> ## Documentation Index
> Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Report a Concern

> Anonymously submit a confidential whistleblower report about misconduct, fraud, safety concerns, or policy violations.

The Report a Concern page is a public, unauthenticated intake form for submitting confidential reports about potential misconduct, fraud, safety concerns, or policy violations. It is located at route `/gr/whistleblower-report` and is served from the public routes (no authentication required).

## Overview

This page requires no authentication and is registered in the public routes (`src/routes/public.tsx`). It renders `WhistleblowerIntakePage`, which submits to the `gr-whistleblower-submit` Supabase edge function with the organization ID supplied via the `?org=` URL query parameter. On successful submission, a **follow-up token** is displayed — the submitter should save this token to check report status later.

The form accepts:

* **Category**: one of `financial_fraud`, `discrimination`, `safety`, `policy_violation`, or `other`
* **Description**: 10–10,000 characters
* **Submit Anonymously**: toggle (default: on)

## Who it's for

No authentication required. This page is intended for anyone — staff, patients, or third parties — with access to the organization's public URL containing the `?org=` parameter.

## Before you start

* The URL must include a valid `?org=<organization_id>` query parameter. Without it, submission will fail.
* The submitter should save their follow-up token after submission — it is shown only once.

## Steps

1. Open the Report a Concern URL provided by your organization (includes `?org=` parameter).
2. Select a **Category** from the dropdown.
3. Enter a detailed **Description** (minimum 10 characters, maximum 10,000).
4. Review the **Submit Anonymously** toggle — enabled by default.
5. Select **Submit Report**.
6. On success, copy and save your **Follow-Up Token** before closing the page.

## Key concepts

| Concept              | Description                                                                              |
| -------------------- | ---------------------------------------------------------------------------------------- |
| `?org=` param        | Organization identifier required in the URL; links this submission to the correct tenant |
| Follow-up token      | A unique token returned on submission; used to check report status later                 |
| Anonymous submission | When toggled on, identity is not recorded with the report                                |
| Edge function        | Submission goes to `gr-whistleblower-submit` — not directly to the database              |

## Related

<Columns cols={2}>
  <Card title="Governance & Compliance" icon="scale-balanced" href="/gr/overview">
    Governance & Compliance core overview.
  </Card>

  <Card title="Governance & parity" icon="clipboard-check" href="/governance/index" />
</Columns>

<Note>
  This page documents shipped product behavior. It is not medical, legal, or
  billing advice. Verify against your organization's policies and applicable
  regulations before using it for clinical, compliance, or billing decisions.
  Protected health information (PHI) shown in the product is governed by your
  tenant's access controls and is never exposed in this documentation.
</Note>

<Accordion title="Documentation sources">
  * src/routes/public.tsx
  * src/routes/gr.tsx
  * src/cores/gr/pages/WhistleblowerIntakePage.tsx
  * src/integrations/supabase/client.ts
</Accordion>
