> ## Documentation Index > Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt > Use this file to discover all available pages before exploring further. # CL-11-EN-01: Electronic Consent Capture with 42 CFR Part 2 Redisclosure Tracking — Integration Document > Spec: CL-11-EN-01 Parent Integration: CL-11 Consent Management Status: ✅ Implemented Last Updated: 2026-04-09 # Electronic Consent Capture with 42 CFR Part 2 Redisclosure Tracking — Integration Document **Spec:** [CL-11-EN-01](../../../specs/cl/specs/CL-11-EN-01-electronic-consent-42cfr-redisclosure.md) **Parent Integration:** [CL-11 Consent Management](./consent-management-42cfr-part2-integration.md) **Status:** ✅ Implemented **Last Updated:** 2026-04-09 *** ## Overview This enhancement extends the CL-11 consent management framework with electronic signature consent capture, granular consent categories, and a complete 42 CFR Part 2 redisclosure chain-of-custody audit trail. *** ## Integration Points ### PF-01 (Authentication) * **Pattern:** Direct dependency * **Usage:** Signer and staff context must be authenticated before consent signing or redisclosure actions. ### PF-02 (Permissions) * **Pattern:** Direct dependency * **Usage:** Enforce scoped permissions (`cl.electronic-consent.*`, `cl.redisclosure-log.*`) for consent creation, revocation, and redisclosure operations. ### PF-04 (Audit Logging) * **Pattern:** Platform Layer * **Usage:** Immutable disclosure and consent lifecycle audit events written to platform audit infrastructure. Redisclosure log entries supplement PF-04 with Part 2-specific chain-of-custody detail. ### CL-11 (Parent Consent Framework) * **Pattern:** Data (extends parent tables/policies) * **Usage:** Reuses parent consent policy model (`cl_consents`). This enhancement adds new tables (`cl_electronic_consents`, `cl_redisclosure_log`) for e-signature metadata and disclosure tracking. ### CL-16 (Future HIE Coordination) * **Pattern:** Deferred / planned * **Usage:** Consent scope and redisclosure constraints are prepared for downstream HIE sharing workflows. No active integration until CL-16 Phase 2. *** ## New Tables | Table | Purpose | RLS | | ------------------------ | -------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | `cl_electronic_consents` | Signed consent records with granular categories and e-signature data | Org-scoped SELECT/INSERT/UPDATE/DELETE via `cl_has_org_access()` | | `cl_redisclosure_log` | Immutable append-only disclosure audit trail | Org-scoped SELECT/INSERT via `cl_has_org_access()` + explicit privilege revocation of UPDATE/DELETE for all non-superuser roles (including service/elevated roles) | *** ## Event Contracts No new events published by this enhancement. Consent lifecycle events (if added) will follow the pattern in [EVENT\_CONTRACTS.md](./EVENT_CONTRACTS.md). *** ## API Contracts No new external APIs. Internal hooks and RPC only. *** ## Security * All tables enforce RLS with SECURITY DEFINER helpers. * `cl_redisclosure_log` is append-only; RLS (`cl_has_org_access()`) governs access scope, but immutability must also be enforced by revoking UPDATE/DELETE table privileges for all non-superuser roles (including service/elevated roles). * Recommended defense in depth: add a `BEFORE UPDATE OR DELETE` trigger on `cl_redisclosure_log` that raises an exception to prevent mutable audit behavior if role grants drift. * No PHI payloads in operational logs; redisclosure log stores references/identifiers only. * Permission keys gate all UI and mutation operations. *** ## References * [CL-11-EN-01 Spec](../../../specs/cl/specs/CL-11-EN-01-electronic-consent-42cfr-redisclosure.md) * [CL-11 Parent Integration](./consent-management-42cfr-part2-integration.md) * [42 CFR Part 2 Final Rule](https://www.hhs.gov/hipaa/part-2/index.html)