Access Logs & Monitoring
Medecision uses a layered observability and monitoring architecture to ensure secure, performant, and auditable operations across all platform services. Built on native Google Cloud Platform (GCP) logging capabilities and enhanced with Datadog and CrowdStrike Falcon, this framework supports audit trails, anomaly detection, compliance assurance, and real-time service observability.
Logging Architecture
Native GCP Logging
Cloud Audit Logs: Logs all API calls and GCP console activity.
VPC Flow Logs: Tracks ingress/egress traffic patterns for GCP networks.
Cloud Logging (formerly Stackdriver): Centralized logs from compute instances, Kubernetes workloads, and managed services.
Datadog Log Forwarding
All critical log streams are exported to Datadog Log Management.
Indexed for search, dashboards, retention, and SIEM correlation.
Logs from app services, APIs, databases, ingestion pipelines, and access gateways are captured.
CrowdStrike Falcon Integration
Endpoint detection and response (EDR) telemetry captured from internal systems.
Focus on insider threats, lateral movement, and anomaly-based detections.
CrowdStrike agents deployed across all privileged access endpoints.
Access Logging (HIPAA + HITRUST Aligned)
Log Type | Contents | Retention |
Authentication Logs | Timestamp, user, method (SSO/SAML), IP address, success/failure, group claims | 10 years |
API Access Logs | Endpoint, parameters, user ID, latency, response code | 6–10 years |
PHI Access Logs | Member ID, accessed fields, user email, action type (view/edit/export) | 6–10 years |
Audit Trails | Workflow changes, data corrections, approvals | 10 years minimum |
All access to PHI is monitored, logged, and available for compliance and audit.
Real-Time Monitoring & Alerts
Medecision has built custom dashboards and alerts in Datadog to monitor:
API response time and error rate (e.g., CMV, Guided Intake, CI Builders)
Workflow execution status (task failures, automation exceptions)
Ingestion performance (batch vs. event-based delays)
AuthN/AuthZ anomalies (e.g., failed logins, multiple region access)
Disk, memory, and container performance
Alerting Channels
Integrated with PagerDuty and email for critical alerts.
Dashboard escalations piped to Slack and support queues.
24/7 on-call support model.
Threat Detection
CrowdStrike Falcon provides behavioral and signature-based threat detection.
Integrated with GCP Security Command Center and SIEM feeds.
Identity-based alerting for unusual account behaviors.
Periodic threat hunting conducted by SecOps.
Retention Policies
Log Category | Retention Period |
Auth Logs | 10 years |
API Access Logs | 6–10 years (client-specific) |
PHI Interaction Logs | 6–10 years (regulated) |
System Performance Logs | 13 months (Datadog standard) + cold archive |
Endpoint Security Logs | 12 months (CrowdStrike + GCP export) |
Client-specific retention requirements (CMS, state regs) are supported via tagging.
Client Visibility & Access
Custom client dashboards available (e.g., uptime, latency, ingestion lag).
Access logs available via request or monthly extracts.
Shared dashboards on request via secure embedded analytics.
Partner-specific alerting tiers available.
Medecision’s access logging and monitoring stack is purpose-built to support high-trust, real-time care management and utilization workflows—while fully aligning with HIPAA, HITRUST, and CMS audit expectations.