Status: ✅ Implemented
Spec Reference: CL-15-clinical-reporting-quality-measures.md
Last Updated: 2026-05-18 (Phase 2/3 partial)
Cross-Core Integration Matrix
Overview
CL-15 defines clinical reporting and quality measures: Joint Commission, CARF, NCQA/HEDIS, AHCCCS compliance dashboards and report definitions, configurable report builder, scheduled generation, export (PDF, CSV, Excel), and AZDHS incident reporting with mandated timeframes. It depends on PF (organizations, RBAC, reports), CL-01/02/03/04/10 (chart, assessments, treatment plan, progress notes, outcomes). Data flows to/from PF-12 (report engine) and CL-10 (outcome measures). GR-03 (Compliance Tracking) and GR-08 (Accreditation Management) are downstream consumers:cl_incident_reported events trigger compliance check updates, and CL-15 reports serve as accreditation evidence for Joint Commission and CARF.
Quick Reference
Decision Tree
- Need report output?
Use CL definitions/runs with PF-12 execution pipeline. - Need compliance escalation from incident state-reporting transition?
Publishcl_incident_reportedwith standard event envelope fields. - Need accreditation evidence?
Use CL-15 generated reports as GR-08 evidence input.
Pattern Library
- Configurable report pattern: definitions + run records decoupled from execution engine.
- Event-driven compliance pattern: incident reported event fans out to GR compliance consumers.
- Tenant-safe reporting pattern: org-scoped RLS + permission keys for all report/incident tables.
Common Mistakes
Pre-Flight Checklist
- PF-12 integration path and report schemas validated.
-
cl_incident_reportedcontract includes standard envelope fields. - GR-03/GR-08 subscriber expectations verified.
- RLS + WITH CHECK + permission keys validated for release.
Integration Points (from Spec)
API / Data Contracts
- Report definitions: Stored in
cl_report_definitions; consumed by PF-12 for generation; schedules and recipients configurable. - Report runs: Stored in
cl_report_runs; links to PF-12 and document storage; audit trail for all runs. - Incidents: Stored in
cl_incidents; AZDHS reporting timeframes (death 1h, serious injury 6h, abuse/neglect/elopement immediate); immutability once reported.
Event Contracts
Payload Schema:
- Safe:
incident_id,organization_id,incident_type,severity,reported_by - Log as flag only:
chart_id(loghas_chart_id: true/false) - Prohibited: patient names, chart content
custom_fieldsmust be sanitized before logging
Security and RLS
- All three tables use
ENABLE ROW LEVEL SECURITYandFORCE ROW LEVEL SECURITY(PHI tables per CL standard). - RLS on
cl_report_definitions,cl_report_runs, andcl_incidentsvia SECURITY DEFINER helpers (e.g.cl_has_org_access); no direct queries to RLS-protected tables in policies (constitution §5.7). - UPDATE policies include WITH CHECK on
organization_id(§5.2.4). - DELETE policies restricted to
pf_is_org_admin(auth.uid(), organization_id)(admin-only, consistent with CL-14). - Permission keys:
cl.report_definitions.view/create/delete,cl.report_runs.view/run,cl.incidents.view/create/update/delete(seed in migration per PF-30).
Related Docs
- Spec
- EVENT_CONTRACTS.md — cl_incident_reported
- PLATFORM_INTEGRATION_LAYERS.md (PF-12 Reports)
- CROSS_CORE_INTEGRATIONS.md
Phase 2 & 3 Addendum (2026-05-18)
Tracks the partial shipment of CL-15-PHASE-2-3-EXPANSION. SeeCL-15-PHASE-2-3-TASKS.md for per-task status.
Shipped
- Dual-track incident deadlines (T1, T3, T6) —
cl_module_settingsextended withincident_deadline_track(azdhs|ahcccs|dual, defaultazdhs),incident_business_day_config JSONB, andincident_sentinel_options JSONB. Client-side deadline math lives insrc/cores/cl/utils/incidentDeadline.tsand mirrors the server-side AZDHS trigger. CL settings UI exposes the subsection inCLSettingsForm.tsx. clinical_auditreport type (T1) —cl_report_definitions_report_type_checkwidened to includeclinical_audit. UI renderer is not yet shipped (T5 pending).- Portal Quality Measures (T8 + T-COMP-1 portal half) — read-only patient route
/portal/clinical/qualityrenderscl_outcome_measuresfiltered by org-configurablecl_module_settings.portal_qm_config(instruments allow-list, measure types, SUD-consent flag). SUD-tagged instruments (audit,dast10) are filtered out viacl_check_sud_consent(chart_id, 'outcome_measure', user_id); fail-closed on RPC error. Patient-facing notice is generic (no PHI / no measure name leak). @/platform/governanceread-only contract (T10 partial) — new platform layer atsrc/platform/governance/exposesuseCarfReadiness,computeReadinessScore,computeReadinessTier, and GR-08 row types so CL (and future cores) can read CARF accreditation data without importing from@/cores/gr. The CARF dashboard page itself (CarfReadinessPage.tsx) is still pending.
Pending
- T5 —
clinical_auditreport-type form/renderer with dimension checkboxes - T7 — Deployment guide documenting dual-track deadline rationale
- T9 — Automated HEDIS QM calculation wired into report runs
- T10 —
CarfReadinessPage.tsx+ route + breadcrumb (contract is ready) - T-COMP-2 — HEDIS measure conformance documentation
- T-COMP-3 — Audit logging on
clinical_auditreport generation/export andcl_module_settingsdual-track field changes - T-DOCS — User guide update
Blocked
- T2 —
restraint_event_idmigration oncl_incidents(waits on CL-13) - T4 — Restraint/seclusion event picker in incident form (waits on T2)
Cross-core surface changes
- Added:
@/platform/governance(read-only). Consumers: CL-15 (CARF dashboard, pending), potential JCAHO / COA dashboards. Mutations remain inside GR core. - No new
cl_*->pm_*orcl_*->gr_*FKs in this drop.