Logged Events

Audit logs include:

• All FHIR API requests and responses
• Patient360 retrievals and clinical document exports
• Member enrollment, data export, and subscription activity
• Authentication and token generation attempts
• Errors, timeouts, and access denials

Logged Fields

Each log entry may include:

• Timestamp and environment
• Tenant, organization, and user identifiers
• IP address and client application
• HTTP method, endpoint, and status code
• Resource type and ID
• Token and scope used
• Query parameters and filters

Log Retention

Logs are retained according to HIPAA and SOC 2 requirements. Access to logs is restricted to authorized personnel and may be provided to clients upon request or during audits.