Health Data Exchange Test Cases

Following are materials related to the testing of UMA-based health data exchange contributed by Project hData as part of the UMA validation bounty program. The final versions of these materials were submitted as of 13 Dec 2010. Ultimately the UMA WG may turn these contributed materials into UMA "working drafts".

Submission letter

Hello,

I am writing on behalf of the hData project with our submission to the UMA validation bounty program. Our submission relates to medical data exchange via hData, and consists of two workflow diagrams outlining the steps involved in registering primary and secondary data providers. To facilitate sharing and editing, we used the websequencediagrams.com to develop the swimlane diagrams.

One of the features of hData is the use of a Discovery and Authorization Service (DAS), which combines functions of an Authorization Manager and a Discovery Service. The DAS plays a central role in how health data providers and consumers find each other and access authorized patient data from other health data providers. To clarify the dual role of the DAS, we have create two adjacent swimlanes in the enclosed diagrams.

The first diagram (http://tinyurl.com/2fc5v8a) covers the process of (a) registering a user with the DAS, and (b) registering the patient’s Primary Care Physician (PCP) with the DAS. The workflow is general enough to allow user authorization of the PCP to occur by a number of alternatives, including by direct interaction by the patient, or by interpreting a pre-configured policy that the user has set up with the DAS. This allows additional flexibility and convenience for the patient.

The second diagram (http://tinyurl.com/2euop2z) brings an Emergency Room (a third party data consumer/provider) into the picture. The process of authorizing the ER is identical to authorizing the PCP, and is therefore omitted from this diagram. The diagram focuses on the interaction of the ER and PCP, allowing the ER to access the medical record of the patient (or authorized parts thereof). We also cover how the ER receives updates to the patient’s medical records, and the possibility of expiry of the authorization token held by the ER.

Also included as an enclosed file are a number of test cases for these scenarios, based on the Gherkin language. Gherkin allows designers and developers to describe behavior in plain text, and through a simple process, translate the text description into executable test cases. Since these test cases are written in readable text, it facilitates developer interactions with those who create the business logic. As we proceed, these test cases will be converted to executable code.

If you have any questions about our submission, please do not hesitate to contact me or Gerald Beuchelt (gbeuchelt -at- mitre.org)

Sincerely,

Mark A. Kramer, PhD
MITRE Corporation E542
mkramer -at- mitre.org
781-271-3296
mobile: 781-367-4239

Gherkin test cases

The test cases are also available for download as a standalone file.

Feature: Register PCP
  In order to get health care
  As a patient
  I want my PCP to share my health data

# Registration scenarios

Scenario: Register user with DAS
   When I register a new account with "a DAS"
   Then I should receive confirmation from "a DAS"

Scenario: Ask for Authorization with PCP
  Given I am registered with "a DAS"
   When "my PCP" requests authorization
   Then I should be asked to authorize provider "my PCP"

Scenario: Authorize PCP
  Given I am registered with "a DAS"
    And provider "my PCP" has requested authorization
   When I grant permission to provider "my PCP"
   Then provider "my PCP" should be registered with "a DAS"

Scenario: PCP Provider Access
  Given provider "my PCP" is registered with "a DAS"    
   When "my PCP" requests access to "provider list"
   Then "my PCP" should see "provider list"

# Rejection Scenarios

Scenario: Reject PCP 
 Given I am registered with "a DAS"
   And provider "my PCP" has requested authorization
  When I deny permission to provider "my PCP"
  Then provider "my PCP" should be rejected

Feature: Visit Emergency Room
  In order to be treated in an emergency
  As a patient
  I want my PCP and ER doctor to share data
  
Scenario: Visit ER for the first time
  Given I am registered with "a DAS"
    And I have provider "my PCP"
    And provider "emergency" has requested authorization
   When I grant permission to provider "emergency"
   Then provider "emergency" should see "my PCP" in my provider list


Feature: Emergency Room Care
  In order to provide emergency care
  As an emergency care provider
  I want to obtain healthcare data

Scenario: Obtain data from PCP
  Given a patient "John Doe"
    And patient "John Doe" is registered with provider "my PCP"
    And patient "John Doe" is registered with provider "emergency"
   When provider "emergency" requests "John Doe" data from "my PCP"
   Then "emergency" should obtain "John Doe" data

Scenario: PCP synch with Emergency
  Given a patient "John Doe"
    And patient "John Doe" is registered with provider "my PCP"
    And patient "John Doe" is registered with provider "emergency"
   When provider "emergency" updates "prescription list" with "Tylenol"
    And provider "my PCP" contacts "emergency" for new data
   Then "my PCP" should see "Tylenol" in "prescription list" in provider "emergency"
   
# Rejection Scenarios

Scenario: Token expiration
  Given a patient "John Doe"
    And patient "John Doe" is registered with provider "emergency"
    And provider "emergency" token expires
   When provider "emergency" polls for new data
   Then provider "emergency" should not see data updates

Swimlane diagram: registering a patient and their PCP with a DAS

This diagram can also be viewed with a variety of styles on the websequencediagrams.com site. (If the diagram is not displaying correctly, try reloading the page in the browser.)

Swimlane diagram: authorizing an ER to access a patient's medical record at their PCP

This diagram can also be viewed with a variety of styles on the websequencediagrams.com site. (If the diagram is not displaying correctly, try reloading the page in the browser.)

Browser not supported