Overview
This guide covers two administrative features for consent management:- Consent Expiration Reminders (EN-33) — Configure automated notifications for expiring consents.
- Part 2 Compliance Dashboard (EN-34) — View aggregate compliance metrics for 42 CFR Part 2.
1. Consent Expiration Reminders
Configuration
The reminder window is configured via Clinical Settings (cl_module_settings).
- Setting:
consent_expiration_reminder_days - Default:
[30, 14, 7]— notifications are sent at 30, 14, and 7 days before expiration. - Format: Array of integers representing days before expiration.
How It Works
- A scheduled edge function (
consent-expiration-reminders) runs daily (configured via Supabase Dashboard cron). - For each organization, it reads the configured reminder windows.
- For each window, it queries consents expiring on that exact day.
- Notifications are sent to:
- The user who created the consent (
created_by) - All organization administrators
- The user who created the consent (
- No PHI is included in notification payloads — only counts (e.g., “3 consent(s) expiring in 7 days”).
Cron Setup (Required)
The edge function must be scheduled in the Supabase Dashboard:- Navigate to SQL Editor in your Supabase project.
- Enable
pg_cronandpg_netextensions if not already enabled. - Create a cron job to invoke the function daily (e.g., 06:00 UTC).
Troubleshooting
2. Part 2 Compliance Dashboard
Access
- Route:
/cl/compliance-report - Permission required:
cl.compliance_report.view - By default, this permission is assigned to the
org_adminrole.
Metrics Displayed
Security
- All metrics are aggregate counts only — no patient identifiers are displayed or transmitted.
- Dashboard access is logged for audit purposes (user ID, timestamp, action only).
- The underlying
cl_part2_compliance_statsfunction isSECURITY DEFINERwith permission verification.
Granting Access
To grant compliance dashboard access to additional users:- Navigate to Admin > Permissions.
- Assign
cl.compliance_report.viewto the desired role or user.
Related Documentation
- Patient Portal Consent Guide — EN-35 patient-facing guide
- CL-11 Spec — Base consent management specification
- CL-11 Enhancements Catalog — All enhancement specifications