3 Use Case flow types: for Covid Use case
- Notice and a Notification to the person
- title; Short Description (how does it work with existing policy)
- Use Case Flows
- Generic - with existing -
- Person using notice to control data
- title; Short Description (when in consent - how to maintain, revoke renew, )
- Use Case Flows
- UMA
- Person creating a Notification - control the use of data
- title: Short Description : how to use with law (not controller policy)
- person medical data on virus + phone data research into global Covid -Research -
- NIST
- person medical data on virus + phone data research into global Covid -Research -
- title: Short Description : how to use with law (not controller policy)
- Use Case Flows
- Provide use case flows for Frameworks
- Provide use case flow for
- List use cases/descriptions -
- Use Case Requirements
- use case flows
- Framework and use case
- DIACC
- PCTF
- Notice & Consent Framework
- NIST - Security and Privacy Controls for Information Systems and Organizations 800-53v5
Use-Case Requirements
Dimensions of the use-cases
- Whether there are different domains (hospitals, countries)
- Whether data is pre-anonymised (notably for medical research)
- Whether there is an established identity system able to authenticate and receive requests
Actors
- The subject
- The healthcare organisations holding EHRs
- Requesting parties
- Countries or jurisdictions
Use-Cases
From simplest to comprehensive
- Within a single domain, subject agrees to share anonymised medical data for research
- Across two domains, subject agrees to share anonymised medical data for research
- Across two domains with federated identity, subject authenticates and allows access to EHRs
- Across two domains over which no common identity system exists, subject agrees to share EHRs
- Across two different countries, and necessarily two different domains, subject agrees to share EHRs and use part of that information to comply with public notification requirements