Signed at write time
Every entry is cryptographically signed with an Ed25519 key the moment it is written. Modify an entry later and the signature fails — alteration is detectable, not silent.
AI with an audit trail your auditor can verify without us.
When you ask a vendor whether their AI has an audit trail, the answer is always yes. When you ask a compliance officer whether that audit trail would hold up in an investigation, the answer is often no. Both can be true — they describe the same product against two different bars. HASP builds for the second bar: an append-only record of every prompt and response, signed and hash-chained, that your auditor can verify without trusting us.
What makes it an audit trail, not a log
An audit trail is not a log with a longer retention setting. Four properties separate a record a regulator will accept from one they will not.
Hash-chained
Each entry carries the hash of the one before it. Tampering with any single record breaks the chain from that point forward, so selective edits cannot hide.
Anchored to trusted time
Timestamps are anchored to a third-party Time Stamping Authority under RFC 3161 — an external clock the system operator cannot quietly roll back.
Verifiable without HASP
Export a segment of the record and verify the hash chain and signatures with standard tools. The audit trail does not depend on trusting HASP's software to read it.
A log you can edit is not an audit trail
Application logs are written by software to help engineers debug it. They can be searched, modified, and deleted by whoever runs the system. A compliance audit trail is a different thing built for a different audience — a sequential record that reconstructs what happened, in what order, and who was responsible, with integrity a reviewer can check.
The HIPAA Security Rule's Audit Controls standard requires mechanisms to record and examine activity in systems that hold PHI — and that means the second kind of record. The longer version of this argument is in what makes an audit trail hold up in an investigation, and the vendor-evaluation angle is covered in the HIPAA Security Rule and AI vendors.
What gets recorded
For an AI system, “what happened” is harder to pin down than a database read or write. The audit trail has to capture the whole shape of an interaction.
Every prompt and response
What a user asked, what the model returned, and the context the system added — captured in full, not summarized. A prompt containing PHI is itself a regulated record, and it is treated as one.
Tied to a real identity
Every event is attributed to a specific, authenticated user — not a session or an IP address. The record answers “which person did this,” which is the question an investigation asks first.
Access and configuration events
Who viewed what, who changed a policy, and when. That includes HASP's own staff: any support access to an account is recorded in the same immutable log.
Retained for seven years
The chain is kept for seven years on every paid plan — past HIPAA's six-year documentation floor — and stays continuous and verifiable across the full retention window.
A complete record is also what lets an organization answer a regulator. The failures the HHS Office for Civil Rights penalizes — impermissible disclosures, missing risk analyses, unmanaged vendors — all turn, in an investigation, on whether you can produce evidence of what happened. Real HIPAA violations from AI walks through what regulators have actually penalized and why the record is what answers them.
Verified by your auditor, not ours
An audit trail only the vendor can read is not much of an audit trail. The HASP export is plain JSON, an Ed25519 public key, and a documented recipe — your auditor confirms the hash chain, the signatures, and the trusted-timestamp anchors on their own machine, with standard tools, without calling us.
That independence is the difference between a record and a reassurance. Walk the verification recipe, see the wider compliance posture in the Trust Center, and read how the architecture is built on the Audit & Trust page. For where the audit trail sits in a full compliant deployment, start with the guide to HIPAA-compliant AI, or see how HASP protects data end to end on the security page.
Who this is for
- Compliance officers who need to answer “who saw this, when, and what did they do” — with evidence, not a vendor's assurance.
- Healthcare and legal teams preparing for an audit, an investigation, or a discovery request.
- Security reviewers who will not accept “we have logs” and want to verify integrity for themselves.
- Any regulated team whose AI use has to produce a record that holds up outside the room it was created in.
AI audit trails: frequently asked questions
Application logs are built for engineers — they can be searched, modified, and deleted by whoever operates the system. A compliance audit trail is built for regulators: it captures every relevant event, ties each to a specific identity, and is tamper-evident so alteration is detectable. The HIPAA Security Rule's Audit Controls standard calls for the second kind. “We have logs” does not satisfy it.
The audit export is plain JSON, an Ed25519 public key, and a documented verification recipe. An auditor can take the export to their own machine and confirm the hash chain, the signatures, and the trusted-timestamp anchors without any HASP software and without calling us. That independence is the point.
Yes. Every prompt, the context the system injected, and the model's response are recorded in full and attributed to the user who submitted them — because for an AI system, that is what “what happened” means.
An immutable, hash-chained, independently verifiable audit trail is included on every paid plan and on Free Evaluation. Cryptographic chain integrity is verifiable at every tier; Enterprise adds full-log CSV export.
Seven years on every paid tier — beyond HIPAA's six-year documentation retention floor. Enterprise can configure a longer period by contract. The chain remains continuous and verifiable across the full window.
Get started
Make every AI interaction provable.
Every prompt, response, and access event in HASP lands on a signed, tamper-evident audit chain — retained for seven years and verifiable by your auditor without trusting us. Talk to our team, or verify a sample export yourself first.