Medical compliance rules for clinical data integrity, audit logging, and fail-safe principles
Clinical data must never be "undeleted" - use explicit void flags instead.
// WRONG - Allows accidental restoration
treatment.destroy(); // Sets deletedAt, can be restored
// CORRECT - Explicit, auditable, non-reversible
treatment.update({
isVoided: true,
voidedBy: userId,
voidedAt: new Date(),
voidReason: "Entered in error",
});
// Never "un-void" clinical data
All medical data tables should include:
is_voided (boolean) - Void flagvoided_by (UUID) - Who voided the recordvoided_at (timestamp) - When voidedvoid_reason (text) - Why voidedawait ApplicatorAuditLog.create({
applicatorId: applicator.id,
action: "STATUS_CHANGE",
previousStatus: oldStatus,
newStatus: newStatus,
userId: req.user.id,
timestamp: new Date(),
details: JSON.stringify({ reason }),
});
SCHEDULED → ACTIVE → COMPLETED
↓ ↓
CANCELLED CANCELLED
const validTransitions = {
SCHEDULED: ["ACTIVE", "CANCELLED"],
ACTIVE: ["COMPLETED", "CANCELLED"],
COMPLETED: [], // Terminal
CANCELLED: [], // Terminal
};
if (!validTransitions[currentStatus].includes(newStatus)) {
throw new Error(`Invalid transition: ${currentStatus} → ${newStatus}`);
}
Medical devices must never default to "allow" when verification fails.
// WRONG - Fail-open
if (!canVerify) {
console.warn("Cannot verify, proceeding anyway");
return true; // DANGEROUS
}
// CORRECT - Fail-closed
if (!canVerify) {
throw new Error("SAFETY BLOCK: Cannot verify applicator");
}
const transaction = await sequelize.transaction({
isolationLevel: Transaction.ISOLATION_LEVELS.SERIALIZABLE
});
try {
await Treatment.update({ status: 'COMPLETED' }, { transaction });
await Activity.create({ ... }, { transaction });
await transaction.commit();
} catch (error) {
await transaction.rollback();
throw error;
}