> ## Documentation Index
> Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Clinical Audit & Compliance

> Monitor PHI access events, break-glass reviews, consent compliance, documentation quality, and 42 CFR Part 2 compliance for your organization.

This screen provides a multi-tab compliance dashboard at route `/cl/audit-dashboard`.

## Overview

The Clinical Audit & Compliance dashboard aggregates six compliance data domains into a tabbed layout. A summary row at the top shows four metric cards: total audit events in the last 7 days, unreviewed break-glass events (with an SLA-breached count badge), active consent count (with expiring-in-7-days badge), and total anomaly flags. The dashboard logs a `dashboard_open` action and an `audit_viewer_query` action to `logAuditDashboardAction` when the audit log loads. The default date range for all data queries is the past 7 days. The page renders inside a `PermissionGate` that displays an "Access Denied" empty state for users without the required permission.

## Who it's for

Requires the `cl.audit_dashboard.view` permission. The **Review** button on individual break-glass events additionally requires `cl.audit_dashboard.break_glass_review`.

## Before you start

* You must hold the `cl.audit_dashboard.view` permission.
* Break-glass event review requires the additional `cl.audit_dashboard.break_glass_review` permission.

## Steps

<Steps>
  <Step title="Open the dashboard">
    Navigate to `/cl/audit-dashboard`. The four summary metric cards load for the last 7 days.
  </Step>

  <Step title="Review break-glass events">
    Select the **Break-Glass Review** tab. Events show a user ID, timestamp, affected table name, and badges for SLA-breached or already-reviewed status. Click **Review** on an unreviewed event (requires `cl.audit_dashboard.break_glass_review`) to open the `BreakGlassReviewDialog`.
  </Step>

  <Step title="Inspect the PHI access audit log">
    Select the **Audit Log** tab. The table shows up to 50 events with columns: Time, Action, Table, and User (user ID in monospace).
  </Step>

  <Step title="Check consent compliance">
    Select the **Consent Compliance** tab. Four counters display: Active, Expiring (7d), Expired, and Revoked consent counts.
  </Step>

  <Step title="Review documentation quality">
    Select the **Documentation Quality** tab. A per-provider table shows Total notes, Finalized, Draft, and Completion rate. A completion rate below 70% renders a destructive badge; below 90% renders secondary; 90% and above renders default.
  </Step>

  <Step title="Check 42 CFR Part 2 compliance">
    Select the **Part 2 Compliance** tab. Three counters display: SUD Access Events, Consent Coverage (%), and Break-Glass Events.
  </Step>

  <Step title="View the regulatory calendar">
    Select the **Regulatory Calendar** tab. Configured deadlines appear with a title, description, category badge, and a recurring-interval badge if `isRecurring` is true.
  </Step>
</Steps>

## Key concepts

<AccordionGroup>
  <Accordion title="Break-glass event">
    A break-glass event represents an emergency PHI access recorded in the audit log. Events surface in the Break-Glass Review queue with `isReviewed` and `slaBreached` flags. Reviewing an event opens the `BreakGlassReviewDialog` with the `auditLogId`, `userId`, `createdAt`, and `tableName`.
  </Accordion>

  <Accordion title="Anomaly detection">
    Anomaly flags are computed from `useAnomalyFlags` and count three signal types: `highVolumeUsers`, `samePatientRepeat`, and `afterHoursCount`. The total is shown in the summary card.
  </Accordion>

  <Accordion title="Empty states">
    "No Break-Glass Events" appears when no events exist in the date range. "No Audit Events", "No Consent Data", "No Documentation Data", "No Part 2 Data", and "No Deadlines Configured" appear for their respective tabs when data is absent.
  </Accordion>
</AccordionGroup>

## Related

<Columns cols={2}>
  <Card title="Clinical" icon="stethoscope" href="/cl/overview">
    Overview of the Clinical core.
  </Card>

  <Card title="Governance & parity" icon="scale-balanced" href="/governance/index">
    Documentation coverage and governance.
  </Card>
</Columns>

<Note>
  This page documents shipped product behavior. It is not medical, legal, or
  billing advice. Verify against your organization's policies and applicable
  regulations before using it for clinical, compliance, or billing decisions.
  Protected health information (PHI) shown in the product is governed by your
  tenant's access controls and is never exposed in this documentation.
</Note>

<Accordion title="Documentation sources">
  * src/routes/cl.tsx
  * src/cores/cl/pages/ClinicalAuditDashboardPage.tsx
  * src/cores/cl/hooks/useAuditViewerQuery.ts
  * src/cores/cl/hooks/useBreakGlassQueue.ts
  * src/cores/cl/hooks/useConsentComplianceData.ts
  * src/cores/cl/hooks/useDocumentationMetricsData.ts
  * src/cores/cl/hooks/usePart2DashboardData.ts
  * src/cores/cl/hooks/useAnomalyFlags.ts
  * src/cores/cl/hooks/useRegulatoryCalendar.ts
</Accordion>
