Security & Compliance

Audit Logging

Activity Tracking

Chimera maintains a comprehensive audit log of security-relevant events for compliance and incident investigation.

What Gets Logged

The following events are recorded:

  • Authentication — login, login failures, signup, password resets
  • Email verification — when users verify their email address
  • PHI access — when staff view patient data (names, contact info, insurance)
  • Appointments — creation, cancellation, rescheduling
  • Patient management — verification attempts, lockouts
  • Billing — plan changes, subscription updates
  • Settings — clinic configuration changes

Log Format

Each entry includes:

  • Timestamp
  • Event type
  • User or patient identifier
  • Clinic ID
  • Relevant metadata (e.g., which appointment was cancelled)

Retention

Audit logs are retained with file-based rotation:

  • 5 MB per log file
  • Up to 2,000 backup files
  • Approximately 10 GB total retention

Access

Audit logs are stored on the server and are not accessible through the dashboard. They are available for compliance audits and incident investigation upon request.

Tip: If you need audit log access for a compliance review, contact support with your clinic name and the date range you need.

← Back to help