Skip to main content
Notifications
You're all caught up.
View all notifications
OnlyHIPAA
← All documentation

Change Log

A change to a system, policy, or process that touches PHI should be recorded, reviewed, and — if it goes wrong — rolled back. The Change Log is that record: a request-to-implementation trail for change management.

Change Log is a Professional plan feature.

A change request

Each entry has a title, a type (system, policy, process, infrastructure, personnel, vendor, other), the system affected, a description, a risk level, and a change date. Flag PHI impact when the change touches protected data, and capture a rollback plan and test results where they apply.

The workflow

A request moves through clear states, each set by an explicit action:

  1. Planned — the request as filed.
  2. Approved — an admin signs off (the approver and time are stamped).
  3. Implemented — the change is live (time stamped).
  4. Rolled back or Rejected — end states for changes that were reversed or declined.

The list summarizes what's planned, what's approved but not yet implemented, and what was implemented this month.

Who can do what

Org admins create change requests and drive them through approval, implementation, and rollback. Everyone else views the log read-only.

OnlyHIPAA

Making HIPAA compliance accessible for every healthcare organization.

HIPAA SOC 2 NIST CSF

View our security posture →

Product

  • Frameworks
  • Sherpa AI
  • Risk Analysis
  • Compliance Operations
  • Reporting
  • Integrations & API
  • Pricing

Company

  • About Us
  • Team
  • Mission
  • Contact

Legal

  • Privacy Policy
  • Terms of Service
  • BAA Template
  • Security

Resources

  • Documentation
  • HIPAA Guide
  • Blog
  • Status Page

© 2026 OnlyHIPAA, Inc. All rights reserved.

OnlyHIPAA provides tools to assist with HIPAA compliance but does not constitute legal advice. Consult qualified legal counsel for specific compliance guidance.