Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt

Use this file to discover all available pages before exploring further.

Spec: PM-55 Created: 2026-05-06 Status: 📝 Planned (WS1 — schema + permissions)

Overview

PM-55 implements the ONC HTI-1 (45 CFR 170.315(b)(11) and (g)(10)) Patient Access API, exposing USCDI v3 / US Core 7.0 FHIR R4 resources via SMART App Launch with OAuth2. It also delivers the 21st Century Cures Act §4004 information-blocking review workflow for Compliance Officers. PM-55 is the canonical PM owner of FHIR access logging, app-authorization consent, and information-blocking dispositions.

Integration Points

Platform Foundation Dependencies

PF FeatureIntegration TypeUsage
PF-01 (Organizations & Sites)DirectTenant isolation on every FHIR resource read
PF-02 (RBAC)Directpm.fhir.app.manage, pm.fhir.consent.*, pm.compliance.* keys
PF-04 (Audit & Event Stream)Directpm.fhir_access_logged per FHIR request; immutable audit
PF-10 (Notifications)Platform Integration LayerCompliance review queue assignment notifications
PF-96 (Jurisdiction Profiles)Platform Integration LayerState info-blocking carve-outs (e.g., NY mental health, MA HIV)
PF-12 (Patient Portal Shell)UI hostAuthorizedAppsPage, AppConsentSheet rendered inside portal shell

Same-Core Dependencies

PM FeatureIntegration TypeUsage
PM-01 (Patient Demographics)Direct readSource for Patient FHIR resource (uses pm_patients.id as bare UUID)
PM-02 (Insurance)Direct readSource for Coverage FHIR resource
PM-03 (Scheduling)Direct readSource for Appointment FHIR resource via pm_appointments
PM-08 (Claims)Direct readSource for ExplanationOfBenefit FHIR resource

Cross-Core Dependencies

FeatureIntegration TypeUsage
CL-11 (42 CFR Part 2 Consent)Platform Integration Layer (@/platform/clinical)cl_part2_check(patient_id, scope) SECURITY DEFINER helper gates serialization of Condition / Observation / DocumentReference resources flagged as SUD. Fail-closed if helper returns NULL.
GR-08 (Incident Reporting)Event subscriberConsumes pm.fhir_information_blocking_logged when disposition = info_blocking to open governance incident
Pending IOU: CL-11 must publish cl.part2_consent_granted / cl.part2_consent_revoked events and provide cl_part2_check() helper. Tracked in PENDING_CONTRACTS.md.

Events Published

Event NamePublisherSubscribersStatus
pm.fhir_app_authorizedPM-55(available — PF-04 audit)📝 Planned
pm.fhir_app_revokedPM-55(available — PF-04 audit)📝 Planned
pm.fhir_information_blocking_loggedPM-55GR-08 (when category = info_blocking)📝 Planned
pm.fhir_access_loggedPM-55PF-04 audit stream📝 Planned
All event payloads are PHI-free (IDs + categorical fields only). See EVENT_CONTRACTS.md for schemas.

Events Consumed

Event NameSourceUsage
cl.part2_consent_grantedCL-11 (pending)Refresh in-memory Part 2 gate cache for affected patient
cl.part2_consent_revokedCL-11 (pending)Invalidate cache; subsequent FHIR reads of SUD resources fail closed

Database Tables

TablePurposeRLS
pm_fhir_app_registrationsSMART app metadata, JWKS, redirect URIsOrg admin manage; portal-patient read own consents only
pm_patient_access_consentsPatient-granted scopes per app, expiration, revocationPatient (portal) self-scoped; org admin read
pm_fhir_access_logAppend-only access log (resource type, scope, status, timestamp)Org admin read; INSERT-only by service role
pm_information_blocking_logException entries with disposition workflowpm.compliance.review to read; pm.compliance.disposition to update
All tables include organization_id, created_at, updated_at, custom_fields JSONB (except append-only audit tables — pending governance confirmation). FK on pm_patient_access_consents.consent_id references cl_consents.id.

Permissions

See spec § Permission Inventory. Constants exposed via PM_PERMISSIONS in src/platform/permissions/constants.ts.

Compliance References

  • ONC HTI-1: 45 CFR 170.315(b)(11), (g)(10)
  • 21st Century Cures Act §4004 — Information Blocking
  • HIPAA Privacy (45 CFR 164.524) and Security (45 CFR 164.312)
  • 42 CFR Part 2 — SUD confidentiality (gating via CL-11)
  • US Core IG 7.0 / USCDI v3
Pending Compliance Officer signoff: specs/pm/reviews/PM-55-COMPLIANCE-SIGNOFF.md.