Release 5

This page is part of the FHIR Specification (v5.0.0: R5 - STU). This is the current published version in it's permanent home (it will always be available at this URL). For a full list of available versions, see the Directory of published versions . Page versions: R5 R4B R4 R3

Example AuditEvent/example-disclosure (Turtle)

Security Work GroupMaturity Level: N/AStandards Status: InformativeCompartments: Device, Patient, Practitioner

Raw Turtle (+ also see Turtle/RDF Format Specification)

Accounting of a Disclosure

@prefix fhir: <http://hl7.org/fhir/> .
@prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .

# - resource -------------------------------------------------------------------

[a fhir:AuditEvent ;
  fhir:nodeRole fhir:treeRoot ;
  fhir:id [ fhir:v "example-disclosure"] ; # 
  fhir:text [
     fhir:status [ fhir:v "generated" ] ;
     fhir:div "<div xmlns=\"http://www.w3.org/1999/xhtml\"><p><b>Generated Narrative: AuditEvent</b><a name=\"example-disclosure\"> </a></p><div style=\"display: inline-block; background-color: #d9e0e7; padding: 6px; margin: 4px; border: 1px solid #8da1b4; border-radius: 5px; line-height: 60%\"><p style=\"margin-bottom: 0px\">Resource AuditEvent &quot;example-disclosure&quot; </p></div><p><b>category</b>: Export <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://dicom.nema.org/resources/ontology/DCM\">DICOM</a>#110106)</span></p><p><b>code</b>: HIPAA disclosure <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> ([not stated]#Disclosure)</span></p><p><b>action</b>: R</p><p><b>severity</b>: notice</p><p><b>recorded</b>: 22 Sept 2013, 10:08:00 am</p><h3>Outcomes</h3><table class=\"grid\"><tr><td>-</td><td><b>Code</b></td><td><b>Detail</b></td></tr><tr><td>*</td><td>Success (Details: http://terminology.hl7.org/CodeSystem/audit-event-outcome code 0 = 'Success', stated as 'Success')</td><td>Successful Disclosure <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> ()</span></td></tr></table><p><b>authorization</b>: healthcare marketing <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActReason.html\">ActReason</a>#HMARKT)</span></p><p><b>patient</b>: <span title=\"  patient whos data got disclosed  \"><a href=\"patient-example.html\">Patient/example</a> &quot;Peter CHALMERS&quot;</span></p><blockquote><p><b>agent</b></p><p><b>type</b>: <span title=\"  who disclosed the data  \">Source Role ID <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://dicom.nema.org/resources/ontology/DCM\">DICOM</a>#110153)</span></span></p><p><b>who</b>: <span>: That guy everyone wishes would be caught</span></p><p><b>requestor</b>: true</p><p><b>location</b>: <a href=\"location-example.html\">Location/1</a> &quot;South Wing, second floor&quot;</p><p><b>policy</b>: <a href=\"http://consent.com/yes\">http://consent.com/yes</a></p><p><b>network</b>: custodian.net</p></blockquote><blockquote><p><b>agent</b></p><p><b>type</b>: <span title=\"  who received the data  \">Destination Role ID <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://dicom.nema.org/resources/ontology/DCM\">DICOM</a>#110152)</span></span></p><p><b>who</b>: <a href=\"practitioner-example.html\">Practitioner/example: Where</a> &quot;Adam CAREFUL&quot;</p><p><b>requestor</b>: false</p><p><b>network</b>: marketing.land</p><p><b>authorization</b>: healthcare marketing <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActReason.html\">ActReason</a>#HMARKT)</span></p></blockquote><h3>Sources</h3><table class=\"grid\"><tr><td>-</td><td><b>Observer</b></td><td><b>Type</b></td></tr><tr><td>*</td><td><span title=\"  what system detected this disclosure  \"><span>: Watchers Accounting of Disclosures Application</span></span></td><td>Application Server <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-security-source-type.html\">Audit Event Source Type</a>#4)</span></td></tr></table><h3>Entities</h3><table class=\"grid\"><tr><td>-</td><td><b>What</b></td><td><b>Role</b></td><td><b>SecurityLabel</b></td></tr><tr><td>*</td><td><span title=\"  data that got disclosed  \"><a href=\"patient-example.html\">Patient/example/_history/1: data about Everthing important</a> &quot;Peter CHALMERS&quot;</span></td><td>Domain Resource <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-object-role.html\">AuditEventEntityRole</a>#4)</span></td><td>very restricted <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-Confidentiality.html\">Confidentiality</a>#V)</span>, sexually transmitted disease information sensitivity <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html\">ActCode</a>#STD)</span>, delete after use <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html\">ActCode</a>#DELAU)</span></td></tr></table></div>"
  ] ; # 
  fhir:category ( [
     fhir:coding ( [
       fhir:system [ fhir:v "http://dicom.nema.org/resources/ontology/DCM"^^xsd:anyURI ] ;
       fhir:code [ fhir:v "110106" ] ;
       fhir:display [ fhir:v "Export" ]
     ] )
  ] ) ; # 
  fhir:code [
     fhir:coding ( [
       fhir:code [ fhir:v "Disclosure" ] ;
       fhir:display [ fhir:v "HIPAA disclosure" ]
     ] )
  ] ; # 
  fhir:action [ fhir:v "R"] ; # 
  fhir:severity [ fhir:v "notice"] ; # 
  fhir:recorded [ fhir:v "2013-09-22T00:08:00Z"^^xsd:dateTime] ; # 
  fhir:outcome [
     fhir:code [
       fhir:system [ fhir:v "http://terminology.hl7.org/CodeSystem/audit-event-outcome"^^xsd:anyURI ] ;
       fhir:code [ fhir:v "0" ] ;
       fhir:display [ fhir:v "Success" ]
     ] ;
     fhir:detail ( [
       fhir:text [ fhir:v "Successful Disclosure" ]
     ] )
  ] ; # 
  fhir:authorization ( [
     fhir:coding ( [
       fhir:system [ fhir:v "http://terminology.hl7.org/CodeSystem/v3-ActReason"^^xsd:anyURI ] ;
       fhir:code [ fhir:v "HMARKT" ] ;
       fhir:display [ fhir:v "healthcare marketing" ]
     ] )
  ] ) ; # 
  fhir:patient [
     fhir:reference [ fhir:v "Patient/example" ]
  ] ; #    patient whos data got disclosed   
  fhir:agent ( [
     fhir:type [
       fhir:coding ( [
         fhir:system [ fhir:v "http://dicom.nema.org/resources/ontology/DCM"^^xsd:anyURI ] ;
         fhir:code [ fhir:v "110153" ] ;
         fhir:display [ fhir:v "Source Role ID" ]
       ] )
     ] ; #    who disclosed the data   
     fhir:who [
       fhir:identifier [
         fhir:value [ fhir:v "SomeIdiot@nowhere" ]
       ] ;
       fhir:display [ fhir:v "That guy everyone wishes would be caught" ]
     ] ;
     fhir:requestor [ fhir:v "true"^^xsd:boolean ] ;
     fhir:location [
       fhir:reference [ fhir:v "Location/1" ]
     ] ;
     fhir:policy ( [ fhir:v "http://consent.com/yes"^^xsd:anyURI ] ) ;
     fhir:network [ fhir:v "custodian.net" ]
  ] [
     fhir:type [
       fhir:coding ( [
         fhir:system [ fhir:v "http://dicom.nema.org/resources/ontology/DCM"^^xsd:anyURI ] ;
         fhir:code [ fhir:v "110152" ] ;
         fhir:display [ fhir:v "Destination Role ID" ]
       ] )
     ] ; #    who received the data   
     fhir:who [
       fhir:reference [ fhir:v "Practitioner/example" ] ;
       fhir:display [ fhir:v "Where" ]
     ] ;
     fhir:requestor [ fhir:v "false"^^xsd:boolean ] ;
     fhir:network [ fhir:v "marketing.land" ] ;
     fhir:authorization ( [
       fhir:coding ( [
         fhir:system [ fhir:v "http://terminology.hl7.org/CodeSystem/v3-ActReason"^^xsd:anyURI ] ;
         fhir:code [ fhir:v "HMARKT" ] ;
         fhir:display [ fhir:v "healthcare marketing" ]
       ] )
     ] )
  ] ) ; # 
  fhir:source [
     fhir:observer [
       fhir:display [ fhir:v "Watchers Accounting of Disclosures Application" ]
     ] ; #    what system detected this disclosure   
     fhir:type ( [
       fhir:coding ( [
         fhir:system [ fhir:v "http://terminology.hl7.org/CodeSystem/security-source-type"^^xsd:anyURI ] ;
         fhir:code [ fhir:v "4" ] ;
         fhir:display [ fhir:v "Application Server" ]
       ] )
     ] )
  ] ; # 
  fhir:entity ( [
     fhir:what [
       fhir:reference [ fhir:v "Patient/example/_history/1" ] ;
       fhir:identifier [
         fhir:value [ fhir:v "What.id" ]
       ] ;
       fhir:display [ fhir:v "data about Everthing important" ]
     ] ; #    data that got disclosed   
     fhir:role [
       fhir:coding ( [
         fhir:system [ fhir:v "http://terminology.hl7.org/CodeSystem/object-role"^^xsd:anyURI ] ;
         fhir:code [ fhir:v "4" ] ;
         fhir:display [ fhir:v "Domain Resource" ]
       ] )
     ] ;
     fhir:securityLabel ( [
       fhir:coding ( [
         fhir:system [ fhir:v "http://terminology.hl7.org/CodeSystem/v3-Confidentiality"^^xsd:anyURI ] ;
         fhir:code [ fhir:v "V" ] ;
         fhir:display [ fhir:v "very restricted" ]
       ] )
     ] [
       fhir:coding ( [
         fhir:system [ fhir:v "http://terminology.hl7.org/CodeSystem/v3-ActCode"^^xsd:anyURI ] ;
         fhir:code [ fhir:v "STD" ] ;
         fhir:display [ fhir:v "sexually transmitted disease information sensitivity" ]
       ] )
     ] [
       fhir:coding ( [
         fhir:system [ fhir:v "http://terminology.hl7.org/CodeSystem/v3-ActCode"^^xsd:anyURI ] ;
         fhir:code [ fhir:v "DELAU" ] ;
         fhir:display [ fhir:v "delete after use" ]
       ] )
     ] )
  ] )] . # 

# -------------------------------------------------------------------------------------


Usage note: every effort has been made to ensure that the examples are correct and useful, but they are not a normative part of the specification.