D-KaP Record — the EpochCore product that turns each PHI access event into HIPAA 164.312(b) audit-log evidence with tamper-evident integrity proofs — seals every record at the moment it’s captured. When OCR asks “who accessed this patient’s record on this date,” you have a signed answer—not a query result that could have been edited.
HIPAA 164.312(b) requires covered entities to record and examine activity in systems containing protected health information (PHI). When the Office for Civil Rights (OCR) investigates a complaint or breach, they want signed, tamper-evident proof of who accessed which patient record, from which device, on which date. Most healthcare organizations rely on EHR audit logs—exported as flat files or queried from the EHR vendor’s database. OCR investigators know those logs sit in editable systems and routinely ask “how do you know this log wasn’t modified before you produced it?”
The honest answer is usually “our policy says we don’t modify it.” That’s not the same as evidence. After a breach, that gap costs money.
D-KaP Record seals each PHI access event with three cryptographic signatures and a verifiable timestamp at the moment it’s recorded. The sealed record is anchored to an external trust root so an OCR investigator—or a plaintiff’s lawyer, or a state attorney general—can verify the access log wasn’t edited after the fact. You can seal individual high-risk events (executive PHI access, after-hours queries) or stream your entire EHR audit log through the endpoint.
40668c787c463ca5. OCR investigators and plaintiff counsel can verify offline.Either stream every PHI access event from your EHR (highest defensibility, recommended for large covered entities) or seal selectively for high-risk events—VIP patient access, after-hours queries, bulk exports, executive lookups. Start with whichever your privacy officer flags as the highest-risk category.
/recordSubmit the access details (user ID, patient ID hash, timestamp, action, source IP, EHR module) to the D-KaP endpoint. The service seals the record in under two seconds. Integrate via your EHR’s audit-log webhook or a simple cron job that batches the day’s log entries.
When OCR opens an investigation or a patient files a 164.524(d) accounting-of-disclosures request, export the signed access history for the relevant patient or period. Hand it over as JSONL plus PDF. The investigator verifies the signatures against the published trust root, confirms the log wasn’t edited, and moves on.
Example: A 220-bed regional hospital’s privacy officer streams every “break-glass” PHI access from the EHR through /record—roughly 80 events per day. Eight months later, OCR opens an investigation after a patient complaint about a clinician viewing her record without a treatment relationship. The privacy officer exports the signed access history for that patient: 14 events, each with the signed user identity, timestamp, and the EHR module touched. The investigator verifies the signatures, confirms the access log was sealed in real time (not reconstructed after the complaint), and the complaint is closed without a corrective action plan.
HIPAA breach settlements average $1M+ per case for medium-size covered entities, and OCR routinely cites “inadequate audit controls” under 164.312(b) as a contributing finding. At $29 per sealed event, sealing 5,000 high-risk events per year costs $145k—a fraction of one OCR corrective action. For most covered entities, the spend pays for itself the first time an investigator accepts the signed log without follow-up sampling.
The same signed access record, plus the OCR-ready PDF export carries an invisible stealth watermark keyed to your trust root. The watermark adds a second, image-layer chain of custody on the export itself—useful when the access log gets re-screenshotted into the investigator’s workpapers, attached to a patient response letter, or shared with outside counsel. Measured to stay attached through screenshots, JPEG compression, and scaling (90 of 136 attack vectors survived, false-positive rate zero, SSIM 0.985). Not “uncopyable”—the watermark layer can be stripped—but tamper-evident in the ways HIPAA investigators actually care about. MEASURED