Release 5 Preview #3

This page is part of the FHIR Specification (v4.5.0: R5 Preview #3). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions . Page versions: R5 R4B R4 R3 R2

Auditevent-example-disclosure.xml

Security Work GroupMaturity Level: N/AStandards Status: InformativeCompartments: Device, Patient, Practitioner

Raw XML (canonical form + also see XML Format Specification)

Jump past Narrative

Accounting of a Disclosure (id = "example-disclosure")

<?xml version="1.0" encoding="UTF-8"?>

<AuditEvent xmlns="http://hl7.org/fhir">
  <id value="example-disclosure"/> 
  <text> 
    <status value="generated"/> 
    <div xmlns="http://www.w3.org/1999/xhtml">
      <p> Disclosure by some idiot, for marketing reasons, to places unknown, of a Poor Sap, data
         about Everthing important.</p> 
      <p> 
        <b>  type:</b>  Export</p> 
      <p> 
        <b>  subtype:</b>  HIPAA Disclosure</p> 
      <p> 
        <b>  action:</b>  Read</p> 
      <p> 
        <b>  severity:</b>  Notice: normal but signficant condition</p> 
      <p> 
        <b>  recorded:</b>  September 22, 2013</p> 
      <p> 
        <b>  PurposeOfEvent:</b>  Healthcare Marketing</p> 
      <p> 
        <b>  source agent:</b>  user ID</p> 
      <p> 
        <b>  source agent location:</b>  Location 1</p> 
      <p> 
        <b>  source agent network id:</b>  custodian.net</p> 
      <p> 
        <b>  recipient agent:</b>  practitioner ID</p> 
      <p> 
        <b>  recipient agent network id:</b>  marketing.land</p> 
      <p> 
        <b>  patient:</b>  patient identity</p> 
      <p> 
        <b>  data exposed:</b>  list of data</p> 
    </div> 
  </text> 
  <type> 
    <system value="http://dicom.nema.org/resources/ontology/DCM"/> 
    <code value="110106"/> 
    <display value="Export"/> 
  </type> 
  <subtype> 
    <code value="Disclosure"/> 
    <display value="HIPAA disclosure"/> 
  </subtype> 
  <action value="R"/> 
  <severity value="notice"/> 
  <recorded value="2013-09-22T00:08:00Z"/> 
  <outcome> 
    <coding> 
      <system value="http://terminology.hl7.org/CodeSystem/audit-event-outcome"/> 
      <code value="0"/> 
      <display value="Success"/> 
    </coding> 
    <text value="Successful Disclosure"/> 
  </outcome>  

  <purposeOfEvent> 
    <coding> 
      <system value="http://terminology.hl7.org/CodeSystem/v3-ActReason"/> 
      <code value="HMARKT"/> 
      <display value="healthcare marketing"/> 
    </coding> 
  </purposeOfEvent> 
  <agent> 
    <!--   who disclosed the data   -->
    <type> 
      <coding> 
        <system value="http://dicom.nema.org/resources/ontology/DCM"/> 
        <code value="110153"/> 
        <display value="Source Role ID"/> 
      </coding> 
    </type> 
    <who> 
      <identifier> 
        <value value="SomeIdiot@nowhere"/> 
      </identifier> 
    </who> 
    <altId value="notMe"/> 
    <name value="That guy everyone wishes would be caught"/> 
    <requestor value="true"/> 
    <location> 
      <reference value="Location/1"/> 
    </location> 
    <policy value="http://consent.com/yes"/> 
    <network> 
      <address value="custodian.net"/> 
      <type value="1"/> 
    </network> 
  </agent> 
  <agent> 
    <!--   who received the data   -->
    <type> 
      <coding> 
        <system value="http://dicom.nema.org/resources/ontology/DCM"/> 
        <code value="110152"/> 
        <display value="Destination Role ID"/> 
      </coding> 
    </type> 
    <who> 
      <reference value="Practitioner/example"/> 
      <display value="Where"/> 
    </who> 
    <requestor value="false"/> 
    <network> 
      <address value="marketing.land"/> 
      <type value="1"/> 
    </network> 
    <purposeOfUse> 
      <coding> 
        <system value="http://terminology.hl7.org/CodeSystem/v3-ActReason"/> 
        <code value="HMARKT"/> 
        <display value="healthcare marketing"/> 
      </coding> 
    </purposeOfUse> 
  </agent> 
  <source> 
    <!--   what system detected this disclosure   -->
    <site value="Watcher"/> 
    <observer> 
      <display value="Watchers Accounting of Disclosures Application"/> 
    </observer> 
    <type> 
      <system value="http://terminology.hl7.org/CodeSystem/security-source-type"/> 
      <code value="4"/> 
      <display value="Application Server"/> 
    </type> 
  </source> 
  <entity> 
    <!--   patient whos data got disclosed   -->
    <what> 
      <reference value="Patient/example"/> 
    </what> 
    <type> 
      <system value="http://terminology.hl7.org/CodeSystem/audit-entity-type"/> 
      <code value="1"/> 
      <display value="Person"/> 
    </type> 
    <role> 
      <system value="http://terminology.hl7.org/CodeSystem/object-role"/> 
      <code value="1"/> 
      <display value="Patient"/> 
    </role> 
  </entity> 
  <entity> 
    <!--   data that got disclosed   -->
    <what> 
      <reference value="Patient/example/_history/1"/> 
      <identifier> 
        <value value="What.id"/> 
      </identifier> 
    </what> 
    <type> 
      <system value="http://terminology.hl7.org/CodeSystem/audit-entity-type"/> 
      <code value="2"/> 
      <display value="System Object"/> 
    </type> 
    <role> 
      <system value="http://terminology.hl7.org/CodeSystem/object-role"/> 
      <code value="4"/> 
      <display value="Domain Resource"/> 
    </role> 
    <lifecycle> 
      <system value="http://terminology.hl7.org/CodeSystem/dicom-audit-lifecycle"/> 
      <code value="11"/> 
      <display value="Disclosure"/> 
    </lifecycle> 
    <securityLabel> 
      <system value="http://terminology.hl7.org/CodeSystem/v3-Confidentiality"/> 
      <code value="V"/> 
      <display value="very restricted"/> 
    </securityLabel> 
    <securityLabel> 
      <system value="http://terminology.hl7.org/CodeSystem/v3-ActCode"/> 
      <code value="STD"/> 
      <display value="sexually transmitted disease information sensitivity"/> 
    </securityLabel> 
    <securityLabel> 
      <system value="http://terminology.hl7.org/CodeSystem/v3-ActCode"/> 
      <code value="DELAU"/> 
      <display value="delete after use"/> 
    </securityLabel> 
    <name value="data about Everthing important"/> 
  </entity> 
</AuditEvent> 

Usage note: every effort has been made to ensure that the examples are correct and useful, but they are not a normative part of the specification.