Difference between revisions of "Consent Directive Use Cases"
Line 48: | Line 48: | ||
* Personal Health Record System/Portal | * Personal Health Record System/Portal | ||
− | == Provider | + | == Provider Requests Consent Directives for a Patient == |
===Pre-condition=== | ===Pre-condition=== | ||
+ | The patient has completed the consent directive and persisted in in the Personal Health Record. | ||
===Basic Scenario=== | ===Basic Scenario=== | ||
+ | The patient receives .. | ||
===Actors=== | ===Actors=== | ||
* Provider's Clerk | * Provider's Clerk |
Revision as of 20:47, 14 August 2008
Contents
Role-Based Access
The following use cases are based on the RBAC specification.
Each type of user in a healthcare organization has a specified "role" which consists of "permissions" to perform certain functions and access specific data. While the set of permissions assigned to each role is based on local policy (enterprise-wide, jurisdiction-wide, etc.), the operation and the functions/information to which they apply, are standardized by HL7 as a normative specification. The functional roles for healthcare users are specified as an informative specification.
- Sample permissions:
- "read, M.A.R. (medication administration record)" allows the user the see the medication administered to a patient.
- "create, Registration" allows a clerk to register a patient by creating a registration/encounter record
Mask Functionality
Based on the functional role of the user logged in, the healthcare information system will limit access only to those operations (e.g. create, read, update, delete, execute) and functions (identified using an object id) that are allowed for that role.
Basic scenario
A user logs in, the application identifies the functional group or role for the user. Based on the user's role, the application interrogates the security systems for the functions allowed for the role. The security system stores the permissions associated with the role and it can specify whether the user can access specific functionlity. Based on the results provided by the security system, the application displays to the users only those are of functionality that their functional role in the allows them to have. This use case would apply to a situation where both the application and the security systems are in the same organization or in different organizations.
Actors
- User
- Healthcare Application
- Security System
Mask Information
Based on their functional role, users can view(read),create, update, delete, or act (execute) on information contained in a patient's record. While the role of the user may limit their access to specific patient record information - limiting it to the information required to perform the job as specified by the role -
Basic Scenario
The user inquires the Personal Health Record system, based on the role the system provides the information specified by the permissions assigned to the user's role.
Actors
- User
- Healthcare Information System
- Security System
Consumer Preferences
The following use cases provide a consumer-centric rather than user-centric view to consent. These use cases reuse the functional role, operation, and object id concepts introduced by RBAC but it adds the consumer license, purpose, relationship to consumer (e.g.
License Medical Information
Pre-condition
The right/license to control one's medical information is assigned by jurisdiction to the patient/consumer.
Basic Scenario
Actors
- Jurisdiction
- Consumer
- Substitute Decision Maker
Consumer Manages Consent Directives
This use case assumes that the consumer has access to a Personal Health Record system through some type of portal (e.g. web) and manages a single data consent intended to be shared with a variety of providers, payers, etc.
Pre-condition
Basic Scenario
Actors
- Consumer
- Substitute Decision Maker
- Personal Health Record System/Portal
Provider Requests Consent Directives for a Patient
Pre-condition
The patient has completed the consent directive and persisted in in the Personal Health Record.
Basic Scenario
The patient receives ..
Actors
- Provider's Clerk
- Provider's Information System
- Personal Health Record
Provider Inquires Personal Health Record information
Pre-condition
Basic Scenario
Actors
- Provider's Clerk
- Provider's Information System
- Personal Health Record