Power of Attorney & Documentation Digitization
Feature Detail
Description
This feature supports the gradual digitization of legal and medical documents that peer mentors and coordinators handle, including powers of attorney, medical record summaries (epikriser), and consent forms. Blindeforbundet specifically identified this as a need, with a requirement for a manual fallback process to be maintained in parallel during the transition. The feature handles secure upload, storage, signing workflows, and retrieval of these sensitive documents while ensuring that the existing paper-based process remains viable for users who are not yet ready to go fully digital.
Analysis
The handling of powers of attorney and medical documentation is a legal requirement for organizations supporting vulnerable populations, and errors or gaps in this process carry significant compliance and liability risks. Digitizing these workflows reduces the risk of lost documents, unauthorized access, and delays in service delivery. For Blindeforbundet, whose peer mentors regularly handle sensitive health-related information about beneficiaries, a secure and auditable document management system directly supports their duty of care obligations. The gradual digitization approach mirrors successful precedents like banking's nettbank rollout, ensuring that no users are excluded during the transition and that organizational trust in the digital system builds incrementally.
The feature builds on the Secure Document Storage infrastructure component, which uses Supabase Storage with server-side encryption and access-controlled buckets. The POA Service manages document lifecycle including upload, versioning, signing status tracking, and expiry notifications. Document Signing Widget integrates with the Document Signing Infrastructure, which may use a third-party e-signature provider (such as Signicat, which supports BankID-based signing) or a simpler in-app acknowledgment flow for lower-risk documents. All documents are encrypted at rest and in transit, with access restricted by RLS to only the authorized coordinator or peer mentor. The manual fallback process is supported by providing printable document templates and clear instructions within the app for users who choose the paper path.
Dependencies
Definition of Done
User Stories (11)
As a As a Organization Administrator
I want I want to archive or permanently delete documents that have expired or been superseded by newer versions, with confirmation prompts and a record of the deletion in the audit trail
So that So that the document library remains clean and compliant, outdated documents are not accidentally used, and the organization meets GDPR data minimization requirements by not retaining sensitive documents beyond their required retention period
- Given a document is in 'expired' or 'superseded' status, when the administrator selects the archive action, then the document is moved to archived state and disappears from the active document list
- Given the administrator selects permanent deletion, when the confirmation dialog is shown, then the document name, type, and associated person are clearly displayed before the action is confirmed
- Given a document is permanently deleted, when the administrator later checks the audit trail, then a deletion record is present showing the deleting user, timestamp, and document identifier
- +2 more
As a As a Global Administrator
I want I want to enable or disable specific document digitization capabilities (digital upload, e-signatures, expiry notifications) per organization using feature flags, to control the pace of rollout aligned with each organization's readiness
So that So that organizations can adopt digital document management incrementally without being forced into full digitization before their staff and beneficiaries are ready, mirroring the gradual rollout model explicitly requested by Blindeforbundet
- Given the global administrator accesses feature flag settings for an organization, when they disable the e-signature workflow, then organization administrators for that organization no longer see the digital signing option and are directed to the paper fallback process
- Given the digital upload feature is enabled for an organization, when an organization administrator uploads a document, then the full digital storage and management workflow is available
- Given the digital upload feature is disabled for an organization, when an organization administrator visits the document management screen, then the upload action is hidden and only the printable template download is available
- +2 more
As a As a Organization Administrator
I want I want to access printable document templates (power of attorney forms, consent forms, epikrise summaries) directly within the app and download them for users who are not yet ready to use the digital signing process
So that So that the organization can maintain the parallel paper-based process during the digital transition, ensuring no beneficiary is excluded from receiving services while digital adoption is gradual
- Given the user opens the document management screen, when they navigate to the templates section, then a list of available printable templates is displayed organized by document type
- Given a template is listed, when the user taps to preview it, then a PDF preview is shown within the app before downloading
- Given the user downloads a template, when the download completes, then the PDF is saved to the device and the system records a download event for audit purposes
- +2 more
As a As a user
I want I want to view a list of all power of attorney and medical documents stored in the system, with filtering by type, status, and expiry date
So that So that I can quickly locate specific documents, identify documents requiring action, and maintain oversight of the organization's legal document inventory
- Given the user is authenticated with the correct role, when they navigate to the document management screen, then a paginated list of all accessible documents is displayed with type, status, and expiry indicators
- Given the document list is loaded, when the user applies a filter by document type (e.g., power of attorney, epikrise, consent), then only matching documents are shown
- Given the document list is loaded, when the user filters by signing status (signed, pending, expired), then the list updates to show only documents matching that status
- +2 more
As a As a user
I want I want to view the full details of a single document including its type, signing status, access history, version record, and audit trail of who performed what actions and when
So that So that I can verify document validity for compliance purposes, investigate access anomalies, and provide evidence of proper document management during audits or legal proceedings
- Given the user opens a document detail screen, when the page loads, then all document metadata is displayed including type, upload date, expiry date, associated person, and current signing status
- Given the document has had multiple access events, when the user views the audit trail section, then all access events are listed chronologically with user identity, action type, and timestamp
- Given the document has gone through the signing workflow, when the user reviews the signing history, then each signing event shows the signer's identity, method used (BankID or acknowledgment), and completion timestamp
- +2 more
As a As a Organization Administrator
I want I want to receive push notifications and in-app alerts when powers of attorney, consent forms, or medical documents are approaching or past their expiry date
So that So that I can proactively renew critical legal documents before they lapse and the organization's authorization to act on behalf of a beneficiary becomes invalid, avoiding service disruptions or compliance failures
- Given a document has an expiry date 30 days away, when the daily expiry check runs, then the administrator receives a push notification and an in-app alert with the document name and expiry date
- Given a document is 7 days from expiry and no renewal action has been taken, when the daily check runs, then an escalated alert is sent marking the situation as urgent
- Given a document has passed its expiry date, when the daily check runs, then an urgent notification is sent and the document status is updated to 'expired' in the management screen
- +2 more
As a As a user
I want I want to view a list of all power of attorney and medical documents stored in the system, with filtering by type, status, and expiry date
So that So that I can quickly locate specific documents, identify documents requiring action, and maintain oversight of the organization's legal document inventory
- Given the user is authenticated with the correct role, when they navigate to the document management screen, then a paginated list of all accessible documents is displayed with type, status, and expiry indicators
- Given the document list is loaded, when the user applies a filter by document type (e.g., power of attorney, epikrise, consent), then only matching documents are shown
- Given the document list is loaded, when the user filters by signing status (signed, pending, expired), then the list updates to show only documents matching that status
- +2 more
As a As a user
I want I want to view the full details of a single document including its type, signing status, access history, version record, and audit trail of who performed what actions and when
So that So that I can verify document validity for compliance purposes, investigate access anomalies, and provide evidence of proper document management during audits or legal proceedings
- Given the user opens a document detail screen, when the page loads, then all document metadata is displayed including type, upload date, expiry date, associated person, and current signing status
- Given the document has had multiple access events, when the user views the audit trail section, then all access events are listed chronologically with user identity, action type, and timestamp
- Given the document has gone through the signing workflow, when the user reviews the signing history, then each signing event shows the signer's identity, method used (BankID or acknowledgment), and completion timestamp
- +2 more
As a As a Global Administrator
I want I want to configure the e-signature provider (e.g., Signicat with BankID support) and define which document types require legally binding signatures versus simpler in-app acknowledgments for each member organization
So that So that signing requirements can be tailored to each organization's legal obligations and risk tolerance, and the platform can support different providers or signing methods as the feature set evolves across organizations
- Given the global administrator accesses the document signing configuration for an organization, when they select an e-signature provider from the supported list, then the configuration is saved and applied to all new signing sessions for that organization
- Given a provider is configured, when the administrator enters API credentials and webhook URLs, then the system validates the connection to the external provider before saving
- Given document type signing policies are configured, when an organization administrator initiates a signing workflow for a specific document type, then only the signing methods permitted by policy are offered as options
- +2 more
As a As a Organization Administrator
I want I want to upload a power of attorney, medical record summary, or consent form by selecting a file or scanning a paper document, and associate it with a specific peer mentor or beneficiary
So that So that sensitive legal and medical documents are securely digitized, centrally stored, and accessible to authorized staff without relying on physical paper files that can be lost or misplaced
- Given the user opens the upload flow, when they select a file or capture an image, then the system validates the file format and size before proceeding
- Given a valid file is selected, when the user submits the upload form with document type and associated peer mentor or beneficiary, then the file is encrypted and stored securely and a success confirmation is shown
- Given the upload is in progress, when a network interruption occurs, then the upload resumes or the user is given a clear retry option without data loss
- +2 more
As a As a Organization Administrator
I want I want to initiate a digital signing workflow for an uploaded document, choosing between a legally binding BankID-based e-signature via Signicat or a simpler in-app acknowledgment for lower-risk documents
So that So that documents are formally signed and legally valid without requiring physical presence or paper forms, reducing administrative delays and ensuring compliance with document execution requirements
- Given a document is in 'uploaded' status, when the administrator initiates a signing workflow, then the system presents a choice between BankID e-signature and in-app acknowledgment based on document type
- Given the BankID signing option is selected, when the signing session is created, then a signing request is sent via the configured e-signature provider and the document status updates to 'signing in progress'
- Given a signing session is active, when the signer completes the BankID signing flow, then the document signing service receives the callback, verifies the signature, and updates the document status to 'signed'
- +2 more