Current Build
Security Work GroupMaturity Level: N/AStandards Status: InformativeSecurity Category: Not Classified Compartments: Device, Patient, Practitioner

Mappings for the auditevent resource (see Mappings to Other Standards for further information & status).

AuditEvent
    typeFiveWs.what[x]
    subtypeFiveWs.what[x]
    actionFiveWs.what[x]
    periodFiveWs.done[x]
    recordedFiveWs.recorded
    outcomeFiveWs.what[x]
    outcomeDescFiveWs.what[x]
    purposeOfEventFiveWs.why[x]
    agentFiveWs.who
        typeFiveWs.who
        roleFiveWs.who
        whoFiveWs.who
        altIdFiveWs.who
        nameFiveWs.who
        requestorFiveWs.who
        locationFiveWs.where[x]
        policyFiveWs.why[x]
        mediaFiveWs.where[x]
        networkFiveWs.where[x]
            addressFiveWs.where[x]
            typeFiveWs.where[x]
        purposeOfUseFiveWs.why[x]
    sourceFiveWs.witness
        siteFiveWs.witness
        observerFiveWs.witness
        typeFiveWs.witness
    entityFiveWs.what[x]
        whatFiveWs.what[x]
        typeFiveWs.what[x]
        roleFiveWs.context
        lifecycleFiveWs.context
        securityLabelFiveWs.context
        nameFiveWs.context
        descriptionFiveWs.context
        queryFiveWs.context
        detailFiveWs.context
            typeFiveWs.context
            value[x]FiveWs.context
AuditEventEvent
    typeEvent.code
    periodEvent.occurred[x]
    purposeOfEventEvent.reasonCode
    agentEvent.performer
        typeEvent.performer.function
        whoEvent.performer.actor
        locationEvent.location
AuditEventControlAct[moodCode=EVN]
    type.code (type, subtype and action are pre-coordinated or sent as translations)
    subtype.code (type, subtype and action are pre-coordinated or sent as translations)
    action.code (type, subtype and action are pre-coordinated or sent as translations)
    period./effectiveTime[type=IVL_TS]
    recorded.effectiveTime
    outcome.actionNegationInd
    outcomeDesc.outboundRelationship[typeCode=OUT].target.text
    purposeOfEvent* .reasonCode [ControlActReason when Act.class = CACT Control Act]
*.outboundRelationship[typeCode=RSON].target
    agent.participation
        type.typeCode and/or .functionCode
        role.role
        who.id
        altId.id (distinguish id type by root)
        name.name
        requestorIf participation.typeCode was author, then true
        location* Role.Class =SDLOC
*Role.Code = ServiceDeliveryLocationRoleType
*Entity.Code = PlaceEntityType = df.Types of places for Entity.Class = PLC
*EntityClass = PLC = df.A physical place or site with its containing structure. May be natural or man-made. The geographic position of a place might or might not be constant.
        policyActPolicyType
        media.player.description.mediaType
        network.player.description.reference
            addresspre-coordinated into URL
            typepre-coordinated into URL
        purposeOfUse*.reasonCode [ActHealthInformationPurposeOfUseReason codes/v:PurposeOfUse
(2.16.840.1.113883.1.11.20448)
* .outboundRelationship[typeCode=RSON or SUBJ].target
    source.participation[typeCode=INF].role[classCode=ASSIGN].player[classCode=DEV, determinerCode=INSTANCE]
        site.scopedRole[classCode=LOCE].player.desc
        observer.id
        type.code
    entity.outboundRelationship[typeCode=SUBJ].target or .participation[typeCode=SBJ].role
        what.id
        type[self::Act].code or role.player.code
        rolerole.code (not sure what this would mean for an Act)
        lifecycletarget of ObservationEvent[code="lifecycle"].value
        securityLabel.confidentialityCode
        name.title
        description.text
        queryNo mapping
        detail.inboundRelationship[typeCode=SUBJ].target[classCode=OBS, moodCode=EVN]
            type.code
            value[x].value
AuditEventMessage
    typeEventId
    subtypeEventTypeCode
    actionEventActionCode
    periodEventDateTime
    recorded
    outcomeEventOutcomeIndicator
    outcomeDescEventOutcomeDescription
    purposeOfEventEventPurposeOfUse
    agentActiveParticipant
        typeprime RoleIdCode
        roleall RoleIdCode
        whoUserId
        altIdAlternativeUserId
        nameUserName
        requestorUserIsRequestor
        location
        policyParticipantRoleIDCode
        mediaMediaType
        network
            addressNetworkAccessPointID
            typeNetworkAccessPointTypeCode
        purposeOfUse
    sourceAuditSourceIdentification
        siteAuditEnterpriseSiteId
        observerAuditSourceId
        typeAuditSourceTypeCode
    entityParticipantObjectIdentification
        whatParticipantObjectID and ParticipantObjectIDTypeCode
        typeParticipantObjectTypeCode
        roleParticipantObjectTypeCodeRole
        lifecycleParticipantObjectDataLifeCycle
        securityLabelParticipantObjectSensitivity
        nameParticipantObjectName
        descriptionParticipantObjectDescription
        queryParticipantObjectQuery
        detailParticipantObjectDetail
            typeParticipantObjectDetail.type
            value[x]ParticipantObjectDetail.value

The provenance resource is based on known practices in the HL7 implementation space, particularly those found in the v2 EVN segment, the v3 ControlAct Wrapper, the CDA header, and IHE ATNA. The conceptual model underlying the design is the W3C provenance Specification . Though the content and format of the resource is designed to meet specific requirements for FHIR, all the parts of the resource are formally mapped to the PROV-O specification, and FHIR resources can be transformed to their W3C PROV equivalent.

AuditEvent
    typeActivity
    subtype
    action
    periodActivity.startTime & Activity.endTime
    recordedActivity.when
    outcome
    outcomeDesc
    purposeOfEventActivity.Activity
    agentAgent
        typeAgent.Attribution
        roleAgent.Attribution
        whoAgent.Identity
        altIdAgent.Identity
        nameAgent.Identity
        requestor
        locationActivity.location
        policy
        media
        network
            addressAgent.Location
            type
        purposeOfUseAgent.Activity
    source
        site
        observer
        type
    entityEntity
        what
        typeEntity.type
        roleEntity.role
        lifecycleEntity.role
        securityLabel
        nameEntity.Label
        description
        query
        detail
            type
            value[x]
AuditEvent
    type
    subtype
    action
    periodProvenance.occurred[x]
    recordedProvenance.recorded
    outcome
    outcomeDesc
    purposeOfEventProvenance.reason, Provenance.activity
    agentProvenance.agent
        typeProvenance.agent.type
        roleProvenance.agent.role
        whoProvenance.agent.who
        altId
        name
        requestor
        locationProvenance.location
        policyProvenance.policy
        media
        network
            address
            type
        purposeOfUse
    source
        site
        observer
        type
    entityProvenance.target, Provenance.entity
        whatProvenance.target, Provenance.entity.what
        typeProvenance.entity.type
        role
        lifecycleProvenance.entity.role
        securityLabel
        name
        description
        query
        detail
            type
            value[x]