Review AI Actions

Every AI action in DPC Pro is logged (from conversations to patient data lookups to payment recovery notifications) so your team can review, verify, and course-correct.

Transparency is fundamental to trusting AI in a healthcare setting. DPC Pro maintains a detailed audit log of every action the AI assistant performs, including what it did, what data it accessed, and what the outcome was. Managers and clinicians can review this log at any time.

This page covers how to access the AI audit log, what information is recorded for each action, and how to use the log to identify issues or improve AI behavior. The audit log is also valuable for compliance purposes, providing documentation for your practice reports that all AI actions were supervised.

Regular review of AI actions helps your team build confidence in the assistant and catch any behavior that needs adjustment.

---

Access the AI Audit Log

AI actions are recorded in the same HIPAA-compliant audit log used for all activity in DPC Pro. To view AI-related entries:

1. Navigate to Compliance -> Audit Log.
2. The log displays all recorded actions, sorted by most recent first.
3. To filter for AI-specific actions, use the Search field and enter AI or conversation.
4. You can also filter by:
   • Date range: Select a start and end date to narrow results
   • Action type: Filter by Create, Read, Update, Share, or Export
   • User: See actions performed by a specific staff member
   • Patient: See all AI actions that accessed a specific patient’s data

Role-based access

• Practice managers see the full audit log for their practice, including all AI actions by all staff
• Clinicians see audit entries related to their own AI conversations and patient data access
• Organization administrators see audit logs across all practices in the organization

---

AI Transparency

What the audit log does and does not do

What it does: Records every AI interaction with a timestamp, the user who initiated it, what data was accessed, and the outcome. Entries are immutable. They cannot be edited or deleted.

What you control: You choose how often to review the log, what filters to apply, and whether to export entries for compliance reporting. You can also use the log to identify patterns that suggest guardrail adjustments.

What it does not do: The audit log does not contain the full text of AI conversations (those are stored encrypted in the conversation record). It records metadata: who asked, what data was accessed, when, and what type of action occurred.

Where to review: Compliance -> Audit Log with AI-related filters applied.

How to adjust: If you spot concerning patterns in the audit log, visit AI Guardrails and Preferences to tighten or modify the AI’s access and capabilities.

---

What Gets Logged

Every AI interaction generates one or more audit log entries. Here is what is recorded for each type of action:

Conversation events

Event	Action Type	What Is Recorded
New conversation started	Create	User, practice, AI provider used, whether patient context was included
Practice context shared with AI	Share	User, practice name, AI provider (records that practice data was sent to the AI model)
Patient context attached	Create	User, patient name, note that patient data was included in the AI conversation

Data retrieval events

When the AI retrieves specific data to answer a question, each retrieval is logged separately:

Data Retrieved	Action Type	What Is Recorded
Patient detail lookup	Read	User, patient name, that the AI accessed the patient’s full record
Patient search	Read	User, search criteria used, number of results returned
Appointment lookup	Read	User, date range queried, number of appointments returned
Billing lookup	Read	User, whether patient-specific or practice-wide, amount data accessed
Clinical notes lookup	Read	User, patient name, number of notes retrieved

Document access events

Event	Action Type	What Is Recorded
Document search enabled for conversation	Update	User, conversation, toggle state
Patient-linked documents shared with external AI provider	Share	User, patient name, number of document sources shared, AI provider name

Payment recovery events

Event	Action Type	What Is Recorded
Recovery sequence started	Create	Membership, failure reason, invoice reference
Outreach notification sent	Create	Recipient email, dunning stage, message template used
Payment recovered	Update	Membership, recovery timestamp

Configuration change events

Event	Action Type	What Is Recorded
AI settings updated	Update	User who made the change, AI provider, settings modified
Guardrails changed	Update	User, previous value, new value

---

Reviewing Individual Actions

To examine a specific audit log entry in detail:

1. Navigate to Compliance -> Audit Log.
2. Find the entry you want to review (use filters to narrow the list).
3. Select the entry to open its detail view.

What the detail view shows

Each audit log entry includes:

• Timestamp: Exact date and time of the action
• User email: The staff member who initiated the action
• User IP address: The network address the action came from
• Action type: Create, Read, Update, Delete, Share, or Export
• Action detail: A plain-language description of what happened (for example, “AI tool get_patient_detail accessed patient data” or “AI conversation created with full practice context”)
• Object: The record that was accessed or modified (conversation, patient, document)
• Patient: If patient data was involved, the patient’s identity
• Practice: The practice context the action occurred in
• Success/failure: Whether the action completed normally or encountered an error

---

Identifying Issues

The audit log helps you spot patterns that may indicate a problem with AI usage or configuration.

Patterns to watch for

• Unusually high patient data access: If a single user is looking up many patients through the AI in a short time, it may indicate misuse or an overly broad question pattern. Review the conversations to understand the context.
• Frequent errors: Multiple error entries for AI responses suggest a configuration issue (incorrect API key, rate limiting, or model availability). Check Settings -> AI Assistant and run a connection test.
• Patient data shared with external provider: When using the Claude AI provider, audit entries marked “Share” with patient context indicate that patient information was sent to the external API. Verify this aligns with your practice’s data handling policies.
• Unexpected users: If a staff member you do not expect to use the AI appears in the log, verify their role and feature access in Settings -> Staff & Roles.

Taking action on issues

When you identify a concerning pattern:

1. Review the conversation: Check the AI conversation itself to understand the context of the actions logged
2. Talk to the user: If a staff member’s usage seems unusual, discuss it with them before changing settings
3. Adjust guardrails: If the AI is accessing data you would prefer it not access, visit AI Guardrails and Preferences to tighten its configuration
4. Document your review: Note when you reviewed the audit log and what actions you took. This supports your compliance posture.

Schedule a monthly review

Set a calendar reminder to review AI audit logs once a month. Look at the summary statistics on the audit dashboard: total AI actions, PHI access count, and any failed actions. A five-minute monthly check prevents issues from accumulating.

---

Exporting Audit Data

You can export audit log entries for compliance documentation, legal requests, or internal review.

Export the full audit log

1. Navigate to Compliance -> Audit Log.
2. Apply any desired filters (date range, action type, user, patient).
3. Select Export CSV in the top-right corner.
4. DPC Pro generates a CSV file containing up to 10,000 matching entries.

The exported CSV includes:

Column	Description
Timestamp	Date and time of the action
User Email	Staff member who performed the action
User IP	Network address
Action	Action type (Create, Read, Update, Share, Export)
Object Type	Type of record involved (conversation, patient, document)
Object	Description of the specific record
Patient	Patient name if PHI was accessed
Practice	Practice where the action occurred
Request Path	The system endpoint that processed the action
Request Method	HTTP method (GET, POST)
Success	Whether the action succeeded
Error Message	Error details if the action failed
Details	Additional metadata (field changes, parameters)

Export a patient-specific access report

For HIPAA Right of Access requests or internal compliance reviews, you can export all actions related to a specific patient:

1. Navigate to Compliance -> Patient Access Report.
2. Select the patient from the search field.
3. Choose a date range.
4. Select Export CSV.

This report shows every time anyone (including the AI) accessed that patient’s data, what type of access occurred, and when.

Export actions are also logged

When you export audit data, that export action is itself recorded in the audit log. The result is a complete chain of custody for compliance documentation.

---

Related Pages

• How the AI Works
• AI-Drafted Message Replies
• Daily Practice Summaries
• Automated Payment Recovery
• AI Guardrails and Preferences
• HIPAA Compliance

Need Help?

If you have questions about AI audit logging, reach out to the DPC Pro support team at [email protected] or visit the troubleshooting guide.