Skip to main content
Feature ID: PF-91
Status: 🔨 In Progress (80%)
Spec Reference: PF-91-compliance-automation-regulatory-dashboard.md
Last Updated: 2026-03-24

Overview

PF-91 adds tenant-scoped compliance monitoring (dashboard, PHI column classification, drift detection, evidence packages) and deepens 42 CFR Part 2 alignment with CL-11. Consumers integrate through @/platform/compliance, Edge Functions for scheduled checks and evidence generation, and existing PF-04 / PF-10 / PF-48 touchpoints.

Integration Points (from Spec)


Platform Layer Contract (target)

  • Module path: @/platform/compliance (canonical). Subfolders allowed internally; export stable hooks/types from barrel src/platform/compliance/index.ts.
  • Edge Functions (names for implementation — adjust in migration if renamed):
    • compliance-run-checks — scheduled drift / RLS / audit health checks; inserts pf_compliance_checks; may emit pf_compliance_drift_detected
    • compliance-phi-scan — column / custom_fields key classification; upserts pf_phi_classifications
    • generate-compliance-evidence — async evidence ZIP job; updates pf_compliance_evidence; uploads to private bucket compliance-evidence; may emit pf_compliance_evidence_ready All org-scoped; use JWT or service role per job type; document verify_jwt in each function’s config and README per FR-4.2.
  • Hooks (indicative): useComplianceDashboard, usePhiClassifications, useComplianceEvidenceJobs, useDriftAlerts — finalize names in src/platform/compliance/; all queries include organization_id (defense in depth).

API / Edge Contracts (stub)

Expand with request/response JSON Schema before implementation (see API_CONTRACTS.md if exposed externally).

Storage (evidence artifacts)

  • Bucket: compliance-evidencepublic: false, org-scoped object paths {organization_id}/{evidence_id}/... (same pattern as reports-exports in 20260315003328_04052513-0344-4182-9a43-503c6711e204.sql).
  • RLS: Reuse pf_user_can_access_storage_org on first path segment; service_role uploads from Edge (bypasses RLS); user download via signed URL only.
  • pf_compliance_evidence.storage_path: Store the object key relative to this bucket (document exact convention in migration comment).

CL-11 / Part 2 (server)

  • RPC: cl_check_sud_consent(p_chart_id, p_record_type, p_requesting_user) — source of truth for SUD-gated content; used by @/platform/clinical useConsentCheck.
  • PF-91 Wrapper: pf_check_sud_consent_for_export — SECURITY DEFINER; delegates to cl_check_sud_consent; fail-closed (FALSE on error/NULL); REVOKE ALL FROM PUBLIC. Per 42 CFR Part 2 §2.13/§2.31.
  • Emergency Override: pf_log_emergency_override — SECURITY DEFINER; inserts audit row into pf_audit_logs (PF-04); requires 20+ char justification; REVOKE ALL FROM PUBLIC.
  • PF-91 Phase 3: Server paths returning SUD-classified data MUST invoke consent RPC per chart; multi-chart exports iterate and fail closed when consent is false or null.

PF-10 (MVP notification behavior)

  • In-app notifications to pf.compliance.drift.manage for pf_compliance_drift_detected; optional in-app toast to requester for pf_compliance_evidence_ready.
  • Copy: Template-only titles/bodies; payload fields limited to UUIDs, severity, framework enum, opaque storage_path, and short operator-safe summary (no PHI/SUD, no clinical table/column names).
  • Deep links: /settings/compliance (drift); /settings/compliance/evidence?evidenceId=<uuid> (evidence ready).

Event Contracts (stub)

Register in EVENT_CONTRACTS.md (stub added; finalize TypeScript payload interfaces before ship).

Security and Tenant Isolation

  • All new tables: RLS + pf_has_org_access (or current SECURITY DEFINER helper) with WITH CHECK on UPDATE; no policy subqueries against RLS-protected tables without helpers (constitution §5.7).
  • Evidence ZIPs: signed URLs; no long-lived public URLs; checksum stored on pf_compliance_evidence.
  • Part 2 paths: no SUD-classified data in notification body without consent; align with CL-11 contracts.
  • Edge functions: getCorsHeaders(req.headers.get('origin')), createLogger from _shared/logger.ts, structured logging without PHI content (see spec FR-4.2). Validate contracts with CONTRACT_VALIDATION_CHECKLIST.md before release.