| R-01 | Payer EDI timeout cascade — EDI clearinghouse slow response (X12 277 / 835) causes claim submission queue to back up; connection pool exhaustion blocks new claim submissions | Operations | Medium | High | High | SRE + Tech Lead | Per-payer circuit breaker on submission adapter; EDI timeout configurable per payer (default 30 s); claims_submission_queue_depth_gauge Prometheus metric; ClaimsSubmissionQueueHigh alert; async submission pattern: submit returns 202, status polled | Low after circuit breaker |
| R-02 | Duplicate claim submission — network retry or operator error causes the same claim to be submitted to a payer twice; payer may adjudicate and pay both, creating overpayment liability | Financial / Compliance | Low | High | High | Tech Lead | Idempotency-Key on submission endpoint (24 h cache); clearinghouse_ref unique constraint per (payer_id, tenant_id); duplicate claim detection at scrubbing stage: check active claims with same (patient_id, encounter_id, service_date, procedure_codes); blocked by DUPLICATE_CLAIM error code | Low after controls |
| R-03 | Coverage verification SLA breach — eligibility inquiry (X12 270/271 or payer REST) exceeds 30-second SLA; pre-authorization and claim assembly stall; patients experience registration delays | Operations | Medium | Medium | Medium | SRE + Tech Lead | Eligibility response cached per coverage (TTL configurable, default 4 h); cache hit rate monitored; async eligibility mode available when real-time unavailable; claims_eligibility_check_duration_seconds histogram; ClaimsEligibilityTimeout alert | Low after caching |
| R-04 | EOB reconciliation drift — ExplanationOfBenefit FHIR resources generated from remittance records diverge from actual claim state over time; patient portal shows incorrect payment history | Data Integrity | Medium | Medium | Medium | Tech Lead | EOB is generated transactionally when remittance allocation is applied (claims.remittance.applied.v1 event triggers EOB generation); reconciliation job runs nightly comparing claim status against EOB presence; ClaimsEobReconciliationDrift alert on mismatch > threshold | Low after reconciliation job |
| R-05 | Regulatory code set changes (ICD-10 annual updates) — annual ICD-10-CM code set update (effective October 1 each year) causes newly invalid codes to pass claim scrubbing if terminology-service is not updated on time | Regulatory / Compliance | High | Medium | High | Compliance + terminology-service team | Claim scrubbing validates diagnosis codes against terminology-service; terminology-service release process gates ICD-10 annual update to production before October 1; INVALID_DIAGNOSIS_CODE claim scrubbing error returns specific code; scrubbing rules are terminology-service-driven, not hard-coded | Low with process |
| R-06 | Cross-tenant claim routing — multi-tenant deployment where billing admin or integration error causes a claim to be routed to the wrong tenant's payer configuration | Security / Compliance | Very Low | Critical | High | SRE + Tech Lead | tenant_id RLS on all tables; payer configs scoped to tenant; tenant-isolation.spec.ts mandatory CI gate; submission adapter always reads payer config with tenantId filter; audit log captures every submission with tenantId | Very Low after controls |
| R-07 | Claim scrubbing rule staleness — custom scrubbing rules (payer-specific edits, NPI validation) not updated after payer policy change; claims fail at clearinghouse after passing internal scrubbing | Revenue Cycle | Medium | Medium | Medium | Billing Operations | Payer scrubbing rules stored in payer_configs.scrubbing_rules (JSON, per-tenant-override); billing admin notified via ClaimScrubRuleUpdate alert when clearinghouse rejection rate for a payer exceeds 5%; scrubbing rule update process documented in billing operations runbook | Low with monitoring |
| R-08 | Denial code set volatility (CARC / RARC) — CARC and RARC codes updated by NUBC/ASC X12 periodically; unmapped new codes cause denial case records to have unknown denial reason; appeal workflow stalls | Regulatory | Low | Medium | Medium | Tech Lead + Compliance | CARC/RARC code table stored in claims.denial_codes (updated from terminology-service); unknown denial reason triggers UNMAPPED_DENIAL_CODE alert; billing team reviews unmapped codes within 24 h; appeal deadline is still recorded even with unknown reason | Low with monitoring |