Skip to main content
Version: 1.0.0
Last Updated: 2026-03-20
Spec: RH-06 Compliance & Staff Operations
Constitution Reference: Section 1.2 (Core Independence), Section 1.3 (Integration Patterns)

Overview

RH-06 manages compliance requirements, staff operations, and training tracking. It publishes events for compliance deadlines and non-compliance detection, and integrates with HR (Workforce) for staff information lookup.

Integration Points

Platform Foundation (PF) Dependencies

Required PF Features:
  • PF-08 (Forms Integration): Compliance checklists, audit forms
  • PF-10 (Notifications): Compliance deadline reminders, non-compliance alerts, training expiry reminders
  • PF-11 (Document Management): Compliance evidence, audit documents, training certifications
Integration Type: Platform Integration Layer (Pattern 1)

Consumer Core Dependencies (Downstream)

Internal RH Features:
  • RH-01 (Episodes): Episode records for compliance tracking
  • RH-02 (Programs & Phases): Program compliance requirements
  • RH-03 (Significant Events): Significant event reporting compliance
External Cores:
  • HR (Workforce): Staff information lookup for assignments and training

Event Contracts

Event: rh_compliance_deadline_approaching

Publisher: RH (RH-06)
Subscribers: PF-10 (Notifications)
Status: 📝 Planned
Purpose: Send compliance deadline reminders 7 days before due date Payload Schema:

Event: rh_non_compliance_detected

Publisher: RH (RH-06)
Subscribers: PF-10 (Notifications)
Status: 📝 Planned
Purpose: Alert management to non-compliance issues Payload Schema:

API Contracts

API: HR Employee Lookup

Endpoint: /api/v1/hr/employees?employee_id={id}
Method: GET
Provider: HR (Workforce)
Consumers: RH-06 (Compliance & Staff Operations)
Status: 📝 Planned
Purpose: Lookup staff information for assignments and training Request:
  • Query parameter: employee_id (uuid, required)
Response:

Platform Integration Layer Usage

Consumes:
  • PF-08 (Forms Integration): Compliance checklists, audit forms via @/platform/forms
  • PF-10 (Notifications): Compliance deadline reminders, non-compliance alerts, training expiry reminders via @/platform/notifications
  • PF-11 (Document Management): Compliance evidence, audit documents, training certifications via @/platform/documents

Security Considerations

Multi-Tenancy

  • RLS Enforcement: All rh_compliance_* and rh_staff_* tables filtered by organization_id via RLS policies

Role-Based Access Control

  • Compliance Officer: Create requirements, view all compliance data
  • House Manager: Complete checklists, record shift notes
  • Program Manager: Review compliance, approve corrective actions
  • Staff: View assigned compliance items, record training

Data Protection

  • PII Handling: Compliance data may contain PHI (resident references); access controlled via RLS
  • Document Security: Evidence documents stored securely via PF-11
  • Audit Logging: All compliance access logged via PF-04

Testing Requirements

  • Event payload structure validation
  • Event fires on trigger condition (compliance deadline approaching, non-compliance detected)
  • Correct organization_id included in all events
  • Subscribers handle events correctly (PF-10)
  • HR employee lookup API works correctly
  • RLS policies enforce org isolation on compliance and staff operations queries
  • RBAC roles work correctly for different user types

References