> ## Documentation Index
> Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
> Use this file to discover all available pages before exploring further.

# 42 CFR Part 2 Gating for Trauma Assessments — Compliance Evidence

> Evidence that trauma assessments on SUD-flagged charts are consent-gated per 42 CFR Part 2, with controls and verification.

**Feature ID:** CL-02-EN-58\
**Regulation:** 42 CFR Part 2 (Confidentiality of SUD Patient Records)\
**Date:** 2026-03-04\
**Status:** ✅ Compliant

***

## Requirement

Trauma assessment data for patients with SUD (substance use disorder) indicators must be consent-gated per 42 CFR Part 2. Access to create, view, or save trauma assessments on SUD-flagged charts requires active consent verification.

## Implementation Evidence

### 1. Consent Gating

* **Hook:** `useConsentCheck(chartId, 'trauma_assessment')` from `@/platform/clinical/consent/useConsentCheck.ts`
* **RPC:** `cl_check_sud_consent(p_chart_id, p_record_type, p_requesting_user)` — SECURITY DEFINER function
* **Behavior:** When `cl_patient_charts.flags.sud_indicated = true` and consent is not active, the `TraumaAssessmentForm` displays an inline block message: "Consent required to view or save trauma assessment. Please obtain consent in the consent module."
* **Non-SUD charts:** Consent check is bypassed (no consent required for non-SUD patients per 21st Century Cures Act).

### 2. Psychotherapy Notes Exclusion

* Trauma assessment narrative fields (clinician observations for LEC-5/BTQ) are stored in assessment result JSONB (`cl_assessment_sections.responses`), NOT in a separate psychotherapy notes table.
* No psychotherapy notes (as defined by HIPAA §164.501) are created by this feature.
* Future CL-30 (Psychotherapy Notes Protection) will address separate psychotherapy note storage if needed.

### 3. Disclosure Auditing

* Disclosure logging via `cl_disclosure_log` is handled by the existing CL-11 infrastructure when SUD records are accessed.
* No additional disclosure logging was required for EN-58.

### 4. Permission Controls

* Trauma assessment access requires `cl.assessment.create` (start) and `cl.assessment.manage` (save/edit).
* View access requires `cl.assessment.view`.
* All permission checks use `useHasPermission` / `PermissionGate` — no hardcoded role checks.

## Test Coverage

* Unit tests: `tests/unit/cl/traumaScoring.test.ts` — scoring accuracy with de-identified data
* Consent gating verified via `useConsentCheck` integration in `TraumaAssessmentForm`

## References

* CL-11 Consent Management spec: `specs/cl/specs/CL-11-consent-management-42cfr-part2.md`
* CL-02-EN-58 spec: `specs/cl/specs/CL-02-EN-58-trauma-informed-assessments.md`
* Integration doc: `docs/architecture/integrations/CL-02-EN-58-trauma-informed-assessments-INTEGRATION.md`
