CommCare’s logging capabilities and policies are aligned with HIPAA requirements. We log both access and activity logs. 

To view digital activity logs of users, the following options are available:

#1 For day-to-day operational audits, we recommend using our in-product capabilities. For each data element CommCare tracks the entire trail of changes which includes the following metadata associated with each change: 

  • Record and Data Element Identifier 

  • Who made the change

  • How the change was made

  • When the change was made

  • What the specific change was (and it’s prior value)

#2 Additionally, CommCare also supports a comprehensive suite of Messaging Reports, which can be used to audit automated interactions with contacts and manual interactions between contact tracers and contacts.

#3 For more targeted queries that are not attainable through CommCare’s UI, we request our partners create a support ticket by writing to us at Within the request, please clearly outline exactly what logs you are requesting and in what time frame. We will then provide a secure file (.csv or .txt) containing the relevant information. We commit to responding to all HIPAA log queries within our Service Level Agreement timelines.

Retention Policy 

In alignment with HIPAA we store these logs for 6 years. 

  • No labels