Consent & DPDP Compliance Use Cases (CONS)¶
UC-CONS-001: Capture DPDP-Compliant Consent¶
Purpose: Record patient consent with DPDP Act 2023 requirements.
| Property | Value |
|---|---|
| Actor | Consent Capture Service |
| Trigger | Patient registration / First encounter |
| Priority | P0 |
Main Success Scenario:
1. Present consent form to patient (digital/paper)
2. Capture consent details:
- Purpose specification (Audio Recording, Data Storage, ABDM Sharing)
- Data categories consented to
- Retention period
3. Obtain digital signature or OTP verification
4. Generate consent artifact with timestamp
5. Store in consent registry with unique consent ID
6. Link consent ID to patient record
Acceptance Criteria: 1. [ ] Complies with DPDP Act 2023 requirements 2. [ ] Consent is granular (per purpose) 3. [ ] Withdrawal mechanism clearly stated
UC-CONS-002: Revoke DPDP Consent¶
Purpose: Handle consent withdrawal (partial vs full).
| Property | Value |
|---|---|
| Actor | Consent Revocation Service |
| Trigger | Patient requests consent withdrawal |
| Priority | P0 |
Main Success Scenario:
1. Receive revocation request from patient
2. Verify patient identity (OTP/Biometric)
3. Determine scope: Partial (specific purpose) or Full (all purposes)
4. Update consent registry status to "REVOKED"
5. Cascade revocation to all dependent systems
6. Stop all data processing activities covered by revoked consent
7. Audit log the revocation event
Acceptance Criteria: 1. [ ] Revocation effective within 24 hours 2. [ ] Supports partial consent revocation 3. [ ] Audit trail maintained
UC-CONS-003: ABDM Gateway Consent Artifact Sync¶
Purpose: Sync consent to/from ABDM.
| Property | Value |
|---|---|
| Actor | ABDM Integration Service |
| Trigger | New consent created or ABDM consent notification |
| Priority | P0 |
Main Success Scenario:
1. On local consent creation:
- Build ABDM consent artifact (FHIR Consent resource)
- POST to ABDM consent manager
- Store ABDM consent handle
2. On ABDM consent notification:
- Fetch consent artifact from ABDM
- Validate against local consent policies
- Create/update local consent record
- Link to ABHA ID
Acceptance Criteria: 1. [ ] Bi-directional sync maintained 2. [ ] ABDM consent format compliant 3. [ ] Handles consent approval/denial flows
UC-CONS-004: Consent Expiry & Renewal Logic¶
Purpose: Auto-expire consents and trigger renewal workflows.
| Property | Value |
|---|---|
| Actor | Consent Lifecycle Manager |
| Trigger | Daily batch job |
| Priority | P1 |
Main Success Scenario:
1. Query consent registry for consents expiring within 30 days
2. For each expiring consent:
- Generate renewal notification
- Send to patient (SMS/Email/App)
- Create renewal task for care coordinator
3. On expiry date:
- Update status to "EXPIRED"
- Stop all processing activities
- Archive consent for audit retention
Acceptance Criteria: 1. [ ] 30-day advance renewal notification 2. [ ] Expired consents cannot be used 3. [ ] Renewal process preserves consent history