Skip to main content
Feature ID: CL-16-EN-01
Status: 📝 Planned
Spec: CL-16-EN-01-tefca-qhin-connectivity.md
Last Updated: 2026-04-09

Overview

CL-16-EN-01 extends CL-16 interoperability with TEFCA/QHIN-specific transport, patient matching, and consent-governed exchange controls. It does not replace CL-16 ownership of the base FHIR/C-CDA framework.

Integration Points


API Contracts (Planned)

Canonical API stubs live in API_CONTRACTS.md#cl-16-en-01-tefca-qhin-api. Use those entries as the source of truth for ownership, correlation behavior, and placeholder schema/version TODOs.
  • POST /tefca/qhin/query
    • Purpose: submit patient record query to connected QHIN.
    • Required fields: organization_id, patient match inputs, purpose_of_use.
    • Response: normalized match candidates + correlation_id.
    • Canonical contract anchor: POST /tefca/qhin/query (owner: CL-16-EN-01; TODO schema/versioning retained).
  • POST /tefca/qhin/exchange
    • Purpose: outbound disclosure operation through QHIN.
    • Required controls: CL-11 consent check, Part 2 redisclosure handling.
    • Response: accepted/blocked/failed status with correlation_id.
    • Canonical contract anchor: POST /tefca/qhin/exchange (owner: CL-16-EN-01; TODO schema/versioning retained).
  • GET /tefca/qhin/exchanges
    • Purpose: org-scoped exchange monitoring and compliance audit retrieval.
    • Supports filters: status, direction, qhin identifier, date range.
    • Canonical contract anchor: GET /tefca/qhin/exchanges (owner: CL-16-EN-01; TODO schema/versioning retained).

Event Contracts (Planned)

Canonical event stubs live in EVENT_CONTRACTS.md#cl-16-en-01-tefca-qhin-events. Use those entries as the source of truth for publisher/consumer ownership and payload/version placeholders. Payload constraints: Include IDs and metadata only (organization_id, patient_id, correlation_id, status); no PHI payload bodies in event data. Canonical event anchors: cl_tefca_query_submitted, cl_tefca_exchange_completed, cl_tefca_exchange_blocked.

Security and Compliance

  • All operations must enforce tenant scoping (organization_id) and RLS on persisted data.
  • CL-11 consent checks are mandatory for outbound disclosures.
  • Credentials and certificates must be sourced from environment/secrets, never persisted in plain text.
  • Logs and events must avoid PHI content and use identifiers/correlation IDs.

Open Items

  • Final QHIN vendor endpoint and onboarding playbook selection.
  • Operational retry policy for transient failures (manual vs automatic replay).
  • Multi-QHIN failover strategy (deferred enhancement).