This skill should be used when the user asks to "generate audit logs", "create HIPAA audit trail", "log healthcare events", "configure audit logging", "track PHI access", "maintain compliance logs", "audit log format", "healthcare event logging", "access control logging", "authentication logging", "HIPAA logging requirements", or mentions HIPAA audit trails, healthcare event logging, compliance logging, PHI access tracking, authentication auditing, or §164.312(b) logging requirements.
Comprehensive HIPAA audit logging and event tracking skill for AI agents. Generates immutable audit trails for healthcare systems, tracks PHI access, monitors authentication events, and ensures compliance with 45 CFR §164.312(b) audit control requirements.
/healthcare-audit-logger [command] [options]
init <config-file> - Initialize audit logging for a healthcare systemlog <event-type> <details> - Log a healthcare eventlog-access <user> <resource> <action> - Log PHI accesslog-auth <user> <event> <result> - Log authentication eventlog-modification <user> <resource> <change> - Log data modificationpolicy <retention-years> - Set audit log retention policyreport [date-range] - Generate audit reportverify <log-file> - Verify audit log integrityexport <format> <output> - Export audit logs (JSON, CSV, XML)--user <id> - User identifier--resource <path> - Resource being accessed (patient ID, record ID)--action <type> - Action type (read, write, delete, export)--reason <text> - Clinical reason for access--outcome <status> - Success or failure status--timestamp <iso8601> - Event timestamp (default: now)--retention <years> - Log retention period (default: 6 years per HIPAA)Follow this workflow when invoked:
Ask user to specify:
Create logging schema including:
Instrument key points:
Ensure audit logs capture:
| Control | Requirement | Implementation |
|---|---|---|
| §164.312(b) | Audit Controls | Implement comprehensive logging |
| §164.312(b)(2)(i) | User Identification | Log all user access with unique IDs |
| §164.312(b)(2)(ii) | Emergency Access Log | Separate tracking for emergency access |
| §164.308(a)(3)(ii)(B) | Workforce Security | Track privilege changes and role assignments |
| §164.308(a)(5)(ii)(C) | Log-in Monitoring | Log authentication attempts and outcomes |
| §164.312(a)(2)(i) | Access Controls | Audit access permissions and changes |
| §164.312(c)(2) | Encryption | Log encryption key operations |
| §164.314(a)(2)(i) | Partner Agreements | Log external system access |
{
"event_id": "evt_20250207143556_abc123",
"timestamp": "2025-02-07T14:35:56.123Z",
"user_id": "dr_jane_smith",
"user_role": "physician",
"workstation_id": "ws_04_floor2",
"action": "read",
"resource_type": "patient_record",
"resource_id": "pat_98765", // Encrypted in production
"data_accessed": ["demographics", "lab_results", "vitals"],
"clinical_reason": "Patient follow-up appointment",
"access_result": "success",
"duration_ms": 45,
"ip_address": "10.24.5.12", // Masked in logs
"hipaa_rule": "§164.312(b)(2)(i)"
}