This page is part of the FHIR Specification (v5.0.0-ballot: FHIR R5 Ballot Preview). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions . Page versions: R4B R4 R3
Security Work Group | Maturity Level: N/A | Standards Status: Informative |
Raw XML (canonical form + also see XML Format Specification)
Definition for Code SystemAuditEventEntityRole
<?xml version="1.0" encoding="UTF-8"?> <CodeSystem xmlns="http://hl7.org/fhir"> <id value="object-role"/> <meta> <lastUpdated value="2022-09-07T10:58:29.429+10:00"/> <profile value="http://hl7.org/fhir/StructureDefinition/shareablecodesystem"/> </meta> <text> <status value="generated"/> <div xmlns="http://www.w3.org/1999/xhtml"> <p> This code system <code> http://terminology.hl7.org/CodeSystem/object-role</code> defines the following codes: </p> <table class="codes"> <tr> <td style="white-space:nowrap"> <b> Code</b> </td> <td> <b> Display</b> </td> <td> <b> Definition</b> </td> </tr> <tr> <td style="white-space:nowrap">1 <a name="object-role-1"> </a> </td> <td> Patient</td> <td> This object is the patient that is the subject of care related to this event. It is identifiable by patient ID or equivalent. The patient may be either human or animal.</td> </tr> <tr> <td style="white-space:nowrap">2 <a name="object-role-2"> </a> </td> <td> Location</td> <td> This is a location identified as related to the event. This is usually the location where the event took place. Note that for shipping, the usual events are arrival at a location or departure from a location.</td> </tr> <tr> <td style="white-space:nowrap">3 <a name="object-role-3"> </a> </td> <td> Report</td> <td> This object is any kind of persistent document created as a result of the event. This could be a paper report, film, electronic report, DICOM Study, etc. Issues related to medical records life cycle management are conveyed elsewhere.</td> </tr> <tr> <td style="white-space:nowrap">4 <a name="object-role-4"> </a> </td> <td> Domain Resource</td> <td> A logical object related to a health record event. This is any healthcare specific resource (object) not restricted to FHIR defined Resources.</td> </tr> <tr> <td style="white-space:nowrap">5 <a name="object-role-5"> </a> </td> <td> Master file</td> <td> This is any configurable file used to control creation of documents. Examples include the objects maintained by the HL7 Master File transactions, Value Sets, etc.</td> </tr> <tr> <td style="white-space:nowrap">6 <a name="object-role-6"> </a> </td> <td> User</td> <td> A human participant not otherwise identified by some other category.</td> </tr> <tr> <td style="white-space:nowrap">7 <a name="object-role-7"> </a> </td> <td> List</td> <td> (deprecated).</td> </tr> <tr> <td style="white-space:nowrap">8 <a name="object-role-8"> </a> </td> <td> Doctor</td> <td> Typically, a licensed person who is providing or performing care related to the event, generally a physician. The key distinction between doctor and practitioner is with regards to their role, not the licensing. The doctor is the human who actually performed the work. The practitioner is the human or organization that is responsible for the work.</td> </tr> <tr> <td style="white-space:nowrap">9 <a name="object-role-9"> </a> </td> <td> Subscriber</td> <td> A person or system that is being notified as part of the event. This is relevant in situations where automated systems provide notifications to other parties when an event took place.</td> </tr> <tr> <td style="white-space:nowrap">10 <a name="object-role-10"> </a> </td> <td> Guarantor</td> <td> Insurance company, or any other organization who accepts responsibility for paying for the healthcare event.</td> </tr> <tr> <td style="white-space:nowrap">11 <a name="object-role-11"> </a> </td> <td> Security User Entity</td> <td> A person or active system object involved in the event with a security role.</td> </tr> <tr> <td style="white-space:nowrap">12 <a name="object-role-12"> </a> </td> <td> Security User Group</td> <td> A person or system object involved in the event with the authority to modify security roles of other objects.</td> </tr> <tr> <td style="white-space:nowrap">13 <a name="object-role-13"> </a> </td> <td> Security Resource</td> <td> A passive object, such as a role table, that is relevant to the event.</td> </tr> <tr> <td style="white-space:nowrap">14 <a name="object-role-14"> </a> </td> <td> Security Granularity Definition</td> <td> (deprecated) Relevant to certain RBAC security methodologies.</td> </tr> <tr> <td style="white-space:nowrap">15 <a name="object-role-15"> </a> </td> <td> Practitioner</td> <td> Any person or organization responsible for providing care. This encompasses all forms of care, licensed or otherwise, and all sorts of teams and care groups. Note the distinction between practitioner and the doctor that actually provided the care to the patient.</td> </tr> <tr> <td style="white-space:nowrap">16 <a name="object-role-16"> </a> </td> <td> Data Destination</td> <td> The source or destination for data transfer, when it does not match some other role.</td> </tr> <tr> <td style="white-space:nowrap">17 <a name="object-role-17"> </a> </td> <td> Data Repository</td> <td> A source or destination for data transfer that acts as an archive, database, or similar role.</td> </tr> <tr> <td style="white-space:nowrap">18 <a name="object-role-18"> </a> </td> <td> Schedule</td> <td> An object that holds schedule information. This could be an appointment book, availability information, etc.</td> </tr> <tr> <td style="white-space:nowrap">19 <a name="object-role-19"> </a> </td> <td> Customer</td> <td> An organization or person that is the recipient of services. This could be an organization that is buying services for a patient, or a person that is buying services for an animal.</td> </tr> <tr> <td style="white-space:nowrap">20 <a name="object-role-20"> </a> </td> <td> Job</td> <td> An order, task, work item, procedure step, or other description of work to be performed; e.g. a particular instance of an MPPS.</td> </tr> <tr> <td style="white-space:nowrap">21 <a name="object-role-21"> </a> </td> <td> Job Stream</td> <td> A list of jobs or a system that provides lists of jobs; e.g. an MWL SCP.</td> </tr> <tr> <td style="white-space:nowrap">22 <a name="object-role-22"> </a> </td> <td> Table</td> <td> (Deprecated).</td> </tr> <tr> <td style="white-space:nowrap">23 <a name="object-role-23"> </a> </td> <td> Routing Criteria</td> <td> An object that specifies or controls the routing or delivery of items. For example, a distribution list is the routing criteria for mail. The items delivered may be documents, jobs, or other objects.</td> </tr> <tr> <td style="white-space:nowrap">24 <a name="object-role-24"> </a> </td> <td> Query</td> <td> The contents of a query. This is used to capture the contents of any kind of query. For security surveillance purposes knowing the queries being made is very important.</td> </tr> </table> </div> </text> <extension url="http://hl7.org/fhir/StructureDefinition/structuredefinition-wg"> <valueCode value="sec"/> </extension> <extension url="http://hl7.org/fhir/StructureDefinition/structuredefinition-standards-status"> <valueCode value="trial-use"/> </extension> <extension url="http://hl7.org/fhir/StructureDefinition/structuredefinition-fmm"> <valueInteger value="3"/> </extension> <url value="http://terminology.hl7.org/CodeSystem/object-role"/> <identifier> <system value="urn:ietf:rfc:3986"/> <value value="urn:oid:2.16.840.1.113883.4.642.4.1135"/> </identifier> <version value="5.0.0-ballot"/> <name value="AuditEventEntityRole"/> <title value="AuditEventEntityRole"/> <status value="draft"/> <experimental value="false"/> <date value="2020-12-28T16:55:11+11:00"/> <publisher value="HL7 (FHIR Project)"/> <contact> <telecom> <system value="url"/> <value value="http://hl7.org/fhir"/> </telecom> <telecom> <system value="email"/> <value value="fhir@lists.hl7.org"/> </telecom> </contact> <description value="Code representing the role the entity played in the audit event."/> <caseSensitive value="true"/> <valueSet value="http://hl7.org/fhir/ValueSet/object-role"/> <content value="complete"/> <concept> <code value="1"/> <display value="Patient"/> <definition value="This object is the patient that is the subject of care related to this event. It is identifiable by patient ID or equivalent. The patient may be either human or animal."/> </concept> <concept> <code value="2"/> <display value="Location"/> <definition value="This is a location identified as related to the event. This is usually the location where the event took place. Note that for shipping, the usual events are arrival at a location or departure from a location."/> </concept> <concept> <code value="3"/> <display value="Report"/> <definition value="This object is any kind of persistent document created as a result of the event. This could be a paper report, film, electronic report, DICOM Study, etc. Issues related to medical records life cycle management are conveyed elsewhere."/> </concept> <concept> <code value="4"/> <display value="Domain Resource"/> <definition value="A logical object related to a health record event. This is any healthcare specific resource (object) not restricted to FHIR defined Resources."/> </concept> <concept> <code value="5"/> <display value="Master file"/> <definition value="This is any configurable file used to control creation of documents. Examples include the objects maintained by the HL7 Master File transactions, Value Sets, etc."/> </concept> <concept> <code value="6"/> <display value="User"/> <definition value="A human participant not otherwise identified by some other category."/> </concept> <concept> <code value="7"/> <display value="List"/> <definition value="(deprecated)."/> </concept> <concept> <code value="8"/> <display value="Doctor"/> <definition value="Typically, a licensed person who is providing or performing care related to the event, generally a physician. The key distinction between doctor and practitioner is with regards to their role, not the licensing. The doctor is the human who actually performed the work. The practitioner is the human or organization that is responsible for the work."/> </concept> <concept> <code value="9"/> <display value="Subscriber"/> <definition value="A person or system that is being notified as part of the event. This is relevant in situations where automated systems provide notifications to other parties when an event took place."/> </concept> <concept> <code value="10"/> <display value="Guarantor"/> <definition value="Insurance company, or any other organization who accepts responsibility for paying for the healthcare event."/> </concept> <concept> <code value="11"/> <display value="Security User Entity"/> <definition value="A person or active system object involved in the event with a security role."/> </concept> <concept> <code value="12"/> <display value="Security User Group"/> <definition value="A person or system object involved in the event with the authority to modify security roles of other objects."/> </concept> <concept> <code value="13"/> <display value="Security Resource"/> <definition value="A passive object, such as a role table, that is relevant to the event."/> </concept> <concept> <code value="14"/> <display value="Security Granularity Definition"/> <definition value="(deprecated) Relevant to certain RBAC security methodologies."/> </concept> <concept> <code value="15"/> <display value="Practitioner"/> <definition value="Any person or organization responsible for providing care. This encompasses all forms of care, licensed or otherwise, and all sorts of teams and care groups. Note the distinction between practitioner and the doctor that actually provided the care to the patient."/> </concept> <concept> <code value="16"/> <display value="Data Destination"/> <definition value="The source or destination for data transfer, when it does not match some other role."/> </concept> <concept> <code value="17"/> <display value="Data Repository"/> <definition value="A source or destination for data transfer that acts as an archive, database, or similar role."/> </concept> <concept> <code value="18"/> <display value="Schedule"/> <definition value="An object that holds schedule information. This could be an appointment book, availability information, etc."/> </concept> <concept> <code value="19"/> <display value="Customer"/> <definition value="An organization or person that is the recipient of services. This could be an organization that is buying services for a patient, or a person that is buying services for an animal."/> </concept> <concept> <code value="20"/> <display value="Job"/> <definition value="An order, task, work item, procedure step, or other description of work to be performed; e.g. a particular instance of an MPPS."/> </concept> <concept> <code value="21"/> <display value="Job Stream"/> <definition value="A list of jobs or a system that provides lists of jobs; e.g. an MWL SCP."/> </concept> <concept> <code value="22"/> <display value="Table"/> <definition value="(Deprecated)."/> </concept> <concept> <code value="23"/> <display value="Routing Criteria"/> <definition value="An object that specifies or controls the routing or delivery of items. For example, a distribution list is the routing criteria for mail. The items delivered may be documents, jobs, or other objects."/> </concept> <concept> <code value="24"/> <display value="Query"/> <definition value="The contents of a query. This is used to capture the contents of any kind of query. For security surveillance purposes knowing the queries being made is very important."/> </concept> </CodeSystem>
Usage note: every effort has been made to ensure that the examples are correct and useful, but they are not a normative part of the specification.