HealthFlow NDP Infrastructure

Appearance

Audit Service

Pipeline-Managed Service

This service is deployed and managed by its CI/CD pipeline.

For current deployment status, configurations, and code:

  • Repository: https://repo.local/healthflow/ndp-audit-service
  • CI/CD Status: Check pipeline dashboard

Overview

The Audit Service provides comprehensive audit logging and compliance tracking for all NDP platform operations.

Purpose

  • Record all system operations
  • Track data access
  • Maintain compliance logs
  • Generate audit reports
  • Support forensic investigations
  • GDPR compliance logging
  • Retention policy enforcement

Key Features

1. Event Logging

  • Capture all prescription operations
  • Track dispense events
  • Record data access
  • Log authentication attempts
  • Track data modifications

2. Compliance Reporting

  • Generate compliance reports
  • Track data access patterns
  • Monitor unusual activities
  • Export audit trails
  • Retention management

3. Audit Trail

  • Complete event history
  • User activity tracking
  • System operation logs
  • Data lineage
  • Change history

Data Model

typescript
interface AuditEvent {
  id: string;
  timestamp: Date;

  // Event Details
  eventType: string; // PRESCRIPTION_CREATED, DISPENSE_RECORDED, etc.
  action: string; // CREATE, READ, UPDATE, DELETE
  resource: string; // prescription, patient, etc.
  resourceId: string;

  // Actor
  userId: string;
  userType: "PROVIDER" | "PHARMACIST" | "PATIENT" | "SYSTEM";
  ipAddress: string;
  userAgent: string;

  // Context
  serviceId: string;
  sessionId: string;
  correlationId: string;

  // Data
  beforeState: JSON;
  afterState: JSON;

  // Result
  status: "SUCCESS" | "FAILURE";
  errorMessage: string;

  // Compliance
  dataCategory: "PII" | "PHI" | "FINANCIAL";
  complianceTag: string[];
}

Storage

  • Primary Storage: MongoDB (optimized for writes)
  • Long-term Archive: S3/Object Storage
  • Retention: 7 years (compliance requirement)

API Endpoints 

POST /api/v1/audit/events
GET /api/v1/audit/events
GET /api/v1/audit/reports/compliance
GET /api/v1/audit/reports/access
GET /api/v1/audit/resources/:resourceId/history

Kafka Consumers

Consumes events from all services:

  • ndp.events.prescription.*
  • ndp.events.dispense.*
  • ndp.events.auth.*
  • ndp.events.data.access.*