Skip to main content
Date: 2026-03-01
Status: ✅ Complete

RLS Coverage

All UPDATE policies include WITH CHECK to prevent organization_id modification.

Permission Coverage

Audit Columns

All three tables include: created_at, updated_at, created_by, updated_by. Programs also include deleted_at for soft delete audit trail. All tables have pm_set_updated_at triggers.

Multi-Tenant Isolation

  • All mutations include .eq('organization_id', orgId) defense-in-depth filtering.
  • RLS uses pm_has_org_access(organization_id, auth.uid()) SECURITY DEFINER helper.
  • No direct queries to pf_user_role_assignments in RLS policies.

PHI Considerations

  • VBP program and measure data does not contain direct PHI.
  • Future gap identification (patient attribution) will require PHI access controls per CL-10/CL-15 integration specs.
  • No PHI is used in test data; all test values are synthetic.