HomeProductAudit Trail & Chain of Custody
Chain of Custody Medical Records

Who touched what, when — provable, page by page.

Chain of custody and audit trail software from Medrecords AI logs every ingest, access, edit, and export immutably from the moment a file arrives. When admissibility or a HIPAA audit asks who touched what, and when, you export a custody report per production instead of reconstructing an argument.

Adams, T. · Case #IME-4812 Custody log
TimeEventActor
09:02:11 Ingest · packet 1 of 2 · 342 pages SHA-256 system
09:02:14 Hash verified · packet intact match system
10:41:07 Viewed p.140 · quarantined page PHI access j.rivera
10:58:32 Annotation added · p.140 logged j.rivera
16:20:45 Export · custody report (PDF) production A m.okafor
Append-only · entries can never be edited or deleted
SHA-256
Every file hashed at ingest, before processing
Append-only
No edits, no deletes — not even by an admin
Per production
One exportable custody report, court-ready

Custody starts the moment the file arrives.

Every upload is hashed with SHA-256 before anything else happens, then stamped into the log with the source, packet, page count, and uploading user. From that first entry forward, the record's handling history writes itself.

File hash captured at ingest, verifiable any time after
Packet, page count, and uploader on the first entry
Ingest recordpacket 2 of 2
SHA-256 digest
9f2c…a417 · computed at 09:02:11 · verified match
Pages
342 across 2 packets
Uploaded by
m.okafor · logged
Duplicates flagged at ingest: 11 — each removal logged, never silent.
Actor: j.rivera Event: view
DateAccessContext
Apr 02 Viewed visit note · p.212 Case #IME-4812
Apr 02 Search · "right knee" Case #IME-4812
Apr 03 Viewed p.140 · quarantined Case #IME-4812
Apr 03 Download · chronology (PDF) Case #IME-4812

The access log a HIPAA audit actually asks for.

Every view, search, annotation, share, download, and export is captured with user, timestamp, and case context — PHI access logging on every event, not a sample. Filter by case, actor, or event type and hand the answer over.

"Who accessed this record and when" — answered per case, per user
Exports cleanly for your compliance team or the auditor

A custody report per production, not an argument.

When a production goes out, export a single document custody report: the hash captured at ingest, the complete touch history, and the export event itself. If admissibility is questioned in litigation, you attach the report — the handling history is already proven, page by page.

One PDF: hash at ingest, every touch, the export event
Prove the packet reviewed matches the packet produced
Custody report · production A export-ready
1 · Ingest & hash 342 pages · 2 packets
2 · Handling history every access · every actor
3 · Edits & annotations p.140 · quarantine noted
4 · Export event · sealed hash re-verified
Attach to the production. The admissibility question is answered before it's asked.
audit.log append-only
10:58:32 · annotation added · p.140 · j.rivera
11:02:09 · annotation corrected · p.140 · j.rivera → new entry, original kept
11:04:51 · log edit attempted · admin → denied · attempt itself logged
16:20:45 · custody report exported · m.okafor
Why it holds up

A log you can't rewrite is a log you can defend.

The trail is append-only by design: corrections are new entries that reference the original, and even a denied edit attempt is written down. That is what makes the output audit-grade and legally defensible — the same standard as the rest of the platform, where every fact is cited to its page and source.

See the security architecture

From first byte to court-ready custody report.

Three steps, zero manual bookkeeping — the trail builds itself while your team works the file.

01
Ingest & hash

Every file is SHA-256 hashed on arrival and stamped into the log with packet, page count, and uploader.

02
Every touch logged

Views, searches, annotations, shares, downloads, exports — each appended with user, timestamp, and case context.

03
Export the custody report

One PDF per production: hash at ingest, full handling history, and the export event — ready for court or audit.

Who needs the custody question answered.

Same immutable trail, different stakes: admissibility for one team, audit exposure for another.

FAQ

Chain of custody, answered.

No one can edit or delete a log entry — not a case admin, not Medrecords staff. The trail is append-only: a correction is a new entry that references the original, so the history of the history is itself preserved.

Ingest (with the file hash), every page view, search, annotation, edit, share, download, and export — each stamped with the user, timestamp, and case context. Because the records contain PHI, access logging runs on every event, not a sample.

Yes. One PDF per production: the file hash captured at ingest, the complete touch history, and the export event itself. When opposing counsel questions whether the packet was altered in handling, you attach the report instead of arguing.

A HIPAA audit asks who accessed this record and when. The access log answers that directly, per case and per user, and exports cleanly for your compliance team or the auditor. Records are processed under a signed BAA with encryption in transit and at rest.

Yes. Every file is hashed with SHA-256 the moment it arrives, before any processing. The hash is written into the log and the custody report, so you can prove the packet you reviewed is byte-for-byte the packet you were produced.

Related capabilities

See the custody trail your next production deserves.

Upload a file and watch the log build itself — hash, history, and custody report included. Handled under our BAA; never used to train a model.