FHIR CI-Build
This is the Continuous Integration Build of FHIR (will be incorrect/inconsistent at times).
See the Directory of published versions
Auditevent.shex

Security Work Group
Maturity Level: N/A
Standards Status: Informative
Compartments: Device, Patient, Practitioner
Raw ShEx
ShEx statement for auditevent
PREFIX fhir: <http://hl7.org/fhir/> 
PREFIX fhirvs: <http://hl7.org/fhir/ValueSet/>
PREFIX xsd: <http://www.w3.org/2001/XMLSchema#> 
PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> 

IMPORT <uri.shex>
IMPORT <code.shex>
IMPORT <time.shex>
IMPORT <Range.shex>
IMPORT <Ratio.shex>
IMPORT <Period.shex>
IMPORT <Device.shex>
IMPORT <string.shex>
IMPORT <Coding.shex>
IMPORT <instant.shex>
IMPORT <Patient.shex>
IMPORT <boolean.shex>
IMPORT <integer.shex>
IMPORT <dateTime.shex>
IMPORT <CareTeam.shex>
IMPORT <Location.shex>
IMPORT <Endpoint.shex>
IMPORT <Resource.shex>
IMPORT <Quantity.shex>
IMPORT <Reference.shex>
IMPORT <Encounter.shex>
IMPORT <Organization.shex>
IMPORT <Practitioner.shex>
IMPORT <base64Binary.shex>
IMPORT <RelatedPerson.shex>
IMPORT <DomainResource.shex>
IMPORT <CodeableConcept.shex>
IMPORT <BackboneElement.shex>
IMPORT <PractitionerRole.shex>


start=@<AuditEvent> AND {fhir:nodeRole [fhir:treeRoot]}

# Record of an event
<AuditEvent> EXTENDS @<DomainResource> CLOSED {   

    a [fhir:AuditEvent]?;
    fhir:nodeRole [fhir:treeRoot]?;

    fhir:type @<CodeableConcept>;           # High level categorization of audit 
                                            # event 
    fhir:subtype @<OneOrMore_CodeableConcept>?;  # Specific type of event
    fhir:action @<code> AND
    	{fhir:v @fhirvs:audit-event-action}?;  # Type of action performed during 
                                            # the event 
    fhir:severity @<code> AND
    	{fhir:v @fhirvs:audit-event-severity}?;  # emergency | alert | critical | 
                                            # error | warning | notice | 
                                            # informational | debug 
    fhir:occurred @<Period>  OR 
    			@<dateTime>  ?;  # When the activity occurred
    fhir:recorded @<instant>;               # Time when the event was recorded
    fhir:outcome @<AuditEvent.outcome>?;    # Whether the event succeeded or 
                                            # failed 
    fhir:authorization @<OneOrMore_CodeableConcept>?;  # Authorization related to the event
    fhir:basedOn @<OneOrMore_Reference_Resource>?;  # Workflow authorization within 
                                            # which this event occurred 
    fhir:patient @<Reference> AND {fhir:link 
    			@<Patient> ? }?;  # The patient is the subject of the 
                                            # data used/created/updated/deleted 
                                            # during the activity 
    fhir:encounter @<Reference> AND {fhir:link 
    			@<Encounter> ? }?;  # Encounter within which this event 
                                            # occurred or which the event is 
                                            # tightly associated 
    fhir:agent @<OneOrMore_AuditEvent.agent>;  # Actor involved in the event
    fhir:source @<AuditEvent.source>;       # Audit Event Reporter
    fhir:entity @<OneOrMore_AuditEvent.entity>?;  # Data or objects used
}  

# Actor involved in the event
<AuditEvent.agent> EXTENDS @<BackboneElement> CLOSED {   
    fhir:type @<CodeableConcept>?;          # How agent participated
    fhir:role @<OneOrMore_CodeableConcept>?;  # Agent role in the event
    fhir:who @<Reference> AND {fhir:link 
    			@<CareTeam> OR 
    			@<Device> OR 
    			@<Organization> OR 
    			@<Patient> OR 
    			@<Practitioner> OR 
    			@<PractitionerRole> OR 
    			@<RelatedPerson> ? };  # Identifier of who
    fhir:requestor @<boolean>?;             # Whether user is initiator
    fhir:location @<Reference> AND {fhir:link 
    			@<Location> ? }?;  # The agent location when the event 
                                            # occurred 
    fhir:policy @<OneOrMore_uri>?;          # Policy that authorized the agent 
                                            # participation in the event 
    fhir:network (@<Reference>  AND {fhir:link @<Endpoint> })  OR 
    			@<uri>  OR 
    			@<string>  ?;  # This agent network location for 
                                            # the activity 
    fhir:authorization @<OneOrMore_CodeableConcept>?;  # Allowable authorization for this 
                                            # agent 
}  

# Audit Event Reporter
<AuditEvent.source> EXTENDS @<BackboneElement> CLOSED {   
    fhir:site @<Reference> AND {fhir:link 
    			@<Location> ? }?;  # Logical source location within the 
                                            # enterprise 
    fhir:observer @<Reference> AND {fhir:link 
    			@<CareTeam> OR 
    			@<Device> OR 
    			@<Organization> OR 
    			@<Patient> OR 
    			@<Practitioner> OR 
    			@<PractitionerRole> OR 
    			@<RelatedPerson> ? };  # The identity of source detecting 
                                            # the event 
    fhir:type @<OneOrMore_CodeableConcept>?;  # The type of source where event 
                                            # originated 
}  

# Data or objects used
<AuditEvent.entity> EXTENDS @<BackboneElement> CLOSED {   
    fhir:what @<Reference> AND {fhir:link 
    			@<Resource> ? }?;  # Specific instance of resource
    fhir:role @<CodeableConcept>?;          # What role the entity played
    fhir:securityLabel @<OneOrMore_CodeableConcept>?;  # Security labels on the entity
    fhir:query @<base64Binary>?;            # Query parameters
    fhir:detail @<OneOrMore_AuditEvent.entity.detail>?;  # Additional Information about the 
                                            # entity 
    fhir:agent @<OneOrMore_AuditEvent.agent>?;  # Entity is attributed to this agent
}  

# Additional Information about the entity
<AuditEvent.entity.detail> EXTENDS @<BackboneElement> CLOSED {   
    fhir:type @<CodeableConcept>;           # Name of the property
    fhir:value @<Quantity>  OR 
    			@<CodeableConcept>  OR 
    			@<string>  OR 
    			@<boolean>  OR 
    			@<integer>  OR 
    			@<Range>  OR 
    			@<Ratio>  OR 
    			@<time>  OR 
    			@<dateTime>  OR 
    			@<Period>  OR 
    			@<base64Binary>  ;  # Property value
}  

# Whether the event succeeded or failed
<AuditEvent.outcome> EXTENDS @<BackboneElement> CLOSED {   
    fhir:code @<Coding>;                    # Whether the event succeeded or 
                                            # failed 
    fhir:detail @<OneOrMore_CodeableConcept>?;  # Additional outcome detail
}  

#---------------------- Cardinality Types (OneOrMore) -------------------

<OneOrMore_CodeableConcept> CLOSED {
    rdf:first @<CodeableConcept>  ;
    rdf:rest [rdf:nil] OR @<OneOrMore_CodeableConcept> 
}

<OneOrMore_Reference_Resource> CLOSED {
    rdf:first @<Reference> AND {fhir:link 
			@<Resource> } ;
    rdf:rest [rdf:nil] OR @<OneOrMore_Reference_Resource> 
}

<OneOrMore_AuditEvent.agent> CLOSED {
    rdf:first @<AuditEvent.agent>  ;
    rdf:rest [rdf:nil] OR @<OneOrMore_AuditEvent.agent> 
}

<OneOrMore_AuditEvent.entity> CLOSED {
    rdf:first @<AuditEvent.entity>  ;
    rdf:rest [rdf:nil] OR @<OneOrMore_AuditEvent.entity> 
}

<OneOrMore_uri> CLOSED {
    rdf:first @<uri>  ;
    rdf:rest [rdf:nil] OR @<OneOrMore_uri> 
}

<OneOrMore_AuditEvent.entity.detail> CLOSED {
    rdf:first @<AuditEvent.entity.detail>  ;
    rdf:rest [rdf:nil] OR @<OneOrMore_AuditEvent.entity.detail> 
}

#---------------------- Value Sets ------------------------

# Indicator for type of action performed during the event that generated the event.
fhirvs:audit-event-action ["C" "R" "U" "D" "E"]

# The severity of the audit entry.
fhirvs:audit-event-severity ["emergency" "alert" "critical" "error" "warning" "notice" "informational" "debug"]
Usage note: every effort has been made to ensure that the ShEx files are correct and useful, but they are not a normative part of the specification.