Healthcare-Sensitive Categories (Consider Human Review After Auto-Apply)
You may wish to double-check auto-applied edits in these areas:- PHI/PII — Any requirement or text involving protected health information, personally identifiable information, or data classification (e.g. what may be stored, logged, or transmitted).
- Multi-tenancy / RLS — Row-level security policies,
organization_idisolation, SECURITY DEFINER helpers, tenant-boundary wording, or defense-in-depth filters. - Security and consent — Consent checks (e.g.
cl_check_sud_consent), access control, authentication/authorization rules, or attestation requirements. - External integrations — PDMP, FHIR, HIE, e-prescribing, or other external system contracts and fail-closed/fail-open behavior.
- Regulatory and healthcare compliance — HIPAA, 42 CFR Part 2, state prescription monitoring, ONC certification, or other regulatory text.
References
- Workflow: SPEC_WORKFLOW.md — “What each step does” table, spec-reviewer row.
- Checklist: SPEC_GUIDE.md — Post–spec-reviewer / auto-apply verification entry.
- Skill:
automation/skills/spec-review/references/spec-review-process.md— Auto-apply mode and safe vs contextual edits.