Version: 1.0.0Documentation Index
Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
Use this file to discover all available pages before exploring further.
Last Updated: 2026-04-09
Regulation: HIPAA EDI (45 CFR 162), HIPAA Security Rule (45 CFR 164)
1. X12 5010 Transaction Support
| Transaction | Standard | Implementation | Status |
|---|---|---|---|
| 837P | 005010X222A1 | generate-837p.ts | ✅ Implemented |
| 835 | 005010X221A1 | parse-835.ts | ✅ Implemented |
| 270 | 005010X279A1 | generate-270.ts | ✅ Implemented |
| 271 | 005010X279A1 | parse-271.ts | ✅ Implemented |
| 999 | 005010X231A1 | parse-999.ts | ✅ Implemented |
| 277CA | 005010X214 | parse-277ca.ts | ✅ Implemented |
2. Credential Security (45 CFR 164.312(a)(2)(iv))
- Credentials stored as Edge Function Secrets (Deno.env.get)
- No credentials in database, logs, or application state
- Vault references in
pm_clearinghouse_configare logical pointers only - OAuth2 tokens are short-lived and not persisted
3. Transport Security (45 CFR 164.312(e)(2)(ii))
- All Waystar API communication uses HTTPS (TLS 1.2+)
- REST transport enforced; no unencrypted channels
- SFTP deferred (would also require TLS/SSH encryption)
4. Audit Trail (45 CFR 164.312(b))
- All transactions logged to
pm_transaction_log(append-only) - Metadata captured: timestamp, transaction type, direction, status, trace number, batch_id
- Batch lifecycle tracked in
pm_transaction_batches - No PHI in log entries (trace numbers and status only)
5. Tenant Isolation (Constitution §5.1)
- All clearinghouse tables scoped by
organization_id - RLS with FORCE prevents cross-tenant access
- Edge functions validate
organization_idon all operations
6. Test Evidence
- Unit tests:
tests/unit/pm/x12/(envelope, 837P, 835, 270/271, 999, 277CA) - Component tests:
tests/unit/pm/components/ClearinghouseHealthBadge.test.tsx
Sign-Off Status
Seespecs/pm/PM-15-P2-COMPLIANCE-SIGNOFF.md for compliance sign-off checklist.