This page is part of the FHIR Specification (v4.6.0: R5 Draft Ballot). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions . Page versions: R5 R4B R4 R3 R2
Security Work Group | Maturity Level: N/A | Standards Status: Informative | Compartments: Device, Patient, Practitioner |
Raw XML (canonical form + also see XML Format Specification)
Accounting of a Disclosure (id = "example-disclosure")
<?xml version="1.0" encoding="UTF-8"?> <AuditEvent xmlns="http://hl7.org/fhir"> <id value="example-disclosure"/> <text> <status value="generated"/> <div xmlns="http://www.w3.org/1999/xhtml"> <p> Disclosure by some idiot, for marketing reasons, to places unknown, of a Poor Sap, data about Everthing important.</p> <p> <b> type:</b> Export</p> <p> <b> subtype:</b> HIPAA Disclosure</p> <p> <b> action:</b> Read</p> <p> <b> severity:</b> Notice: normal but signficant condition</p> <p> <b> recorded:</b> September 22, 2013</p> <p> <b> PurposeOfEvent:</b> Healthcare Marketing</p> <p> <b> source agent:</b> user ID</p> <p> <b> source agent location:</b> Location 1</p> <p> <b> source agent network id:</b> custodian.net</p> <p> <b> recipient agent:</b> practitioner ID</p> <p> <b> recipient agent network id:</b> marketing.land</p> <p> <b> patient:</b> patient identity</p> <p> <b> data exposed:</b> list of data</p> </div> </text> <type> <system value="http://dicom.nema.org/resources/ontology/DCM"/> <code value="110106"/> <display value="Export"/> </type> <subtype> <code value="Disclosure"/> <display value="HIPAA disclosure"/> </subtype> <action value="R"/> <severity value="notice"/> <recorded value="2013-09-22T00:08:00Z"/> <outcome> <coding> <system value="http://terminology.hl7.org/CodeSystem/audit-event-outcome"/> <code value="0"/> <display value="Success"/> </coding> <text value="Successful Disclosure"/> </outcome> <purposeOfEvent> <coding> <system value="http://terminology.hl7.org/CodeSystem/v3-ActReason"/> <code value="HMARKT"/> <display value="healthcare marketing"/> </coding> </purposeOfEvent> <agent> <!-- who disclosed the data --> <type> <coding> <system value="http://dicom.nema.org/resources/ontology/DCM"/> <code value="110153"/> <display value="Source Role ID"/> </coding> </type> <who> <identifier> <value value="SomeIdiot@nowhere"/> </identifier> </who> <altId value="notMe"/> <name value="That guy everyone wishes would be caught"/> <requestor value="true"/> <location> <reference value="Location/1"/> </location> <policy value="http://consent.com/yes"/> <network> <address value="custodian.net"/> <type value="1"/> </network> </agent> <agent> <!-- who received the data --> <type> <coding> <system value="http://dicom.nema.org/resources/ontology/DCM"/> <code value="110152"/> <display value="Destination Role ID"/> </coding> </type> <who> <reference value="Practitioner/example"/> <display value="Where"/> </who> <requestor value="false"/> <network> <address value="marketing.land"/> <type value="1"/> </network> <purposeOfUse> <coding> <system value="http://terminology.hl7.org/CodeSystem/v3-ActReason"/> <code value="HMARKT"/> <display value="healthcare marketing"/> </coding> </purposeOfUse> </agent> <source> <!-- what system detected this disclosure --> <site value="Watcher"/> <observer> <display value="Watchers Accounting of Disclosures Application"/> </observer> <type> <system value="http://terminology.hl7.org/CodeSystem/security-source-type"/> <code value="4"/> <display value="Application Server"/> </type> </source> <entity> <!-- patient whos data got disclosed --> <what> <reference value="Patient/example"/> </what> <type> <system value="http://terminology.hl7.org/CodeSystem/audit-entity-type"/> <code value="1"/> <display value="Person"/> </type> <role> <system value="http://terminology.hl7.org/CodeSystem/object-role"/> <code value="1"/> <display value="Patient"/> </role> </entity> <entity> <!-- data that got disclosed --> <what> <reference value="Patient/example/_history/1"/> <identifier> <value value="What.id"/> </identifier> </what> <type> <system value="http://terminology.hl7.org/CodeSystem/audit-entity-type"/> <code value="2"/> <display value="System Object"/> </type> <role> <system value="http://terminology.hl7.org/CodeSystem/object-role"/> <code value="4"/> <display value="Domain Resource"/> </role> <lifecycle> <system value="http://terminology.hl7.org/CodeSystem/dicom-audit-lifecycle"/> <code value="11"/> <display value="Disclosure"/> </lifecycle> <securityLabel> <system value="http://terminology.hl7.org/CodeSystem/v3-Confidentiality"/> <code value="V"/> <display value="very restricted"/> </securityLabel> <securityLabel> <system value="http://terminology.hl7.org/CodeSystem/v3-ActCode"/> <code value="STD"/> <display value="sexually transmitted disease information sensitivity"/> </securityLabel> <securityLabel> <system value="http://terminology.hl7.org/CodeSystem/v3-ActCode"/> <code value="DELAU"/> <display value="delete after use"/> </securityLabel> <name value="data about Everthing important"/> </entity> </AuditEvent>
Usage note: every effort has been made to ensure that the examples are correct and useful, but they are not a normative part of the specification.