Regulation: 42 CFR Part 2 (Confidentiality of SUD Patient Records)
Status: ✅ Implemented
Date: 2026-04-10
Spec: CL-11-EN-01
1. Regulatory Requirements Addressed
§ 2.31 — Consent Requirements
§ 2.32 — Prohibition on Redisclosure
§ 2.13(d) — Accounting of Disclosures
2. Data Model Evidence
Tables Created
RLS Enforcement
- Both tables use
cl_has_org_access()SECURITY DEFINER helper cl_redisclosure_log: SELECT + INSERT only policies; no UPDATE/DELETE policies- Privilege revocation:
REVOKE UPDATE, DELETE ON cl_redisclosure_log FROM authenticated - Defense-in-depth:
trg_cl_redisclosure_log_immutabletrigger raises exception on UPDATE/DELETE
3. Permission Controls
4. UI Controls
5. Test Evidence
6. Route Registration
- Path:
/cl/electronic-consents - Lazy loaded via
React.lazy - Permission guard:
RequirePermission('cl.electronic-consent.view')