Audit Logging

We capture an immutable trail of every clinically meaningful action. Audit data enables retrospective reviews, billing validation, and incident investigations.

Event Pipeline

• Every audit record includes the requestor, action, entity, payload hash, and outcome.
• Triggers sign payloads with a rotation-managed key so tampering attempts are detectable.

Event Schema

TypeScript

interface AuditEvent {
  id: string;
  occurredAt: string;
  actor: {
    type: 'user' | 'service';
    id: string;
    role: string;
  };
  action: string;
  entity: {
    table: string;
    primaryKey: string;
  };
  metadata: Record<string, unknown>;
  correlationId: string;
  outcome: 'success' | 'denied' | 'error';
}

SQL

create table compliance.audit_events (
  id uuid primary key default gen_random_uuid(),
  occurred_at timestamptz not null default now(),
  actor jsonb not null,
  action text not null,
  entity jsonb not null,
  metadata jsonb not null,
  correlation_id text not null,
  outcome text not null check (outcome in ('success', 'denied', 'error'))
);

PHI Handling

Audit records store hashed identifiers and redacted payload snippets-no raw PHI is persisted. Reviewers fetch contextual data on demand using the correlation ID.

Retention & Access

• Audit events are retained for 10 years to align with payer requirements.
• Only the compliance and internal ops roles can export audit logs; partner staff can view filtered trails for their patients in the partner portal.

Alerting & Reporting

• Suspicious patterns (e.g., large exports, repeated policy denials) trigger PagerDuty alerts.
• Incident summaries feed into the Incident Response Playbooks (private) so we can replay remediation steps.
• Monthly reporting aggregates events into Minutes Verification, Security Spotlight, and Partner Scorecards.

Maintaining a comprehensive audit trail underpins our commitment to transparent, accountable care delivery.