Skip to main content
Feature ID: CL-11-EN-01
Regulation: 42 CFR Part 2 (Confidentiality of SUD Patient Records)
Status: ✅ Implemented
Date: 2026-04-10
Spec: CL-11-EN-01

1. Regulatory Requirements Addressed

§ 2.32 — Prohibition on Redisclosure

§ 2.13(d) — Accounting of Disclosures


2. Data Model Evidence

Tables Created

RLS Enforcement

  • Both tables use cl_has_org_access() SECURITY DEFINER helper
  • cl_redisclosure_log: SELECT + INSERT only policies; no UPDATE/DELETE policies
  • Privilege revocation: REVOKE UPDATE, DELETE ON cl_redisclosure_log FROM authenticated
  • Defense-in-depth: trg_cl_redisclosure_log_immutable trigger raises exception on UPDATE/DELETE

3. Permission Controls


4. UI Controls


5. Test Evidence


6. Route Registration

  • Path: /cl/electronic-consents
  • Lazy loaded via React.lazy
  • Permission guard: RequirePermission('cl.electronic-consent.view')

7. References