This page is part of the FHIR Specification (v0.4.0: DSTU 2 Draft). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions . Page versions: R5 R4B R4 R3 R2

6.5 Resource Provenance - Content

This resource maintained by the FHIR Management Group Work Group

Provenance information that describes the activity that led to the creation of a set of resources. This information can be used to help determine their reliability or trace where the information in them came from. The focus of the provenance resource is record keeping, audit and traceability, and not explicit statements of clinical significance.

6.5.1 Scope and Usage

The provenance resource tracks information about activity that created a version of a resource, including the entities, and agents involved in producing a resource. This information can be used to form assessments about its quality, reliability or trustworthiness, or to provide pointers for where to go to further investigate the origins of the resource and the information in it.

Provenance resources are a record-keeping assertion that gathers information about the context in which the information in a resource was obtained. Provenance resources are prepared by the application that initiates the create/update etc. of the resource. A Security Event resource contains overlapping information, but is created as events occur, to track and audit the events. Security Event resources are often (though not exclusively) created by the application responding to the read/query/create/update etc. event.

6.5.2 Boundaries and Relationships

Many other FHIR resources contain some elements that represent information about how the resource was obtained, and therefore thay overlap with the functionality of the Provenance resource. These properties in other resources should always be used in preference to the provenance resource, and the provenance resource should be used where additional information is required, though overlap can occur.

6.5.3 Background and Context

The provenance resource is based on the W3C Provenance specification, and mappings are provided. The Provenance resource is tailored to fit the FHIR use-cases for provenance more directly. The W3C Provenance Specification has the following fundamental model:

Key concepts

The Provenance resource actually corresponds to a single activity that identifies a set of resources (target) generated by the activity. The activity also references other entities (entity) that were used and the agents (agent) that were associated with the activity.

Structure

Name	Card.	Type	Description & Constraints
Provenance		DomainResource	Who, What, When for a set of resources
target	1..*	Any	Target Reference(s) (usually version specific)
period	0..1	Period	When the activity occurred
recorded	1..1	instant	When the activity was recorded / updated
reason	0..1	CodeableConcept	Reason the activity is occurring
location	0..1	Location	Where the activity occurred, if relevant
policy	0..*	uri	Policy or plan the activity was defined by
agent	0..*	Element	Person, organization, records, etc. involved in creating resource
role	1..1	Coding	e.g. author \| overseer \| enterer \| attester \| source \| cc: + ProvenanceAgentRole (Incomplete)
type	1..1	Coding	e.g. Resource \| Person \| Application \| Record \| Document + ProvenanceAgentType (Incomplete)
reference	1..1	uri	Identity of agent (urn or url)
display	0..1	string	Human description of participant
entity	0..*	Element	An entity used in this activity
role	1..1	code	derivation \| revision \| quotation \| source ProvenanceEntityRole (Required)
type	1..1	Coding	Resource Type, or something else ProvenanceEntityType (Incomplete)
reference	1..1	uri	Identity of participant (urn or url)
display	0..1	string	Human description of participant
agent	0..1	see agent	Entity is attributed to this agent
integritySignature	0..1	string	Base64 signature (DigSig) - integrity check

UML Diagram

XML Template

<Provenance xmlns="http://hl7.org/fhir"> 
 <!-- from Resource: id, meta, implicitRules, and language -->
 <!-- from DomainResource: text, contained, extension, and modifierExtension -->
 <target><!-- 1..* Reference(Any) Target Reference(s) (usually version specific) --></target>
 <period><!-- 0..1 Period When the activity occurred --></period>
 <recorded value="[instant]"/><!-- 1..1 When the activity was recorded / updated -->
 <reason><!-- 0..1 CodeableConcept Reason the activity is occurring --></reason>
 <location><!-- 0..1 Reference(Location) Where the activity occurred, if relevant --></location>
 <policy value="[uri]"/><!-- 0..* Policy or plan the activity was defined by -->
 <agent>  <!-- 0..* Person, organization, records, etc. involved in creating resource -->
  <role><!-- 1..1 Coding e.g. author | overseer | enterer | attester | source | cc: + --></role>
  <type><!-- 1..1 Coding e.g. Resource | Person | Application | Record | Document + --></type>
  <reference value="[uri]"/><!-- 1..1 Identity of agent (urn or url) -->
  <display value="[string]"/><!-- 0..1 Human description of participant -->
 </agent>
 <entity>  <!-- 0..* An entity used in this activity -->
  <role value="[code]"/><!-- 1..1 derivation | revision | quotation | source -->
  <type><!-- 1..1 Coding Resource Type, or something else --></type>
  <reference value="[uri]"/><!-- 1..1 Identity of participant (urn or url) -->
  <display value="[string]"/><!-- 0..1 Human description of participant -->
  <agent><!-- 0..1 Content as for Provenance.agent Entity is attributed to this agent --></agent>
 </entity>
 <integritySignature value="[string]"/><!-- 0..1 Base64 signature (DigSig) - integrity check -->
</Provenance>

JSON Template

{
  "resourceType" : "Provenance",
  // from Resource: id, meta, implicitRules, and language
  // from DomainResource: text, contained, extension, and modifierExtension
  "target" : [{ Reference(Any) }], // R! Target Reference(s) (usually version specific)
  "period" : { Period }, // When the activity occurred
  "recorded" : "<instant>", // R! When the activity was recorded / updated
  "reason" : { CodeableConcept }, // Reason the activity is occurring
  "location" : { Reference(Location) }, // Where the activity occurred, if relevant
  "policy" : ["<uri>"], // Policy or plan the activity was defined by
  "agent" : [{ // Person, organization, records, etc. involved in creating resource
    "role" : { Coding }, // R! e.g. author | overseer | enterer | attester | source | cc: +
    "type" : { Coding }, // R! e.g. Resource | Person | Application | Record | Document +
    "reference" : "<uri>", // R! Identity of agent (urn or url)
    "display" : "<string>" // Human description of participant
  }],
  "entity" : [{ // An entity used in this activity
    "role" : "<code>", // R! derivation | revision | quotation | source
    "type" : { Coding }, // R! Resource Type, or something else
    "reference" : "<uri>", // R! Identity of participant (urn or url)
    "display" : "<string>", // Human description of participant
    "agent" : { Content as for Provenance.agent } // Entity is attributed to this agent
  }],
  "integritySignature" : "<string>" // Base64 signature (DigSig) - integrity check
}

Structure

Name	Card.	Type	Description & Constraints
Provenance		DomainResource	Who, What, When for a set of resources
target	1..*	Any	Target Reference(s) (usually version specific)
period	0..1	Period	When the activity occurred
recorded	1..1	instant	When the activity was recorded / updated
reason	0..1	CodeableConcept	Reason the activity is occurring
location	0..1	Location	Where the activity occurred, if relevant
policy	0..*	uri	Policy or plan the activity was defined by
agent	0..*	Element	Person, organization, records, etc. involved in creating resource
role	1..1	Coding	e.g. author \| overseer \| enterer \| attester \| source \| cc: + ProvenanceAgentRole (Incomplete)
type	1..1	Coding	e.g. Resource \| Person \| Application \| Record \| Document + ProvenanceAgentType (Incomplete)
reference	1..1	uri	Identity of agent (urn or url)
display	0..1	string	Human description of participant
entity	0..*	Element	An entity used in this activity
role	1..1	code	derivation \| revision \| quotation \| source ProvenanceEntityRole (Required)
type	1..1	Coding	Resource Type, or something else ProvenanceEntityType (Incomplete)
reference	1..1	uri	Identity of participant (urn or url)
display	0..1	string	Human description of participant
agent	0..1	see agent	Entity is attributed to this agent
integritySignature	0..1	string	Base64 signature (DigSig) - integrity check

UML Diagram

XML Template

<Provenance xmlns="http://hl7.org/fhir"> 
 <!-- from Resource: id, meta, implicitRules, and language -->
 <!-- from DomainResource: text, contained, extension, and modifierExtension -->
 <target><!-- 1..* Reference(Any) Target Reference(s) (usually version specific) --></target>
 <period><!-- 0..1 Period When the activity occurred --></period>
 <recorded value="[instant]"/><!-- 1..1 When the activity was recorded / updated -->
 <reason><!-- 0..1 CodeableConcept Reason the activity is occurring --></reason>
 <location><!-- 0..1 Reference(Location) Where the activity occurred, if relevant --></location>
 <policy value="[uri]"/><!-- 0..* Policy or plan the activity was defined by -->
 <agent>  <!-- 0..* Person, organization, records, etc. involved in creating resource -->
  <role><!-- 1..1 Coding e.g. author | overseer | enterer | attester | source | cc: + --></role>
  <type><!-- 1..1 Coding e.g. Resource | Person | Application | Record | Document + --></type>
  <reference value="[uri]"/><!-- 1..1 Identity of agent (urn or url) -->
  <display value="[string]"/><!-- 0..1 Human description of participant -->
 </agent>
 <entity>  <!-- 0..* An entity used in this activity -->
  <role value="[code]"/><!-- 1..1 derivation | revision | quotation | source -->
  <type><!-- 1..1 Coding Resource Type, or something else --></type>
  <reference value="[uri]"/><!-- 1..1 Identity of participant (urn or url) -->
  <display value="[string]"/><!-- 0..1 Human description of participant -->
  <agent><!-- 0..1 Content as for Provenance.agent Entity is attributed to this agent --></agent>
 </entity>
 <integritySignature value="[string]"/><!-- 0..1 Base64 signature (DigSig) - integrity check -->
</Provenance>

JSON Template

{
  "resourceType" : "Provenance",
  // from Resource: id, meta, implicitRules, and language
  // from DomainResource: text, contained, extension, and modifierExtension
  "target" : [{ Reference(Any) }], // R! Target Reference(s) (usually version specific)
  "period" : { Period }, // When the activity occurred
  "recorded" : "<instant>", // R! When the activity was recorded / updated
  "reason" : { CodeableConcept }, // Reason the activity is occurring
  "location" : { Reference(Location) }, // Where the activity occurred, if relevant
  "policy" : ["<uri>"], // Policy or plan the activity was defined by
  "agent" : [{ // Person, organization, records, etc. involved in creating resource
    "role" : { Coding }, // R! e.g. author | overseer | enterer | attester | source | cc: +
    "type" : { Coding }, // R! e.g. Resource | Person | Application | Record | Document +
    "reference" : "<uri>", // R! Identity of agent (urn or url)
    "display" : "<string>" // Human description of participant
  }],
  "entity" : [{ // An entity used in this activity
    "role" : "<code>", // R! derivation | revision | quotation | source
    "type" : { Coding }, // R! Resource Type, or something else
    "reference" : "<uri>", // R! Identity of participant (urn or url)
    "display" : "<string>", // Human description of participant
    "agent" : { Content as for Provenance.agent } // Entity is attributed to this agent
  }],
  "integritySignature" : "<string>" // Base64 signature (DigSig) - integrity check
}

Alternate definitions: Schema/Schematron, Resource Profile (XML, JSON), Questionnaire

6.5.4.1 Terminology Bindings

Path	Definition	Type	Reference
Provenance.agent.role	The role that a provenance agent played	Incomplete	http://hl7.org/fhir/vs/provenance-agent-role
Provenance.agent.type	The type of a provenance agent	Incomplete	http://hl7.org/fhir/vs/provenance-agent-type
Provenance.entity.role	How an entity was used in an activity	Fixed	http://hl7.org/fhir/provenance-entity-role
Provenance.entity.type	The type of an entity used in an activity	Incomplete	http://hl7.org/fhir/vs/resource-types

Path

Definition

Type

Reference

Provenance.agent.role

The role that a provenance agent played

Incomplete

http://hl7.org/fhir/vs/provenance-agent-role

Provenance.agent.type

The type of a provenance agent

Incomplete

http://hl7.org/fhir/vs/provenance-agent-type

Provenance.entity.role

How an entity was used in an activity

Fixed

http://hl7.org/fhir/provenance-entity-role

Provenance.entity.type

The type of an entity used in an activity

Incomplete

http://hl7.org/fhir/vs/resource-types

6.5.4.2 Using the Provenance Resource

The provenance resource identifies information about another resource (the reference element). The provenance resource may be used in several different ways:

As part of a document bundle where it identifies the provenance of part or all of the document
On a RESTful system where it keeps track of provenance information relating to resources

When used in a document bundle, the references are often not explicitly versioned, but they always implicitly pertain to the version of the resource found in the document. On a RESTful system, the target resource reference should be version specific, but this requires special care: For new resources that need to have a corresponding Provenance resource, the version-specific reference is often not knowable until after the target resource has been updated. This can create an integrity problem for the system - what if the provenance resource cannot be created after the target resource has been updated? To avoid any such integrity problems, the target resource and the provenance resources should be submitted as a pair using a transaction.

6.5.4.3 Digital Signatures

The provenance resource includes an integritySignature element which contains an XML digital signature.

The purpose of the signature is limited to checking cryptographic integrity of the target Reference(s); e.g. detecting whether changes have occurred between the original construction of the resource and the application processing it. In order to make proper use of the signature element, implementation profiles are required to further clarify the obligations around creating and checking the signature.

The following rules apply to digital signature:

The Certificate identifier SHOULD match the identity of an agent (Provenance.agent.reference)
If the signature has an IHE purposeOfSignature property, the value SHALL be "source", OID "1.2.840.10065.1.12", which means "the signature of an automated data source". If the signature does not have a purposeOfSignature property, the signature is still to used for this use
Whether the representation of the Provenance resource is xml or json, the signature is a base64 of the XML signature
The signature is always a signature of the target resource XML representation using a stated canonicalization

The signature is only added to support , and not to represent workflow and clinical aspects of the signing process, or to support non-repudiation.

6.5.4.4 Party References

Because the Provenance resource often refers to parties that are not represented as FHIR resources, Agent and Entity references are allowed to be either references to other resources, or they can refer to other entities that are not FHIR resources.

The code in the .type element is used to differentiate between the two: if the code is in the system "http://hl7.org/fhir/resource-types", then the reference is to a resource, and the element reference functions exactly the same as in a Resource Reference.

A version specific reference to a FHIR resource on the same server:

  <agent>
    <type>
      <system value="http://hl7.org/fhir/resource-types"/>
      <code value="Patient"/>
    </type>
    <reference value="Patient/34/_history/3"/>
  </agent>

In effect, this is the same pattern as a standard resource reference, but the type becomes extensible to allow referencing other kinds of resources.

A reference to a user (a person) not represented by a FHIR resource:

  <agent>
    <type>
      <system value="http://hl7.org/fhir/provenance-participant-type"/>  
      <code value="person"/>
    </type>  
    <reference value="http://acme.com/users/34"/>
  </agent>

One subtle issue with the use of the Provenance resource is to differentiate between whether the reference is to the Resource itself, or whether the the reference is to the real world thing that the resource represents, e.g. was it the person involved in the activity, or the record of the person. For Agents, it should be understood that the reference is to the real world thing that the resource represents.

6.5.5 Search Parameters

Search parameters for this resource. The common parameters also apply. See Searching for more information about searching in REST, messaging, and services.

Name	Type	Description	Paths
end	date	End time with inclusive boundary, if not ongoing	Provenance.period.end
location	reference	Where the activity occurred, if relevant	Provenance.location (Location)
party	token	Identity of agent (urn or url)	Provenance.agent.reference
partytype	token	e.g. Resource \| Person \| Application \| Record \| Document +	Provenance.agent.type
patient	reference	A patient that the target resource(s) refer to	(Patient)
start	date	Starting time with inclusive boundary	Provenance.period.start
target	reference	Target Reference(s) (usually version specific)	Provenance.target (Any)