  1. Intro/Scope statement - what this report will cover
    1. overall objective of the document, what we will cover, what the reader should understand by the end
      1. Julie's use-case... how it is complex but typical. how to solve it in a way that's: technically feasible, respects Julie's rights to privacy and access to her information, respects the legal/regulatory policy requirements of the health system
      2. understanding UMA's unique value to aid this use-case (why can't it just be OAuth??)
        1. don't have to use all  of UMA, parts can be used to address different challenges
        2. how to make hard problems easier though UMA
    2. What's not being covered - maybe hard to state at this point
  2. Description of concrete use-case (Julie)
    1. actors, data, systems (Primary care EMR, Specialist EMR, Pharmacy system, Payer system), identities *needs a diagram
    2. capabilities and responsibilities of actors (Julie, HCP, Organization) eg link to Policy?
    3. what's not being covered about this whole use case
  3. Policy that impacts the use-case
    1. risk/liability vs patient agency 
    2. tension between policies (eg obligations to protect data vs obligation to enable sharing)
  4. Core UMA/HEART overview
    1. why were even talking about UMA in this context
    2. how UMA's interacts with other protocols (OIDC, FHIR/SMARTonFHIR/HEART, OAuth, UDAP?)
    3. 5 values realized through UMA appraoch
  5. Delegation state changes,
    1. how the health journey affects state.
    2. concrete events that create changes (Nancy to confirm what transitions we want to discuss)
      1. Visit to asthma sepcialist
        1. simple UMA sharing controlled by Sue → Dr Robert 
      2. Julie turns 13/ come's of age
        1. introduct quadrants and UMA state changes here
      4. Julie turns 17,
      5. Julie sees asthma specialist
      6. Father get's invoice from health provider, submits claim to insurance provider
      7. Julie get's medication to treat STI, Provide create Rx, Pharmacist fills Rx and needs access to record (ie to see drug interactions)
  6. Discussion? Tough corners, future topics
  7. Conclusion
  8. About this paper
    1. pp2pi and kantara blurbs
  9. References, learn more

Solving Data Sharing Challenges with UMA: The Julie Adams Healthcare Use Case from PP2PI (draft)

Version: 0.1

Editor: Nancy Lush


Status of This Document: This is an Editors' Draft Report produced by the User-Managed Access (UMA) Work Group. See the Kantara Initiative Operating Procedures for more information.

Copyright Notice: Copyright © 2021 Kantara Initiative and the persons identified as the document authors. All rights reserved. This document is subject to theKantara IPR Policy - Option Patent & Copyright: Reciprocal Royalty Free with Opt-Out to Reasonable And Non discriminatory (RAND) (HTML version).

Table of Contents

Why Read This Report?

The Protecting Privacy to Promote Interoperability (PP2PI) Workgroup, an interest group of expert stakeholders across the healthcare industry, is working on the problem of granularly segmenting sensitive health data. The opportunity is to improve patient privacy and to promote both interoperability and care equity. PP2PI has developed several use cases to illustrate the many challenges involved in this complex problem, as well as solutions.


Maybe we can breakout a disclaimer for the reader: this is a simple use case, the impl proposed is one of many viable solutions, the policies discussed are illustrative and with vary by region. 

The "Adolescent" Use Case


Dr Erica is referred to as both a PCP and a paediatrician, should we pick one term to use consistently? Is there some intention between the specific term?




The next few lines are notes that I removed from this section.

  • Nancy will add more about what is included and what is not. Note:  I will pull some details that we do not want to address in the body of the paper into appendices.
  • (Description of concrete use-case (Julie))
  • Julie Adams is an adolescent girl - 16 years old. Her health journey is unique and complex, however we would suggest that those attributes are typical of many journeys. 

Alternate Intro, separating IT from the story

This is a story about a young female patient.  As a child, her mother, as her guardian, is responsible for overseeing her health.  Julie’s pediatrician provides a system for their patients to securely share their data. 


Throughout Julie's journey, there are many events where health information is accessed by Julie or other specialists. Those events are where Health IT would - or could - be used by Julie and/or her mother to have more agency and participation in her journey. In addition, there are several policies that must be understood and enforced by both people and technical systems as Julie receives care and transitions between different health providers. The following sections will expand on the complexity of health policy, introduce UMA and FHIR and finally show one way a UMA ecosystem can improve Julie's interaction throughout her journey.

3. Policy that impacts the use-case (WHY IS THIS SO HARD) 

"Policy" covers many different elements, (think about bolts) from data privacy and security requirements to the legal landscape the defines how health systems must operate. For example, who is liable to protect health data. Often the implementation of policy excludes the most important person - the patient who is the subject of the information 


  • Need to highlight that policy must include the individual, and there have been many regulator changes to change this reality eg ONC info blocking rules(?)
  • Can we add a simple picture of the policy stack, and maybe show how it's a continuum not discrete (however needs to be discrete in implementation!)
  • Today's challenge is how to extend policy to include the most crucial person, the actual patient or subject of the information. but there are some (biz, operationals, legal,  technology, societal) challenges that... lead into UMA intro. 

4. Overview of UMA and HEART (WHY UMA, WHAT IT IS)

The User-Managed Access (UMA) standard and its companion Health Relationship Trust (HEART) profiles address some key challenges related to digital data sharing, including health data. It works by enabling a patient to specify which of her records, and even partial data sets, she would like shared with other parties. In essence, it allows her to state her precise policies for data sharing and have those policies adhered to by the various service providers and applications handling her data.


Both UMA and HEART share a goal of empowering the person at the center of this picture: she is the "user" in User-Managed Access. One or both may be used to address some of the key data sharing challenges illustrated by PP2PI.

Introducing the Actors in the Standard

Just like most standards, UMA lays out a number of actors, or "entities", in different roles, in order to specify how they need to interact so they can work successfully together. UMA is based on OAuth, the standard already used in SMART on FHIR, so it mostly uses names for these entities that come from OAuth.


Conclusion of this section: what is in/out of scope before we present our UMA application

** 5 How UMA is used to accomplish the story (Alec)

Now that we're familiar with the user case, challenges with policy and UMA/HEART technology, we will show how UMA is able to help accomplish this use case. Please keep in mind, this is one possible application of UMA and the other health IT, in reality there are many way to use the technology. The ability to change to accommodate different IT systems and policy constraints is one reason why UMA and HEART are so powerful.



UMA in this use-case (ecosystem in place for this story)

  • PCP run the AS and a FHIR Server (as the EHR)
  • each specialist with their own system, that needs access to the EHR (does the PCP provide this client, or can the specialist bring their own client (BYOC))
    •  respecting original policy as data moves to other systems → can be in the policy section as part of the complexity

We need another section here where Julie's record is shared with Dr Robert her Asthma specialist.

  • uma async, Dr Robert access ahead of time
  • we can use the bowtie diagram to have consistent diagrams with the specific event/transition layered on. Helps presents the 'technical systems' and show how Julie and others interact with them through the story. 
  • want to eschew good default policy from the org, reduce the hard decisions needed from Julie/Sue

    In the story I have Julie's Mom doing the sharing since Julie is still a child.  If that is too confusing we can adjust the story to fit.  The reason I defined it that way is so that we can describe UMA from core concepts to more advanced, but we need to start Julie as a child so that we can demonstrate the state changes subsequently.

For the first section, when our use case describes basic UMA, I think this will be a good place to explain what UMA has over oAuth and highlight the increased security.

6. (state-diagram) Julie turns 13 - control moves from Sue to Julie (Eve if she can, otherwise Nancy will)

"At the age of 14, Julie is able to take a greater role in managing her health, including control of her data. At her annual appointment, this new responsibility is discussed between Julie and Dr. Erica.  Julie is educated on how to manage access to her clinical record."



This section present's one possible health IT system, however in reality there is huge variations in technical services available and provided to patients. (addressing the policy and leveraging the features of FHIR and UMA)

Is delegation in this section?  Yes, this would be the delegation section where we show control moving from Julie's mother to Julie.  But she is still only 13, so she is educated and the state changes, but no information is shared here.

7. UMA/HEART support for sensitive data (Nancy will try to get something in here)

"At 16, Julie begins to experience sex and also begins using alcohol socially. Julie doe not feel comfortable discussing this with her mother, but Julie does share this information with her pediatrician in confidence during her annual visit.  Her pediatrician discusses these details with her during the annual visit and makes notes in her record.  Her pediatrician provides relevant educational information and discusses safe behavior, as part of her overall evaluation for multiple potential risks of adolescents in transition. During their discussion, Julie and her pediatrician agree she should be using an oral contraceptive and it is prescribed.  Julie is also tested for STI, which comes back positive.  Julie is prescribed Zithromax for the infection."


"Several months later, Julie experiences troublesome acne. Her pediatrician sends her to a dermatologist. However, Julie wishes to keep her sensitive information from her previous encounters private."

8. Conclusion

There is more to consider in step with the technology capability of UMA, groups needs to consider all the BOLTS when designing solutions and not 'leave it to the reader' to sort out themselves

About This Report

This report is produced by the User-Managed Access (UMA) Work Group of the Kantara Initiative. It is intended to be the first of a series of short informative reports. Kantara Initiative, Inc. is an international ethics based, mission-led non profit industry ‘commons’ focusing on growing and fulfilling the market for trustworthy use of identity and personal data. UMA is an award-winning OAuth-based protocol designed to give an individual a unified control point for authorizing who and what can get access to their digital data, content, and services, no matter where all those things live.


Although some members of the UMA Work Group take part in the PP2PI effort as well, this report has no formal relationship with PP2PI. We seek feedback from PP2PI and others on this report.

Appendix A - User story out of scope details

We have based our user story on the PP2PI adolescent use case.  For the purpose of this paper, we intentionally simplified the story so that we could focus on the key value-adds UMA brings to solving this problem.  The intent was to keep the story simple so that the focus was on the solution.  In subsequent updates to this story, it is the intent to expand how additional details can support the more nuanced details.  For this whitepaper, we took the liberty of organizing the story so that we could build on the UMA/delegation functionality in a way that allowed the story to flow.


NL - will expand here.  Include some of the details we skipped.

Appendix B - Additional UMA Features

UMA features that would apply but were eliminated from the core paper to keep the message focused.


  • add more delegation examples
  • Multi-data subjects
  • btg/ER/advanced directives

Temporary Appendix - Julie's use case full details for reference (Will omit from final paper)

Description of use case – Adolescent Use Case


  • Julie Adams, adolescent female, age 17, Black, Hispanic, English, Sex: Female, Gender Identity: Female, heterosexual (Sexual orientation is actually sensitive data)
  • Sue Adams, Julie’s mother and Proxy, 45 years old
  • Father does not have access to her clinical data, but pays the health bills
  • Providers
    • PCP
    • specialist – asthma
    • Pharmacy

