Power of Attorney Procedure
The power of attorney (POA) is a central component of how Agora Care operates. It allows a patient to explicitly authorize the transmission of their medical data to the platform. This document outlines the different steps for creating, validating, and transmitting POAs, as defined by Agora Care. These procedures ensure traceability, security, and compliance with legal obligations regarding personal data protection.
Agora Care: Patient-Initiated Data Retrieval Request
When a patient has a personal Agora Care account, they can generate a POA directly from the platform. This process is secured and only accessible after strong authentication (ID and password, combined with an OTP via 2FA).
Procedure Steps
-
Secure login
The patient logs into their personal account, protected by two-factor authentication (2FA). -
Selecting institutions
The patient chooses the medical institutions from which they want to retrieve their data (images, reports, etc.). -
Generating the POA
A POA is automatically generated, listing the selected institutions. The patient validates it via an on-screen handwritten signature, expressing clear intent and consent. -
Transmission
The POA is electronically sent to the selected institutions, who can then transfer the data to Agora Care. -
Tracking and traceability
The patient can monitor the status of each POA and associated data from their account. All actions are logged for full traceability.
Agora Care PRO: Request by a Mandated Healthcare Professional
A healthcare professional operating under a subcontract with Agora Care can initiate a data retrieval request on behalf of a patient. This process is carefully managed to ensure compliance with legal requirements and patient consent.
Procedure Steps
-
Professional request
The healthcare professional identifies a patient and obtains their consent to share contact details with Agora Care. -
Patient data submission
The professional provides Agora Care with the patient’s full name, date of birth, mailing address, and phone number. -
Patient notification
The patient is notified via SMS and asked to select the institutions from which to retrieve medical data. -
Patient signature
If they agree, the patient validates the POA with a handwritten signature on-screen. -
Issuing the POA
A signed POA is created in the patient’s name and linked to the professional who initiated the request. -
Tracking and traceability
All steps are logged in the platform, ensuring transparency and legal compliance. -
Data delivery
Once the data (images, reports) are received, they are made available to the healthcare professional via Agora Care PRO. Patients must create their own account and complete identity verification to access the same data. -
Optional patient account creation
Patients may independently create an account to access their data via the standard self-registration process.
POA Validation and Processing
Before being sent to institutions, each POA is validated. Agora Care carefully verifies the authenticity of the patient’s signature. A tracking process is in place to manage all data retrieval requests.
Currently, institutions receive POAs by:
- Secure VPN link between the institution and Agora Care
- Secure HIN email
- Postal delivery of physical media (e.g., CD)
Once medical data is received, it is automatically linked to the corresponding POA. If received in physical format, the data is digitized and the original media securely destroyed by a certified provider.
POA Authenticity
Each POA includes a QR code linking to agoracare.ch, where its status can be verified. If there is any doubt, the POA can be submitted to Agora Care for manual verification.