Overview
This guide covers configuration, permissions, and operational management for the Patient Statement Billing module.Quick Reference
Permission Configuration
Permission Keys
Recommended Role Assignments
Statement Run Configuration
Run Types
- On Demand: Manually triggered by staff for immediate statement generation.
- Scheduled: Configured to run at specific intervals (requires cron setup).
- Cycle End: Triggered at the end of a billing cycle.
Scheduling (Cron)
Statement runs can be automated via the Supabase dashboard cron orpg_cron:
⚠️ Security: Do not embed secrets in cron payloads. The invoked function should retrieve privileged credentials from secure server-side secret storage (environment secrets/secret manager) at runtime.
Edge Function: run-statement-cycle
- Location:
supabase/functions/run-statement-cycle/index.ts - Auth: Requires valid JWT with org access, or service role for cron invocations.
- Parameters:
organization_id(required),run_type,date_range_start,date_range_end,minimum_balance.
Delivery Channels
Database Tables
RLS Policies
- SELECT/INSERT/UPDATE: Enforced via
pm_has_org_access(organization_id, auth.uid()) - DELETE: Restricted to
pf_is_org_admin(auth.uid(), organization_id) - pm_statement_deliveries: Append-only — SELECT and INSERT only; no UPDATE or DELETE
Data Retention
- Statement deliveries are append-only and cannot be modified or deleted by any user role.
- Statement runs and their linked statements follow standard PM data retention policies.
Monitoring
Edge Function Logs
Monitor therun-statement-cycle function via:
Key Metrics
- Statements generated per run
- Delivery success/failure rates
- Average statement generation time
- Payment plan completion rates
- Financial assistance approval rates