Fizy health
Audit trail

Every patient-linked cart and order touch leaves a record

Fizy Health writes audit records when staff read or mutate cart and order data that includes patient identifiers. Each record captures actor, organization, patient, and action — supporting HIPAA Security Rule access review and internal ops accountability. Audit details use identifiers and counts, not prescription contents or demographics. Routine application logs follow the same discipline: no patient names or chart data in log streams.

Compliance leads searching Fizy Health audit trail need to know what is recorded, when it fires, and how that differs from generic web analytics.

Start Ordering Free BAA at onboarding Security page
Per-line PHI audit Actor and patient ID Org and clinic scope HIPAA access review No PHI in logs Domain-level records
Audit model

What the Fizy Health audit trail captures

An audit trail on pharmacy ops software answers who touched a patient order and when — without exporting chart dumps or digging through compounder email. Fizy Health records domain-level PHI access on cart, checkout, and order flows so clinics can respond to diligence questions and patient inquiries with defensible records.

  • Triggers

    Patient-linked reads and writes in cart and orders

    Cart reads and mutations that include patient identifiers write audit events. That covers the PHI-adjacent surfaces clinic staff use on refill day — building multi-patient carts, checking out, and reviewing order status — not anonymous marketing page views.

  • Fields

    Actor, organization, patient, action — not chart contents

    Audit rows use stable identifiers: who acted, which organization and clinic context applied, which patient was involved, and what action occurred. Details hold counts and metadata suitable for compliance review — never prescription contents or demographics in the audit payload.

  • HIPAA

    Supports Security Rule access review expectations

    HIPAA-aligned clinics need audit controls on systems that touch PHI. Fizy Health implements domain-level access records on patient-linked flows, complementing transport encryption and tenant isolation documented on the Security page.

  • Logging

    Separate discipline for engineering logs

    Application logs use structured fields and identifiers only. Engineering standards prohibit patient names, DOB, addresses, and prescription contents in routine logs. Investigations pair audit rows with IDs — not exported PHI in log aggregators.

Audit trail is part of the Security page compliance story

PHI access records Cart and order flows HIPAA-aligned platform BAA at onboarding Tenant-scoped actors Identifier-only log policy

Who needs audit trail detail from Fizy Health?

Built for you if

You must answer who accessed patient-linked orders during reviews or inquiries.

  • Compliance questionnaires ask for audit controls on systems that store or transmit PHI.
  • Ops leads investigate order issues and need actor context without reconstructing events from email.
  • You batch multi-patient refills and want accountability per cart line on audited infrastructure.
May not be ideal if

You need audit behavior the platform does not claim.

  • You expect full EMR clinical audit for charting — Fizy Health audits pharmacy ordering flows only.
  • You need immutable long-term archive export today — confirm retention and export paths on a demo.
  • You only browse guest catalog with no clinic account — no patient-linked audit applies yet.
Audited workflows

Where audit records attach to daily ops

These product flows generate patient-linked activity that falls under Fizy Health audit and access controls.

Explore all platform capabilities
Learn more

Related audit and security guides.

See the full Fizy Health guide
FAQ

Audit trail questions clinics ask.

  • Scope

    What actions are audited on Fizy Health?

    Cart and order flows that include patient identifiers write audit records on reads and mutations. That covers patient-linked pharmacy ops — catalog-to-fulfillment coordination — not clinical documentation in your EMR.

  • Content

    Do audit records contain prescription details?

    No. Audit details use identifiers and counts — actor, organization, patient, action, and non-PHI metadata. Prescription contents and demographics are excluded from audit payloads and routine application logs.

  • HIPAA

    Does the audit trail support HIPAA access review?

    Yes. Domain-level PHI access records on patient-linked flows support HIPAA Security Rule access review expectations. Pair audit data with your clinic policies for periodic access reviews.

  • Actors

    Are audits scoped to clinic staff roles?

    Audit records include the acting user in organization and clinic context. Role-based access determines who can perform actions; audits record who did perform them.

  • Catalog

    Is catalog browsing audited?

    Global catalog reads without patient context are not PHI. Patient-linked cart and order activity — where identifiers attach to lines — is the primary audited surface on Fizy Health.

Accountability on every patient-linked order.

Run refill day on Fizy Health with per-line audit records, tenant-scoped access, and Security documentation your compliance team can review.

Start Ordering Free BAA at onboarding Security and compliance