description: Base StructureDefinition for AuditEvent Resource package_name: hl7.fhir.r2b.examples derivation: specialization name: AuditEvent type: null elements: outcomeDesc: isModifier: false short: Description of the event outcome type: string mustSupport: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.outcomeDesc} isSummary: true index: 5 type: isModifier: false short: Type/identifier of event index: 0 type: Coding mustSupport: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.type} isSummary: true outcome: isModifier: false short: Whether the event succeeded or failed index: 4 comments: In some cases a "success" may be partial, for example, an incomplete or interrupted transfer of a radiological study. For the purpose of establishing accountability, these distinctions are not relevant. type: code mustSupport: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.outcome} isSummary: true source: isModifier: false short: Application systems and processes index: 21 comments: Since multi-tier, distributed, or composite applications make source identification ambiguous, this collection of fields may repeat for each application or process actively involved in the event. For example, multiple value-sets can identify participating web servers, application processes, and database server threads in an n-tier distributed application. Passive event participants (e.g. low-level network transports) need not be identified. type: BackboneElement mustSupport: false elements: site: isModifier: false short: Logical source location within the enterprise type: string mustSupport: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.source.site} isSummary: false index: 22 identifier: isModifier: false short: The identity of source detecting the event index: 23 type: Identifier mustSupport: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.source.identifier} isSummary: true type: isModifier: false short: The type of source where event originated index: 24 type: Coding mustSupport: false array: true maxLength: 0 base: {max: '*', min: 0, path: AuditEvent.source.type} isSummary: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.source} required: [identifier] isSummary: false recorded: isModifier: false short: Time when the event occurred on source index: 3 comments: In a distributed system, some sort of common time base (e.g. an NTP [RFC1305] server) is a good implementation tactic. type: instant mustSupport: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.recorded} isSummary: true agent: min: 1 isModifier: false short: Actor involved in the event index: 7 comments: Several agents may be associated (i.e. have some responsibility for an activity) with an event or activity. For example, an activity may be initiated by one user for other users or involve more than one user. However, only one user may be the initiator/requestor for the activity. type: BackboneElement mustSupport: false array: true elements: role: isModifier: false short: Agent role in the event index: 8 comments: should be roles relevant to the event. Should not be an exhaustive list of roles. type: CodeableConcept mustSupport: false array: true maxLength: 0 base: {max: '*', min: 0, path: AuditEvent.agent.role} isSummary: false requestor: isModifier: false short: Whether user is initiator index: 13 comments: There can only be one initiator. If the initiator is not clear, then do not choose any one agent as the initiator. type: boolean mustSupport: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.agent.requestor} isSummary: false altId: isModifier: false short: Alternative User id e.g. authentication type: string mustSupport: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.agent.altId} isSummary: false index: 11 name: isModifier: false short: Human-meaningful name for the agent type: string mustSupport: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.agent.name} isSummary: false index: 12 policy: isModifier: false short: Policy that authorized event index: 15 comments: 'For example: Where an OAuth token authorizes, the unique identifier from the OAuth token is placed into the policy element Where a policy engine (e.g. XACML) holds policy logic, the unique policy identifier is placed into the policy element.' type: uri mustSupport: false array: true maxLength: 0 base: {max: '*', min: 0, path: AuditEvent.agent.policy} isSummary: false purposeOfUse: isModifier: false short: Reason given for this user index: 20 comments: Use AuditEvent.agent.purposeOfUse when you know that is specific to the agent, otherwise use AuditEvent.purposeOfEvent. For example, during a machine-to-machine transfer it might not be obvious to the audit system who caused the event, but it does know why. type: Coding mustSupport: false array: true maxLength: 0 base: {max: '*', min: 0, path: AuditEvent.agent.purposeOfUse} isSummary: false reference: isModifier: false short: Direct reference to resource type: Reference mustSupport: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.agent.reference} isSummary: true index: 9 userId: isModifier: false short: Unique identifier for the user index: 10 comments: a unique value within the Audit Source ID. For node-based authentication -- where only the system hardware or process, but not a human user, is identified -- User ID would be the node name. type: Identifier mustSupport: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.agent.userId} isSummary: true network: isModifier: false short: Logical network location for application activity index: 17 type: BackboneElement mustSupport: false elements: address: isModifier: false short: Identifier for the network access point of the user device index: 18 comments: This could be a device id, IP address or some other identifier associated with a device. type: string mustSupport: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.agent.network.address} isSummary: false type: isModifier: false short: The type of network access point type: code mustSupport: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.agent.network.type} isSummary: false index: 19 maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.agent.network} isSummary: false location: isModifier: false short: Where type: Reference mustSupport: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.agent.location} isSummary: false index: 14 media: isModifier: false short: Type of media type: Coding mustSupport: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.agent.media} isSummary: false index: 16 maxLength: 0 base: {max: '*', min: 0, path: AuditEvent.agent} required: [requestor] isSummary: false purposeOfEvent: isModifier: false short: The purposeOfUse of the event index: 6 comments: Use AuditEvent.agent.purposeOfUse when you know that is specific to the agent, otherwise use AuditEvent.purposeOfEvent. For example, during a machine-to-machine transfer it might not be obvious to the audit system who caused the event, but it does know why. type: Coding mustSupport: false array: true maxLength: 0 base: {max: '*', min: 0, path: AuditEvent.purposeOfEvent} isSummary: true action: isModifier: false short: Type of action performed during the event type: code mustSupport: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.action} isSummary: true index: 2 entity: constraint: sev-1: {human: Either a name or a query (NOT both), severity: error, expression: name.empty() or query.empty()} isModifier: false short: Specific instances of data or objects that have been accessed index: 25 comments: Required unless the values for event identification, agent identification, and audit source identification are sufficient to document the entire auditable event. Because events may have more than one entity, this group can be a repeating set of values. type: BackboneElement mustSupport: false array: true elements: role: isModifier: false short: What role the entity played type: Coding mustSupport: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.entity.role} isSummary: false index: 29 description: isModifier: false short: Descriptive text type: string mustSupport: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.entity.description} isSummary: false index: 33 name: isModifier: false short: Descriptor for entity index: 32 comments: This field may be used in a query/report to identify audit events for a specific person. For example, where multiple synonymous entity identifers (patient number, medical record number, encounter number, etc.) have been used. type: string mustSupport: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.entity.name} isSummary: true type: isModifier: false short: Type of object involved index: 28 comments: This value is distinct from the user's role or any user relationship to the entity. type: Coding mustSupport: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.entity.type} isSummary: false lifecycle: isModifier: false short: Life-cycle stage for the object index: 30 comments: This can be used to provide an audit trail for data, over time, as it passes through the system. type: Coding mustSupport: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.entity.lifecycle} isSummary: false reference: isModifier: false short: Specific instance of resource (e.g. versioned) type: Reference mustSupport: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.entity.reference} isSummary: true index: 27 identifier: isModifier: false short: Specific instance of object (e.g. versioned) index: 26 comments: Identifier detail depends on entity type. type: Identifier mustSupport: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.entity.identifier} isSummary: true query: isModifier: false short: Query parameters type: base64Binary mustSupport: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.entity.query} isSummary: true index: 34 securityLabel: isModifier: false short: Security labels applied to the object index: 31 type: Coding mustSupport: false array: true maxLength: 0 base: {max: '*', min: 0, path: AuditEvent.entity.securityLabel} isSummary: false detail: isModifier: false short: Additional Information about the entity index: 35 type: BackboneElement mustSupport: false array: true elements: type: isModifier: false short: Name of the property index: 36 type: string mustSupport: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.entity.detail.type} isSummary: false value: isModifier: false short: Property value index: 37 type: base64Binary mustSupport: false maxLength: 0 base: {max: '1', min: 0, path: AuditEvent.entity.detail.value} isSummary: false maxLength: 0 base: {max: '*', min: 0, path: AuditEvent.entity.detail} required: [value, type] isSummary: false maxLength: 0 base: {max: '*', min: 0, path: AuditEvent.entity} isSummary: false subtype: isModifier: false short: More specific type/id for the event index: 1 type: Coding mustSupport: false array: true maxLength: 0 base: {max: '*', min: 0, path: AuditEvent.subtype} isSummary: true package_version: 1.4.0 class: resource kind: resource url: http://hl7.org/fhir/StructureDefinition/AuditEvent base: http://hl7.org/fhir/StructureDefinition/DomainResource version: null required: [agent, recorded, source, type]