Audit log
The Audit log shows all activity within your organization: who changed, created, viewed or deleted what. The screen is intended for the organization administrator and supports compliance and accountability (NEN 7510). You filter the activity by period, user, action type and resource type, expand a row to see the exact field changes or access details, and navigate from a row straight to the related client or appointment.
Overview
| Route | /organization/audit-log |
| Audience | Organization administrator |
| Required permissions | audit.read |
Each row shows the timestamp, the user, the action, the resource type and — where available — a link to the resource concerned. The action is shown as a coloured badge (for example Created, Updated, Deleted or Viewed). When an action was performed on behalf of someone else through impersonation, this is noted next to the user.
Only rows with additional data — field changes or access information — can be expanded. These rows have an expand arrow at the start.
How it works
The audit log is a single immutable ledger that brings together two kinds of events: mutating actions (someone changes something) and access actions (someone views or retrieves something). Which data a row carries depends on the kind of action.
What is logged
Every action that touches the organization produces a row. The action type reveals the kind of action:
| Kind | Action types | Example |
|---|---|---|
| Mutation | Created, Updated, Deleted, Archived, Restored, Status changed, Finalized, Sent, Erased | Editing a client record or sending a letter. |
| Access | Viewed, List viewed, Downloaded, Exported, Audio played | Opening a record, downloading a document or playing recording audio. |
So access is logged: merely opening, downloading or exporting a resource leaves a trace too. The resource types that actions relate to include client, appointment, document, care trajectory, letter, form and form submission. Actions are logged both for professionals and for clients (via the client portal).
Which data a row carries
The nature of the action determines which detail data is available:
- Mutating actions carry a before/after view. For each changed field, the value before and after the change is kept, so it is visible exactly what changed. See View changes.
- Access actions carry access context. Instead of field changes, the IP address and the browser (user agent) the access was performed from are recorded. See View access information.
A row never carries both at once: a mutation row has no access context and an access row has no before/after view. That is also why only rows with additional data can be expanded.
Redaction of sensitive fields
In the before/after view, sensitive fields are shown redacted: the value of, for example, BSN or address data is replaced by a placeholder, while it remains visible that the field was changed. This keeps the log fully traceable without itself becoming a new source of sensitive personal data — a requirement from NEN 7510 (information security in healthcare), which calls for accountability of actions without unnecessary storage of patient data.
Impersonation: acting on behalf of someone else
When an administrator temporarily acts on behalf of a user through impersonation, the action is attributed to the user on whose behalf it was performed — they appear as the row's actor. In addition, the row separately keeps who actually performed the action (the impersonating administrator). In the overview, the user column notes that the action took place through impersonation, so both roles remain traceable.
Filter by date
Restrict the list to a period with the From and To fields in the filter bar. The list updates immediately as soon as you pick a date.
| Field | Required | Description |
|---|---|---|
| From | No | Show only activity from this date onwards. |
| To | No | Show only activity up to and including this date. |
You can combine both fields for a bounded period, or fill in only one for an open start or end date.
Filter by user
Select a specific user from the User dropdown to show only their activity. The filter defaults to All users. The list of users is loaded from the colleagues in your organization.
Filter by action type
Use the Action dropdown to filter on a single kind of action, for example Created, Updated, Deleted, Archived, Viewed or Downloaded. The filter defaults to All actions.
Filter by resource type
Use the Type dropdown to restrict the list to a single kind of resource, such as Client, Appointment, Document, Care trajectory, Letter, Form or Form submission. The filter defaults to All types.
Clear filters
When one or more filters are active, the Clear filters button appears in the filter bar. Click it to remove all filters (period, user, action and type) at once and show all activity again.
View changes
Click the expand arrow at the start of a row to open its details. For mutating actions (create, update, status change), the detail panel shows the changed fields under Changes, with their value before and after the change. This lets you see exactly what changed without opening the record itself.
Sensitive fields (such as BSN or address data) are shown redacted in the audit log, combining traceability with privacy.
View access information
For access actions (view, download, export), the detail panel shows the access information: the IP address and the browser (user agent) the action was performed from. Expand the row using the expand arrow to see these details. They support investigations into unauthorized access.
Paginate
The audit log shows 20 rows per page. Use the pagination below the overview to move to the next or previous page, or jump straight to a specific page number. The total number of results is shown above the list.
Navigate to resource
When a row relates to a client or appointment, the name in the Resource column is a clickable link. Click it to go straight to the related client record or appointment. Rows for resource types without their own detail screen show the name as plain text.