The platform landscape
Most acute and ambulatory Cerner deployments run on Cerner Millennium, accessed through PowerChart and related applications. Privacy and access auditing is frequently handled through a dedicated auditing tool, while clinical change detail is reached through Millennium's own logs and Discern-based reporting. Because the data lives in more than one place, a single 'audit report' rarely tells the whole story.
Audit trail & access-log reporting
- Privacy / access audit (commonly P2 Sentinel)
- Used to report which users accessed a patient's record and when — the access-monitoring layer. It answers 'who looked' more than 'who changed what.'
- Millennium action / change logs
- Lower-level logging of documentation actions and modifications. Reaching it usually requires Discern reporting or a vendor-assisted export rather than the standard privacy report.
- Document / note history
- Version and addendum history for clinical documentation, including timing of entry versus authentication.
Report names and behavior vary by version, module, and how the organization configured its system — capability should be assessed against the specific deployment, not assumed.
| Timestamp (UTC) | User | Action | Detail |
|---|---|---|---|
| 2024-03-11 22:47:03 | RN J. Doe | CREATE | Progress note created — status: draft |
| 2024-03-11 23:02:10 | RN J. Doe | VIEW | Vitals flowsheet opened |
| 2024-03-12 08:55:41 | Dr. A. Roe | VIEW | Progress note opened |
| 2024-03-12 09:14:55 | RN J. Doe | EDIT | Flagged: Progress note edited — entered late, back-dated to 03-11 |
| 2024-03-12 09:15:10 | RN J. Doe | SIGN | Progress note signed |
What to demand in discovery
- Distinguish the privacy/access audit from the clinical change history explicitly — a P2 Sentinel-style access report does not establish whether documentation was altered after the fact.
- Request the Millennium-level action logs and document version history, identifying that you are aware these are separate from the access-monitoring output.
- Ask whether vendor (Oracle Health) assistance is required to produce lower-level logs, and seek production of that data rather than acceptance that it is 'not standard.'
- Define the patient, encounter, and date range precisely, since Cerner audit exports are scoped queries.
Common production gaps
- Producing an access-monitoring report and characterizing it as 'the audit trail,' leaving change history undisclosed.
- Treating documentation that was authenticated late as contemporaneous because the access report shows only viewing activity.
- Citing the limits of the privacy tool to avoid producing the deeper Millennium logs that do capture modifications.
- Scoping the export so narrowly (single user or single day) that surrounding edits fall outside the produced window.
Frequently asked questions
Is P2 Sentinel the same as Cerner's audit trail?
P2 Sentinel-style tooling is principally a privacy and access-monitoring layer — it reports who accessed a record. It is not the same as the lower-level Millennium logs and document version history that establish whether documentation was created or changed after the fact. Both should be addressed in discovery as distinct data sets.
Can Oracle Health / Cerner show when a note was actually entered?
Millennium retains document version and authentication history that distinguishes when documentation was entered from when it was signed. Producing it sometimes requires deeper reporting or vendor assistance, which is why requests should anticipate the 'not a standard report' objection.
What is commonly missing from a Cerner records production?
The most frequent gap is producing an access-monitoring report in place of the clinical change history, so that after-the-fact edits never surface. Asking for both, by name and function, closes that gap.
This page is technical and regulatory information, not legal advice.