Skip to main content
Feature ID: PM-01
Status: 🚧 In Progress
Last Verified: 2026-02-18
Spec Reference: PM-01-patient-registration-demographics.md
Last Updated: 2026-02-18

Table of Contents


Overview

PM-01 provides patient registration and USCDI v3–aligned demographics, Master Patient Index (MPI) duplicate detection, AHCCCS member/CIS ID capture, and multi-site visibility. It depends on PF for tenancy, RBAC, forms, and custom fields. Downstream consumers (CL-01, PM-02, PM-03) use patient identity via PF or PM-01 data.

Quick Reference


Decision Trees

Create vs merge flow

  1. Search for existing patient candidates (MPI checks).
  2. If high-confidence duplicate exists, route to merge workflow.
  3. Else create new patient registration record and emit patient_registered.

Identity boundary flow

  1. Capture PM demographics in PM-owned tables.
  2. Resolve shared patient identity through PF integration boundary.
  3. CL consumers use PF identity link, not PM-owned FK coupling.

Pattern Library


Integration Points (from Spec)


API / Data Contracts

  • Patient demographics: Tables pm_patients, pm_patient_addresses, pm_emergency_contacts, pm_guarantors; all scoped by organization_id; RLS via SECURITY DEFINER helpers (pm_can_access_patient, pm_can_modify_patient).
  • Patient identity: Per CL-01 integration, patient identity may be resolved via pf_patient_identities (PF); PM-01 is the source of demographic data. See API_CONTRACTS.md for GET /api/v1/pm/patients/:id (or platform equivalent).
  • Permissions: pm.patients.view, pm.patients.create, pm.patients.update, pm.patients.merge (PF-30).

Labeled Code Examples

Example: patient registration API shape

Example: patient_registered event payload


Event Contracts

  • patient_registered: PM publishes when a new patient is registered; subscribers CL, RH (optional), PF-10. See EVENT_CONTRACTS.md for payload and timeline.

Security and RLS

  • RLS on pm_patients, pm_patient_addresses, pm_emergency_contacts, pm_guarantors; USING and WITH CHECK use SECURITY DEFINER helpers; no direct queries to RLS-protected tables (constitution §5.7).
  • UPDATE policies include WITH CHECK for organization_id (constitution §5.2.4).
  • PHI handling: no SSN in schema; DOB + legal name + MRN for matching; encryption at rest, RBAC, audit per HIPAA and constitution §4.

Common Mistakes


Pre-Flight Checklist

  • Validate permission keys are seeded and enforced in UI/API.
  • Validate RLS helper use (pm_can_access_patient, pm_can_modify_patient).
  • Validate duplicate detection and merge path behavior.
  • Validate patient_registered event contract and subscribers.
  • Validate PHI-safe logging and sanitized errors.