Target Outline
Guidlines
- keep it simple, force ourselves to up-level the text to address a wide audience
- keep it short, 6 page limit max
- keep it short, 8 lines per paragraph
- Intro/Scope statement - what this report will cover
- overall objective of the document, what we will cover, what the reader should understand by the end
- Julie's use-case... how it is complex but typical. how to solve it in a way that's: technically feasible, respects Julie's rights to privacy and access to her information, respects the legal/regulatory policy requirements of the health system
- understanding UMA's unique value to aid this use-case (why can't it just be OAuth??)
- don't have to use all of UMA, parts can be used to address different challenges
- how to make hard problems easier though UMA
- how UMA's interacts with other protocols (OIDC, FHIR/SMARTonFHIR/HEART, OAuth)
- What's not being covered
- overall objective of the document, what we will cover, what the reader should understand by the end
- Description of concrete use-case (Julie)
- actors, data, systems (Primary care EMR, Specialist EMR, Pharmacy system, Payer system), identities *needs a diagram
- capabilities and responsibilities of actors (Julie, HCP, Organization) eg link to Policy?
- Policy that impacts the use-case
- risk/liability vs patient agency (
- tension between policies (eg obligations to protect data vs obligation to enable sharing)
- Core UMA/HEART overview
- why were even talking about UMA in this context
- UMA application to use-case (steady state) *needs a diagram
- Delegation state changes,
- how the health journey affects state.
- concrete events that create changes
- Julie turns 17,
- Julie sees asthma specialist
- Father get's invoice from health provider, submits claim to insurance provider
- Julie get's medication to treat STI, Provide create Rx, Pharmacist fills Rx and needs access to record (ie to see drug interactions)
- Discussion? Tough corners, future topics
- Conclusion
- References, learn more
...