⚠️ Draft: This guide describes the planned CL-25 implementation. Settings and table names (e.g.,Documentation Index
Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
Use this file to discover all available pages before exploring further.
cl_audit_dashboard_configs, cl_module_settings) are subject to change.
Module: Clinical & EHR (CL)Spec: CL-25 Clinical Audit & Compliance Dashboard
Version: current: see docs/VERSIONS.md
Last Updated: 2026-02-24
Overview
This guide covers administrative setup for the Clinical Audit & Compliance Dashboard: dashboard configuration, SLA settings, regulatory calendar, and permissions. The dashboard reads frompf_audit_logs and CL tables; every viewer action (dashboard open, query/filter, break-glass review) is written to pf_audit_logs per NFR-1.
Table of Contents
- Quick Reference
- Permissions
- Dashboard configuration
- SLA settings (break-glass)
- Regulatory calendar
- Settings summary
- Known limitations
- Common Mistakes
- Pre-Flight Checklist
- Troubleshooting
Quick Reference
| I need to… | Pattern | Location |
|---|---|---|
| Configure access to dashboard | Role mapping with finalized PF-30 permissions | Permissions |
| Set break-glass review SLA | Org-level SLA hours in settings | SLA settings (break-glass) |
| Manage compliance deadlines | Regulatory calendar entries and reminders | Regulatory calendar |
Permissions
- Assign dashboard access to Compliance Officer, Privacy Officer, or designated audit viewer roles.
- Use finalized permission keys from PF-30 permissions mapping and CL-25 before seeding roles.
- Restrict export (if implemented) to appropriate roles.
Dashboard configuration
- Widgets: Configure which widgets appear (audit viewer, break-glass queue, consent monitor, documentation metrics, Part 2 dashboard, regulatory calendar, anomaly flags).
- Default date range: Set org-level default (e.g. last 7 days, last 30 days) for the audit viewer.
- Configuration is stored in
cl_module_settingsby key until a dedicatedcl_audit_dashboard_configstable is formally introduced and migrated.
SLA settings (break-glass)
- Default SLA: e.g. 24 hours for break-glass review (configurable per org).
- SLA hours: Stored in dashboard config or
cl_module_settings; used to compute due date when a break-glass event is created. - Ensure break-glass events are written to the audit log with the correct action type so the queue can query them.
Regulatory calendar
- Configure regulatory deadlines (e.g. AZDHS, Joint Commission, CARF) with due dates and reminders.
- Add or edit entries via Compliance > Regulatory Calendar (admin) or settings.
- Reminders can be tied to PF-10 notifications or internal reminders.
Settings summary
| Setting | Purpose |
|---|---|
| Dashboard widgets | Which views are visible to the org. |
| Default date range | Audit viewer initial filter. |
| Break-glass SLA hours | Due date for break-glass review (e.g. 24). |
| Regulatory calendar entries | Deadlines and reminder dates. |
Known limitations
- Automated remediation actions are out of scope; review and follow-up are manual.
- Real-time alerting is a future enhancement.
- Retention and forwarding of audit log entries follow existing audit log policy; do not change from the dashboard.
Common Mistakes
| Mistake | Impact | Fix |
|---|---|---|
| Seeding permissions before PF-30 alignment | Access drift in PHI-adjacent workflows | Seed roles only after final PF-30/CL-25 validation |
| Using broad default date windows | Slow dashboard queries | Keep narrow defaults (7–30 days) and index query paths |
| Missing break-glass action type mapping | Empty review queue | Verify standardized action type logging in pf_audit_logs |
Pre-Flight Checklist
- Permission mappings verified against CL-25 and PF-30.
- Dashboard settings keys configured in
cl_module_settings. - Break-glass SLA hours configured and tested.
- Regulatory reminder schedule validated.
- Audit logs confirm viewer and review actions are captured.
Troubleshooting
| Issue | What to check |
|---|---|
| Viewer actions not in audit log | Verify that dashboard and break-glass flows write to pf_audit_logs with requesting_user, timestamp, action_type, and serialized filter/query parameters (NFR-1). |
| Break-glass queue empty | Confirm break-glass events are recorded with the expected action type and that RLS allows the viewer to see them. |
| Part 2 or consent data missing | Ensure CL-11 and consent/disclosure tables are populated and RLS allows the compliance role to read. |
| Performance (load > 3s) | Add indexes or materialized views on audit log and CL tables per NFR-2; limit default date range. |