← Toutes les ressources
Security · 9 min

What healthcare AI agents must log before production

Traceability, roles, retention and audits: the minimum bar for deployment.

An AI agent operating on health data must produce a complete audit trail: who triggered the action, on which data, with what result, and how long this information is retained. This requirement is not optional: it is the very condition of a compliant production deployment.

Minimum requirements in a health-data hosting environment include: logging of patient data access (read and write), traceability of external API calls, signed non-repudiable timestamping, and separate retention of technical and business logs.

The technical/business distinction matters. Technical logs serve operations and can be kept for short periods. Business logs serve audit and must be retained according to strict rules, sometimes for several years.

Traceability must also distinguish human identity from agent identity. When an agent acts on behalf of a user, the log must reflect this dual identity: the user who triggered or supervised the action, and the agent that executed it.

Access control must be granular. An agent should only have access to data strictly necessary for its mission, and these accesses should be revocable at any time. Permissions must be traced just like actions.

Calls to language models must themselves be logged: prompt sent, response received, model used, version, parameters. This traceability is essential to reproduce a past behavior in case of audit or dispute.

Retention must respect legal durations and allow selective purge. A GDPR erasure request must be executable without destroying the global audit trail.

Log export and consultation must be possible without vendor intervention. A DPO must be able to extract autonomously the access history to a patient file on request.

Without these foundations, annual audits and data protection reviews become impossible to pass calmly. And beyond compliance, internal trust is at stake: a team only deploys an agent if it can understand and explain each of its actions.

Granit publishes its logging grid in open documentation, allowing each DPO and CISO to verify compliance before sign-off.