This page is part of the FHIR Specification (v0.06: DSTU 1 Ballot 2). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions
Status: XDS resource under consideration by IHE and the FHIR project team. Draft for Comment
A record of an event .
The resource name as it appears in a RESTful URL is /securityevent/
This is a draft for what an ATNA Audit Record (RFC 3881) might look like if provided as a FHIR resource. This is work in progress performed collaboratively between HL7 and IHE for the MHD/mHealth initiatives. Neither HL7 nor IHE is committed to pursuing this path - it is simply being evaluated as a possibility.
Things to note about the current design:
<SecurityEvent xmlns="http://hl7.org/fhir"> <event> <!-- 1..1 what was done --> <id><!-- 1..1 Coding Identifier for a specific audited event --></id> <action><!-- 0..1 code type of action performed during the event --></action> <dateTime><!-- 1..1 instant time when the event occurred on source --></dateTime> <outcome><!-- 1..1 code whether the event succeeded or failed --></outcome> <code><!-- 0..* Coding Identifier for the category of event --></code> </event> <participant> <!-- 0..* a person, or a hardware device or software process --> <userId><!-- 1..1 string Unique identifier for the user --></userId> <otherUserId><!-- 0..1 string User identifier from authentication system --></otherUserId> <name><!-- 0..1 string human-meaningful name for the user --></name> <requestor><!-- 1..1 boolean Whether user is initiator --></requestor> <role><!-- 0..* Coding role(s) the user plays (from RBAC) --></role> <network> <!-- 0..1 logical network location for application activity --> <type><!-- 0..1 code the type of network access point --></type> <id><!-- 0..1 string identifier for the network access point of the user device --></id> </network> </participant> <source> <!-- 0..* application systems and processes --> <site><!-- 0..1 string Logical source location within the enterprise --></site> <id><!-- 1..1 string the id of source where event originated --></id> <type><!-- 0..* Coding the type of source where event originated --></type> </source> <object> <!-- 0..* specific instances of data or objects that have been accessed --> <type><!-- 0..1 code object type being audited --></type> <role><!-- 0..1 code functional application role of Object --></role> <lifecycle><!-- 0..1 code life-cycle stage for the object --></lifecycle> <idType><!-- 1..1 Coding Describes the identifier --></idType> <id><!-- 1..1 string Identifies a specific instance of object --></id> <sensitivity><!-- 0..1 string policy-defined sensitivity for the object --></sensitivity> <name><!-- 0..1 string instance-specific descriptor for Object --></name> <query><!-- 0..1 base64Binary actual query for object --></query> </object> <extension><!-- 0..* Extension See Extensions --></extension> <text><!-- 1..1 Narrative Text summary of resource (for human interpretation) --></text> </SecurityEvent>
Alternate definitions: Schema/Schematron, RDF (to do), XML, XMI (to do), Resource Profile
Terminology Bindings
| Path | Details | Strength |
|---|---|---|
| SecurityEvent.event.action | Indicator for type of action performed during the event that generated the audit. (see http://hl7.org/fhir/security-event-event-action for values) | complete/required |
| SecurityEvent.event.outcome | Indicates whether the event succeeded or failed (see http://hl7.org/fhir/security-event-event-outcome for values) | complete/required |
| SecurityEvent.participant.network.type | the type of network access point that originated the audit event (see http://hl7.org/fhir/network-type for values) | complete/required |
| SecurityEvent.source.type | Code specifying the type of source where event originated (see http://hl7.org/fhir/source-type for values) | complete/preferred |
| SecurityEvent.object.type | Code for the participant object type being audited (see http://hl7.org/fhir/object-type for values) | complete/required |
| SecurityEvent.object.role | Code representing the functional application role of Participant Object being audited (see http://hl7.org/fhir/object-role for values) | complete/required |
| SecurityEvent.object.lifecycle | Identifier for the data life-cycle stage for the participant object (see http://hl7.org/fhir/object-lifecycle for values) | complete/required |
| SecurityEvent.object.idType | Describes the identifier that is contained in Participant Object ID (see http://hl7.org/fhir/object-id-type for values) | complete/preferred |
Because the Audit resource is typically used for auditing many things beyond events related to FHIR resources, the object doesn't have a a simple reference to other resources. Instead, if the target object is a FHIR resource, the object is represented like this:
<object>
<idType>
<system>http://hl7.org/fhir/resource-types</system>
<code>Person</code>
</idType>
<id>http://acme.org/fhir/person/@34/history/@3</id>
</x>
This is the same pattern as a resource reference, but the type becomes extensible to allow referencing other kinds of resources. Note that the id reference should be a version specific reference, but is not required to be so. Note that when using RFC 3881 directly, the code system cannot be a URI, so use the OID 2.16.840.1.113883.6.306 in place of http://hl7.org/fhir/resource-types.
Search Parameters for RESTful searches. The standard parameters also apply. See Searching for more information.
| $page : integer | Starting offset of the first record to return in the search set | single |
| $count : integer | Number of return records requested. The server is not bound to conform | single |
| $id : token | The logical resource id associated with the resource (must be supported by all servers) | single |
| event : qtoken | [event.id] | union |
| action : token | [Audit.event.action] | union |
| date : date | date equal to [Audit.event.dateTime] | single |
| date-before : date | date before or equal to [Audit.event.dateTime] | single |
| date-after : date | date after or equal to [Audit.event.dateTime] | single |
| code : qtoken | [Audit.event.code] | union |
| user : token | [Audit.participant.userId] | union |
| name : string | [Audit.participant.name] | union |
| address : token | [Audit.participant.network.id] | union |
| source : token | [Audit.source.id] | union |
| site : token | [Audit.source.site] | union |
| type : token | [Audit.object.type] | union |
| id : token | [Audit.object.id] | union |
| desc : string | [Audit.object.name] | union |
| patientid : token | The id of the patient (one of multiple kinds of participations) | union |
(See Searching).
This is an old version of FHIR retained for archive purposes. Do not use for anything else
Implementers are welcome to experiment with the content defined here, but should note that the contents are subject to change without prior notice.
© HL7.org 2011 - 2012. FHIR v0.06 generated on Tue, Dec 4, 2012 00:03+1100. License