Status: 📋 Spec approved; implementation pending
Spec Reference: CL-23-clinical-in-basket-provider-messaging.md
Last Updated: 2026-02-24
Overview
CL-23 provides a unified clinical in-basket for provider action items (co-sign, lab review, refill, chart message, referral response, CDS alert). It consumes events from CL and PM/PF and integrates with PF-10 notifications and PM-14 secure messaging.Integration Points (from Spec)
Quick Reference
- Purpose: Unified in-basket for provider action items (co-sign, lab review, refill, chart message, referral response, CDS alert).
- Audience: Implementers integrating CL-23 with CL/PM/PF events and PF-10/PM-14.
- Inputs: Events from CL (progress_note_signed, cds_alert_triggered, cl_lab_result_*), PM (referral_response, chart_message when defined).
- Outputs: PF-10 notifications; PM-14 deep-links;
cl_inbasket_itemsandcl_inbasket_item_activityrecords. - SLAs: Per spec NFRs; event-to-item creation latency TBD in implementation.
Decision Tree
- Event received → Route by event type (cosign_request, lab_review, refill_request, chart_message, referral_response, cds_alert).
- Co-sign:
progress_note_signed→ create/update item type cosign_request; optional PF-10 notify. - Lab review:
cl_lab_result_received/cl_lab_result_reviewed→ lab_review item; abnormal results may trigger CDS. - Refill: Refill request event (when defined) → refill_request item.
- Chart message:
chart_messageevent (when defined) → chart_message item; link to PM-14 thread. - Referral response:
referral_responseevent (when defined) → referral_response item. - CDS alert:
cds_alert_triggered→ cds_alert item; PF-10 for urgency. - Item completed → PF-10 notification; optional PM-14 reply.
Pattern Library
- Consuming CL/PM events: Subscribe to channel per EVENT_CONTRACTS.md; map event payload to
cl_inbasket_items(item_type, payload, assigned_to, due_at); insert activity log row. - Producing PF-10 output: On item create/update/complete, call PF-10 notification API with actor, urgency, deep-link.
- Producing PM-14 output: When item references a secure message, use PM-14 deep-link (route + thread id); do not duplicate message content in in-basket payload.
- RLS: All access via SECURITY DEFINER helper; WITH CHECK on UPDATE; no direct query to RLS-protected tables in policies.
Common Mistakes
Pre-Flight Checklist
- Migration: tables, indexes, updated_at trigger, RLS with FORCE RLS applied.
- Permission keys seeded; roles assigned.
- Event consumers (or stubs) mapped per EVENT_CONTRACTS.md; referral_response and chart_message stubs acknowledged.
- PF-10 and PM-14 integration points verified (or stubbed).
- RLS tests pass; cross-tenant isolation verified.
- Observability: audit trail for item create/update/complete where required.
API / Data Contracts
- In-basket items:
cl_inbasket_items— item type, priority, classification, status, assigned_to, due_at, payload; event-driven creation from CL/PM/PF. - Activity log:
cl_inbasket_item_activity— created, read, assigned, status_changed, escalated, completed, commented; append-only audit trail.
Event Contracts
- Consumed (planned): Event names and payload schemas are in EVENT_CONTRACTS.md – Planned Events (CL/PM). CL-23 maps:
progress_note_signed→ cosign_request;cds_alert_triggered→ cds_alert;cl_lab_result_received/cl_lab_result_reviewed→ lab_review. Referral and chart_message events to be added when PM/CL specs define them. Each creates or updatescl_inbasket_itemswithitem_typeandpayload. - Published (planned): Item created/updated → PF-10 notification; deep-link to PM-14 message when item references a secure message.
Security and RLS
- RLS on
cl_inbasket_itemsandcl_inbasket_item_activityvia SECURITY DEFINER helpers (constitution §5.7); no direct queries to RLS-protected tables in policies. - UPDATE policies on
cl_inbasket_itemsMUST include WITH CHECK (constitution §5.2.4). - Permission keys:
cl.inbasket.view,cl.inbasket.manage,cl.inbasket.escalate,cl.inbasket.assign; seed in migration. - Part 2-sensitive item access must honor CL-11 consent checks where applicable.