We are building an application for healthcare industry and we are planning to use a 3rd party BI tool for reporting which will directly connect to our postgres DB and generate the desired reports which we should be able to download as CSV or PDF. Reports will contain PHI data like list of patient in a particular zip (this is a simple example, complex scenarios will be there and even complete adhoc reporting can be there as well)
But as per requirement of HIPAA we should be able to log who access the PHI data and what was accessed. I reviewed some of the tools like Tableau. It manages audit log in files and keep record of the user and the underlying sql query which was made to the DB but not the records which were fetched as result of that query. So how can we accomplish this?
One approach we thought if we find some postgres extension which can log all the queries ran on the DB along with results but unable to find such plugin as well.
Any help will be appreciated.
