Therapy Documentation System Review

============================================================ PHASE 2: CLINICAL NOTE QUALITY REVIEW

NOTE STRUCTURE COMPLIANCE:

SOAP Notes:

• Subjective: Check for fields capturing client self-report, presenting concerns, mood/affect description, relevant history shared in session.
• Objective: Check for observable data fields (clinician observations, mental status, behavioral observations, assessment scores, vital signs if applicable).
• Assessment: Check for clinical formulation fields (progress toward goals, diagnostic impressions, risk assessment, clinical judgment).
• Plan: Check for next steps (interventions for next session, homework assignments, referrals, medication changes, follow-up scheduling).
• Verify that all four sections are required before note finalization.

DAP Notes:

• Data: Check for combined subjective and objective information fields.
• Assessment: Check for clinical interpretation and progress evaluation fields.
• Plan: Check for treatment direction and next session planning.
• Verify structural compliance with DAP format expectations.

NOTE CONTENT QUALITY:

• Check for minimum content requirements per note type.
• Examine whether templates guide clinicians toward clinically relevant documentation (not just billing requirements).
• Verify that notes support both structured data entry and narrative text.
• Look for clinical language guidance (avoiding jargon, maintaining objectivity, documenting in behavioral terms).

NOTE TIMELINESS:

• Check for note completion deadline enforcement (e.g., 24-48 hours post-session).
• Examine overdue note detection and notification workflows.
• Verify that late notes are flagged in compliance reports.
• Look for real-time documentation support (capture during session without disrupting flow).

NOTE INTEGRITY:

• Check for note locking after finalization (preventing unauthorized modification).
• Examine amendment and addendum workflows (preserved as separate entries, not overwrites).
• Verify that electronic signatures include timestamp and are non-repudiable.
• Look for version history on notes (all changes tracked with author and timestamp).

============================================================ PHASE 3: DIAGNOSTIC CODE ACCURACY

CODE DATABASE:

• Examine the diagnostic code database or lookup service.
• Check for DSM-5 code completeness and currency.
• Verify ICD-10-CM mapping accuracy (DSM-5 to ICD-10-CM crosswalk).
• Look for regular code set updates (annual ICD-10-CM updates, DSM-5-TR changes).

CODE SELECTION INTERFACE:

• Examine the diagnostic code selection workflow.
• Check for search capabilities (by code, by description, by keyword).
• Verify that the interface distinguishes primary from secondary diagnoses.
• Look for specifier and severity level selection support.
• Check for common code favorites or recently used codes per provider.

CODE VALIDATION:

• Check for code format validation (proper ICD-10-CM structure: letter + digits + decimal).
• Examine whether the system flags retired or invalid codes.
• Verify that age-specific and gender-specific code restrictions are enforced.
• Look for code-diagnosis consistency checking (does the selected ICD-10 code match the documented clinical presentation).

BILLING ALIGNMENT:

• Check for diagnosis-procedure code compatibility validation.
• Examine whether the system supports multiple diagnosis codes per encounter.
• Verify that primary diagnosis designation aligns with billing requirements.
• Look for medical necessity documentation support linked to diagnosis codes.

============================================================ PHASE 4: INFORMED CONSENT TRACKING

CONSENT TYPES:

• Enumerate all consent types managed: treatment consent, telehealth consent, release of information, consent for recording, research consent, consent for specific treatments (medication, group therapy), minor consent.
• Check for consent form version management.
• Verify that consent templates are customizable by treatment setting.

CONSENT LIFECYCLE:

• Check for consent creation, delivery, signature capture, and storage workflows.
• Examine electronic signature capabilities (typed, drawn, certificate-based).
• Verify that consent has defined expiration dates and renewal reminders.
• Look for consent revocation workflows with downstream impact (revoking ROI stops information sharing).

CONSENT ENFORCEMENT:

• Check for consent-gated features (telehealth session cannot start without active telehealth consent).
• Examine whether release of information consent is checked before sharing records.
• Verify that expired consent triggers re-consent workflows.
• Look for minor consent and guardian authorization management.

CONSENT DOCUMENTATION:

• Check that consent records include: date, time, who obtained consent, who signed, scope of consent, expiration date, and the specific version of the consent document.
• Verify that consent records are immutable after signing.
• Look for consent audit trail accessibility for compliance reviews.

============================================================ PHASE 5: TREATMENT PLAN DOCUMENTATION

PLAN STRUCTURE:

• Examine the treatment plan documentation template.
• Check for required components: problem identification, goals, objectives, interventions, responsible parties, target dates, review dates.
• Verify that treatment plans support multiple problems with distinct goal sets.
• Look for initial plan vs. plan update differentiation.

PLAN-NOTE LINKAGE:

• Check for linkage between session notes and treatment plan goals.
• Examine whether session notes reference which plan goals were addressed.
• Verify that progress noted in sessions flows into plan review evaluations.
• Look for automated plan review triggers based on time or session count.

PLAN REVIEW AND UPDATE:

• Check for mandated review periods (30-day, 60-day, 90-day per regulatory requirements).
• Examine the plan review documentation workflow.
• Verify that plan changes are documented with rationale.
• Look for client signature requirements on initial plans and updates.

PLAN COMPLIANCE:

• Check for treatment plan presence validation (every active client has a current plan).
• Examine overdue plan review detection.
• Verify that plans meet payer requirements for covered services.
• Look for plan-service alignment (services billed are consistent with plan interventions).

============================================================ PHASE 6: SUPERVISION RECORD KEEPING

SUPERVISION DOCUMENTATION:

• Examine the supervision note template and data model.
• Check for required fields: date, duration, format (individual, group, live observation), cases discussed, clinical issues addressed, directives given, competency assessments.
• Verify that supervision records are linked to the supervisee's credential requirements.
• Look for separation between supervision notes and client clinical records.

SUPERVISION HOUR TRACKING:

• Check for hour accumulation tracking against licensure requirements.
• Examine category differentiation (individual hours, group hours, direct observation hours).
• Verify that hour logs include supervisor credentials and license status.
• Look for progress-toward-licensure dashboards for pre-licensed clinicians.

SUPERVISION COMPLIANCE:

• Check for supervision frequency requirements (weekly, biweekly per regulatory mandate).
• Examine whether supervision gaps trigger alerts.
• Verify that supervisory co-signatures on clinical notes are tracked and enforced.
• Look for supervisor scope-of-practice validation (supervisor is credentialed to supervise the supervisee's treatment modalities).

RISK MANAGEMENT IN SUPERVISION:

• Check for high-risk case documentation in supervision records.
• Examine whether supervision records capture consultation on ethical dilemmas.
• Verify that supervisory directives are documented and follow-up is tracked.
• Look for supervisor liability documentation.

============================================================ PHASE 7: HIPAA COMPLIANCE REVIEW

ACCESS CONTROLS:

• Check for role-based access control on clinical records.
• Examine minimum necessary access enforcement (front desk sees scheduling, not clinical notes; billing sees diagnosis codes and CPT codes, not session content).
• Verify that access to records by non-treating providers requires documented justification.
• Look for break-the-glass procedures for emergency access with full audit trail.

ENCRYPTION AND STORAGE:

• Check for encryption at rest on all clinical documentation.
• Verify that encryption in transit is enforced (TLS 1.2+ on all connections).
• Examine database-level encryption configuration.
• Look for encryption key management practices (key rotation, access controls on keys).

AUDIT LOGGING:

• Check for comprehensive audit logging: who accessed which record, when, what action taken.
• Verify that audit logs are tamper-resistant (append-only, separate from application data).
• Examine audit log retention period (minimum 6 years per HIPAA).
• Look for automated suspicious access detection (after-hours access, high-volume record access, access to records without treatment relationship).

DATA BREACH PREPAREDNESS:

• Check for breach detection capabilities.
• Examine breach notification workflow readiness.
• Verify that breach risk assessment tools are available.
• Look for data incident response procedures in the system.

CLIENT RIGHTS:

• Check for client access to their own records (view, download, transmit).
• Examine amendment request workflows (client can request corrections).
• Verify that accounting of disclosures is maintained and accessible.
• Look for restriction request management (client requests limits on information use).

PHI HANDLING:

• Check for PHI identification and tagging in all data stores.
• Examine de-identification capabilities for research and quality improvement.
• Verify that PHI is not present in log files, error messages, or analytics data.
• Look for data minimization practices (collecting only what is needed).

============================================================ SELF-HEALING VALIDATION (max 2 iterations)

After producing the review, validate completeness and consistency:

1. Verify all required output sections are present and non-empty.
2. Verify every finding references a specific file or code location.
3. Verify recommendations are actionable (not vague).
4. Verify severity ratings are justified by evidence.

IF VALIDATION FAILS:

• Identify which sections are incomplete or lack specificity
• Re-analyze the deficient areas
• Repeat up to 2 iterations

============================================================ OUTPUT

Therapy Documentation System Review

Platform: {detected stack and integrations}

Scope: {subsystems reviewed}

Note Templates: {N} types implemented

Diagnostic Codes: {DSM-5/ICD-10 coverage}

Consent Types: {N} managed

System Health Summary

Critical Findings

1. {DOC-001}: {title}
   • Domain: {Notes/Coding/Consent/Plans/Supervision/HIPAA}
   • Location: {file:line}
   • Severity: {Critical/High/Medium/Low}
   • Impact: {what could go wrong for compliance or clinical quality}
   • Recommendation: {specific improvement}

Note Quality Assessment

• SOAP compliance: {compliant/partial/non-compliant}
• DAP compliance: {compliant/partial/non-compliant}
• Timeliness enforcement: {present/absent}
• Note locking: {present/absent}
• Amendment workflow: {present/absent}

Diagnostic Coding

• DSM-5 coverage: {complete/partial}
• ICD-10-CM currency: {current year/outdated/absent}
• Code validation: {present/absent}
• Billing alignment: {present/absent}

Consent Management

• Consent types tracked: {N}
• Electronic signature: {present/absent}
• Expiration enforcement: {present/absent}
• Consent-gated features: {present/absent}

Treatment Plan Compliance

• Required components: {N} of standard set
• Plan-note linkage: {present/absent}
• Review period enforcement: {present/absent}
• Client signature: {present/absent}

Supervision Records

• Hour tracking: {present/absent}
• Co-signature enforcement: {present/absent}
• Compliance monitoring: {present/absent}
• Licensure progress: {present/absent}

HIPAA Compliance Summary

DO NOT:

• Review the clinical quality of actual therapy notes or treatment plans.
• Make recommendations about clinical treatment approaches or diagnostic decisions.
• Access or evaluate real client records (analyze system capabilities, not client data).
• Ignore HIPAA compliance even when reviewing clinical feature quality.
• Skip supervision record analysis as it has regulatory and liability implications.
• Recommend specific EHR vendors or documentation platforms.

NEXT STEPS:

• "Run /crisis-risk-monitor to evaluate crisis documentation and escalation workflows."
• "Run /treatment-outcome to analyze how documentation supports outcome measurement."
• "Run /security-review for a deep technical security audit of the documentation platform."
• "Run /care-plan-optimizer to evaluate treatment plan quality and optimization features."

============================================================ SELF-EVOLUTION TELEMETRY

After producing output, record execution metadata for the /evolve pipeline.

Check if a project memory directory exists:

• Look for the project path in ~/.claude/projects/
• If found, append to skill-telemetry.md in that memory directory

Entry format:

### /therapist-documentation — {{YYYY-MM-DD}}
- Outcome: {{SUCCESS | PARTIAL | FAILED}}
- Self-healed: {{yes — what was healed | no}}
- Iterations used: {{N}} / {{N max}}
- Bottleneck: {{phase that struggled or "none"}}
- Suggestion: {{one-line improvement idea for /evolve, or "none"}}

Only log if the memory directory exists. Skip silently if not found. Keep entries concise — /evolve will parse these for skill improvement signals.