📋 Free Download: 2026 HIPAA Compliance Checklist — updated for the latest OCR enforcement priorities. Get it free →

HIPAA Compliance 5 min read

Audit Log Reports

AXIS CloudSync's audit logs provide a complete, tamper-evident record of all activity in your account. Learn how to access, filter, and export audit logs for HIPAA compliance reviews and security investigations.

What Is Logged

  • File operations: Upload, download, rename, move, copy, delete, restore.
  • Sharing events: Share link created, accessed, revoked; secure share sent.
  • Authentication: Login (successful and failed), logout, 2FA setup, password change.
  • Sync events: Desktop client sync, mobile app sync, WebDAV access.
  • Admin actions: User created/modified/deleted, policy changes, Team Share changes.
  • Backup events: Backup started, completed, failed.

Each log entry includes: timestamp, user, action type, affected resource (file/folder name and path), and IP address.

Note

Audit logs are tamper-evident — no user, including administrators, can modify or delete log entries. This ensures the integrity of your compliance records.

Accessing Your Activity Log

  1. 1Log in to the web portal.
  2. 2Click the Activity Log tab in the top navigation (or navigate to Files → Activity Log).
  3. 3Your personal activity log will display, showing all actions you have taken in the system.

Filtering the Log

Use the filter controls to narrow down the log to specific events:

  • Date Range: Filter by a specific date range (e.g., last 30 days, custom range).
  • Action Type: Filter by action category (uploads only, downloads only, shares only, etc.).
  • User: (Admin only) Filter by a specific user's activity.
  • File/Folder: Search for activity related to a specific file or folder name.
  • IP Address: Filter by IP address to investigate access from a specific location.

Exporting for Compliance

  1. 1Apply any filters you need (date range, action type, etc.).
  2. 2Click the Export button above the log.
  3. 3Choose your export format: CSV (for spreadsheet analysis) or PDF (for audit submissions).
  4. 4The export will download to your computer.

Tip

For HIPAA audit submissions, export as PDF and include the date range and your organization name in the filename (e.g., AXIS-AuditLog-YourOrg-2025-Q4.pdf). Retain exported logs for a minimum of 6 years.

Admin: Org-Wide Activity Logs

Administrators can view activity logs for all users in the organization from the Admin panel — not just their own activity.

  1. 1In the Admin panel, navigate to Reports → Activity Log.
  2. 2The org-wide log shows all activity across all users.
  3. 3Use the User filter to view activity for a specific employee.
  4. 4Use the File/Folder filter to see who has accessed a specific file — essential for PHI access audits.

Tip

Set up a scheduled compliance report to automatically email the org-wide activity log to your compliance officer monthly. See the Compliance Reports guide for instructions.

Log Retention

HIPAA requires audit logs to be retained for a minimum of 6 years from the date of creation. AXIS CloudSync's log retention period depends on your plan:

  • Standard plans: 1 year of log retention.
  • Professional plans: 3 years of log retention.
  • Enterprise plans: 6+ years of log retention (configurable).

Important

If your plan's log retention period is less than 6 years, you must export and archive logs manually to meet HIPAA requirements. Contact your account manager to upgrade to a plan with extended log retention.
Back to All Tutorials
Schedule a Demo