🏠 Overview 👥 User Roles 📖 Delete or Archive Expired and Superseded Documents

Delete or Archive Expired and Superseded Documents

The document detail screen provides archive and delete actions for documents in eligible states (expired, superseded). Archive moves the document to a non-active state where it is retained for audit purposes but excluded from the active document list. Permanent deletion removes the file from secure storage and the database record, but retains a deletion tombstone entry in the audit log showing when, by whom, and why the document was deleted. Before either action, a confirmation dialog presents the document name, type, and associated person to prevent accidental deletions. Deletion is only permitted for documents the administrator's organization owns, enforced by row-level security.

MEDIUM story-power-of-attorney-documentation-organization-administrator-007 3 pts
3
Story Points
Medium
Priority
Power of Attorney & Documentation Digitization
Feature

User Story

As a Organization Administrator
I want to archive or permanently delete documents that have expired or been superseded by newer versions, with confirmation prompts and a record of the deletion in the audit trail
So that So that the document library remains clean and compliant, outdated documents are not accidentally used, and the organization meets GDPR data minimization requirements by not retaining sensitive documents beyond their required retention period

Acceptance Criteria

  • Given a document is in 'expired' or 'superseded' status, when the administrator selects the archive action, then the document is moved to archived state and disappears from the active document list
  • Given the administrator selects permanent deletion, when the confirmation dialog is shown, then the document name, type, and associated person are clearly displayed before the action is confirmed
  • Given a document is permanently deleted, when the administrator later checks the audit trail, then a deletion record is present showing the deleting user, timestamp, and document identifier
  • Given the administrator attempts to delete a document belonging to another organization, when the request is submitted, then the system rejects it with an authorization error and no deletion occurs
  • Given a document is archived, when the administrator applies the 'include archived' filter, then archived documents appear in the list with a distinct visual treatment indicating their inactive status

Business Value

GDPR requires that personal data, especially sensitive health information, is not retained beyond its necessary purpose. Powers of attorney that have been superseded or expired must be removed to prevent accidental use of outdated authorization and to fulfill data minimization obligations. Providing a clear, auditable deletion workflow ensures the organization can demonstrate compliant data lifecycle management to regulators.

Components

Power of Attorney & Documentation Digitization
Related Feature
Organization Administrator
User Role