CommCare’s logging capabilities and policies are aligned with HIPAA requirements. We log both access and activity logs. 

To view digital activity logs of users, the following options are available:

#1 For day-to-day operational audits, we recommend using our in-product capabilities. For each data element CommCare tracks the entire trail of changes which includes the following metadata associated with each change: 

  • Record and Data Element Identifier 

  • Who made the change

  • How the change was made

  • When the change was made

  • What the specific change was (and it’s prior value)


#2 Additionally, CommCare also supports a comprehensive suite of Messaging Reports, which can be used to audit automated interactions with contacts and manual interactions between contact tracers and contacts.

#3 For more targeted queries that are not supported through CommCare’s UI, we request our partners create a support ticket by writing to us at support@dimagi.com

Retention Policy 

In alignment with HIPAA we store these logs for 6 years. 




  • No labels