Documentation Index
Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
Use this file to discover all available pages before exploring further.
Version: 1.0.0
Last Updated: 2026-05-15
Source: Compass Artifact deep review + ONC Certification Gap Matrix + existing compliance infrastructure analysis
Owner: Product / Compliance / CL / PM / PF
1. Executive Summary
This plan operationalizes the findings from the May 2026 ONC Certification Strategy & Regulatory Readiness analysis (“Compass Artifact”) into concrete deliverables: new skills, updated rules, new specs, regulatory tracker updates, and AGENTS.md amendments. The recommendation is Alignment-Only now, Modular certification when a trigger fires — but the alignment work itself is substantial.
Key Strategic Decisions
| Decision | Recommendation | Trigger to Escalate |
|---|
| ONC Certification | Alignment-Only (no formal filing) | Named enterprise prospect with “CEHRT required” in mandatory RFP terms |
| Contexture/HIE | Sign Participation Agreement within 30 days | Already justified — DAP 8.0% uplift |
| DEA EPCS | Begin partner evaluation immediately | First MAT-prescribing customer signed |
| HITRUST | e1 assessment within 12 months | Kipu competitive parity |
| EKRA/NorthSight | P0 legal review immediately | Shared-founder structure is textbook risk |
2. Deep Review — Gaps Found in Compass Artifact
2.1 Items Missing from the Compass Artifact
The compass artifact is thorough but omits several areas that Encore’s existing compliance infrastructure already tracks or should add:
| # | Gap | Severity | Rationale |
|---|
| 1 | OTP/Part 8 compliance (42 CFR Part 8) — mentioned in passing under EPCS but no dedicated analysis of OTP licensing, SAMHSA certification, and medication-unit dosing rules | Medium | Encore serves MAT/OTP programs; Part 8 governs OTP operations including daily dosing, take-home schedules, and drug testing. Existing tracker already tracks this. |
| 2 | Arizona PDMP (CSPMP) integration — the regulatory-compliance rule lists this but the compass artifact omits PDMP query requirements entirely | High | A.R.S. § 36-2608 requires PDMP query before prescribing opioids. MAT prescribers using Encore must have PDMP integration or documented workaround. |
| 3 | Psychotherapy notes segregation (45 CFR 164.501) — existing decision tree includes this but compass artifact does not address ONC criterion mapping for psychotherapy note handling | Low | BH-specific HIPAA carve-out; existing compliance tracking covers this. |
| 4 | HIPAA Breach Notification (HITECH Act) — compass artifact discusses information blocking penalties but omits breach notification obligations under HITECH, which the IT compliance tracker already covers | Low | Already tracked in IT_SECURITY_COMPLIANCE_TRACKING.md. |
| 5 | CMS-0057-F Prior Authorization API — compass artifact mentions HTI-2 withdrawal of (g)(30)-(g)(33) but does not explicitly cover the separate CMS-0057-F rule (finalized Jan 2024) requiring payer prior auth APIs by Jan 1, 2027 — existing spec PM-52 covers this | Medium | PM-52 already tracks Da Vinci CRD/DTR/PAS for this rule. |
| 6 | HEDIS/Quality Measures — compass artifact §7 mentions CARF/Joint Commission as N/A for Encore (correct) but does not address BH HEDIS measures (FUH, FUM, AMM, SSD) that payer contracts frequently require. CL-51 spec and GR tracker already cover this. | Low | Already in compliance tracker and CL-51 spec. |
| 7 | Collections compliance (TCPA/FDCPA/PCI) — compass artifact omits patient collections compliance, which the regulatory tracker already covers | Low | Already tracked in REGULATORY_COMPLIANCE_TRACKER.md. |
| 8 | No Surprises Act/Good Faith Estimate — omitted from compass artifact; PM tracker covers this | Low | Already tracked; PM specs address GFE. |
| 9 | Surescripts certification pathway — compass artifact mentions e-prescribing partners but does not detail Surescripts’ staged certification process (application → validation → production) which is separate from both ONC and DEA EPCS | Medium | Critical path dependency for any e-prescribing feature. |
| 10 | State Medicaid Promoting Interoperability successors — compass artifact correctly notes AZ PI ended Oct 2021 but does not survey other states (e.g., CO, NY, TX) that still have active HIT incentive programs, relevant for multi-state expansion via PF-96 | Low | Deferred until multi-state expansion is in scope. |
2.2 Items in Compass Artifact Not Yet in Encore’s Compliance Infrastructure
| # | New Finding | Current Coverage | Action Required |
|---|
| 1 | DEA EPCS certification (21 CFR 1311) — required for MAT prescribing | Not tracked | Add to regulatory tracker + create new spec |
| 2 | EKRA (18 U.S.C. § 220) — NorthSight relationship risk | Not tracked | Add to regulatory tracker + legal memo |
| 3 | Section 1557 ACA nondiscrimination — language access/TTY for patient portal | Partially covered under WCAG/Section 504 | Expand coverage |
| 4 | ADA Title III digital accessibility (WCAG 2.1 AA) — DOJ April 2024 final rule | Tracked under PF-93 + Section 504 | Update timeline |
| 5 | SAMHSA SUPTRS/MHBG/TEDS reporting — block-grant reporting hooks | Not tracked | Add to GR compliance tracker |
| 6 | USCDI+ Behavioral Health profiles — SAMHSA/ONC $20M initiative | Not tracked | Add to CL-16 roadmap |
| 7 | HITRUST e1 → i1 pathway — competitive parity with Kipu | Not tracked | Add to IT compliance tracker |
| 8 | DS4P (Data Segmentation for Privacy) — §170.315(b)(7)/(b)(8) — critical for Part 2 SUD data | Gap matrix shows “None” for b(7)/b(8) | Create new spec |
| 9 | DEA Special Registration for Telemedicine — MAT-via-telehealth | Not tracked | Add to regulatory tracker |
| 10 | Contexture/Health Current Participation Agreement — DAP/TI 2.0 gate | Not tracked as deliverable | Add to roadmap |
| 11 | HTI-4 NCPDP SCRIPT 2023011 — Jan 1, 2028 deadline | Mentioned in gap matrix | Ensure CL-06 enhancement tracks this |
| 12 | Information blocking penalty enforcement — $1M per violation | Tracked in regulatory tracker | Ensure PM-55 info-blocking workflows complete |
3. New Skills to Create
Skills are organized by priority tier. Each skill follows the .cursor/skills/ convention with YAML frontmatter, references directory where needed, and pointers to authoritative docs.
Tier 1 — Alignment-Critical (Create in first 30 days)
3.1 onc-alignment-assessment (.cursor/skills/)
Purpose: Assess any feature or spec against ONC alignment criteria without requiring formal certification.
Scope:
- Map feature data elements to USCDI v3 data classes/elements
- Check US Core 6.1.0 FHIR profile conformance
- Validate SMART App Launch v2 OAuth flow design
- Evaluate information blocking compliance
- Generate alignment score (0-5) per criterion family
References directory:
references/uscdi-v3-data-classes.md — USCDI v3 data class inventoryreferences/onc-criterion-checklist.md — Per-criterion implementation checklist
Trigger phrases: “ONC alignment”, “USCDI mapping”, “certification readiness”, “FHIR conformance check”
Purpose: Author and validate FHIR R4 resources against US Core 6.1.0 + USCDI v3 profiles.
Scope:
- US Core 6.1.0 profile requirements per resource type
- USCDI v3 data element mapping
- CapabilityStatement authoring
- Inferno test alignment
- USCDI+ BH profile awareness (future-proofing)
References directory:
references/us-core-profiles.md — Profile-by-profile requirementsreferences/fhir-resource-patterns.md — Encore-specific FHIR resource authoring patterns
Trigger phrases: “FHIR profile”, “US Core”, “CapabilityStatement”, “Inferno test”, “USCDI mapping”
3.3 ds4p-privacy-segmentation (.cursor/skills/)
Purpose: Implement Data Segmentation for Privacy (DS4P) for 42 CFR Part 2 SUD data.
Scope:
- DS4P confidentiality codes (V, R, N) on C-CDA and FHIR resources
- Part 2 consent-to-segmentation pipeline
- Redisclosure notice generation
- DS4P send/receive criterion mapping for §170.315(b)(7)/(b)(8)
- Integration with CL-11 consent management
References directory:
references/ds4p-codes.md — Confidentiality code table and mapping rulesreferences/part2-consent-flows.md — Part 2 → DS4P decision tree
Trigger phrases: “DS4P”, “data segmentation”, “privacy segmentation”, “Part 2 FHIR”, “confidentiality codes”
Purpose: Ensure all data-sharing decisions comply with 21st Century Cures Act information blocking provisions.
Scope:
- Exception documentation (8 exceptions + TEFCA Manner + Protecting Care Access)
- Denial taxonomy and review queue
- Annual governance packet assembly
- OIG CMP risk assessment ($1M per violation)
- Information blocking response workflow
References directory:
references/exception-matrix.md — Exception-by-exception documentation templatereferences/denial-taxonomy.md — Standardized denial categories and review workflow
Trigger phrases: “information blocking”, “Cures Act”, “data sharing denial”, “EHI export”, “exception documentation”
Tier 2 — Pre-Certification Readiness (Create in 30-90 days)
3.5 dsi-transparency-disclosure (.cursor/skills/)
Purpose: Generate §170.315(b)(11) DSI source attribute disclosures for AI features.
Scope:
- Source attribute documentation per HTI-1 requirements
- Predictive DSI vs. evidence-based DSI classification
- Algorithm transparency requirements
- User-facing disclosure content generation
- Integration with PM-64 (AI coding) and CL-08 (CDS)
Trigger phrases: “DSI transparency”, “AI disclosure”, “b(11)”, “algorithm transparency”, “predictive DSI”
3.6 epcs-audit-preparation (.cursor/skills/)
Purpose: Prepare for DEA EPCS third-party audit (21 CFR 1311).
Scope:
- Identity proofing documentation (NIST SP 800-63-3)
- Two-factor authentication evidence
- Prescription signing workflow design
- Audit trail requirements for controlled substances
- Drummond/DEA audit checklist
- ARCOS reporting integration points
Trigger phrases: “EPCS”, “DEA audit”, “controlled substance”, “e-prescribing controlled”, “buprenorphine”, “21 CFR 1311”
3.7 contexture-hie-integration (.cursor/skills/)
Purpose: Guide integration with Contexture (Health Current) HIE for AHCCCS DAP/TI 2.0.
Scope:
- ADT notification send/receive (HL7 v2.5.1)
- CCD exchange (C-CDA R2.1)
- Contexture participation agreement requirements
- DAP milestone evidence generation
- TEFCA connectivity path (Contexture → eHealth Exchange QHIN → national)
Trigger phrases: “Contexture”, “Health Current”, “HIE integration”, “ADT notification”, “DAP attestation”, “TI 2.0”
3.8 hitrust-assessment-preparation (.cursor/skills/)
Purpose: Prepare for HITRUST e1 (Essentials) validated assessment.
Scope:
- HITRUST CSF control mapping to existing Encore controls
- Evidence collection checklist
- Gap analysis between SOC 2 Type II and HITRUST e1
- Authorized external assessor engagement guide
- Escalation path to i1
Trigger phrases: “HITRUST”, “e1 assessment”, “i1 assessment”, “security certification”, “HITRUST CSF”
Tier 3 — Certification-Phase Skills (Create when trigger fires)
3.9 onc-criterion-mapper (.agents/skills/)
Purpose: Generate per-criterion compliance evidence packages.
Scope:
- Criterion text → Encore feature → test case → screenshot/log evidence mapping
- Relied-upon software documentation
- CHPL listing metadata generation
- Mandatory disclosure URL content
3.10 inferno-test-author (.agents/skills/)
Purpose: Write Inferno test plans and expected response fixtures.
Scope:
- (g)(10), (g)(7), (g)(9) test plan authoring
- CapabilityStatement validation fixtures
- SMART App Launch v2 test flow documentation
- CI harness integration for Inferno tests
3.11 rwt-plan-author (.agents/skills/)
Purpose: Generate Real World Testing plans and results reports.
Scope:
- RWT plan template per ONC requirements
- Metrics collection framework
- Results report generation
- Enforcement discretion tracking (HTI-5 pending)
3.12 drummond-engagement-orchestrator (.agents/skills/)
Purpose: Pre-populate Drummond ATL test scripts and ACB documentation.
Scope:
- Drummond Advisory Services engagement guide
- ATL test script pre-population
- ACB vendor form completion
- CHPL listing preparation
- Compliance Learning Series planning
4. Regulatory Rules Updates
4.1 Update .cursor/rules/regulatory-compliance.md
Changes needed:
Add the following branches to the decision tree:
├─ CL (Clinical)
│ ├─ [EXISTING branches...]
│ ├─ Involves e-prescribing of controlled substances? → DEA EPCS (21 CFR 1311), Drummond audit
│ ├─ Involves MAT/buprenorphine prescribing? → DEA EPCS + X-waiver removal (CAA 2023 §1262) + DEA Telemedicine Special Registration
│ ├─ Involves FHIR data export with SUD data? → DS4P §170.315(b)(7)/(b)(8) confidentiality coding
│ ├─ Involves AI clinical recommendations? → HTI-1 DSI transparency §170.315(b)(11)
│ └─ Involves Arizona HIE/Contexture? → AHCCCS DAP/TI 2.0 requirements
├─ PM (Practice Management)
│ ├─ [EXISTING branches...]
│ ├─ Involves patient access API? → ONC HTI-1 §170.315(g)(10), SMART App Launch v2, US Core 6.1.0
│ ├─ Involves AI coding/billing? → HTI-1 DSI transparency §170.315(b)(11), human acceptance required
│ └─ Involves e-prescribing standards? → HTI-4 NCPDP SCRIPT 2023011 (deadline Jan 1, 2028)
├─ PF (Platform Foundation)
│ ├─ [EXISTING branches...]
│ ├─ Involves patient portal language access? → Section 1557 ACA nondiscrimination
│ └─ Involves HITRUST assessment? → HITRUST CSF e1/i1 controls
├─ GR (Governance & Risk)
│ ├─ [EXISTING branches...]
│ └─ Involves SAMHSA reporting? → SUPTRS, TEDS, MHBG block grant data
**ONC/Interoperability-specific:**
- `docs/compliance/ONC_CERTIFICATION_GAP_MATRIX.md` — Criterion-level gap analysis
- `docs/compliance/ONC_REGULATORY_READINESS_IMPLEMENTATION_PLAN.md` — Skills, specs, and roadmap
**Beyond-ONC compliance:**
- EKRA (18 U.S.C. § 220) — Kickback risk for recovery treatment referrals
- HITRUST e1/i1 — Security assessment pathway
- DEA EPCS (21 CFR 1311) — Controlled substance e-prescribing audit
4.2 Update .cursor/skills/module-regulatory-compliance/
Changes to SKILL.md:
- Add ONC alignment, FHIR/USCDI, DS4P, EPCS, HITRUST, and EKRA to the decision tree
- Add new common mistakes table entries for ONC-specific errors
- Update tags to include
[regulatory, compliance, HIPAA, ONC, FHIR, USCDI, EPCS, DS4P, HITRUST]
Changes to references/per-core-compliance.md:
- Add “ONC / Interoperability Compliance” section under CL
- Add “EPCS / DEA Audit” section under CL
- Add “ONC Patient Access API” section under PM
- Add “HITRUST Assessment” section under IT/PF
- Add “EKRA / Anti-Kickback” section under GR/PF
- Add “SAMHSA Reporting” section under GR
5. New Specs Required
5.1 Specs to Create (ordered by priority)
| Priority | Spec ID | Title | Core | Rationale |
|---|
| P0 | PF-107 | EKRA Compliance and Related-Party Transaction Controls | PF | Shared-founder NorthSight relationship; higher enforcement probability than ONC |
| P1 | CL-63 | DS4P Data Segmentation for Privacy (Send/Receive) | CL | §170.315(b)(7)/(b)(8); critical for Part 2 SUD data in FHIR/C-CDA exchange |
| P1 | CL-64 | DEA EPCS Integration and Audit Readiness | CL | 21 CFR 1311; required for MAT prescribing market |
| P1 | PF-108 | Contexture HIE Integration (ADT/CCD Exchange) | PF | AHCCCS DAP 8.0% uplift; TI 2.0 eligibility; highest-ROI Arizona move |
| P2 | PF-109 | HITRUST e1 Security Assessment Readiness | PF | Competitive parity with Kipu; hospital/payer procurement signal |
| P2 | CL-65 | DSI Transparency Disclosure Framework | CL | §170.315(b)(11) HTI-1; required if AI clinical features ship |
| P2 | PM-72 | ONC API Conditions of Certification Governance | PM | Terms, fees, transparency, maintenance for FHIR APIs |
| P2 | CL-16-EN-03 | USCDI+ Behavioral Health Profile Mapping | CL | SAMHSA/ONC $20M initiative; proactive alignment |
| P3 | GR-26 | SAMHSA SUPTRS/TEDS/MHBG Reporting Integration | GR | Block-grant reporting for SOR sub-grantees |
| P3 | CL-66 | Immunization Registry Reporting (ASIIS/VXU) | CL | §170.315(f)(1); required for MAT/OTP clinics administering vaccines |
| P3 | CL-67 | Electronic Case Reporting (eCR) | CL | §170.315(f)(5); HIV/HCV reportable conditions for MAT/SUD programs |
| P3 | PM-73 | Surescripts Certification Pathway | PM | Production e-prescribing requirement; staged onboarding |
5.2 Existing Specs Requiring Updates
| Spec | Update Needed |
|---|
| CL-16 | Add USCDI v3 mapping checklist; reference USCDI+ BH; add Inferno CI harness requirement; add DS4P cross-reference to CL-63 |
| CL-16-EN-02 | Update US Core from “planned” to alignment target with specific 6.1.0 profile list |
| PM-55 | Add information blocking denial taxonomy; add §170.315(g)(10) SMART v2 requirements; cross-reference new PM-72 governance spec |
| CL-06 | Add HTI-4 NCPDP SCRIPT 2023011 transition timeline; cross-reference CL-64 EPCS |
| CL-48 | Add C-CDA R4.1 companion guide update; cross-reference DS4P send via CL-63 |
| PM-52 | Note HTI-2 withdrawal of (g)(30)-(g)(33) but CMS-0057-F independence; track HTI-5 |
| PF-93 | Add DOJ April 2024 Title II WCAG 2.1 AA rule; add Section 1557 language access |
| PF-44 | Add EHI export criterion b(10) evidence requirements |
| CL-11 | Cross-reference DS4P spec CL-63; add redisclosure notice in FHIR context |
6. AGENTS.md Updates
6.1 Root AGENTS.md
Add to “What AI Must NEVER Do”:
- Ship FHIR resources that do not conform to US Core 6.1.0 profiles when CL-16/PM-55 features are in scope.
- Omit DS4P confidentiality codes on any FHIR resource or C-CDA document containing 42 CFR Part 2 SUD data.
- Implement controlled substance e-prescribing without DEA EPCS audit trail (21 CFR 1311).
- Bypass information blocking exception documentation when denying data access requests.
- **ONC Alignment (Alignment-Only):** Build to USCDI v3 + US Core 6.1.0 + SMART v2 + DS4P without formal certification. Gap matrix: `docs/compliance/ONC_CERTIFICATION_GAP_MATRIX.md`. Implementation plan: `docs/compliance/ONC_REGULATORY_READINESS_IMPLEMENTATION_PLAN.md`.
- **Contexture/HIE (Arizona):** ADT and CCD exchange via Contexture for AHCCCS DAP/TI 2.0. See PF-108.
- **DEA EPCS:** Required for MAT prescribing. Third-party audit via Drummond. See CL-64.
- **DS4P (Part 2 + FHIR):** Confidentiality coding on all SUD data in FHIR/C-CDA. See CL-63.
- **HITRUST e1:** Security assessment for hospital/payer procurement. See PF-109.
- **EKRA:** Anti-kickback for recovery treatment referrals. P0 legal priority. See PF-107.
- [2026-05] USCDI v3 is the baseline as of Jan 1, 2026 (with ASTP/ONC enforcement discretion through Feb 28, 2026). All new FHIR work must target v3, not v1.
- [2026-05] HTI-2 non-finalized provisions (g(30)-(g)(33), CDS Hooks, Subscriptions) were withdrawn Dec 29, 2025. Do not implement withdrawn criteria.
- [2026-05] OIG information blocking penalties ($1M per violation) are live since Sept 2023. Joint HHS-OIG/ASTP enforcement alert issued Sept 4, 2025.
- [2026-05] DEA Telemedicine Special Registration rule remains in flux; MAT-via-telehealth must use feature flags.
6.2 Core-Specific AGENTS.md Updates
src/cores/cl/AGENTS.md:
- Add DS4P requirements for SUD data in FHIR/C-CDA
- Add EPCS audit trail requirements
- Add USCDI v3 / US Core 6.1.0 conformance requirement for all FHIR resources
- Add DSI transparency requirement for AI clinical features
src/cores/pm/AGENTS.md:
- Add information blocking exception documentation requirement
- Add ONC API governance (PM-72) reference
- Add HTI-4 NCPDP SCRIPT 2023011 deadline awareness
- Add CMS-0057-F Da Vinci timeline independence from HTI-2 withdrawal
7. Regulatory Tracker Updates
7.1 Add to REGULATORY_COMPLIANCE_TRACKER.md
| Regulation | Requirement | Deadline | Owning Spec | Status |
|---|
| DEA EPCS (21 CFR 1311) | Third-party audit for controlled substance e-prescribing | Before MAT prescribing launch | CL-64 | Not Started |
| EKRA (18 U.S.C. § 220) | Anti-kickback compliance for NorthSight relationship | Immediate (P0) | PF-107 | Not Started |
| HITRUST e1 | Security assessment validated by authorized external assessor | 12 months | PF-109 | Not Started |
| Section 1557 ACA | Language access, TTY, nondiscrimination in patient portal | Ongoing | PF-93 update | Partially Covered |
| ADA Title III / DOJ Rule | WCAG 2.1 AA for patient-facing web properties | HHS May 2026 deadline | PF-93 | In Progress |
| SAMHSA SUPTRS/TEDS | Treatment episode reporting for block-grant compliance | Per grant cycle | GR-26 | Not Started |
| USCDI+ BH | FHIR BH profiles mapping | Proactive alignment | CL-16-EN-03 | Not Started |
| DS4P b(7)/b(8) | Privacy segmentation for SUD data in FHIR/C-CDA | Before production FHIR exchange | CL-63 | Not Started |
| HTI-4 NCPDP SCRIPT 2023011 | E-prescribing standard upgrade | Jan 1, 2028 | CL-06 update | Not Started |
| DEA Telemedicine Registration | MAT-via-telehealth prescribing rules | Pending final rule (2026?) | CL-64 | Monitoring |
| Contexture Participation | HIE connectivity for AHCCCS DAP/TI 2.0 | 30 days (business) | PF-108 | Not Started |
| OIG Info Blocking CMP | $1M per violation for HIT developers | Live since Sept 2023 | PM-55 | In Progress |
7.2 Update ONC_CERTIFICATION_ROADMAP.md
- Increase version to 2.0.0
- Replace generic phased timeline with the compass artifact’s 30/90/180/365-day roadmap
- Add DEA EPCS, Contexture, HITRUST, and EKRA as parallel tracks
- Add competitive landscape section (10 of 11 BH competitors are ONC-certified)
- Add trigger-based escalation framework
- Cross-reference gap matrix and implementation plan
7.3 Update ONC_CERTIFICATION_GAP_MATRIX.md
- Add DEA EPCS row
- Add EKRA risk assessment row
- Add Contexture/DAP evidence requirements
- Update alignment score from 3.0 to 2.5 per compass artifact analysis
- Add USCDI+ BH as future-state alignment target
8. Content Licensing Tracker
Add to compliance infrastructure (new section in AUTHORITATIVE_REFERENCES.md):
| Content | License | Cost | Status |
|---|
| LOINC | Regenstrief Institute | Free | Not yet obtained |
| SNOMED CT US Edition | NLM UMLS Metathesaurus | Free (US) | Not yet obtained |
| RxNorm | NLM | Free | Not yet obtained |
| ICD-10-CM | CMS | Free | Not yet obtained |
| CPT | AMA | 500–3,500/yr for distribution | Not yet licensed |
| CVX/MVX vaccine codes | CDC | Free | Not yet obtained |
| NCPDP SCRIPT | NCPDP | Membership required | Not yet licensed |
9. Phased Implementation Timeline
Phase 1: Foundation (Days 0–30)
| # | Deliverable | Type | Owner |
|---|
| 1 | Create PF-107 (EKRA) spec | Spec | Legal/PF |
| 2 | Create PF-108 (Contexture) spec | Spec | PF |
| 3 | Update regulatory-compliance.md rule | Rule | Platform |
| 4 | Update module-regulatory-compliance skill | Skill | Platform |
| 5 | Update AGENTS.md (root + CL + PM) | Docs | Platform |
| 6 | Update REGULATORY_COMPLIANCE_TRACKER.md | Docs | Compliance |
| 7 | Update ONC_CERTIFICATION_ROADMAP.md to v2.0 | Docs | Compliance |
| 8 | Create onc-alignment-assessment skill | Skill | Platform |
| 9 | Create information-blocking-compliance skill | Skill | Platform |
| 10 | Obtain NLM UMLS license | Business | Product |
Phase 2: Interoperability Core (Days 31–90)
| # | Deliverable | Type | Owner |
|---|
| 11 | Create CL-63 (DS4P) spec | Spec | CL |
| 12 | Create CL-64 (DEA EPCS) spec | Spec | CL |
| 13 | Create fhir-profile-conformance skill | Skill | Platform |
| 14 | Create ds4p-privacy-segmentation skill | Skill | Platform |
| 15 | Create dsi-transparency-disclosure skill | Skill | Platform |
| 16 | Create epcs-audit-preparation skill | Skill | Platform |
| 17 | Create contexture-hie-integration skill | Skill | Platform |
| 18 | Update CL-16, CL-16-EN-02, PM-55, CL-06, CL-48 specs | Spec updates | CL/PM |
| 19 | Create PF-109 (HITRUST e1) spec | Spec | PF/IT |
| 20 | Create PM-72 (ONC API Governance) spec | Spec | PM |
Phase 3: Expanded Coverage (Days 91–180)
| # | Deliverable | Type | Owner |
|---|
| 21 | Create CL-65 (DSI Transparency) spec | Spec | CL |
| 22 | Create CL-16-EN-03 (USCDI+ BH) spec | Spec | CL |
| 23 | Create GR-26 (SAMHSA Reporting) spec | Spec | GR |
| 24 | Create hitrust-assessment-preparation skill | Skill | Platform |
| 25 | Update per-core-compliance.md references | Skill ref | Platform |
| 26 | Create CL-66 (Immunization ASIIS) spec if in-scope | Spec | CL |
| 27 | Create CL-67 (eCR) spec if in-scope | Spec | CL |
| 28 | Create PM-73 (Surescripts) spec | Spec | PM |
Phase 4: Certification Readiness (Months 6–12, only if trigger fires)
| # | Deliverable | Type | Owner |
|---|
| 29 | Create onc-criterion-mapper skill | Skill | Platform |
| 30 | Create inferno-test-author skill | Skill | Platform |
| 31 | Create rwt-plan-author skill | Skill | Platform |
| 32 | Create drummond-engagement-orchestrator skill | Skill | Platform |
| 33 | Build Inferno CI harness | Engineering | CL/PM |
| 34 | Formal Drummond Advisory engagement | Business | Product |
10. Validation Checklist
Before considering this plan complete, verify:
11. Cross-References
