Compliance

Incident Reporting

Coralia's Incident Reporting module is a governed safety-event record system for ABA (Applied Behavior Analysis) agencies: any authorized staff member can file an incident for a client without gates, filing permanently freezes the record with a SHA-256 (Secure Hash Algorithm 256-bit) tamper-evidence hash, and every correction is an append-only addendum on an audited, timestamped review lifecycle.

The problem in real agencies

A safety event in ABA rarely happens in front of the person responsible for documenting it. An elopement during a community session, aggression toward a technician, a fall in the clinic lobby — the witness is usually a registered behavior technician (RBT) or a front-desk coordinator, not the BCBA (Board Certified Behavior Analyst). In many agencies the record starts as a text message to a supervisor or a paper form, and what a payer or licensing reviewer later sees is a reconstruction.

Incident forms that demand completeness before accepting a submission produce the opposite of safety: staff wait until they have every detail, the filing drifts days past the event, and sometimes it never happens. Editable records create the opposite problem — quiet cleanup after the fact, which no auditor trusts. And serious events reach clinical leadership only if someone remembers to forward an email, so the people who must respond hear about it last.

Agencies also blur two different documents: the per-session behavior narrative that belongs with clinical data, and the formal safety-event record that belongs in a governed compliance file with its own review chain. When the two share one text box, neither survives a payer audit or a licensing inquiry — there is no filing timestamp, no review trail, and no way to show the record was not altered.

How it works in Coralia

  1. 1

    Report from anywhere, with nothing in the way

    Staff open 'Report incident' from the sidebar, a client's profile, or the escalation link inside a session note. They classify the event across 8 types — crisis, aggression, self-injury, elopement, accidental injury, medical, property, other — and 4 severities, from minor to sentinel. There is no completeness gate, no timeliness gate, and no caseload restriction on filing: a thin or late report always files. The form auto-saves to the browser on every keystroke, so a page reload never loses a crisis narrative, and the occurrence time defaults to now.

  2. 2

    Filing freezes the record

    An unfiled incident is an editable draft, flagged with a persistent amber banner. Filing takes a deliberate two-step confirmation and permanently freezes the account: Coralia stamps the filing time, computes a SHA-256 tamper-evidence hash over the full content, and snapshots the linked session's date, location, staff present, and place-of-service code, so the record survives even if the session is later edited. 'File now' creates and files in one request; if the filing step fails, the draft is preserved with a warning and a retry path instead of losing the narrative.

  3. 3

    Corrections are append-only addenda

    A filed record can never be edited in place — an attempted edit is rejected with a message pointing to the addendum path. Staff record corrections with 'Append to record': each addendum carries its author and timestamp, accepts up to 20,000 characters, and is itself never editable or deletable. The original text, the correction, and the order they were written in all stay visible, which is what a reviewer — internal or external — actually needs from an incident file.

  4. 4

    Late filings are flagged, never blocked

    At filing, Coralia computes the interval between when the event occurred and when it was documented, measured against the agency's filing window — 72 hours by default. A late filing still files: the record gets a 'Filed late' chip, the interval is stamped and shown in hours on the detail page, and a warning alert is raised with timestamps in the agency's local timezone. The past is deliberately unbounded, so an old event can always be documented; only future occurrence times are rejected, beyond a one-hour clock-skew allowance.

  5. 5

    Serious events escalate on their own

    When a filing lands at the serious or sentinel reportable threshold, Coralia automatically notifies clinical leadership — the admin and analyst role categories — at warning or critical severity, with a payload that contains no protected health information and a 60-minute deduplication window. From there, holders of the review permission advance the record through root-cause review, an action plan, and reportable escalation. Each step is timestamped on a visual lifecycle stepper that marks legitimately skipped steps as 'skipped' rather than pretending they happened.

  6. 6

    Encrypted narratives, audited access

    Coralia is built for HIPAA compliance: incident narratives, witness names, and addendum bodies are encrypted as protected health information (PHI). Witness roles come from a closed five-value list stored separately, so free text cannot leak a name into an unencrypted field. Staff without PHI clearance see explicit redaction notices — never silent blanks — while the original author can always read back their own text, and that read-back is itself logged as a PHI access. Every create, filing, transition, and addendum is written to the audit log.

The specifics

  • 8 incident classifications — crisis, aggression, self-injury, elopement, accidental injury, medical, property, other — and 4 severities: minor, moderate, serious, sentinel.

  • 7 lifecycle states, from event occurred through immediate response, filing, root-cause review, action plan, and reportable escalation — every transition timestamped.

  • Filing stamps a SHA-256 content hash and snapshots the linked session's date, location, staff present, and place-of-service code.

  • Default 72-hour filing window; a late filing still files, carrying a 'Filed late' chip, a stamped interval in hours, and a warning alert.

  • Narratives and addenda accept up to 20,000 characters each; an incident records up to 20 witnesses with a closed five-role witness list.

  • Three permission codes — incidents.view, incidents.file, incidents.review — separate seeing records, filing them, and running post-filing review.

  • By default all five built-in roles, office staff included, can view and file incidents; agency admins and BCBAs also hold review rights.

  • The triage list shows the latest 200 events across five filter tabs; unfiled drafts are merged in beyond that window so they never disappear.

  • Serious and sentinel filings notify clinical leadership automatically, with a PHI-free payload and a 60-minute deduplication window.

  • Concurrent review actions are race-safe: two reviewers advancing the same record cannot both land, and the loser gets a clear conflict error instead of a silent overwrite.

Integrations

In-app notifications — serious and sentinel filings route to clinical leadership with PHI-free payloads · Late-filing alerts — late filings raise a warning alert stamped in the agency's local timezone · HIPAA audit log — every create, filing, transition, addendum, and PHI reveal is recorded · Session notes — the in-note behavior-incident section escalates serious events into a pre-filled formal report

Access control

Three permission codes gate the module — incidents.view for the list and detail metadata, incidents.file for drafting, filing, and appending addenda, and incidents.review for advancing the post-filing lifecycle — and agencies assign them per role through the standard permission system. Reading narratives and witness names additionally requires PHI clearance, except for the original author, whose read-back is always permitted and audited.

Frequently asked questions

Can a filed incident report be edited or deleted?

No. Filing permanently freezes the record with a timestamp and a SHA-256 content hash, so later tampering is detectable. Any attempt to edit a filed record is rejected and redirected to the addendum path: corrections are appended as immutable addenda, each carrying its author and timestamp, and addenda themselves can never be edited or deleted.

What happens if staff file an incident late?

It still files — Coralia never blocks documentation on timeliness. The occurrence-to-filing interval is computed against the agency's filing window (72 hours by default), stamped on the record, and shown in hours on the detail page next to a 'Filed late' chip. A warning alert with agency-local timestamps is raised, so lateness is recorded rather than hidden.

How is this different from behavior incidents inside a session note?

Session notes carry lighter narrative behavior incidents — what happened, who was involved, the staff response, setting, intensity, and duration — that live with the session. The Incident Reporting module is the governed safety-event record: it freezes on filing, corrects only by addenda, and runs its own review lifecycle. A link inside the session note escalates a serious event such as injury, restraint, or crisis into a formal report pre-filled with the client.

Who gets notified when a serious incident is filed?

Filings at the serious or sentinel threshold automatically notify clinical leadership — the admin and analyst role categories — at warning or critical severity. The notification payload contains no protected health information, and a 60-minute deduplication window prevents repeated alerts for the same event. Individual users can tune delivery through their standard notification preferences.

Who can read the incident narrative?

Only staff with PHI (protected health information) clearance can read narratives, witness names, and addendum bodies — plus the original author, who can always read back their own text. Every reveal, including author read-back, is written to the audit log. Staff without clearance see explicit redaction notices instead of blanks, and witness roles come from a closed five-value list so a name never sits in an unencrypted field.