BioEcko Docs
Administration

Audit Logs

Audit Logs provide a tamper-proof record of every significant action performed in Bio Ecko. They are essential for regulatory compliance (NABH, Clinical...

2026-02-01 · 4 min

Manual area

Admin

Coverage

5 sections

Operator notes

2 implementation notes

Overview

Audit Logs provide a tamper-proof record of every significant action performed in Bio Ecko. They are essential for regulatory compliance (NABH, Clinical Establishment Act), internal security reviews, and investigating incidents or discrepancies.

What Gets Logged

Every auditable event is recorded with: Who (user ID and name), What (action performed), When (timestamp), Where (IP address, device), and Details (before/after values for data changes).

Key events logged:

  • User login/logout and failed login attempts.
  • Patient record creation, viewing, and modification.
  • Prescription creation and modifications.
  • Billing: Invoice creation, payment collection, refunds, voids.
  • Clinical: Diagnosis entries, lab result entry/amendment, discharge summaries.
  • Admin: User creation, role changes, permission modifications, settings changes.
  • Inventory: Stock adjustments, write-offs.
  • Access: Unauthorized access attempts and permission denials.

Viewing Audit Logs

Navigate to Admin > Audit Logs:

  • The default view shows the most recent 100 events.
  • Filter by: Date range, user, module, action type, patient.
  • Search by keywords in the event description.
  • Click any log entry to see full details including before/after values for data changes.
  • Entries are colour-coded: Blue (view), Green (create), Yellow (edit), Red (delete/critical).

Exporting Audit Logs

Export logs for external review or regulatory submission:

  • Export as CSV or PDF with selected filters applied.
  • Schedule automatic weekly/monthly audit log exports to email.
  • Logs are retained for the configured retention period (default: 7 years to meet medical record retention requirements).
  • Exported logs include a hash checksum to verify they haven't been tampered with.

Security Alerts

The audit system triggers automatic alerts for suspicious activity:

  • Multiple failed login attempts (brute force detection).
  • Access to patient records outside normal working hours.
  • Bulk data exports exceeding configured thresholds.
  • Permission escalation (user assigned admin roles).
  • Unusual access patterns (viewing many unrelated patient records).

Alerts are sent to the Super Admin via email and in-app notification.

Notes

Info

Audit logs are immutable -- they cannot be edited or deleted by any user, including Super Admins. This ensures regulatory compliance and forensic integrity.

Tip

Set up weekly audit log review as a standard operating procedure. Focus on failed logins, clinical record modifications, and billing voids/refunds.

System Settings

System Settings contains facility-wide configuration options that affect all users and modules. Changes here are organisation-level and require Super Admin...

Master Scheduling

The Master Scheduling module manages all time-based resource schedules across the hospital -- doctor consultation slots, OT schedules, equipment availability...

Billing

The Billing module supports billing review, charge capture, and financial workflows. For [Solo Doctor & Small Clinic](/solo-doctor-small-clinic), the safe...

System Settings

System Settings contains facility-wide configuration options that affect all users and modules. Changes here are organisation-level and require Super Admin...

Master Scheduling

The Master Scheduling module manages all time-based resource schedules across the hospital -- doctor consultation slots, OT schedules, equipment availability...

On this page

OverviewWhat Gets LoggedViewing Audit LogsExporting Audit LogsSecurity AlertsNotesRelated topics