This page is part of the FHIR Specification (v3.2.0: R4 Ballot 1). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions . Page versions: R5 R4B R4 R3 R2
Security Work Group | Maturity Level: N/A | Ballot Status: Informative | Compartments: Device, Patient, Practitioner |
Accounting of a Disclosure (id = "example-disclosure")
<AuditEvent xmlns="http://hl7.org/fhir"> <id value="example-disclosure"/> <text> <status value="generated"/> <div xmlns="http://www.w3.org/1999/xhtml">Disclosure by some idiot, for marketing reasons, to places unknown, of a Poor Sap, data about Everthing important.</div> </text> <type> <system value="http://dicom.nema.org/resources/ontology/DCM"/> <code value="110106"/> <display value="Export"/> </type> <subtype> <code value="Disclosure"/> <display value="HIPAA disclosure"/> </subtype> <action value="R"/> <recorded value="2013-09-22T00:08:00Z"/> <outcome value="0"/> <outcomeDesc value="Successful Disclosure"/> <purposeOfEvent> <coding> <system value="http://hl7.org/fhir/v3/ActReason"/> <code value="HMARKT"/> <display value="healthcare marketing"/> </coding> </purposeOfEvent> <agent> <!-- who disclosed the data --> <type> <coding> <system value="http://dicom.nema.org/resources/ontology/DCM"/> <code value="110153"/> <display value="Source Role ID"/> </coding> </type> <userId> <value value="SomeIdiot@nowhere.com"/> </userId> <altId value="notMe"/> <name value="That guy everyone wishes would be caught"/> <requestor value="true"/> <location> <reference value="Location/1"/> </location> <policy value="http://consent.com/yes"/> <network> <address value="custodian.net"/> <type value="1"/> </network> </agent> <agent> <!-- who received the data --> <type> <coding> <system value="http://dicom.nema.org/resources/ontology/DCM"/> <code value="110152"/> <display value="Destination Role ID"/> </coding> </type> <reference> <reference value="Practitioner/example"/> </reference> <userId> <value value="Where"/> </userId> <requestor value="false"/> <network> <address value="marketing.land"/> <type value="1"/> </network> <purposeOfUse> <coding> <system value="http://hl7.org/fhir/v3/ActReason"/> <code value="HMARKT"/> <display value="healthcare marketing"/> </coding> </purposeOfUse> </agent> <source> <!-- what system detected this disclosure --> <site value="Watcher"/> <identifier> <value value="Watchers Accounting of Disclosures Application"/> </identifier> <type> <system value="http://hl7.org/fhir/security-source-type"/> <code value="4"/> <display value="Application Server"/> </type> </source> <entity> <!-- patient whos data got disclosed --> <reference> <reference value="Patient/example"/> </reference> <type> <system value="http://hl7.org/fhir/object-type"/> <code value="1"/> <display value="Person"/> </type> <role> <system value="http://hl7.org/fhir/object-role"/> <code value="1"/> <display value="Patient"/> </role> </entity> <entity> <!-- data that got disclosed --> <identifier> <value value="What.id"/> </identifier> <reference> <reference value="Patient/example/_history/1"/> </reference> <type> <system value="http://hl7.org/fhir/object-type"/> <code value="2"/> <display value="System Object"/> </type> <role> <system value="http://hl7.org/fhir/object-role"/> <code value="4"/> <display value="Domain Resource"/> </role> <lifecycle> <system value="http://hl7.org/fhir/dicom-audit-lifecycle"/> <code value="11"/> <display value="Disclosure"/> </lifecycle> <securityLabel> <system value="http://hl7.org/fhir/v3/Confidentiality"/> <code value="V"/> <display value="very restricted"/> </securityLabel> <securityLabel> <system value="http://hl7.org/fhir/v3/ActCode"/> <code value="STD"/> <display value="sexually transmitted disease information sensitivity"/> </securityLabel> <securityLabel> <system value="http://hl7.org/fhir/v3/ActCode"/> <code value="DELAU"/> <display value="delete after use"/> </securityLabel> <name value="Namne of What"/> <description value="data about Everthing important"/> </entity> </AuditEvent>
Usage note: every effort has been made to ensure that the examples are correct and useful, but they are not a normative part of the specification.