Feature ID: CL-30Documentation Index
Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
Use this file to discover all available pages before exploring further.
Status: ๐ Planned
Spec Reference: CL-30-psychotherapy-notes-protection.md
Last Updated: 2026-02-24
Overview
CL-30 adds HIPAA-aligned protection for psychotherapy notes: separate storage, author-only access by default, explicit authorization for disclosure, and exclusion from medical record and FHIR export unless authorized. Integrations are within CL (CL-04, CL-11, CL-20, CL-16) and PF (PF-01); no cross-core integration.Integration Points (from Spec)
| Dependency | Pattern | Purpose |
|---|---|---|
| PF-01 (Organizations & Sites) | Direct | Tenant context; RLS and audit |
| CL-04 (Progress notes) | Internal | UX distinction: psychotherapy note vs standard progress note; link or separate list in chart |
| CL-11 (Consent/authorization) | Internal | Psychotherapy authorization is separate from general consent; document in CL-11 disclosure log when disclosed |
| CL-20 (Medical record export) | Internal | Exclude psychotherapy notes from export unless authorization present for that request |
| CL-16 (FHIR export) | Internal | Exclude psychotherapy notes from FHIR export unless authorized |
API / Data Contracts
Data (CL internal)
- cl_psychotherapy_notes: New table; author-only RLS; content encrypted at rest (NFR-1).
- cl_psychotherapy_authorizations: Patient authorizations for disclosure; linked to notes via cl_psychotherapy_authorization_notes.
- Export contract: CL-20 and CL-16 export logic MUST exclude rows from
cl_psychotherapy_notesunless a valid (non-revoked, non-expired) authorization exists for that export request and covers the note(s). Authorization scope may include date range or specific notes viacl_psychotherapy_authorization_notes.
Placeholder: Event Contracts
- No domain events required for MVP. (Future: optional event when psychotherapy note disclosed for audit downstream.)
Placeholder: API Contracts
- No new REST APIs. Access via existing CL chart/note hooks and export paths; authorization checked in application logic and RLS.
Security and Tenant Isolation
- All tables include
organization_id; RLS and app-layer filters enforce org isolation. - Psychotherapy note content: encryption at rest; no PHI in logs; all access audited.
- RLS: SECURITY DEFINER helpers; UPDATE policies include WITH CHECK (ยง5.2.4); no direct query to RLS-protected tables in policies (ยง5.7).
- Export: CL-20/CL-16 MUST check
cl_psychotherapy_authorizations(and junction) before including any psychotherapy note in export payload.
Governance References
- Cross-Core Matrix: CROSS_CORE_INTEGRATIONS.md โ CL-30 is CL-internal; no cross-core row required (all dependencies are PF or within CL).
- Contract Validation: CONTRACT_VALIDATION_CHECKLIST.md โ validate before implementation.
- Data Dictionary: DATA_DICTIONARY.md โ register
cl_psychotherapy_notes,cl_psychotherapy_authorizations,cl_psychotherapy_authorization_notesafter migration. - Encryption at Rest: NFR-1 specifies encryption at rest for psychotherapy note content. Implementation: use Supabase Vault (
pgsodium) or application-layer encryption with key management via platform vault. Document chosen approach in implementation log.