Reading the clinic audit log
Investigate who did what and when within your clinic.
Overview
The clinic audit log records every action that touches sensitive data. As Owner or Admin, you use it to investigate incidents, prepare for compliance audits, and confirm staff are following policy.
Prerequisites
- Owner or Admin role
Steps
Open the audit log. Settings → Security → Audit Log.
Read the default view. Last 30 days, all categories. Each row: timestamp, actor, action, resource type, resource ID, IP, brief diff.
Filter to investigate. By user, by category (auth, patient, clinical, financial, config), by date.
Click any row to expand. See full data file diff of the change. Useful for forensic-grade reconstruction.
Export a slice for an external auditor. Export → CSV or data file, with a reason. Auditor receives a downloadable file plus the audit trail of the export itself.
Set up alerts. Alerts tab → create alerts for unusual patterns: repeated failed sign-ins, after-hours patient access, mass exports.
Cross-reference with sessions. When investigating, also open Settings → Sessions to see active devices for the actor.
Don't tamper. The log is immutable. Even Owners can't delete rows. If you spot an issue, document and remediate via the proper flow.
Expected outcome
- The log gives an authoritative answer to "who did what when"
- Filters and exports support real investigations
- Alerts catch anomalies without manual scanning
Troubleshooting
| Symptom | Likely cause | Fix |
|---|---|---|
| Action you expected isn't logged | Some read-only views aren't logged | Audit log captures changes; for read access ask platform support for the deeper log |
| Export huge | Too broad date range | Narrow filters before exporting |
| Alerts noisy | Threshold too low | Tune in Alerts settings |
| Want longer retention | Default is 7 years | Sufficient for most regulations |
| Patient asks for all access logs about themselves | NDPR right of access | Filter by patient ID, export, hand over |