Skip to main content

Desktop Electron EHR — user stories (narrative)

Parent epics: EPICS.md. Flat import table: UNIFIED_USER_STORIES.md.

DESK-EPIC-01 — Shell, auth, capability map

  • DESK-US-001 — As a user, I want OIDC login with secure token storage so that my session meets platform IAM policy.
  • DESK-US-002 — As a developer, I want a minimal preload contextBridge API so that the renderer never gets raw Node or secrets.
  • DESK-US-003 — As a user, I want the app to load a capability map after login so that only licensed and permitted modules appear.
  • DESK-US-004 — As a user, I want routes to register from entitlements so that I cannot navigate to unlicensed modules via URL guessing (server still enforces).
  • DESK-US-005 — As a user, I want a data-driven sidebar so that lab/pharmacy/imaging layouts match my site profile.
  • DESK-US-006 — As a site admin, I want default landing modules per site type so that lab sites open to lab-first experiences.
  • DESK-US-007 — As a power user, I want the command palette to respect entitlements so that hidden admin targets do not appear.
  • DESK-US-008 — As a user with multiple tenants, I want tenant switch to clear local scope so that PHI and queues never cross tenants.
  • DESK-US-009 — As finance, I want no background API sync for unlicensed modules so that we do not pay hidden integration costs.

DESK-EPIC-02 — SQLite, outbox, sync

  • DESK-US-010 — As a user, I want local SQLite scoped by tenant so that offline data stays isolated.
  • DESK-US-011 — As a user, I want outbound mutations queued with idempotency keys so that retries never duplicate clinical facts.
  • DESK-US-012 — As a user, I want sync to backoff on rate limits so that reconnect storms do not take down Kong.
  • DESK-US-013 — As a clinician, I want visible conflict resolution when the server returns 409 so that I never silently lose work.
  • DESK-US-014 — As a user, I want global and per-area sync status so that I trust what is pending.
  • DESK-US-015 — As support, I want correlation ids on sync requests so that we can trace client issues end-to-end.
  • DESK-US-016 — As a security officer, I want PHI encrypted at rest in the local DB so that lost devices have bounded risk.
  • DESK-US-017 — As a user, I want online-only actions clearly disabled offline so that I do not assume false success.

DESK-EPIC-03 — EHR core

  • DESK-US-018 — As registration staff, I want demographic capture offline with queue or blocked duplicate search per policy.
  • DESK-US-019 — As a clinician, I want encounter notes to draft offline and reconcile on sync with conflict UI.
  • DESK-US-020 — As a clinician, I want orders to distinguish draft vs signed per CPOE policy.
  • DESK-US-021 — As a clinician, I want problem/allergy/med lists with cached terminology and offline warnings for critical allergies.
  • DESK-US-022 — As a nurse, I want vitals and immunizations queued offline when supported.
  • DESK-US-023 — As a scheduler, I want cached calendars and queued booking intents when offline.
  • DESK-US-024 — As a user, I want secure messaging cached read-only when policy allows.
  • DESK-US-025 — As a user, I want OS and in-app notifications that respect pending sync state.
  • DESK-US-026 — As a clinician, I want virtual care joins clearly online-only with explanatory copy.
  • DESK-US-027 — As a clinician, I want care plans, reconciliation views with stale-as-of offline, and eRx draft with online submit.

DESK-EPIC-04 — Laboratory

  • DESK-US-028 — As a lab tech, I want a prioritized worklist so that STAT and routine are actionable.
  • DESK-US-029 — As a collector, I want collection workflow with barcode and collector attribution.
  • DESK-US-030 — As a lab tech, I want accessioning with reject/partial receive reasons.
  • DESK-US-031 — As a tech, I want result entry/review UIs with abnormal flags per server rules.
  • DESK-US-032 — As a tech, I want panels with reference ranges and units per locale.
  • DESK-US-033 — As QA, I want QC/instrument flows online-first with clear offline messaging.
  • DESK-US-034 — As a lab manager, I want role-gated screens and offline rules that never fake released results.

DESK-EPIC-05 — Pharmacy

  • DESK-US-035 — As a pharmacist, I want Rx queues with verification gated by permission.
  • DESK-US-036 — As a tech, I want fill/check/label/dispense with barcode verification.
  • DESK-US-037 — As inventory staff, I want stock/receiving/adjustments online-first per inventory service.
  • DESK-US-038 — As a pharmacist, I want compounding behind a feature flag with validation when required.
  • DESK-US-039 — As a pharmacist, I want controlled substances to require server validation and no EPCS bypass from desktop.
  • DESK-US-040 — As a pharmacist, I want counseling documentation and print/handout via safe print paths.
  • DESK-US-041 — As pharmacy leadership, I want offline/dispense policy with stale interaction data and SoD enforced by 403.

DESK-EPIC-06 — Imaging

  • DESK-US-042 — As a technologist, I want modality worklists with status and priority.
  • DESK-US-043 — As a scheduler, I want imaging orders aligned with slots/resources.
  • DESK-US-044 — As a radiologist, I want prior exams listed with metadata; full fetch when online.
  • DESK-US-045 — As a radiologist, I want viewer launch only via allowlisted integration.
  • DESK-US-046 — As a radiologist, I want report draft/prelim/final with signing online-only per policy.
  • DESK-US-047 — As a radiologist, I want peer review flows online-first with no silent publish offline.
  • DESK-US-048 — As PACS admin, I want DICOM/streaming with progress, cancel, and disk cache limits.
  • DESK-US-049 — As security, I want technologist vs radiologist views gated by permissions.

DESK-EPIC-07 — Documents

  • DESK-US-050 — As a user, I want uploads/downloads via main-process file APIs with server policy.
  • DESK-US-051 — As a user, I want OCR via cloud orchestrator or local ONNX per tenant policy.
  • DESK-US-052 — As a clinician, I must confirm OCR text before it enters the legal chart.

DESK-EPIC-08 — Billing

  • DESK-US-053 — As a biller, I want draft charges locally and payer submission online-only.
  • DESK-US-054 — As finance, I want sync retries to surface billing errors without duplicate charges.

DESK-EPIC-09 — Pop health, reporting, admin

  • DESK-US-055 — As an analyst, I want population dashboards with cached as-of timestamps when approved.
  • DESK-US-056 — As a manager, I want server-side reports with exports/pagination on desktop.
  • DESK-US-057 — As an admin, I want read-only cached labels for org data when offline.
  • DESK-US-058 — As platform ops, I want admin mutations to never silently queue without explicit idempotent design.

DESK-EPIC-10 — AI

  • DESK-US-059 — As a user, I want cloud AI only via Kong ai-orchestrator with tenant gates.
  • DESK-US-060 — As a user, I want optional local ONNX in main/worker with typed IPC limits.
  • DESK-US-061 — As a user, I want semantic search to respect tenant access-policy.
  • DESK-US-062 — As compliance, I want clinical suggestions to require explicit accept and audit attribution.

DESK-EPIC-11 — Hardening

  • DESK-US-063 — As a user, I want long clinical tables virtualized for performance.
  • DESK-US-064 — As a user, I want heavy SQLite work off the UI thread where needed.
  • DESK-US-065 — As a regional user, I want RTL/LTR and keyboard accessibility validated by E2E.
  • DESK-US-066 — As privacy, I want crash reporting opt-in without PHI payloads.
  • DESK-US-067 — As a user, I want lazy-loaded module bundles and entitlement refresh without reinstall.
  • DESK-US-068 — As release engineering, I want CI smoke on Windows/macOS/Linux and proxy documentation.