> ## Documentation Index > Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt > Use this file to discover all available pages before exploring further. # Clinical Audit & Compliance Dashboard — Admin Guide > ⚠️ Draft: This guide describes the planned CL-25 implementation. Settings and table names (e.g., cl_audit_dashboard_configs, cl_module_settings) are subject to… **⚠️ Draft:** This guide describes the planned CL-25 implementation. Settings and table names (e.g., `cl_audit_dashboard_configs`, `cl_module_settings`) are subject to change. **Module:** Clinical & EHR (CL)\ **Spec:** [CL-25 Clinical Audit & Compliance Dashboard](../../specs/cl/specs/CL-25-clinical-audit-compliance-dashboard.md)\ **Version:** current: see docs/VERSIONS.md\ **Last Updated:** 2026-02-24 *** ## Overview This guide covers administrative setup for the Clinical Audit & Compliance Dashboard: dashboard configuration, SLA settings, regulatory calendar, and permissions. The dashboard reads from `pf_audit_logs` and CL tables; every viewer action (dashboard open, query/filter, break-glass review) is written to `pf_audit_logs` per NFR-1. ## Table of Contents * [Quick Reference](#quick-reference) * [Permissions](#permissions) * [Dashboard configuration](#dashboard-configuration) * [SLA settings (break-glass)](#sla-settings-break-glass) * [Regulatory calendar](#regulatory-calendar) * [Settings summary](#settings-summary) * [Known limitations](#known-limitations) * [Common Mistakes](#common-mistakes) * [Pre-Flight Checklist](#pre-flight-checklist) * [Troubleshooting](#troubleshooting) ## Quick Reference | I need to… | Pattern | Location | | ----------------------------- | --------------------------------------------- | ------------------------------------------------------- | | Configure access to dashboard | Role mapping with finalized PF-30 permissions | [Permissions](#permissions) | | Set break-glass review SLA | Org-level SLA hours in settings | [SLA settings (break-glass)](#sla-settings-break-glass) | | Manage compliance deadlines | Regulatory calendar entries and reminders | [Regulatory calendar](#regulatory-calendar) | *** ## Permissions * Assign dashboard access to Compliance Officer, Privacy Officer, or designated audit viewer roles. * Use finalized permission keys from [PF-30 permissions mapping](../../specs/pf/specs/PF-30-permissions-system-v2.md) and [CL-25](../../specs/cl/specs/CL-25-clinical-audit-compliance-dashboard.md) before seeding roles. * Restrict export (if implemented) to appropriate roles. *** ## Dashboard configuration * **Widgets:** Configure which widgets appear (audit viewer, break-glass queue, consent monitor, documentation metrics, Part 2 dashboard, regulatory calendar, anomaly flags). * **Default date range:** Set org-level default (e.g. last 7 days, last 30 days) for the audit viewer. * Configuration is stored in `cl_module_settings` by key until a dedicated `cl_audit_dashboard_configs` table is formally introduced and migrated. *** ## SLA settings (break-glass) * **Default SLA:** e.g. 24 hours for break-glass review (configurable per org). * **SLA hours:** Stored in dashboard config or `cl_module_settings`; used to compute due date when a break-glass event is created. * Ensure break-glass events are written to the audit log with the correct action type so the queue can query them. *** ## Regulatory calendar * Configure regulatory deadlines (e.g. AZDHS, Joint Commission, CARF) with due dates and reminders. * Add or edit entries via Compliance > Regulatory Calendar (admin) or settings. * Reminders can be tied to [PF-10 notifications](../../specs/pf/specs/PF-10-notifications-system.md) or internal reminders. *** ## Settings summary | Setting | Purpose | | --------------------------- | ------------------------------------------ | | Dashboard widgets | Which views are visible to the org. | | Default date range | Audit viewer initial filter. | | Break-glass SLA hours | Due date for break-glass review (e.g. 24). | | Regulatory calendar entries | Deadlines and reminder dates. | *** ## Known limitations * Automated remediation actions are out of scope; review and follow-up are manual. * Real-time alerting is a future enhancement. * Retention and forwarding of audit log entries follow existing audit log policy; do not change from the dashboard. ## Common Mistakes | Mistake | Impact | Fix | | ------------------------------------------ | -------------------------------------- | ---------------------------------------------------------- | | Seeding permissions before PF-30 alignment | Access drift in PHI-adjacent workflows | Seed roles only after final PF-30/CL-25 validation | | Using broad default date windows | Slow dashboard queries | Keep narrow defaults (7–30 days) and index query paths | | Missing break-glass action type mapping | Empty review queue | Verify standardized action type logging in `pf_audit_logs` | ## Pre-Flight Checklist * [ ] Permission mappings verified against CL-25 and PF-30. * [ ] Dashboard settings keys configured in `cl_module_settings`. * [ ] Break-glass SLA hours configured and tested. * [ ] Regulatory reminder schedule validated. * [ ] Audit logs confirm viewer and review actions are captured. *** ## Troubleshooting | Issue | What to check | | ------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Viewer actions not in audit log | Verify that dashboard and break-glass flows write to `pf_audit_logs` with requesting\_user, timestamp, action\_type, and serialized filter/query parameters (NFR-1). | | Break-glass queue empty | Confirm break-glass events are recorded with the expected action type and that RLS allows the viewer to see them. | | Part 2 or consent data missing | Ensure CL-11 and consent/disclosure tables are populated and RLS allows the compliance role to read. | | Performance (load > 3s) | Add indexes or materialized views on audit log and CL tables per NFR-2; limit default date range. | *** ## References * [CL-25 Spec](../../specs/cl/specs/CL-25-clinical-audit-compliance-dashboard.md) * [REGULATORY\_COMPLIANCE\_TRACKER](../compliance/REGULATORY_COMPLIANCE_TRACKER.md) * [CL-11 Consent Management](../../specs/cl/specs/CL-11-consent-management-42cfr-part2.md)