healthcare-audit-logger
Healthcare Audit Logger
Comprehensive HIPAA audit logging and event tracking skill for AI agents. Generates immutable audit trails for healthcare systems, tracks PHI access, monitors authentication events, and ensures compliance with 45 CFR §164.312(b) audit control requirements.
Capabilities
- Audit Log Generation - Create HIPAA-compliant audit logs with immutable records
- Event Classification - Categorize healthcare events (access, modification, deletion, export)
- PHI Access Tracking - Log all access to Protected Health Information
- Authentication Logging - Record login, logout, and privilege escalation events
- Modification Auditing - Track who changed what, when, and why for PHI records
- User Activity Monitoring - Follow user workflows and data interactions
- Timestamp Management - Synchronized UTC timestamps with tamper detection
- Retention Policies - Manage audit log retention per HIPAA requirements (6+ years)
- Log Export - Generate compliance reports and audit summaries
- Integrity Verification - Validate audit log authenticity and non-repudiation
Usage
/healthcare-audit-logger [command] [options]
Commands
init <config-file>- Initialize audit logging for a healthcare systemlog <event-type> <details>- Log a healthcare eventlog-access <user> <resource> <action>- Log PHI accesslog-auth <user> <event> <result>- Log authentication eventlog-modification <user> <resource> <change>- Log data modificationpolicy <retention-years>- Set audit log retention policyreport [date-range]- Generate audit reportverify <log-file>- Verify audit log integrityexport <format> <output>- Export audit logs (JSON, CSV, XML)
Options
--user <id>- User identifier--resource <path>- Resource being accessed (patient ID, record ID)--action <type>- Action type (read, write, delete, export)--reason <text>- Clinical reason for access--outcome <status>- Success or failure status--timestamp <iso8601>- Event timestamp (default: now)--retention <years>- Log retention period (default: 6 years per HIPAA)
Workflow
Follow this workflow when invoked:
Step 1: Configure Audit System
Ask user to specify:
- Healthcare system type (EHR, medical records, data warehouse)
- Sensitive resources (patient records, medical images, test results)
- User roles and access levels
- Audit log storage location and format
Step 2: Design Audit Schema
Create logging schema including:
- Event types to track
- User role classifications
- Resource categories
- Access justification requirements
- Timestamp precision (milliseconds for audit accuracy)
- Log entry format (structured JSON recommended)
Step 3: Implement Audit Logging
Instrument key points:
- Authentication/authorization gates
- PHI access checkpoints
- Data modification operations
- Export/external sharing events
- System configuration changes
- Access permission changes
Step 4: Validate Compliance
Ensure audit logs capture:
- User ID - Who accessed the information (45 CFR §164.312(b)(2)(i))
- Workstation ID - Which computer was used
- Date & Time - When access occurred (UTC with timezone)
- Action Performed - Read, write, delete, export, etc.
- Resource Accessed - Patient ID, record type, data elements
- Outcome - Success or failure of operation
- Reason/Justification - Clinical or operational purpose
- Result - Changes made or information retrieved
HIPAA Compliance Mapping
| Control | Requirement | Implementation |
|---|---|---|
| §164.312(b) | Audit Controls | Implement comprehensive logging |
| §164.312(b)(2)(i) | User Identification | Log all user access with unique IDs |
| §164.312(b)(2)(ii) | Emergency Access Log | Separate tracking for emergency access |
| §164.308(a)(3)(ii)(B) | Workforce Security | Track privilege changes and role assignments |
| §164.308(a)(5)(ii)(C) | Log-in Monitoring | Log authentication attempts and outcomes |
| §164.312(a)(2)(i) | Access Controls | Audit access permissions and changes |
| §164.312(c)(2) | Encryption | Log encryption key operations |
| §164.314(a)(2)(i) | Partner Agreements | Log external system access |
Example Audit Log Entry
{
"event_id": "evt_20250207143556_abc123",
"timestamp": "2025-02-07T14:35:56.123Z",
"user_id": "dr_jane_smith",
"user_role": "physician",
"workstation_id": "ws_04_floor2",
"action": "read",
"resource_type": "patient_record",
"resource_id": "pat_98765", // Encrypted in production
"data_accessed": ["demographics", "lab_results", "vitals"],
"clinical_reason": "Patient follow-up appointment",
"access_result": "success",
"duration_ms": 45,
"ip_address": "10.24.5.12", // Masked in logs
"hipaa_rule": "§164.312(b)(2)(i)"
}
References
- 45 CFR §164.312(b) Audit Controls
- 45 CFR §164.308(a)(5)(ii)(C) Log-in Monitoring
- NIST SP 800-66 Rev. 2 - HIPAA Security Implementation Guidance
- NIST SP 800-92 - Guide to Computer Security Log Management
- HHS Office for Civil Rights Audit Protocols
More from 1mangesh1/dev-skills
fhir-hl7-validator
This skill should be used when the user asks to "validate FHIR resources", "check HL7 messages", "validate healthcare data format", "parse FHIR", "HL7 v2 messages", "FHIR R5 validation", "CDA documents", "healthcare data interchange", "FHIR resource schema", "HL7 specifications", or mentions FHIR validation, HL7 message parsing, CDA validation, healthcare data format compliance, or Fast Healthcare Interoperability Resources standards.
37hipaa-guardian
This skill should be used when the user asks to "scan for PHI", "detect PII", "HIPAA compliance check", "audit for protected health information", "find sensitive healthcare data", "generate HIPAA audit report", "check code for PHI leakage", "scan logs for PHI", "check authentication on PHI endpoints", "scan FHIR resources", "check HL7 messages", or mentions PHI detection, HIPAA compliance, healthcare data privacy, medical record security, logging PHI violations, authentication checks for health data, or healthcare data formats (FHIR, HL7, CDA).
11