GAO Ballot Package

This page is part of the FHIR Specification (v1.1.0: STU 3 Ballot 1). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions . Page versions: R5 R4B R4 R3 R2

This is a frozen snapshot of the FHIR specification created for the purpose of balloting the GAO implementation Guide. It includes draft changes that may be part of the future DSTU 2.1 release but further change is expected. Readers should focus solely on the GAO implementation content, and FHIR DSTU 2 for other purposes.

Auditevent-example-disclosure.xml

Raw XML (canonical form)

Accounting of a Disclosure (id = "example-disclosure")

<AuditEvent xmlns="http://hl7.org/fhir">
 <id value="example-disclosure"/>
  <text>
    <status value="generated"/>
    <div xmlns="http://www.w3.org/1999/xhtml">Disclosure by some idiot, for marketing reasons, to places unknown, of a Poor Sap, data
       about Everthing important.</div>
  </text>    
  <event>
    <type>
        <system value="http://nema.org/dicom/dicm"/>
        <code value="110106"/>
        <display value="Export"/>
    </type>
    <subtype>
          <code value="Disclosure"/>
          <display value="HIPAA disclosure"/>
    </subtype>
    <action value="R"/>
    <dateTime value="2013-09-22T00:08:00Z"/>
    <outcome value="0"/>
  <outcomeDesc value="Successful  Disclosure"/>
  <purposeOfEvent>
    <system value="http://hl7.org/fhir/v3/ActReason"/>
    <code value="HMARKT"/>
    <display value="healthcare marketing"/>
  </purposeOfEvent>
  </event>
  <participant>
  <!--   who disclosed the data   -->
    <role>
      <coding>
        <system value="http://nema.org/dicom/dicm"/>
        <code value="110153"/>
        <display value="Source Role ID"/>
      </coding>
    </role>
    <userId>
    <value value="SomeIdiot@nowhere.com"/>
  </userId>
  <altId value="notMe"/>
  <name value="That guy everyone wishes would be caught"/>
    <requestor value="true"/>
  <location>
    <reference value="Location/1"/>
  </location>
  <policy value="http://consent.com/yes"/>
    <network>
      <address value="custodian.net"/>
      <type value="1"/>
    </network>
    </participant>
  <participant>
  <!--   who received the data   -->
    <role>
      <coding>
        <system value="http://nema.org/dicom/dicm"/>
        <code value="110152"/>
        <display value="Destination Role ID"/>
      </coding>
    </role>
    <reference>
    <reference value="Practitioner/example"/>
  </reference>
    <userId>
    <value value="Where"/>
  </userId>
    <requestor value="false"/>
    <network>
      <address value="marketing.land"/>
      <type value="1"/>
    </network>
  <purposeOfUse>
      <system value="http://hl7.org/fhir/v3/ActReason"/>
    <code value="HMARKT"/>
    <display value="healthcare marketing"/>
  </purposeOfUse>
  </participant>
  <source>
  <!--   what system detected this disclosure   -->
  <site value="Watcher"/>
    <identifier>
    <value value="Watchers Accounting of Disclosures Application"/>
  </identifier>
  <type>
        <system value="http://hl7.org/fhir/security-source-type"/>
        <code value="4"/>
        <display value="Application Server"/>
  </type>
  </source>
  <object>
  <!--   patient whos data got disclosed   -->
    <reference>
    <reference value="Patient/example"/>
  </reference>
  <type>
    <system value="http://hl7.org/fhir/object-type"/>
    <code value="1"/>
    <display value="Person"/>
  </type>
  <role>
    <system value="http://hl7.org/fhir/valueset-object-role"/>
    <code value="1"/>
    <display value="Patient"/>
  </role>
  </object>
  <object>
  <!--   data that got disclosed   -->
    <identifier>
      <value value="What.id"/>
    </identifier>
    <reference>
      <reference value="Patient/example/_history/1"/>
    </reference>
  <type>
    <system value="http://hl7.org/fhir/object-type"/>
    <code value="2"/>
    <display value="System Object"/>
  </type>
  <role>
    <system value="http://hl7.org/fhir/valueset-object-role"/>
    <code value="4"/>
    <display value="DomainResource"/>
  </role>
    <lifecycle>
    <system value="http://hl7.org/fhir/object-lifecycle"/>
    <code value="11"/>
    <display value="Disclosure"/>
  </lifecycle>
  <securityLabel>
      <system value="http://hl7.org/fhir/v3/Confidentiality"/>
      <code value="V"/>
      <display value="very restricted"/>
  </securityLabel>
  <securityLabel>
      <system value="http://hl7.org/fhir/v3/ActCode"/>
      <code value="STD"/>
      <display value="sexually transmitted disease information sensitivity"/>
  </securityLabel>
  <securityLabel>
      <system value="http://hl7.org/fhir/v3/ActCode"/>
      <code value="DELAU"/>
      <display value="delete after use"/>
  </securityLabel>
    <name value="Namne of What"/>
  <description value="data about Everthing important"/>
  </object>
</AuditEvent>

Usage note: every effort has been made to ensure that the examples are correct and useful, but they are not a normative part of the specification.