Skip to main content

Patient Portal Service — Service Readiness

Status: populated Owner: TBD Last updated: 2026-04-18 Companion: Service Template · docs/standards/DEFINITION_OF_DONE.md

1. Readiness Gate Checklist

All items must be green before the service is promoted to production.

Architecture & Design

  • SERVICE_OVERVIEW.md reviewed and approved by platform architect
  • DOMAIN_MODEL.md reviewed; aggregates and invariants confirmed
  • API_CONTRACTS.md finalized; OpenAPI spec generated from controllers
  • SECURITY_MODEL.md reviewed by security team
  • FHIR resource surface reviewed by interop team

Implementation

  • All 17 service docs populated (no stubs remaining)
  • NestJS service scaffolded per hexagonal architecture (domain/, application/, infrastructure/, presentation/)
  • Drizzle ORM schema matches DATA_MODEL.md
  • PostgreSQL migrations checked in under src/infrastructure/migrations/
  • RLS policies applied to all PHI tables
  • Outbox relay worker implemented and tested
  • Inbox deduplication implemented (NATS consumer group + inbox table)
  • Feature flag ehr.portal entitlement check wired on all endpoints

Testing

  • Unit test coverage ≥ 85%
  • Integration test coverage ≥ 80%
  • tenant-isolation.spec.ts green
  • outbox.spec.ts green
  • inbox.spec.ts green
  • Pact consumer contracts for web + mobile registered and verified
  • E2E patient login + MFA flow passing
  • E2E lab results view with release policy passing
  • E2E proxy delegation flow passing

Security

  • SMART on FHIR scope enforcement verified for all 14 scopes
  • MFA mandatory enforcement confirmed in Keycloak patient realm
  • JWT ACR check on sensitive actions (export, account delete) verified
  • Proxy scope escalation prevention tested
  • PHI not appearing in application logs (log redaction verified)
  • PHI not included in AI prompts (prompt builder test green)
  • Release policy enforcement: unreleased results excluded in tests
  • Security review sign-off from security team

Observability

  • OpenTelemetry traces emitting to Tempo
  • Prometheus metrics scraping active
  • Portal Overview dashboard deployed in Grafana
  • All P1 alerts configured in Alertmanager
  • Runbooks linked from alert definitions

Operations

  • GET /health liveness and readiness endpoints respond
  • Kubernetes deployment manifests reviewed
  • HPA configured (CPU + RPM triggers)
  • Pod disruption budget configured (min 1 available)
  • Rollout strategy validated (zero-downtime rolling)
  • Environment variables documented in .env.example

Compliance

  • GDPR export capability verified (POST /v1/portal/export tested)
  • Access log completeness verified for all audit event types
  • Data residency: PostgreSQL deployed in AFG region
  • MoPH data governance sign-off obtained

2. Go/No-Go Criteria

CategoryMust-passShould-pass
Testingtenant-isolation, outbox, inbox, SMART scope testsAll E2E flows
SecurityRBAC matrix, MFA enforcement, PHI log redactionSecurity pen test
ObservabilityAlerts configured, traces activeDashboard published
ComplianceGDPR export working, access log completeMoPH sign-off