Patient Registration with Distributed Attributes

From IDESG Wiki
Jump to navigation Jump to search

Full Title of Use Case

Patient at private care provider (PCP) on-boarding ceremony to create initial EHR.

Context

  • To provide good assurance that a patient data records are as accurate as possible and relate to a real live person.

Goal

  • The patient in the very near future has full capability to exercise their right to participate in the care plan and see who has access to their medical records.
  • Provide the two apis as described in the Health Care Profile.
  1. Trusted Identifiers for all providers, and perhaps patients as well.
  2. Consent experience for patient,

Actors

  1. Patient
  2. Provider of patient's general health care


Preconditions

  1. The patient is to become "known to the practice" where general health care is provided.
  2. A trust registry exists which the patient knows and trusts.
  3. The providers of health care present the patient with a trusted identity which confirms that they subscribe to the privacy regulations of the trust provider.
  4. Different providers are unlikely to allow each other, or the patient, to write into their EHR, so it is expected that the patient will have multiple repositories, each with their own Medical Records Identifier.
  5. Patient can always get their own data, but only after strong authentication. This data will include a list of existing consent grants. The patient always has the right to revoke consent
  6. The patient has the right to eliminate some individuals in a practice from seeing their data even when the practice has access.

=Optional Conditions

Scenarios

The goal of this scenario is to test the functionality of the APIs associated with patient trust of the providers and patient consent granting and recording.

Primary Scenario:

  1. Patient schedules an appointment with primary care physician and is authenticated at the front desk. (This might involve re-affirmation of the consent with the practice.)
  2. Patient sees the doctor, is reauthenticated (this reauth will be less onerous than that at the front desk) and explains symptoms.
  3. Doctor schedules a lab test for a sensitive condition (for example sexually transmitted disease) in order to test patient consent to share such information with referral.


Alternate Scenario:

  1. The patient can sign onto the various practices' web sites and preform the actions from the comfort of her living room. In this case electronic consents are appropriate.
  2. In this case the consent receipts will be renderable to the user in plain language that they can understand.

Results

Accepted Risks:

  1. Data transfers involved work within a framework of trust and mutual understand as to the patient's wishes with respect to care and privacy.

Post Condition:

  1. r.

Examples:

  1. tbd

Dependencies::

  1. Web Sites must be trusted before any user information is released.
  2. Trust federations can be used to help users make informed decisions.
  3. User consent and trust must begin with no user information transferred.
  4. Standards exist to collect needed attributes where-ever they may be.

Workflow Diagram

TK


References