Every PHI access, every config change, every encryption rotation — captured, indexed, and continuously validated against HIPAA technical safeguards.