Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt

Use this file to discover all available pages before exploring further.

Status: Planned / In progress
Last Updated: 2026-02-26
Documents the handoff from HR-03 (offboarding/termination) to COBRA administration (HR-11 Phase 5): event flow, PHI/data handling, and controls.

Overview

When an employee is terminated (HR-03 offboarding), the system creates a COBRA qualifying event and triggers notice and election workflows. This doc describes the integration contract, data flows, and security controls.

Event Flow

  • Trigger: HR-03 termination flow (employment_status → ‘terminated’) or equivalent offboarding action.
  • Action: Create or update hr_cobra_events with event type (e.g. termination), employee_id, event_date, election_deadline; link to employee and organization.
  • Downstream: COBRA notice generation (CobraNoticeGenerator.tsx), deadline reminders (edge function cobra-deadline-reminders), and elections (hr_cobra_elections).
  • Endpoints/Messages: Internal only (no public API). Event creation is triggered from HR offboarding UI or backend; no direct external message bus required for Phase 5.

PHI / Data Flows

  • Data in COBRA tables: Employee identifier, contact info (for notices), election dates, coverage period. Treated as PHI; encryption at rest and in transit per platform standards.
  • Notice content: Generated notices may contain employee name, address, plan info; stored or sent via secure channels only.
  • No PHI in logs: Use IDs only in application and audit logs; no SSN or full name in log payloads.

Authentication & Authorization

  • Only authorized HR/benefits users (permission-gated) can create or view COBRA events and elections.
  • RLS on hr_cobra_events and hr_cobra_elections enforces organization_id; users see only their org’s data.
  • Termination → COBRA event creation runs in authenticated context (same user or service context as offboarding).

Encryption, Retention, and Audit

  • Encryption: Encryption at rest for contact/payment-related fields; TLS in transit. Align with platform and HR data classification.
  • Audit logging: Audit log for PHI access and modifications (created_by, updated_by, timestamps); tie to PF-04 or HR audit pattern.
  • Retention: ERISA record retention — 7-year minimum for plan documents and COBRA-related records; document retention policy and purge rules.
  • Data breach notification: Follow organization incident response and breach notification procedures; COBRA data is sensitive (contact/eligibility).

Organization-Scoped Access

  • All queries and mutations filter by organization_id; no cross-tenant leakage. RLS policies and application checks enforce org scope.
  • Verify: tests/rls/hr-cobra.test.ts, tests/integration/hr/cobra-event-workflow.test.ts.

References