CommCare’s logging capabilities and policies are aligned with HIPAA requirements. We log both access and activity logs. 

To view digital activity logs of users, the following options are available:

#1 For day-to-day operational audits, we recommend using our in-product capabilities. For each data element CommCare tracks the entire trail of changes which includes the following metadata associated with each change: 

  • Record and Data Element Identifier 

  • Who made the change

  • How the change was made

  • When the change was made

  • What the specific change was (and it’s prior value)

#2 Additionally, CommCare also supports a comprehensive suite of Messaging Reports, which can be used to audit automated interactions with contacts and manual interactions between contact tracers and contacts.

#3 For more targeted queries that are not supported through CommCare’s UI, we request our partners create a support ticket by writing to us at

Retention Policy 

In alignment with HIPAA we store these logs for 6 years. 

  • No labels