Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt

Use this file to discover all available pages before exploring further.

Last Updated: 2026-04-12 This directory contains compliance evidence packages — documents that tie specific feature implementations to their regulatory requirements. Evidence packages are required for any feature that touches a regulated area (CL, PM, HR, RH, GR, FA, IT, CE, PF).

What is a Compliance Evidence Package?

A compliance evidence package proves that a specific implementation satisfies a specific regulatory requirement. It contains:
  1. Regulatory requirements table — the specific clauses/requirements from the regulation
  2. Implementation evidence — code references, schema elements, UI components, test names that satisfy each requirement
  3. Test evidence — unit/integration/RLS test names that verify the implementation
  4. Gaps — any requirements not yet implemented (with tracking references)

When to Create an Evidence Package

Create an evidence package when:
  • A spec targets a regulated requirement (42 CFR Part 2, HIPAA Security Rule, AHCCCS 320-O, FLSA, etc.)
  • The feature is marked “implemented” or “partial” in the relevant compliance tracker
  • Preparing for an audit, accreditation survey, or compliance review
  • A regulator or payer requests documentation of compliance
Reference docs/compliance/REGULATORY_COMPLIANCE_TRACKER.md to find requirements that need evidence packages.

How to Create an Evidence Package

  1. Identify the requirement: Find the row in the relevant compliance tracker (e.g., REGULATORY_COMPLIANCE_TRACKER.md).
  2. Copy the template: Use specs/_templates/COMPLIANCE_SIGNOFF_TEMPLATE.md as a starting point. For detailed evidence, use the CL-11-EN-01-42cfr-part2-EVIDENCE.md file in this directory as a model.
  3. Name the file: {SPEC-ID}-{REGULATION-ABBREVIATION}-EVIDENCE.md (e.g., CL-11-EN-01-42cfr-part2-EVIDENCE.md)
  4. Complete each section:
    • Regulatory requirements addressed (table with: Requirement, Implementation, Evidence)
    • Test coverage (list of test files/names)
    • Gaps (requirements not yet implemented, with spec/task references)
  5. Link from the compliance tracker: Add a link to the evidence file in the corresponding tracker row.

Coverage Audit

Run the evidence coverage audit to see which implemented/partial requirements lack evidence packages: 
npx tsx scripts/audit/audit-compliance-evidence.ts
This script cross-references the compliance tracker against existing evidence files and reports gaps.

Priority: High-Risk Requirements (Create These First)

Based on audit risk and regulatory penalty severity, create evidence packages for these areas first:
PriorityRegulationTrackerRequired Evidence
142 CFR Part 2 (SUD data)REGULATORY_COMPLIANCE_TRACKER.mdConsent, disclosure, gating
2HIPAA Security Rule technical safeguardsIT_SECURITY_COMPLIANCE_TRACKING.mdAccess control, audit logging, encryption, MFA
3AHCCCS Policy 320-O (clinical assessments)REGULATORY_COMPLIANCE_TRACKER.md18 required assessment elements
4HIPAA Privacy Rule PHI handlingREGULATORY_COMPLIANCE_TRACKER.mdPHI classification, access controls, disclosures
5FCRA adverse action noticesFCRA_TCPA_COMPLIANCE_TRACKING.mdBackground check workflow, adverse action
6FLSA overtime trackingHR_WORKFORCE_COMPLIANCE_TRACKING.mdTime/attendance, overtime calculation

Current Evidence Packages

FileFeatureRegulationStatus
CL-11-EN-01-42cfr-part2-EVIDENCE.mdElectronic consent & redisclosure42 CFR Part 2✅ Complete
CL-02-EN-58-42cfr-part2-EVIDENCE.mdCL-02 Part 2 compliance42 CFR Part 2✅ Complete
PM-15-P2-HIPAA-EDI-EVIDENCE.mdHIPAA EDI / clearinghouseHIPAA EDI (X12)✅ Complete
PM-25-HIPAA-CMS-VBP-EVIDENCE.mdCMS Value-Based PurchasingCMS-0057-F✅ Complete
CE-28-HIPAA-PART2-EVIDENCE.mdCE HIPAA/Part 2HIPAA + 42 CFR Part 2✅ Complete
CE-29-HIPAA-PART2-320O-EVIDENCE.mdCE HIPAA/Part 2 320-OHIPAA + AHCCCS 320-O✅ Complete
HR-09-EN1-EEOC-TITLE-VII-EVIDENCE.mdEEOC Title VII complianceTitle VII, ADA, GINA✅ Complete
HR-34-IRS-worker-classification-1099-EVIDENCE.mdIRS 1099 worker classificationIRS (26 USC)✅ Complete
  • docs/compliance/REGULATORY_COMPLIANCE_TRACKER.md — master compliance status
  • specs/_templates/COMPLIANCE_SIGNOFF_TEMPLATE.md — sign-off template
  • scripts/audit/audit-compliance-evidence.ts — coverage audit script
  • AGENTS.md §Regulatory Compliance Decision Tree — what regulations apply to each core