Search

Every access decision is logged: - Sign‑ins and sign‑outs - Permission changes - Access removal Giving practices clear visibility for governance, inspections, and internal review.

Primoro keeps documents governed at every stage: - Secure, in‑app document viewing (not downloads or email attachments) - Acknowledgements and approvals tracked by individual - Historical versions preserved for audit - Full visibility of who accessed what, and when This supports inspections, audit...

The system MUST log the following events, each with actor, target, and timestamp: - Login and logout (all user types) - Failed authentication attempts - MFA challenges and outcomes - ACP authentication and session events (as a distinct event type) - ACP SupportSession issuance and termination event...

- **Empty state:** [+inferred: Should not occur in normal production use. If shown (e.g. on a brand-new tenant before any logins), display a message indicating when audit logging began, not an invitation to take action. Inferred from the append-only, always-on nature of audit logging in technical sp...

Security and privacy are embedded across the entire Primoro platform: - Individual user accounts — no shared logins - Role‑based access controls across all features - Every action tied to a named individual - Full audit trails for access, activity, and document interaction These controls apply con...

- Generate compliance and task reports on demand - Stock movement, valuation, and expiry reporting - Supplier spend and pricing trends - Export reports for CQC and GDC inspections

Digital Forms operate within Primoro’s governed platform: - role‑based access to forms and responses - authorisation‑based download and sharing of signed PDFs - no shared logins or forwarded documents - full audit trails for submission, signing, downloads, and updates - defined data‑retention polic...

The system MUST log, with actor identity and UTC timestamp, the following events: - All Lead and Opportunity creation events, including `SourceChannel` and assigned `Stack` - All stage transitions, including trigger mechanism (staff action, `ProposalAccepted` event, system rule) - All `BookingEligi...

- Where supported, Primoro writes a call summary/note into the practice PMS so the interaction is reflected in the patient record. - If PMS logging is unavailable (API limitation/outage), Primoro creates a follow‑up task for staff to log the details manually.

The module MUST record: - all inventory movements - all approvals and procurement decisions - compliance task completion and evidence - equipment service history and reports This data forms the authoritative evidence base for inspections.

The system MUST log all of the following events with actor identity, timestamp, and context: - Form assignment (automatic, manual, or bulk), including the rule or actor that triggered it - Patient or carer access (form opened / viewed) - Form submission - Signature capture, including delegated sign...

The system MUST log: - All Reward Transaction events (earn, redeem, adjustment, donation) with actor ID and timestamp - All Referral state transitions, including the channel of share and the actor triggering each transition - All Redemption state transitions with actor and justification - Manual po...

The system MUST log: - All state transitions on canonical objects (Schedule Pattern, Rota Entry, AbsenceChangeEvent), with actor and timestamp - All read/write actions on patient-bound or staff-bound data - All AI suggestions, including which were accepted or rejected by humans - All cross-module e...

The system MUST log the following events as immutable, exportable audit records: - All Quality Finding state transitions, with actor identity and timestamp - All Draft Output Artefact state transitions, including disposition (`Accepted`, `Edited`, `Rejected`) and any content diff on edit - All AI s...

The system MUST log: - All dashboard access events, including UserId, Role, SiteId, and timestamp - All action launches from dashboard signals (e.g. task opened, appointment acted on), including the LinkedEntityId and actor - Role-based visibility enforcement decisions (i.e. when a card or widget i...

The system MUST log: - All recall state transitions (Not Due / Due / Overdue / Inactive), with actor (system or staff), role, and timestamp - All outreach sub-state transitions (Notified / Viewed / Engaged / Booked / Needs Personal Follow-up), with timestamp - All outreach events initiated, includi...

The system MUST log: - Dashboard access events: who accessed which Dashboard View, at what time, and with what permission scope. - Filter events: which date, site, or provider filters were applied, and by whom. - Drill-through events: which drill-down was navigated to, from which metric, and by who...

The system MUST log: - Aftercare Instruction creation, with origin (Appointment | Manual | Bulk), template version, and acting user or system. - Delivery events, including timestamp and recipient identity (PatientId and CarerId where applicable). - Patient and carer view events with timestamp. - Fo...

The system MUST log the following events, each with actor identity and timestamp: - Nurse authentication events — login, user switch, inactivity timeout, rota-end-time logout - Tray Ready confirmations — nurse identity, appointment reference, timestamp - Decon work package task completions — nurse ...

The system MUST log: - All state transitions on LeaveRequest, HRWorkflowInstance, StaffRecord, and PayrollPeriod artefacts, with actor identity and timestamp - All risk classifications assigned to LeaveRequests, including the coverage impact data shown at the time of classification - All manager ri...

The system MUST log (immutable): - Finding ID and type at creation. - Source signal(s) linked to the Finding at creation time. - Timestamps for all state transitions (Detected → Action Created → In Progress → Escalated → Resolved → Closed). - Owning role assigned at each state. - All tasks created ...

The system MUST log: - All Order state transitions, with actor identity and timestamp - All refund actions, including reason code, actor, amount, and reference to the original DNA Payments transaction - All read and write operations on patient-bound Order and fulfilment records - All AI-generated p...

The system MUST log: - All Financial Signal ingestion events, including source module reference and ingest timestamp. - All Insight Card state transitions (Generated → Acknowledged → Action Created → Resolved → Archived), with actor and timestamp. - All Cash Reconciliation Record state transitions,...

The system MUST log the following events: - All loyalty status changes for a patient, including the signal inputs that triggered the change, the prior status, the new status, and the timestamp. - All staff reads of patient-level loyalty panels, with actor and timestamp. - All reads of practitioner-...

The system MUST log: - All Lab Case state transitions, with actor identity, role, and timestamp. - All Lab Invoice state transitions, with actor identity, role, and timestamp. - All lab and staff interactions recorded against the Lab Case communication timeline. - All SLA evaluations, including thr...

The system MUST log: - All AI-initiated prompts, with channel, role context, and screen context - All suggested actions surfaced to users, including which were confirmed, abandoned, or escalated - All escalation events, with reason, confidence score, target role, and timestamp - All actions launche...

The system MUST log: - All CarePlanMembership state transitions, with actor and timestamp - All enrolment events, including channel and eligibility check outcome - All payment events (collected, failed, retried, recovered) with GoCardless reference - All entitlement usage decisions, including statu...

The system MUST log: - All Referral Record state transitions, with actor identity and timestamp. - All ownership assignments and reassignments, with actor identity and timestamp. - All inbound and outbound referral communications captured against the Referral Record. - All document uploads and outc...