Patient Chart Service — Service Readiness
Status: populated Owner: TBD Last updated: 2026-04-18 Companion: Service Template · DEFINITION_OF_DONE
1. Readiness gate overview
Patient Chart is a Core mission-critical clinical service. Any CRITICAL gate failure blocks production deployment.
2. Gate checklist
Gate 1 — Documentation
| Check | Status | Verifier |
|---|---|---|
| All 17 canonical docs populated (not stubs) | ☐ | Tech Lead |
EPICS.md + USER_STORIES.md in Jira | ☐ | Product Owner |
MIGRATION_PLAN.md — five-module consolidation phase sign-off | ☐ | Platform Eng Lead |
SECURITY_MODEL.md reviewed | ☐ | Security Lead |
DOMAIN_MODEL.md — all aggregate invariants confirmed by clinical informatics | ☐ | Clinical Informatics Lead |
Gate 2 — Code quality
| Check | Status | Verifier |
|---|---|---|
| TypeScript strict; zero errors | ☐ | CI |
| ESLint: zero violations; hexagonal import rules pass | ☐ | CI |
| Unit test coverage ≥ 80 % (domain + application) | ☐ | CI |
| Integration test coverage ≥ 70 % | ☐ | CI |
test/integration/tenant-isolation.spec.ts green | ☐ | CI — mandatory |
test/integration/outbox.spec.ts green | ☐ | CI — mandatory |
test/integration/inbox.spec.ts green | ☐ | CI — mandatory |
| Pact consumer contract tests green | ☐ | CI |
| Event schema conformance tests green | ☐ | CI |
Gate 3 — Clinical data integrity
| Check | Status | Verifier |
|---|---|---|
| All domain invariants tested (NKA rule, duplicate-allergy check, signed-note immutability, cosign policy) | ☐ | Tech Lead + Clinical Informatics |
| Optimistic locking conflict tests passing | ☐ | Tech Lead |
| Break-glass requires reason — enforced in integration test | ☐ | Compliance Officer |
| AI-assist accept without provenance → rejected (CHART_AI_PROVENANCE_MISSING) | ☐ | Tech Lead |
| Allergy advisory returns correct data under concurrent writes | ☐ | Tech Lead |
Gate 4 — Security
| Check | Status | Verifier |
|---|---|---|
RLS policies enabled on all patient_chart tables | ☐ | DBA |
Cross-tenant reference rejected with CHART_CROSS_TENANT_REFERENCE | ☐ | Security Lead |
| Sensitive-segment access policy enforced | ☐ | Security Lead |
| Break-glass events audited to audit-service | ☐ | Compliance Officer |
| No PHI in log output (CI lint check) | ☐ | Security Lead |
Gate 5 — Observability
| Check | Status | Verifier |
|---|---|---|
| OTEL traces visible in Grafana Tempo | ☐ | SRE |
| All key metrics publishing in Prometheus | ☐ | SRE |
| Grafana dashboards deployed and populated | ☐ | SRE |
| SLO burn-rate alerts configured | ☐ | SRE |
| Outbox lag alert configured | ☐ | SRE |
| On-call runbooks written and linked | ☐ | SRE |
Gate 6 — Operations
| Check | Status | Verifier |
|---|---|---|
| Canary deploy (5 %, 30 min) in staging; rollback verified | ☐ | SRE |
| Five-module data migration validated in staging (row counts match) | ☐ | Platform Eng |
| Dual-publish NATS verified for all five legacy subjects | ☐ | Platform Eng |
| Consumer service cutover confirmed (medication, orders, population-health, portal) | ☐ | Platform Eng |
SERVICE_RISK_REGISTER.md reviewed; all CRITICAL/HIGH mitigated | ☐ | Tech Lead + SRE |
| On-call rotation assigned | ☐ | Engineering Manager |
Pod disruption budget minAvailable=2 set | ☐ | SRE |
3. Sign-off matrix
| Gate | Required signers |
|---|---|
| 1 — Documentation | Tech Lead, Product Owner |
| 2 — Code quality | CI (automated) + Tech Lead |
| 3 — Clinical data integrity | Tech Lead, Clinical Informatics Lead |
| 4 — Security | Security Lead, DBA, Compliance Officer |
| 5 — Observability | SRE Lead |
| 6 — Operations | SRE Lead, Platform Eng Lead, Engineering Manager |
4. Readiness levels
| Level | Description | Target |
|---|---|---|
| L2 | Core aggregate CRUD live; FHIR read surface for Condition/AllergyIntolerance/Observation | M0 |
| L3 | Full summary + timeline; contract tests against medication/lab/rad/imm/care-plan green | M1 |
| L4 | Break-glass + snapshot + AI-assist; SLO-governed; chaos-tested; all gates green | M3 |