PackagesCanonicalsLogsProblems
    Packages
    hl7.fhir.r2.core@1.0.2
    http://hl7.org/fhir/StructureDefinition/AuditEvent
JSONFHIR SchemaOther Versions
description: Base StructureDefinition for AuditEvent Resource
package_name: hl7.fhir.r2.core
name: AuditEvent
type: null
elements:
  event:
    type: BackboneElement
    short: What was done
    index: 0
    elements:
      type: {short: Type/identifier of event, type: Coding, isSummary: true, index: 1}
      subtype: {short: More specific type/id for the event, type: Coding, array: true, isSummary: true, index: 2}
      action: {short: Type of action performed during the event, type: code, isSummary: true, index: 3}
      dateTime: {short: Time when the event occurred on source, comments: 'In a distributed system, some sort of common time base (e.g. an NTP [RFC1305] server) is a good implementation tactic.', type: instant, isSummary: true, index: 4}
      outcome: {short: Whether the event succeeded or failed, comments: 'In some cases a "success" may be partial, for example, an incomplete or interrupted transfer of a radiological study. For the purpose of establishing accountability, these distinctions are not relevant.', type: code, isSummary: true, index: 5}
      outcomeDesc: {type: string, short: Description of the event outcome, isSummary: true, index: 6}
      purposeOfEvent: {short: The purposeOfUse of the event, comments: 'Use participant.purposeOfUse when you know that is specific to the participant, otherwise use event.purposeOfEvent. For example, during a machine-to-machine transfer it might not be obvious to the audit system who caused the event, but it does know why.', type: Coding, array: true, isSummary: true, index: 7}
    required: [dateTime, type]
  participant:
    min: 1
    short: A person, a hardware device or software process
    index: 8
    comments: There may be more than one user per event, for example, in cases of actions initiated by one user for other users, or in events that involve more than one user, hardware device, or system process. However, only one user may be the initiator/requestor for the event.
    type: BackboneElement
    array: true
    elements:
      role: {short: User roles (e.g. local RBAC codes), type: CodeableConcept, array: true, index: 9}
      requestor: {short: Whether user is initiator, comments: 'There can only be one initiator. If the initiator is not clear, then do not choose any one participant as the initiator.', type: boolean, index: 14}
      altId: {type: string, short: Alternative User id e.g. authentication, index: 12}
      name: {type: string, short: Human-meaningful name for the user, index: 13}
      policy: {short: Policy that authorized event, comments: 'For example: Where an OAuth token authorizes, the unique identifier from the OAuth token is placed into the policy element Where a policy engine (e.g. XACML) holds policy logic, the unique policy identifier is placed into the policy element.', type: uri, array: true, index: 16}
      purposeOfUse: {short: Reason given for this user, comments: 'Use participant.purposeOfUse when you know that is specific to the participant, otherwise use event.purposeOfEvent. For example, during a machine-to-machine transfer it might not be obvious to the audit system who caused the event, but it does know why.', type: Coding, array: true, index: 21}
      reference: {short: Direct reference to resource, type: Reference, isSummary: true, index: 10}
      userId: {short: Unique identifier for the user, comments: 'a unique value within the Audit Source ID. For node-based authentication -- where only the system hardware or process, but not a human user, is identified -- User ID would be the node name.', type: Identifier, isSummary: true, index: 11}
      network:
        type: BackboneElement
        short: Logical network location for application activity
        index: 18
        elements:
          address: {short: Identifier for the network access point of the user device, comments: 'This could be a device id, IP address or some other identifier associated with a device.', type: string, index: 19}
          type: {short: The type of network access point, type: code, index: 20}
      location: {type: Reference, short: Where, index: 15}
      media: {short: Type of media, type: Coding, index: 17}
    required: [requestor]
  source:
    short: Application systems and processes
    comments: Since multi-tier, distributed, or composite applications make source identification ambiguous, this collection of fields may repeat for each application or process actively involved in the event. For example, multiple value-sets can identify participating web servers, application processes, and database server threads in an n-tier distributed application. Passive event participants (e.g. low-level network transports) need not be identified.
    type: BackboneElement
    index: 22
    elements:
      site: {type: string, short: Logical source location within the enterprise, index: 23}
      identifier: {short: The identity of source detecting the event, type: Identifier, isSummary: true, index: 24}
      type: {short: The type of source where event originated, type: Coding, array: true, index: 25}
    required: [identifier]
  object:
    constraint:
      sev-1: {human: Either a name or a query (NOT both), severity: error}
    short: Specific instances of data or objects that have been accessed
    comments: Required unless the values for Event Identification, Active Participant Identification, and Audit Source Identification are sufficient to document the entire auditable event. Because events may have more than one participant object, this group can be a repeating set of values.
    type: BackboneElement
    array: true
    index: 26
    elements:
      role: {short: What role the Object played, comments: See RFC 3881 for rules concerning matches between role and type., type: Coding, index: 30}
      description: {type: string, short: Descriptive text, index: 34}
      name: {short: Instance-specific descriptor for Object, comments: 'This field may be used in a query/report to identify audit events for a specific person.  For example, where multiple synonymous Participant Object IDs (patient number, medical record number, encounter number, etc.) have been used.', type: string, isSummary: true, index: 33}
      type: {short: Type of object involved, comments: This value is distinct from the user's role or any user relationship to the participant object., type: Coding, index: 29}
      lifecycle: {short: Life-cycle stage for the object, comments: 'This can be used to provide an audit trail for data, over time, as it passes through the system.', type: Coding, index: 31}
      reference: {type: Reference, short: Specific instance of resource (e.g. versioned), isSummary: true, index: 28}
      identifier: {short: Specific instance of object (e.g. versioned), comments: Identifier detail depends on object type., type: Identifier, isSummary: true, index: 27}
      query: {short: Actual query for object, type: base64Binary, isSummary: true, index: 35}
      securityLabel: {short: Security labels applied to the object, type: Coding, array: true, index: 32}
      detail:
        type: BackboneElement
        short: Additional Information about the Object
        array: true
        index: 36
        elements:
          type: {type: string, short: Name of the property, index: 37}
          value: {type: base64Binary, short: Property value, index: 38}
        required: [value, type]
package_version: 1.0.2
class: resource
kind: resource
url: http://hl7.org/fhir/StructureDefinition/AuditEvent
version: null
required: [event, participant, source]