HIPAA Audit Trail | MediBridgeX Docs

Compliance is not an afterthought. Every single read, write, update, and delete action processed by the MediBridgeX API is permanently recorded in our immutable ledger to satisfy HIPAA Security Rule requirements.

Cryptographic Signatures

To ensure absolute non-repudiation, every audit log entry is signed using an HMAC SHA-256 algorithm linked to the tenant's master cryptographic key. If a database record is ever tampered with at the storage layer, the signature validation will instantly fail, alerting your compliance officers.

Audit Log Record

1{
2  "id": "log_9f8a7c6b",
3  "action": "CREATE",
4  "resource_type": "Patient",
5  "resource_id": "pat-87453",
6  "actor_id": "client_8f92a4bc",
7  "ip_address": "192.168.1.1",
8  "timestamp": "2023-10-27T10:15:30Z",
9  "signature": "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0"
10}

Exporting Logs

Audit logs can be streamed in real-time to your own SIEM (Security Information and Event Management) platform via our Webhook infrastructure, or downloaded in bulk CSV/JSON format via the Developer Dashboard.