Overview
The Audit Logs system (Logs de Auditoria) is designed to automatically track every action taken on patient records in ARCA, providing a complete history of who accessed or modified patient information for accountability, security, and regulatory compliance.Database Schema
TheLogAuditoria (Audit Log) model in ARCA’s database includes the following fields:
- Unique ID (
id_Log): Auto-generated UUID for each log entry - Executing User (
id_Usuario_Executor): Reference to the user who performed the action - Patient (
id_Paciente): Reference to the patient whose record was accessed - Action Type (
tipoAcao): Type of action performed (enum: CREATION, VIEW, UPDATE, DELETION) - Access Time (
acessoEm): Timestamp when the action occurred (automatically set) - Details (
detalhes): Additional context about the action (text field)
Relationships
The Audit Log model has relationships to:- Executing User (
Usuario): The user who performed the action - Patient (
Paciente): The patient record that was accessed or modified
Action Types
The system tracks four types of actions using theTipoAcaoEnum:
CREATION
- New patient record created
- Initial registration completed
- User who created the record is logged
VIEW
- Patient record accessed for viewing
- Medical history or information reviewed
- Read-only access tracked
UPDATE
- Patient information modified
- Contact details, address, or treatment data changed
- What changed is recorded in details field
DELETION
- Patient record deleted (if implemented)
- Soft delete or hard delete operations
- Preservation of who deleted the record
Audit logs are automatically created by the system whenever patient records are accessed. Users cannot manually create, modify, or delete audit logs, ensuring the integrity of the audit trail.
Planned Features
When fully implemented, the audit log system will enable:Automatic Logging
- System automatically creates log entries
- No user intervention required
- Captures all patient record operations
- Includes timestamp and user information
Audit Log Viewing
- View all logs for a specific patient
- View all actions by a specific user
- Filter by action type (CREATION, VIEW, UPDATE, DELETION)
- Filter by date range
- Search log details
Compliance Reporting
- Generate audit reports for compliance reviews
- Export logs for external auditors
- Track access patterns and anomalies
- Monitor unauthorized access attempts
Security Monitoring
- Identify unusual access patterns
- Detect potential security breaches
- Alert on sensitive data access
- Track failed access attempts
Investigation Tools
- Search logs for security investigations
- Trace access history for specific records
- Identify who accessed what and when
- Export logs for legal or compliance purposes
LGPD Compliance
The audit log system supports LGPD (Lei Geral de Proteção de Dados) compliance by:- Accountability: Tracking who accesses personal data
- Transparency: Providing evidence of data handling
- Security: Monitoring for unauthorized access
- Data Subject Rights: Supporting access history requests
- Breach Detection: Identifying potential data breaches
Current Implementation
Currently Available:- ✅ Complete database schema (Prisma model)
- ✅ Foreign key relationships to users and patients
- ✅ Action type enum (CREATION, VIEW, UPDATE, DELETION)
- ✅ Automatic timestamp generation
- ⏳ Automatic log creation in patient APIs
- ⏳ Audit log viewing API endpoints
- ⏳ Audit log search and filter interface
- ⏳ Compliance reporting features
- ⏳ Security monitoring dashboard
Database Model Reference
See the Database Schema documentation for the complete Prisma model definition and all field specifications.Related Features
Patient Management
Patient operations trigger audit logs
User Management
User actions are tracked in audit logs