HIPAA AUDIT LOGGING 1. CONTROLLING THE FEATURE The logging is turned off by default. To turn it on, modify audit.php as follows. Before: 0034: function log($success = NULL, $details = '') 0035: { 0036: /* the official way to turn on audit logging: comment or remove the line below */ 0037: return; 0038: 0039: /* timestamp */ After: 0034: function log($success = NULL, $details = '') 0035: { 0036: /* the official way to turn on audit logging: comment or remove the line below */ 0037: // return; 0038: 0039: /* timestamp */ Or, alternatively: 0034: function log($success = NULL, $details = '') 0035: { 0036: /* timestamp */ 2. NOTES Currently the output is sent to a text file log/audit-YYYYMMDD.log. Columns (separated by the TAB character) are: timestamp PHP session ID action details (optional) result (optional) The session ID is usually unique enough (see http://stackoverflow.com/questions/18937651/php-session-ids-how-are-they-generated) and allows to identify a particular connection. Usually the first record with a particular session ID is for action "LOGIN" that also provides IP address and user name. When HIS integration is used, a failed attempt does not lead to the "LOGIN" action and therefore the IP address remains unknown. However you might still find the IP address in the webserver logs. The result column is to be regarded as advisory. "SUCCESS" does not always mean that the entire data set was sent; for instance, thumbnails are sent after the "OPEN STUDY" record. You also can't infer that the data was successfully handled on the client side, due to possible bugs there. Similarly "FAILURE" doesn't guarantee that the client side didn't receive any data. An attacker might still extract meaningful data from fragments that are insufficient for the client-side part of the Viewer.