Skip to main content
⚠️ Draft: This guide describes the planned CL-25 implementation. Settings and table names (e.g., cl_audit_dashboard_configs, cl_module_settings) are subject to change. Module: Clinical & EHR (CL)
Spec: CL-25 Clinical Audit & Compliance Dashboard
Version: current: see docs/VERSIONS.md
Last Updated: 2026-02-24

Overview

This guide covers administrative setup for the Clinical Audit & Compliance Dashboard: dashboard configuration, SLA settings, regulatory calendar, and permissions. The dashboard reads from pf_audit_logs and CL tables; every viewer action (dashboard open, query/filter, break-glass review) is written to pf_audit_logs per NFR-1.

Table of Contents

Quick Reference


Permissions

  • Assign dashboard access to Compliance Officer, Privacy Officer, or designated audit viewer roles.
  • Use finalized permission keys from PF-30 permissions mapping and CL-25 before seeding roles.
  • Restrict export (if implemented) to appropriate roles.

Dashboard configuration

  • Widgets: Configure which widgets appear (audit viewer, break-glass queue, consent monitor, documentation metrics, Part 2 dashboard, regulatory calendar, anomaly flags).
  • Default date range: Set org-level default (e.g. last 7 days, last 30 days) for the audit viewer.
  • Configuration is stored in cl_module_settings by key until a dedicated cl_audit_dashboard_configs table is formally introduced and migrated.

SLA settings (break-glass)

  • Default SLA: e.g. 24 hours for break-glass review (configurable per org).
  • SLA hours: Stored in dashboard config or cl_module_settings; used to compute due date when a break-glass event is created.
  • Ensure break-glass events are written to the audit log with the correct action type so the queue can query them.

Regulatory calendar

  • Configure regulatory deadlines (e.g. AZDHS, Joint Commission, CARF) with due dates and reminders.
  • Add or edit entries via Compliance > Regulatory Calendar (admin) or settings.
  • Reminders can be tied to PF-10 notifications or internal reminders.

Settings summary


Known limitations

  • Automated remediation actions are out of scope; review and follow-up are manual.
  • Real-time alerting is a future enhancement.
  • Retention and forwarding of audit log entries follow existing audit log policy; do not change from the dashboard.

Common Mistakes

Pre-Flight Checklist

  • Permission mappings verified against CL-25 and PF-30.
  • Dashboard settings keys configured in cl_module_settings.
  • Break-glass SLA hours configured and tested.
  • Regulatory reminder schedule validated.
  • Audit logs confirm viewer and review actions are captured.

Troubleshooting


References