CommCare’s logging capabilities and policies are aligned with HIPAA requirements. We log both user access and activity logs related to protected health information (PHI).
To view digital activity logs of users, the following options are available:
#1 For day-to-day operational audits, we recommend using our in-product capabilities. For each data element CommCare tracks the entire trail of changes which includes the following metadata associated with each change:
Record and Data Element Identifier
Who made the change
How the change was made
When the change was made
What the specific change was (and it’s prior value)
In alignment with HIPAA we store these logs for 6 years.