Audit Logs: Phase 1 (API)
Overview: Audit Logs for Healthie
There are key events, actions and changes that providers, administrators, and clients take within Healthie for which it’s important to pull history of events. These commonly include history of an appointment, charting note, claim, or login history. As part of our HIPAA compliance, Healthie keeps detailed logs of all actions taken by users on the platform (including resources created, updated, and/or destroyed), and we are making available several of these actions via Audit Logs.
Phase 1 of our work is to make available key actions to developers to query directly via the API (versus having to send in a support ticket to request details). Phase 2 makes available Audit Logs within the UI.
You can review and follow the status of this ongoing project:
Audit Logs (Phase 1)
In Phase 1, Enterprise organizations with API access can pull Audit Logs. Specifically, only organization owners and users who have the can_view_audit_log permission enabled can view logs (Note: permission is through API, not permissions UI). Once enabled, users can utilize the auditLog query field in the graphQL API.
We’ve rolled out the first five events that can be tracked, each corresponding to the creation, updating, or deletion of a model:
- Appointment
- BillingItem
- FormAnswer
- FormAnswerGroup
- User
Currently Available Fields:
- Appointment
- audit_fields :date, :length, :contact_type, :location, :late_cancellation_fee, :user_id, :pm_status, :other_party_id, :appointment_type_id
- Billing Item
- audit_fields :amount_paid, :coupon_code, :refund_amount, :failure_reason, :state, :note, :requested_payment_id
- Form Answer
- audit_fields :answer, :label, :custom_module_id, :form_answer_group_id, :user_id
- Form Answer Group
- audit_fields :name, :finished, :locked_at, :locked_by_id, :marked_complete_at
- User
- audit_fields :email, :first_name, :last_name, :phone_number, :gender, :dob
For updates, we detail the specific fields that have changed. To see what fields are tracked for each model, look for audit_fields attribute in that class.
Here’s a simple example of an audit log query:
This will return the most recent audit events and for each event it will return the acting_user’s id, when the event happened, and the type of event (create, update, or destroy)
Here’s a more complicated example:
This query will return all audit events that were caused by user with id 1 that affected an appointment and that happened after 10/2/24 at 9:30. For each audit event it will return the list of fields that were changed and what their values were before and after the event.
Some notes:
As of October 2024, Healthie has started logging data for API audit logs, ensuring that you have a reliable history of changes readily available. The API currently supports retrieving data from the last four months, allowing you to monitor recent activities closely. If you need insights from earlier, our team is here to help – just reach out to hello@gethealthie.com. While there are certain limitations on the models, fields, and date ranges available, rest assured we maintain detailed records of all changes made to our system.
For organizations with multiple sub-organizations, the audit log for the parent organization consolidates events from all subsidiaries. This feature provides a clear view of activities across your entire structure, helping you maintain effective oversight and management.
Here’s an example audit event returned in the API:
Forthcoming updates
- Updates to Phase 1
- More models available in the logs
- Different kinds of audit events. Right now, our only events are creates, updates and destroys. But the audit_event table is structured in a way that we could add other kinds of events, like when a user views important data, or more custom events, like when a user prints a document. We could even eventually add support for customers defining their own custom events via the API.
- Launch of Phase 2: Front end views of Audit Logs
If you’re looking to enable this feature, need assistance with permissions, or have feedback for our developer experience team as we continuously improve Audit Logs please email hello@gethealthie.com.