Audit & Logging
Last updated
Was this helpful?
Last updated
Was this helpful?
Audit logging is essential in healthcare systems because it:
Protects Patient Privacy: Tracks who accessed sensitive medical records, ensuring compliance with privacy laws like HIPAA
Prevents Data Breaches: Helps detect and investigate unauthorized access to patient data
Ensures Accountability: Records all changes to medical records, creating a clear trail of who modified what and when
Supports Legal Requirements: Provides evidence for compliance audits and legal investigations
Aidbox provides comprehensive audit and logging capabilities:
FHIR Basic Audit Logging Profile (BALP) implementation
FHIR Resource versioning
Logging configuration
Aidbox supports the FHIR Implementation Guide.
When audit logging is enabled, Aidbox produces audit logs for significant events:
FHIR CRUD & Search operations for basic FHIR resources and custom resources
FHIR CRUD & Search operations for patient compartment, FHIR resources, and custom resources
[WIP] Authentication & Authorization events (login, logout, SMART on FHIR authorization, etc)
[WIP] Security & configuration updates.
POST /fhir/AuditEvent to record events
GET /fhir/AuditEvent to receive them
See tutorial:
A separate version is recorded in the history table each time a resource is created, updated, or deleted.
Aidbox is an (ARR) for FHIR AuditEvent resources. Aidbox supports
All versions can be accessed using the operation.
Aidbox automatically logs all auth, API, database, and network events, so in most cases, basic audit logs may be derived from .
Aidbox also provides ways to Aidbox logs.
