Every read and write captured
Patient record opens, edits, deletions, prescription prints, queue moves, role changes, and settings updates — all logged with the same structure.
Compliance
Clinic audit trail every action in the clinic, on the record.
MyClinic's audit trail captures every meaningful action that happens inside the clinic — a reception login, a patient record opened, a prescription printed, a queue re-order, a setting toggled, a user suspended. Each event is stored with the actor, the target record, the IP and device, and a precise timestamp.
The log is append-only and tamper-evident: events cannot be edited or deleted from the application, only viewed. Clinic owners use it to answer 'who changed this?' in seconds, compliance officers use it to satisfy retention and accountability requirements, and administrators use it to investigate suspicious sign-ins.
Audit trail · today
1,284 events · append-only
- 14:21OKPrinted prescriptionDr. Sami · MRN 048221
- 14:18OKOpened patient recordReception · Mona · MRN 048221
- 14:09ReviewSuspended userAdmin · Karim · reception_03
- 13:54OKRe-ordered queueReception · Mona · Visit #4 → #2
- 13:41AlertFailed loginunknown · admin · 5x
Filter · user, action, dateExport CSVRetain ∞
What you get
Everything inside this module of the clinic management system.
Actor + target + context
Each event names the user, the record they touched, the IP and user-agent, and the session. No anonymous changes — every line has an owner.
Tamper-evident & append-only
The audit log is write-only from the application surface. No admin button can delete a row, including the master admin's own events.
Sub-second filtered search
Filter by user, date range, action type, target record, or IP. Indexed for instant queries even with millions of events.
Authentication & access trail
Every login, logout, failed attempt, password change, and role re-assignment is recorded — the security view of the clinic, on one screen.
Multi-year retention
Events are retained for as long as the clinic stays a customer, with no per-tenant cap — historical audit stays available for years.
How it works
From first patient to last receipt.
- Step 1 · Capture
Every action emits an event
The application logs each meaningful action — login, record open, write, print, configuration change — as a structured row with actor, target, IP, and timestamp.
- Step 2 · Store
Append-only persistence
Events are written to an append-only table with no application-surface delete. Even admin and root accounts cannot retroactively redact the log.
- Step 3 · Search
Find the answer in seconds
Filter by user, action, target, or date range. Combine filters to answer 'who edited this patient last Tuesday between 2 and 3pm?' without reading the raw log.
- Step 4 · Export
CSV for compliance review
Export any filtered view to CSV for compliance reports, regulator requests, or board reviews. The export carries the same schema as the live view.
Built for
Who actually uses this in a real clinic.
Clinic owners
Answer 'who deleted the visit?' or 'who changed the price?' in one search — without phoning the developer or trusting verbal denials.
Compliance & DPO roles
Satisfy patient-data accountability requirements with a real, queryable log — not a flat file dumped weekly.
Clinic groups
Tenant administrators see a unified audit across every branch. Suspicious sign-ins from one branch surface immediately, not after a quarterly review.
IT-aware practices
Trace each failed login, each new device, and each role change to a real user — the same trail a SIEM would build, integrated by default.
Multi-doctor clinics
Settle 'who saw this patient first?' or 'who printed that prescription?' from the log instead of from memory.
Investigation & incident response
When something looks wrong, the audit trail tells you exactly what happened — actor, time, and target — in one filtered view.
- Patient record access
- Prescription edits
- Queue re-orders
- Login & session
- Role changes
- Setting updates
- Failed sign-ins
- Branch admin actions
FAQ
Common questions about clinic audit trail.
Which actions are written to the audit trail?
Patient record reads and writes, prescription creation and printing, queue moves and visit state changes, every login and logout (successful or failed), password changes, role re-assignments, user suspensions, site-setting edits, and configuration changes. If it affects a patient or a user, it is in the log.
Can an admin delete or edit an audit-log entry?
No. The audit table is append-only from the application surface — there is no edit or delete endpoint for it. Even the master admin's own actions are written immutably, so the log can be trusted in disputes and investigations.
How long is the audit data retained?
Audit events are retained for as long as the clinic stays a customer. There is no per-tenant retention cap, so multi-year regulatory reviews are possible without restoring from backups.
Can I search the audit log by patient or by user?
Yes. The audit viewer supports filters by actor (user), target (patient or record id), action type, date range, IP, and session. Filters are composable — 'all writes by user X to patient Y between dates A and B' is one query.
Can I export the audit trail for a compliance review?
Yes. Any filtered view can be exported to CSV with the same fields as the live audit viewer — actor, action, target, timestamp, IP, and outcome. The export is suitable for compliance reports and regulator requests.
Does the audit trail cover multi-branch tenants?
Yes. For tenants running multiple branches, the audit viewer scopes by branch by default and can be widened to the whole tenant from the same screen. Branch admins see only their branch unless tenant admin promotes them.
More clinic management modules
The rest of the MyClinic system.
Patient management
Every read and write of a patient record is captured by the audit trail with actor, field, and timestamp.
Read more
Multi-clinic admin
Tenant administrators see a unified audit across branches — suspend, onboard, and review from one console.
Read more
Live clinic queue
Every queue re-order and visit state change is logged, so disputed 'who moved me down?' questions have an answer.
Read more
Run a calmer clinic. Start with clinic audit trail.
Set up takes less than an hour. Reception, doctors, and admin share one workspace from day one — free trial, no credit card.