Overview
PM-55 implements the ONC HTI-1 (45 CFR 170.315(b)(11) and (g)(10)) Patient Access API, exposing USCDI v3 / US Core 7.0 FHIR R4 resources via SMART App Launch with OAuth2. It also delivers the 21st Century Cures Act §4004 information-blocking review workflow for Compliance Officers. PM-55 is the canonical PM owner of FHIR access logging, app-authorization consent, and information-blocking dispositions.Integration Points
Platform Foundation Dependencies
Same-Core Dependencies
Cross-Core Dependencies
Pending IOU: CL-11 must publish
cl.part2_consent_granted / cl.part2_consent_revoked events and provide cl_part2_check() helper. Tracked in PENDING_CONTRACTS.md.
Events Published
All event payloads are PHI-free (IDs + categorical fields only). See
EVENT_CONTRACTS.md for schemas.
Events Consumed
Database Tables
All tables include
organization_id, created_at, updated_at, custom_fields JSONB
(except append-only audit tables — pending governance confirmation).
FK on pm_patient_access_consents.consent_id references cl_consents.id.
Permissions
See spec § Permission Inventory. Constants exposed viaPM_PERMISSIONS in
src/platform/permissions/constants.ts.
Compliance References
- ONC HTI-1: 45 CFR 170.315(b)(11), (g)(10)
- 21st Century Cures Act §4004 — Information Blocking
- HIPAA Privacy (45 CFR 164.524) and Security (45 CFR 164.312)
- 42 CFR Part 2 — SUD confidentiality (gating via CL-11)
- US Core IG 7.0 / USCDI v3
specs/pm/reviews/PM-55-COMPLIANCE-SIGNOFF.md.