What does 45 CFR §164.312(b) require for audit controls?

It requires recording access to PHI with details like who accessed, when, what was accessed, and why, ensuring traceability and non-repudiation.

How long should HIPAA audit logs be retained?

Retention should meet HIPAA expectations; the skill defaults to 6+ years per HIPAA guidance, configurable by policy.

How do I export or verify audit logs?

Use export to generate portable reports (JSON, CSV, XML) and verify to validate integrity and non-repudiation.

healthcare-audit-logger

npx machina-cli add skill 1Mangesh1/hipaa-guardian/healthcare-audit-logger --openclaw

Files (1)

SKILL.md

5.8 KB

Healthcare Audit Logger

Comprehensive HIPAA audit logging and event tracking skill for AI agents. Generates immutable audit trails for healthcare systems, tracks PHI access, monitors authentication events, and ensures compliance with 45 CFR §164.312(b) audit control requirements.

Capabilities

Audit Log Generation - Create HIPAA-compliant audit logs with immutable records
Event Classification - Categorize healthcare events (access, modification, deletion, export)
PHI Access Tracking - Log all access to Protected Health Information
Authentication Logging - Record login, logout, and privilege escalation events
Modification Auditing - Track who changed what, when, and why for PHI records
User Activity Monitoring - Follow user workflows and data interactions
Timestamp Management - Synchronized UTC timestamps with tamper detection
Retention Policies - Manage audit log retention per HIPAA requirements (6+ years)
Log Export - Generate compliance reports and audit summaries
Integrity Verification - Validate audit log authenticity and non-repudiation

Usage

/healthcare-audit-logger [command] [options]

Commands

init <config-file> - Initialize audit logging for a healthcare system
log <event-type> <details> - Log a healthcare event
log-access <user> <resource> <action> - Log PHI access
log-auth <user> <event> <result> - Log authentication event
log-modification <user> <resource> <change> - Log data modification
policy <retention-years> - Set audit log retention policy
report [date-range] - Generate audit report
verify <log-file> - Verify audit log integrity
export <format> <output> - Export audit logs (JSON, CSV, XML)

Options

--user <id> - User identifier
--resource <path> - Resource being accessed (patient ID, record ID)
--action <type> - Action type (read, write, delete, export)
--reason <text> - Clinical reason for access
--outcome <status> - Success or failure status
--timestamp <iso8601> - Event timestamp (default: now)
--retention <years> - Log retention period (default: 6 years per HIPAA)

Workflow

Follow this workflow when invoked:

Step 1: Configure Audit System

Ask user to specify:

Healthcare system type (EHR, medical records, data warehouse)
Sensitive resources (patient records, medical images, test results)
User roles and access levels
Audit log storage location and format

Step 2: Design Audit Schema

Create logging schema including:

Event types to track
User role classifications
Resource categories
Access justification requirements
Timestamp precision (milliseconds for audit accuracy)
Log entry format (structured JSON recommended)

Step 3: Implement Audit Logging

Instrument key points:

Authentication/authorization gates
PHI access checkpoints
Data modification operations
Export/external sharing events
System configuration changes
Access permission changes

Step 4: Validate Compliance

Ensure audit logs capture:

User ID - Who accessed the information (45 CFR §164.312(b)(2)(i))
Workstation ID - Which computer was used
Date & Time - When access occurred (UTC with timezone)
Action Performed - Read, write, delete, export, etc.
Resource Accessed - Patient ID, record type, data elements
Outcome - Success or failure of operation
Reason/Justification - Clinical or operational purpose
Result - Changes made or information retrieved

HIPAA Compliance Mapping

Control	Requirement	Implementation
§164.312(b)	Audit Controls	Implement comprehensive logging
§164.312(b)(2)(i)	User Identification	Log all user access with unique IDs
§164.312(b)(2)(ii)	Emergency Access Log	Separate tracking for emergency access
§164.308(a)(3)(ii)(B)	Workforce Security	Track privilege changes and role assignments
§164.308(a)(5)(ii)(C)	Log-in Monitoring	Log authentication attempts and outcomes
§164.312(a)(2)(i)	Access Controls	Audit access permissions and changes
§164.312(c)(2)	Encryption	Log encryption key operations
§164.314(a)(2)(i)	Partner Agreements	Log external system access

Example Audit Log Entry

{
  "event_id": "evt_20250207143556_abc123",
  "timestamp": "2025-02-07T14:35:56.123Z",
  "user_id": "dr_jane_smith",
  "user_role": "physician",
  "workstation_id": "ws_04_floor2",
  "action": "read",
  "resource_type": "patient_record",
  "resource_id": "pat_98765", // Encrypted in production
  "data_accessed": ["demographics", "lab_results", "vitals"],
  "clinical_reason": "Patient follow-up appointment",
  "access_result": "success",
  "duration_ms": 45,
  "ip_address": "10.24.5.12", // Masked in logs
  "hipaa_rule": "§164.312(b)(2)(i)"
}

References

45 CFR §164.312(b) Audit Controls
45 CFR §164.308(a)(5)(ii)(C) Log-in Monitoring
NIST SP 800-66 Rev. 2 - HIPAA Security Implementation Guidance
NIST SP 800-92 - Guide to Computer Security Log Management
HHS Office for Civil Rights Audit Protocols

Source

git clone https://github.com/1Mangesh1/hipaa-guardian/blob/main/skills/healthcare-audit-logger/SKILL.mdView on GitHub

Overview

Healthcare Audit Logger provides immutable, HIPAA-compliant audit trails for healthcare systems. It tracks PHI access, authentication events, and data changes, aligning with 45 CFR §164.312(b) audit controls. It also supports retention policies, log export, and integrity verification to ensure compliance.

How This Skill Works

The skill instruments healthcare systems to emit structured audit records via commands like log, log-access, log-auth, and log-modification. Timestamps are maintained in synchronized UTC with tamper detection, and logs are stored under defined retention policies. It also offers export and verification capabilities to ensure non-repudiation.

When to Use It

When you need to generate HIPAA-compliant audit trails for PHI access and healthcare events
When you must record authentication events such as login, logout, and privilege changes
When you require a defined retention policy (6+ years) and tamper-resistant logs
When you need to create structured compliance reports or export logs in JSON, CSV, or XML
When you want to validate log integrity to support investigations and audits

Quick Start

Step 1: /healthcare-audit-logger init <config-file> to initialize auditing
Step 2: /healthcare-audit-logger log-access <user> <resource> <action> to record PHI access
Step 3: /healthcare-audit-logger report [date-range] or export <format> <output> to generate a summary

Best Practices

Define an audit schema with event types, resource categories, and access justifications
Use synchronized UTC timestamps and enable tamper detection on all logs
Enforce least privilege and secure storage for audit data
Regularly verify integrity and non-repudiation of logs with verify/export
Configure retention to meet HIPAA requirements (default 6 years) and routinely generate reports

Example Use Cases

An EHR logs every PHI access with user, resource, action, and timestamp
Authentication events (login/logout) are captured with outcome and workstation ID
Data modification audits track who changed what, when, and why for PHI records
Compliance reports summarize activity across a patient cohort for an audit
Log integrity verification detects tampering and supports investigations

Frequently Asked Questions

Add this skill to your agents