Skip to main content
Spec: CE-28 Status: ✅ Complete Last Updated: 2026-03-28

Overview

CE-28 formalizes the intake screening workflow between lead inquiry (CE-01) and patient admission. This integration document covers the event contracts, data flow, and cross-core dependencies for screening-driven automation.

Event Contracts

1. ce_screening_completed

Publisher: CE-28 (Intake Screening) Subscribers: FW-16 (workflow engine), PM-38 (appointment automation), PM-39 (waitlist), CE-29 (conversion pipeline) Trigger: After ce_screening_attempts INSERT with a non-null disposition (consent-gated — consent_obtained must be true). Payload Schema:
Downstream Behavior by Disposition:

2. ce_lead_waitlisted

Publisher: CE-28 (conditional — emitted when disposition = ‘proceed’ but bed unavailable) Subscribers: PM-39 (waitlist management) Payload Schema:

Data Flow


Cross-Core Dependencies


Platform Integration Layers Used

  • PF-10 (Notifications): @/platform/notifications — SLA miss alerts
  • PF-30 (RBAC): Permission keys ce.screening.*
  • FW-16 (Workflow): Event publishing via publishEvent() platform layer

Security Considerations

  • All tables enforce RLS with organization_id tenant isolation
  • PHI present in screening data (substance use, clinical flags) — encrypted at rest
  • 42 CFR Part 2 consent gating (SUD-related screening): Before publishing any workflow/event payload that includes SUD-related screening data, implementations MUST verify on ce_screening_attempts that consent_obtained is true, consent_method is populated (per org policy / valid enum), and consent_recorded_at is set. These fields are the authoritative implementation mechanism for consent capture at the point of screening.
  • Event metadata for audit: Published events that include SUD-related screening content MUST include consent_recorded_at (ISO-8601 timestamp) in event metadata (alongside correlation/event IDs) so downstream subscribers (PM-38, CE-29, analytics) can prove consent timing for audit and Part 2 tracking.
  • Consent capture (consent_obtained, consent_method, consent_recorded_at) on ce_screening_attempts — all three are required for gated publish paths above

TODO

  • Finalize ce_screening_completed event contract with PM-38 team — implemented in useCreateScreening.ts; payload matches schema above; consent-gated per 42 CFR Part 2
  • Confirm RH-01 bed availability query mechanism (event vs API) — Phase 1: placeholder bedAvailable boolean in CreateScreeningInput; ce_lead_waitlisted published when proceed + no bed; RH-01 real-time query deferred to Phase 2
  • Coordinate CE-29 conversion trigger from screening disposition — mapScreeningToPatient() in @/platform/ce/ maps screening fields to PM patient shape; CE-29 event-consumer already handles conversion

CE-28-ENHANCEMENTS — Crisis Alert Event (EN-01)

Status: 📋 Specification (CE-28-ENHANCEMENTS EN-01). Event: ce_crisis_alert_created (registered in EVENT_CONTRACTS.md).

Trigger

Published by CE when a crisis is detected on inbound intake (SMS, web-form, or — Phase 2 — call transcript) and a ce_crisis_alerts row is inserted. Detection paths:
  • Phase 1 (no CE-37/CE-35): Keyword-only matcher on inbound SMS (CE-08) and web-form (CE-10) bodies.
  • Phase 2: Adds CE-37 intent-classification model and CE-35 transcription stream analysis.

Payload (PHI-free)

Excluded by design: detected keywords, evidence excerpts, narrative content, member identifiers, model output text. PHI redaction is applied at insert time on ce_crisis_alerts; the event payload references IDs only.

Subscribers

ce_crisis_alert_created is published even when SUD-related screening consent (consent_obtained) has not been captured, in reliance on the 42 CFR Part 2 §2.51 medical-emergency exception. The payload contains no SUD content (IDs only); any downstream subscriber that loads PHI from ce_crisis_alerts MUST log the §2.51 invocation per ce_crisis_alerts.outcome review trail.

Ordering / Idempotency

  • One event per ce_crisis_alerts insert. Re-classification updates do not re-publish; subscribers should treat alert_id as the idempotency key.
  • Subscribers must tolerate at-least-once delivery.