R4 Draft for Comment

This page is part of the FHIR Specification (v3.2.0: R4 Ballot 1). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions . Page versions: R5 R4B R4 R3

4.3.1.438 Value Set http://hl7.org/fhir/ValueSet/provenance-activity-type

Security Work Group Maturity Level: 3Trial Use Use Context: Not Intended for Production use

This is a value set defined by the FHIR project.

Summary

Defining URL:http://hl7.org/fhir/ValueSet/provenance-activity-type
Name:ProvenanceActivityType
Definition:

This value set contains representative Activity Type codes, which includes codes from the HL7 DocumentCompletion, ActStatus, and DataOperations code system, W3C PROV-DM and PROV-N concepts and display names, several HL7 Lifecycle Event codes for which there are agreed upon definitions, and non-duplicated codes from the HL7 Security and Privacy Ontology Operations codes.

Committee:Security Work Group
OID:2.16.840.1.113883.4.642.3.438 (for OID based terminology systems)
Copyright:This is a value set of representative Activity Type codes.
Source ResourceXML / JSON

This value set is used in the following places:


This value set includes codes from the following code systems:

 

This expansion generated 20 Dec 2017


This value set contains 83 concepts

Expansion based on http://hl7.org/fhir/v3/ActCode version 2017-07-31, http://hl7.org/fhir/v3/DataOperation version 2017-07-31, http://hl7.org/fhir/extra-activity-type version 1.1.0, http://hl7.org/fhir/v3/ActStatus version 2017-07-31, http://hl7.org/fhir/w3c-provenance-activity-type version 1.1.0, http://hl7.org/fhir/v3/DocumentCompletion version 2017-07-31, http://hl7.org/fhir/ValueSet/v3-ObligationPolicy version 2014-03-26

CodeSystemDisplayDefinition
AUhttp://hl7.org/fhir/v3/DocumentCompletionauthenticatedA completion status in which a document has been signed manually or electronically by one or more individuals who attest to its accuracy. No explicit determination is made that the assigned individual has performed the authentication. While the standard allows multiple instances of authentication, it would be typical to have a single instance of authentication, usually by the assigned individual.
DIhttp://hl7.org/fhir/v3/DocumentCompletiondictatedA completion status in which information has been orally recorded but not yet transcribed.
DOhttp://hl7.org/fhir/v3/DocumentCompletiondocumentedA completion status in which document content, other than dictation, has been received but has not been translated into the final electronic format. Examples include paper documents, whether hand-written or typewritten, and intermediate electronic forms, such as voice to text.
INhttp://hl7.org/fhir/v3/DocumentCompletionincompleteA completion status in which information is known to be missing from a transcribed document.
IPhttp://hl7.org/fhir/v3/DocumentCompletionin progressA workflow status where the material has been assigned to personnel to perform the task of transcription. The document remains in this state until the document is transcribed.
LAhttp://hl7.org/fhir/v3/DocumentCompletionlegally authenticatedA completion status in which a document has been signed manually or electronically by the individual who is legally responsible for that document. This is the most mature state in the workflow progression.
NUhttp://hl7.org/fhir/v3/DocumentCompletionnullified documentA completion status in which a document was created in error or was placed in the wrong chart. The document is no longer available.
PAhttp://hl7.org/fhir/v3/DocumentCompletionpre-authenticatedA completion status in which a document is transcribed but not authenticated.
UChttp://hl7.org/fhir/v3/DocumentCompletionunsigned completed documentA completion status where the document is complete and there is no expectation that the document will be signed.
normalhttp://hl7.org/fhir/v3/ActStatusnormalEncompasses the expected states of an Act, but excludes "nullified" and "obsolete" which represent unusual terminal states for the life-cycle.
abortedhttp://hl7.org/fhir/v3/ActStatusabortedThe Act has been terminated prior to the originally intended completion.
activehttp://hl7.org/fhir/v3/ActStatusactiveThe Act can be performed or is being performed
cancelledhttp://hl7.org/fhir/v3/ActStatuscancelledThe Act has been abandoned before activation.
completedhttp://hl7.org/fhir/v3/ActStatuscompletedAn Act that has terminated normally after all of its constituents have been performed.
heldhttp://hl7.org/fhir/v3/ActStatusheldAn Act that is still in the preparatory stages has been put aside. No action can occur until the Act is released.
newhttp://hl7.org/fhir/v3/ActStatusnewAn Act that is in the preparatory stages and may not yet be acted upon
suspendedhttp://hl7.org/fhir/v3/ActStatussuspendedAn Act that has been activated (actions could or have been performed against it), but has been temporarily disabled. No further action should be taken against it until it is released
nullifiedhttp://hl7.org/fhir/v3/ActStatusnullifiedThis Act instance was created in error and has been 'removed' and is treated as though it never existed. A record is retained for audit purposes only.
obsoletehttp://hl7.org/fhir/v3/ActStatusobsoleteThis Act instance has been replaced by a new instance.
OPERATEhttp://hl7.org/fhir/v3/DataOperationoperateDescription:Act on an object or objects.
CREATEhttp://hl7.org/fhir/v3/DataOperationcreateDescription:Fundamental operation in an Information System (IS) that results only in the act of bringing an object into existence. Note: The preceding definition is taken from the HL7 RBAC specification. There is no restriction on how the operation is invoked, e.g., via a user interface. For an HL7 Act, the state transitions per the HL7 Reference Information Model.
DELETEhttp://hl7.org/fhir/v3/DataOperationdeleteDescription:Fundamental operation in an Information System (IS) that results only in the removal of information about an object from memory or storage. Note: The preceding definition is taken from the HL7 RBAC specification. There is no restriction on how the operation is invoked, e.g., via a user interface.
EXECUTEhttp://hl7.org/fhir/v3/DataOperationexecuteDescription:Fundamental operation in an IS that results only in initiating performance of a single or set of programs (i.e., software objects). Note: The preceding definition is taken from the HL7 RBAC specification. There is no restriction on how the operation is invoked, e.g., via a user interface.
READhttp://hl7.org/fhir/v3/DataOperationreadDescription:Fundamental operation in an Information System (IS) that results only in the flow of information about an object to a subject. Note: The preceding definition is taken from the HL7 RBAC specification. There is no restriction on how the operation is invoked, e.g., via a user interface.
UPDATEhttp://hl7.org/fhir/v3/DataOperationreviseDefinition:Fundamental operation in an Information System (IS) that results only in the revision or alteration of an object. Note: The preceding definition is taken from the HL7 RBAC specification. There is no restriction on how the operation is invoked, e.g., via a user interface.
APPENDhttp://hl7.org/fhir/v3/DataOperationappendDescription:Fundamental operation in an Information System (IS) that results only in the addition of information to an object already in existence. Note: The preceding definition is taken from the HL7 RBAC specification. There is no restriction on how the operation is invoked, e.g., via a user interface.
MODIFYSTATUShttp://hl7.org/fhir/v3/DataOperationmodify statusDescription:Change the status of an object representing an Act.
ABORThttp://hl7.org/fhir/v3/DataOperationabortDescription:Change the status of an object representing an Act to "aborted", i.e., terminated prior to the originally intended completion. For an HL7 Act, the state transitions per the HL7 Reference Information Model.
ACTIVATEhttp://hl7.org/fhir/v3/DataOperationactivateDescription:Change the status of an object representing an Act to "active", i.e., so it can be performed or is being performed, for the first time. (Contrast with REACTIVATE.) For an HL7 Act, the state transitions per the HL7 Reference Information Model.
CANCELhttp://hl7.org/fhir/v3/DataOperationcancelDescription:Change the status of an object representing an Act to "cancelled", i.e., abandoned before activation. For an HL7 Act, the state transitions per the HL7 Reference Information Model.
COMPLETEhttp://hl7.org/fhir/v3/DataOperationcompleteDescription:Change the status of an object representing an Act to "completed", i.e., terminated normally after all of its constituents have been performed. For an HL7 Act, the state transitions per the HL7 Reference Information Model.
HOLDhttp://hl7.org/fhir/v3/DataOperationholdDescription:Change the status of an object representing an Act to "held", i.e., put aside an Act that is still in preparatory stages. No action can occur until the Act is released. For an HL7 Act, the state transitions per the HL7 Reference Information Model.
JUMPhttp://hl7.org/fhir/v3/DataOperationjumpDescription:Change the status of an object representing an Act to a normal state. For an HL7 Act, the state transitions per the HL7 Reference Information Model.
NULLIFYhttp://hl7.org/fhir/v3/DataOperationnullifyDescription:Change the status of an object representing an Act to "nullified", i.e., treat as though it never existed. For an HL7 Act, the state transitions per the HL7 Reference Information Model.
OBSOLETEhttp://hl7.org/fhir/v3/DataOperationobsoleteDescription:Change the status of an object representing an Act to "obsolete" when it has been replaced by a new instance. For an HL7 Act, the state transitions per the HL7 Reference Information Model.
REACTIVATEhttp://hl7.org/fhir/v3/DataOperationreactivateDescription:Change the status of a formerly active object representing an Act to "active", i.e., so it can again be performed or is being performed. (Contrast with ACTIVATE.) For an HL7 Act, the state transitions per the HL7 Reference Information Model.
RELEASEhttp://hl7.org/fhir/v3/DataOperationreleaseDescription:Change the status of an object representing an Act so it is no longer "held", i.e., allow action to occur. For an HL7 Act, the state transitions per the HL7 Reference Information Model.
RESUMEhttp://hl7.org/fhir/v3/DataOperationresumeDescription:Change the status of a suspended object representing an Act to "active", i.e., so it can be performed or is being performed. For an HL7 Act, the state transitions per the HL7 Reference Information Model.
SUSPENDhttp://hl7.org/fhir/v3/DataOperationsuspendDefinition:Change the status of an object representing an Act to suspended, i.e., so it is temporarily not in service.
ObligationPolicyhttp://hl7.org/fhir/v3/ActCodeobligation policyConveys the mandated workflow action that an information custodian, receiver, or user must perform. Usage Notes: Per ISO 22600-2, ObligationPolicy instances 'are event-triggered and define actions to be performed by manager agent'. Per HL7 Composite Security and Privacy Domain Analysis Model: This value set refers to the action required to receive the permission specified in the privacy rule. Per OASIS XACML, an obligation is an operation specified in a policy or policy that is performed in conjunction with the enforcement of an access control decision.
ANONYhttp://hl7.org/fhir/v3/ActCodeanonymizeCustodian system must remove any information that could result in identifying the information subject.
AODhttp://hl7.org/fhir/v3/ActCodeaccounting of disclosureCustodian system must make available to an information subject upon request an accounting of certain disclosures of the individual’s protected health information over a period of time. Policy may dictate that the accounting include information about the information disclosed, the date of disclosure, the identification of the receiver, the purpose of the disclosure, the time in which the disclosing entity must provide a response and the time period for which accountings of disclosure can be requested.
AUDIThttp://hl7.org/fhir/v3/ActCodeauditCustodian system must monitor systems to ensure that all users are authorized to operate on information objects.
AUDTRhttp://hl7.org/fhir/v3/ActCodeaudit trailCustodian system must monitor and maintain retrievable log for each user and operation on information.
CPLYCChttp://hl7.org/fhir/v3/ActCodecomply with confidentiality codeCustodian security system must retrieve, evaluate, and comply with the information handling directions of the Confidentiality Code associated with an information target.
CPLYCDhttp://hl7.org/fhir/v3/ActCodecomply with consent directiveCustodian security system must retrieve, evaluate, and comply with applicable information subject consent directives.
CPLYJPPhttp://hl7.org/fhir/v3/ActCodecomply with jurisdictional privacy policyCustodian security system must retrieve, evaluate, and comply with applicable jurisdictional privacy policies associated with the target information.
CPLYOPPhttp://hl7.org/fhir/v3/ActCodecomply with organizational privacy policyCustodian security system must retrieve, evaluate, and comply with applicable organizational privacy policies associated with the target information.
CPLYOSPhttp://hl7.org/fhir/v3/ActCodecomply with organizational security policyCustodian security system must retrieve, evaluate, and comply with the organizational security policies associated with the target information.
CPLYPOLhttp://hl7.org/fhir/v3/ActCodecomply with policyCustodian security system must retrieve, evaluate, and comply with applicable policies associated with the target information.
DECLASSIFYLABELhttp://hl7.org/fhir/v3/ActCodedeclassify security labelCustodian security system must declassify information assigned security labels by instantiating a new version of the classified information so as to break the binding of the classifying security label when assigning a new security label that marks the information as unclassified in accordance with applicable jurisdictional privacy policies associated with the target information. The system must retain an immutable record of the previous assignment and binding.
DEIDhttp://hl7.org/fhir/v3/ActCodedeidentifyCustodian system must strip information of data that would allow the identification of the source of the information or the information subject.
DELAUhttp://hl7.org/fhir/v3/ActCodedelete after useCustodian system must remove target information from access after use.
DOWNGRDLABELhttp://hl7.org/fhir/v3/ActCodedowngrade security labelCustodian security system must downgrade information assigned security labels by instantiating a new version of the classified information so as to break the binding of the classifying security label when assigning a new security label that marks the information as classified at a less protected level in accordance with applicable jurisdictional privacy policies associated with the target information. The system must retain an immutable record of the previous assignment and binding.
DRIVLABELhttp://hl7.org/fhir/v3/ActCodederive security labelCustodian security system must assign and bind security labels derived from compilations of information by aggregation or disaggregation in order to classify information compiled in the information systems under its control for collection, access, use and disclosure in accordance with applicable jurisdictional privacy policies associated with the target information. The system must retain an immutable record of the previous assignment and binding.
ENCRYPThttp://hl7.org/fhir/v3/ActCodeencryptCustodian system must render information unreadable by algorithmically transforming plaintext into ciphertext. Usage Notes: A mathematical transposition of a file or data stream so that it cannot be deciphered at the receiving end without the proper key. Encryption is a security feature that assures that only the parties who are supposed to be participating in a videoconference or data transfer are able to do so. It can include a password, public and private keys, or a complex combination of all. (Per Infoway.)
ENCRYPTRhttp://hl7.org/fhir/v3/ActCodeencrypt at restCustodian system must render information unreadable and unusable by algorithmically transforming plaintext into ciphertext when "at rest" or in storage.
ENCRYPTThttp://hl7.org/fhir/v3/ActCodeencrypt in transitCustodian system must render information unreadable and unusable by algorithmically transforming plaintext into ciphertext while "in transit" or being transported by any means.
ENCRYPTUhttp://hl7.org/fhir/v3/ActCodeencrypt in useCustodian system must render information unreadable and unusable by algorithmically transforming plaintext into ciphertext while in use such that operations permitted on the target information are limited by the license granted to the end user.
HUAPRVhttp://hl7.org/fhir/v3/ActCodehuman approvalCustodian system must require human review and approval for permission requested.
LABELhttp://hl7.org/fhir/v3/ActCodeassign security labelCustodian security system must assign and bind security labels in order to classify information created in the information systems under its control for collection, access, use and disclosure in accordance with applicable jurisdictional privacy policies associated with the target information. The system must retain an immutable record of the assignment and binding. Usage Note: In security systems, security policy label assignments do not change, they may supersede prior assignments, and such reassignments are always tracked for auditing and other purposes.
MASKhttp://hl7.org/fhir/v3/ActCodemaskCustodian system must render information unreadable and unusable by algorithmically transforming plaintext into ciphertext. User may be provided a key to decrypt per license or "shared secret".
MINEChttp://hl7.org/fhir/v3/ActCodeminimum necessaryCustodian must limit access and disclosure to the minimum information required to support an authorized user's purpose of use. Usage Note: Limiting the information available for access and disclosure to that an authorized user or receiver "needs to know" in order to perform permitted workflow or purpose of use.
PERSISTLABELhttp://hl7.org/fhir/v3/ActCodepersist security labelCustodian security system must persist the binding of security labels to classify information received or imported by information systems under its control for collection, access, use and disclosure in accordance with applicable jurisdictional privacy policies associated with the target information. The system must retain an immutable record of the assignment and binding.
PRIVMARKhttp://hl7.org/fhir/v3/ActCodeprivacy markCustodian must create and/or maintain human readable security label tags as required by policy. Map: Aligns with ISO 22600-3 Section A.3.4.3 description of privacy mark: "If present, the privacy-mark is not used for access control. The content of the privacy-mark may be defined by the security policy in force (identified by the security-policy-identifier) which may define a list of values to be used. Alternately, the value may be determined by the originator of the security-label."
PSEUDhttp://hl7.org/fhir/v3/ActCodepseudonymizeCustodian system must strip information of data that would allow the identification of the source of the information or the information subject. Custodian may retain a key to relink data necessary to reidentify the information subject.
REDACThttp://hl7.org/fhir/v3/ActCoderedactCustodian system must remove information, which is not authorized to be access, used, or disclosed from records made available to otherwise authorized users.
UPGRDLABELhttp://hl7.org/fhir/v3/ActCodeupgrade security labelCustodian security system must declassify information assigned security labels by instantiating a new version of the classified information so as to break the binding of the classifying security label when assigning a new security label that marks the information as classified at a more protected level in accordance with applicable jurisdictional privacy policies associated with the target information. The system must retain an immutable record of the previous assignment and binding.
Generationhttp://hl7.org/fhir/w3c-provenance-activity-typewasGeneratedByThe completion of production of a new entity by an activity. This entity did not exist before generation and becomes available for usage after this generation. Given that a generation is the completion of production of an entity, it is instantaneous.
Usagehttp://hl7.org/fhir/w3c-provenance-activity-typeusedthe beginning of utilizing an entity by an activity. Before usage, the activity had not begun to utilize this entity and could not have been affected by the entity. (Note: This definition is formulated for a given usage; it is permitted for an activity to have used a same entity multiple times.) Given that a usage is the beginning of utilizing an entity, it is instantaneous.
Communicationhttp://hl7.org/fhir/w3c-provenance-activity-typewasInformedByThe exchange of some unspecified entity by two activities, one activity using some entity generated by the other. A communication implies that activity a2 is dependent on another activity, a1, by way of some unspecified entity that is generated by a1 and used by a2.
Starthttp://hl7.org/fhir/w3c-provenance-activity-typewasStartedByWhen an activity is deemed to have been started by an entity, known as trigger. The activity did not exist before its start. Any usage, generation, or invalidation involving an activity follows the activity's start. A start may refer to a trigger entity that set off the activity, or to an activity, known as starter, that generated the trigger. Given that a start is when an activity is deemed to have started, it is instantaneous.
Endhttp://hl7.org/fhir/w3c-provenance-activity-typewasEndedByWhen an activity is deemed to have been ended by an entity, known as trigger. The activity no longer exists after its end. Any usage, generation, or invalidation involving an activity precedes the activity's end. An end may refer to a trigger entity that terminated the activity, or to an activity, known as ender that generated the trigger.
Invalidationhttp://hl7.org/fhir/w3c-provenance-activity-typewasInvalidatedByThe start of the destruction, cessation, or expiry of an existing entity by an activity. The entity is no longer available for use (or further invalidation) after invalidation. Any generation or usage of an entity precedes its invalidation. Given that an invalidation is the start of destruction, cessation, or expiry, it is instantaneous.
Derivationhttp://hl7.org/fhir/w3c-provenance-activity-typewasDerivedFromA transformation of an entity into another, an update of an entity resulting in a new one, or the construction of a new entity based on a pre-existing entity. For an entity to be transformed from, created from, or resulting from an update to another, there must be some underpinning activity or activities performing the necessary action(s) resulting in such a derivation. A derivation can be described at various levels of precision. In its simplest form, derivation relates two entities. Optionally, attributes can be added to represent further information about the derivation. If the derivation is the result of a single known activity, then this activity can also be optionally expressed. To provide a completely accurate description of the derivation, the generation and usage of the generated and used entities, respectively, can be provided, so as to make the derivation path, through usage, activity, and generation, explicit. Optional information such as activity, generation, and usage can be linked to derivations to aid analysis of provenance and to facilitate provenance-based reproducibility.
Revisionhttp://hl7.org/fhir/w3c-provenance-activity-typewasRevisionOfA derivation for which the resulting entity is a revised version of some original. The implication here is that the resulting entity contains substantial content from the original. A revision relation is a kind of derivation relation from a revised entity to a preceding entity.
Quotationhttp://hl7.org/fhir/w3c-provenance-activity-typewasQuotedFromThe repeat of (some or all of) an entity, such as text or image, by someone who might or might not be its original author. A quotation relation is a kind of derivation relation, for which an entity was derived from a preceding entity by copying, or 'quoting', some or all of it.
Primary-Sourcehttp://hl7.org/fhir/w3c-provenance-activity-typewasPrimarySourceOfRefers to something produced by some agent with direct experience and knowledge about the topic, at the time of the topic's study, without benefit from hindsight. Because of the directness of primary sources, they 'speak for themselves' in ways that cannot be captured through the filter of secondary sources. As such, it is important for secondary sources to reference those primary sources from which they were derived, so that their reliability can be investigated. It is also important to note that a given entity might be a primary source for one entity but not another. It is the reason why Primary Source is defined as a relation as opposed to a subtype of Entity.
Attributionhttp://hl7.org/fhir/w3c-provenance-activity-typewasAttributedToAscribing of an entity (object/document) to an agent.
Collectionhttp://hl7.org/fhir/w3c-provenance-activity-typeisCollectionOf An aggregating activity that results in composition of an entity, which provides a structure to some constituents that must themselves be entities. These constituents are said to be member of the collections.
aggregatehttp://hl7.org/fhir/extra-activity-typeaggregateActivity resulting in a structured collection of preexisting content that does not necessarily result in an integral object with semantic context making it more than the sum of component parts, from which components could be disaggregated without loss of semantic context, e.g., the assembly of multiple stand-alone documents.
composehttp://hl7.org/fhir/extra-activity-typecomposeActivity resulting in the structured compilation of new and preexisting content for the purposes of forming an integral object with semantic context making it more than the sum of component parts, which would be lost if decomposed. For example, the composition of a document that includes in whole or part other documents along with new content that result in a new document that has unique semantic meaning.
labelhttp://hl7.org/fhir/extra-activity-typelabelThe means used to associate a set of security attributes with a specific information object as part of the data structure for that object. [ISO-10181-3 Access Control]

 

See the full registry of value sets defined as part of FHIR.


Explanation of the columns that may appear on this page:

LvlA few code lists that FHIR defines are hierarchical - each code is assigned a level. For value sets, levels are mostly used to organise codes for user convenience, but may follow code system hierarchy - see Code System for further information
SourceThe source of the definition of the code (when the value set draws in codes defined elsewhere)
CodeThe code (used as the code in the resource instance). If the code is in italics, this indicates that the code is not selectable ('Abstract')
DisplayThe display (used in the display element of a Coding). If there is no display, implementers should not simply display the code, but map the concept into their application
DefinitionAn explanation of the meaning of the concept
CommentsAdditional notes about how to use the code