Skip to main content
Feature ID: CL-26
Status: 📋 Spec approved; implementation pending
Spec Reference: CL-26-patient-reported-outcomes-self-service-portal.md
Last Updated: 2026-02-24

Overview

CL-26 defines patient self-service for screenings (PHQ-9, GAD-7, AUDIT-C, DAST-10, C-SSRS), between-session check-ins, read-only treatment plan view, consent self-service, secure messaging, and crisis resources. It extends the patient portal (PM-12) with clinical workflows and depends on CL-02, CL-03, CL-07, CL-10, CL-11, CL-23, PM-12, PM-14.

Integration Points (from Spec)


API / Data Contracts

  • Patient submissions: cl_patient_submissions — patient-completed screenings; scoring and status (pending_review → reviewed → incorporated). Consumed by CL-23 for in-basket; clinician review updates status.
  • Between-session check-ins: cl_between_session_checkins — mood, medication adherence, crisis flag; append-only. Crisis threshold triggers real-time escalation per FR-1/FR-2.
  • Treatment plan view: Read-only from CL-03 data; no new tables.
  • Consent: View/revoke/sign via CL-11 workflows; CL-26 triggers workflow.
  • Messaging: Send/receive via PM-14; non-crisis only.
(Add request/response or event schemas here when APIs or events are defined.)

Event Contracts

  • Planned: Submission created (pending_review) → in-basket item in CL-23 when implemented; stub/queue until CL-23 available.
  • Crisis: Positive C-SSRS ideation or crisis_flag/crisis_warning_signs → real-time escalation (push/SMS/phone or on-call) plus 988/local resources on confirmation screen.
(Document in EVENT_CONTRACTS.md when event names and payloads are finalized.)

Security and RLS

  • RLS on cl_patient_submissions and cl_between_session_checkins via SECURITY DEFINER helpers (§5.7); no direct queries to RLS-protected tables in policies.
  • Patient: SELECT/INSERT only to own chart’s rows (portal identity → chart_id via SECURITY DEFINER).
  • Clinician: SELECT/UPDATE via cl_has_org_access (or equivalent). UPDATE policy on cl_patient_submissions MUST include WITH CHECK (§5.2.4).
  • All portal PHI accesses (submissions, treatment plan view, consent, messaging) logged to pf_audit_logs (NFR-1).