description: An AduitEvent recording a permit authorization decision by a Consent Decision Service, \n\n- Given an Authorization Decision resulted in a permit\n- And based on a Consent resource (C1) \n- And filed by a patient (P1), \n- And in response to a request by an organization (Org1) \n- And for the purpose of treatment (TREAT).\n- And the given request is authorized \n- When an AuditEvent is recorded for the activity\n- Then that AuditEvent would follow this profile regarding recording the authorization decision\n - Security Alert\n - Authorization Decison by Consent\n - Execute action\n - date/time recorded\n - outcome\n - success when Permit\n\t- failure when Deny\n\t- outcomeDesc would explain why a deny\n - recorded by the authorization server\n - Agents\n - client app\n\t- user\n\t - user requested purposeOfUse\n\t- user organization\n\t- authorization service\n - Entity\n - patient subject\n\t- consent on file for that patient\n\t- the token id (JWT ID) issued (if one is issued) should be recorded\n\t- other data may be recorded that was used in the decision package_name: ihe.iti.balp derivation: constraint name: AuthZconsent type: AuditEvent elements: outcomeDesc: {mustSupport: true, index: 5} type: pattern: type: Coding value: {code: '110113', system: 'http://dicom.nema.org/resources/ontology/DCM', display: Security Alert} index: 1 outcome: {index: 4} agent: array: true min: 4 index: 7 slicing: rules: open description: client, user, and organization requesting authorization; and authoizer discriminator: - {path: type, type: pattern} min: 4 slices: client: match: type: coding: - {code: '110150', system: 'http://dicom.nema.org/resources/ontology/DCM', display: Application} schema: _required: true index: 8 elements: role: {index: 10} who: {index: 11} altId: {index: 12} name: {index: 13} type: pattern: type: CodeableConcept value: coding: - {code: '110150', system: 'http://dicom.nema.org/resources/ontology/DCM', display: Application} index: 9 policy: {mustSupport: true, index: 15} purposeOfUse: {index: 18} network: {index: 17} location: {index: 14} media: {index: 16} required: [who, network, type] user: match: type: coding: - {code: IRCP, system: 'http://terminology.hl7.org/CodeSystem/v3-ParticipationType', display: information recipient} schema: _required: true index: 19 elements: role: {mustSupport: true, index: 21} requestor: pattern: {type: Boolean, value: true} index: 25 who: {index: 22} altId: {index: 23} name: {mustSupport: true, index: 24} type: pattern: type: CodeableConcept value: coding: - {code: IRCP, system: 'http://terminology.hl7.org/CodeSystem/v3-ParticipationType', display: information recipient} index: 20 policy: {mustSupport: true, index: 27} purposeOfUse: {mustSupport: true, index: 30} network: {index: 29} location: {index: 26} media: {index: 28} required: [who, type] userorg: match: type: coding: - {code: PROV, system: 'http://terminology.hl7.org/CodeSystem/v3-RoleClass', display: healthcare provider} schema: _required: true index: 31 elements: role: {index: 33} requestor: pattern: {type: Boolean, value: false} index: 37 who: {mustSupport: true, index: 34} altId: {index: 35} name: {index: 36} type: pattern: type: CodeableConcept value: coding: - {code: PROV, system: 'http://terminology.hl7.org/CodeSystem/v3-RoleClass', display: healthcare provider} index: 32 policy: {index: 39} purposeOfUse: {mustSupport: true, index: 42} network: {index: 41} location: {index: 38} media: {index: 40} required: [who, type] authorizer: match: type: coding: - {code: authserver, system: 'http://terminology.hl7.org/CodeSystem/extra-security-role-type', display: authorization server} schema: constraint: val-audit-source: {human: The Audit Source is this agent too., source: 'https://profiles.ihe.net/ITI/BALP/StructureDefinition/IHE.BasicAudit.AuthZconsent', severity: error, expression: $this.who = %resource.source.observer} _required: true index: 43 elements: role: {index: 45} requestor: pattern: {type: Boolean, value: false} index: 49 who: {index: 46} altId: {index: 47} name: {index: 48} type: pattern: type: CodeableConcept value: coding: - {code: authserver, system: 'http://terminology.hl7.org/CodeSystem/extra-security-role-type', display: authorization server} index: 44 policy: {index: 51} purposeOfUse: {index: 54} network: {index: 53} location: {index: 50} media: {index: 52} required: [who, type] purposeOfEvent: {mustSupport: true, index: 6} action: pattern: {type: Code, value: E} index: 3 entity: array: true min: 2 index: 55 slicing: rules: closed description: patient and submission set involved discriminator: - {path: type, type: pattern} min: 2 slices: patient: match: type: {code: '1', system: 'http://terminology.hl7.org/CodeSystem/audit-entity-type', display: Person} schema: _required: true index: 56 elements: what: type: Reference refers: ['http://hl7.org/fhir/StructureDefinition/Patient'] index: 57 type: pattern: type: Coding value: {code: '1', system: 'http://terminology.hl7.org/CodeSystem/audit-entity-type', display: Person} index: 58 role: pattern: type: Coding value: {code: '1', system: 'http://terminology.hl7.org/CodeSystem/object-role', display: Patient} index: 59 required: [what, type] consent: match: type: {code: Consent, system: 'http://hl7.org/fhir/resource-types', display: Consent} schema: array: true min: 1 _required: true index: 60 elements: what: {mustSupport: true, index: 61} type: pattern: type: Coding value: {code: Consent, system: 'http://hl7.org/fhir/resource-types', display: Consent} index: 62 required: [what, type] token: match: type: {code: UserOauthAgent, system: 'https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes'} schema: index: 63 elements: what: index: 64 elements: identifier: index: 65 elements: value: {short: jti (JWT ID), index: 66} required: [value] required: [identifier] type: pattern: type: Coding value: {code: UserOauthAgent, system: 'https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes'} index: 67 required: [what, type] modifierExtension: {index: 0} subtype: binding: {strength: required, valueSet: 'https://profiles.ihe.net/ITI/BALP/ValueSet/AuthZsubTypeVS'} index: 2 package_version: 1.1.0 class: profile kind: resource url: https://profiles.ihe.net/ITI/BALP/StructureDefinition/IHE.BasicAudit.AuthZconsent base: http://hl7.org/fhir/StructureDefinition/AuditEvent version: 1.1.0 required: [outcome]