Skip to main content
Updated: 2026-02-18

Overview

This guide covers permission configuration, role assignments, audit considerations, and data management for the Patient Registration feature (PM-01).

Permission Key Reference


Default Role Assignments

These assignments are seeded by the PM-01 database migration (pf_role_permissions):
Note: The org_admin role automatically receives all active permissions via the platform trigger. Custom roles can be configured in Settings > Permissions.

Managing PM Permissions

  1. Navigate to Settings > Permissions (requires org_admin role).
  2. Select the Practice Management module from the module list.
  3. Assign or revoke permissions per role using the toggle interface.
  4. Changes take effect immediately for newly issued tokens; existing sessions refresh on next page load.

MPI Duplicate Override Audit

When a staff member overrides a duplicate warning during patient registration:
  • The override reason is stored in the patient’s custom_fields JSONB column under the key mpi_override_reason.
  • The created_by column records which user performed the registration.
  • The created_at timestamp provides the exact time of registration.
To audit overrides, run the following query in the Supabase SQL editor:

Soft Delete vs. Permanent Delete

Patient records and child records (addresses, contacts, guarantors) use soft deletion — the deleted_at column is set to the current timestamp, and records are hidden from standard views. Soft delete behavior:
  • Records remain in the database for audit and recovery.
  • Application queries filter deleted_at IS NULL.
  • RLS policies enforce this at the database level.
To restore a soft-deleted record (administrators only):
Permanent deletion is not available through the UI and should only be performed by a database administrator in compliance with your organization’s data retention policy.

Module Settings

The pm_module_settings table contains organization-specific configuration for the PM module. Currently, the settings UI is not exposed (Phase 3). Direct database edits can be made for: To view current settings:

Database Tables

All tables have RLS enabled with FORCE ROW LEVEL SECURITY. SECURITY DEFINER helpers (pm_has_org_access, pm_can_access_patient, pm_can_modify_patient) prevent RLS recursion.