overall objective of the document, what we will cover, what the reader should understand by the end
      1. Julie's use-case... how it is complex but typical. how to solve it in a way that's: technically feasible, respects Julie's rights to privacy and access to her information, respects the legal/regulatory policy requirements of the health system
      2. understanding UMA's unique value to aid this use-case (why can't it just be OAuth??)
        1. don't have to use all  of UMA, parts can be used to address different challenges
        2. how to make hard problems easier though UMA
    2. What's not being covered - maybe hard to state at this point
  2. Description of concrete use-case (Julie)
    1. actors, data, systems (Primary care EMR, Specialist EMR, Pharmacy system, Payer system), identities *needs a diagram
    2. capabilities and responsibilities of actors (Julie, HCP, Organization) eg link to Policy?
    3. what's not being covered about this whole use case
  3. Policy that impacts the use-case
    1. risk/liability vs patient agency (agency 
    2. tension between policies (eg obligations to protect data vs obligation to enable sharing)
  4. Core UMA/HEART overview
    1. why were even talking about UMA in this context
    2. how UMA's interacts with other protocols (OIDC, FHIR/SMARTonFHIR/HEART, OAuth, UDAP?)
  5. UMA application to use-case (steady state) *needs a diagram
  6. Delegation state changes,
    1. how the health journey affects state.
    2. concrete events that create changes (Nancy to confirm what transitions we want to discuss)
      1. Julie turns 17,
      2. Julie sees asthma specialist
      3. Father get's invoice from health provider, submits claim to insurance provider
      4. Julie get's medication to treat STI, Provide create Rx, Pharmacist fills Rx and needs access to record (ie to see drug interactions)
  7. Discussion? Tough corners, future topics
  8. Conclusion
  9. About this paper
    1. pp2pi and kantara blurbs
  10. References, learn more

...

Status of This Document: This is an Editors' Draft Report produced by the User-Managed Access (UMA) Work Group. See the Kantara Initiative Operating Procedures for more information.

Copyright Notice: Copyright © 2021 Kantara Initiative and the persons identified as the document authors. All rights reserved. This document is subject to theKantara IPR Policy - Option Patent & Copyright: Reciprocal Royalty Free with Opt-Out to Reasonable And Non discriminatory (RAND) (HTML version).

...

Acknowledging that the problem space includes many business, operational, legal, technical, and societal ("BOLTS") aspects, we identify which aspects are in scope or out of scope for UMA. As an example, we won't take a stance on what policy would be appropriate, but rather given a certain policy, this is how that policy will be enforced.


Maybe we can breakout a disclaimer for the reader: this is a simple use case, the impl proposed is one of many viable solutions, the policies discussed are illustrative and with vary by region. 

The "Adolescent" Use Case

Info

Dr Erica is referred to as both a PCP and a paediatrician, should we pick one term to use consistently? Is there some intention between the specific term?

  •  

** Comments in 'Info' boxes are temporary notes to our team and would be removed later.

...

While she is still a child, Julie’s mother manages and controls Julie's data as her proxy. In the state where Julie lives, at the age of 13, Julie is able to make her own health decisions, including taking control of her health data. (However this age policy will vary by region, these complexities are discussed further in section policy) Julie's story unfolds over several years, include many health events, and involves many people:

...

  • As a child, Julie's mother finds her a Primary Care Physician (PCP) - Dr Erica
  • Julie will attend annual appointments with her PCP
  • At the age of 10, Julie is diagnosed with Asthma, and must visit an asthma specialist, Dr Robert. Dr Robert needs several elements of Julie's health record in order to effectively provide care. At the end of the appointment, he prescribes Julie an inhaler
  • At the age of 13, Julie is able to take a greater role in managing her health, including control of her data. At her annual appointment this new responsibility is discussed between Julie, Sue and Dr Erica
  • At 16, Julie begins to experience sex and also begins using alcohol socially. Julie thinks her mother might not approve, but Julie does share this information with her paediatrician in confidence during her annual visit.  Her paediatrician discusses these details with her during the annual visit and makes notes in her record.  Her paediatrician provides relevant educational information and discusses safe behavior, as part of her overall evaluation for multiple potential risks of adolescents in transition. During their discussion, Julie and her PCP agree she should be using an oral contraceptive and it is prescribed.  Julie is also tested for STI, which comes back positive.  Julie is prescribed Zithromax to clear the infection.
  • Several months later, Julie experiences troublesome acne. Her PCP sends her to a dermatologist. H However, Julie wishes to keep her sensitive information from her previous encounters private.

...

  • add more delegation examples
  • Multi-data subjects
  • btg/ER/advanced directives


Temporary Appendix - Julie's use case full details for reference (Will omit from final paper)

...