Release 5 Draft Ballot

Auditevent-example-disclosure.json

Security Work GroupMaturity Level: N/AStandards Status: InformativeCompartments: Device, Patient, Practitioner

Raw JSON (canonical form + also see JSON Format Specification)

Accounting of a Disclosure

{
  "resourceType": "AuditEvent",
  "id": "example-disclosure",
  "text": {
    "status": "generated",
    "div": "<div xmlns=\"http://www.w3.org/1999/xhtml\">\n\t\t\t<p>Disclosure by some idiot, for marketing reasons, to places unknown, of a Poor Sap, data about Everthing important.</p>\n\t\t\t<p>\n\t\t\t\t<b> type:</b> Export</p>\n\t\t\t<p>\n\t\t\t\t<b> subtype:</b> HIPAA Disclosure</p>\n\t\t\t<p>\n\t\t\t\t<b> action:</b> Read</p>\n\t\t\t<p>\n\t\t\t\t<b> severity:</b> Notice: normal but signficant condition</p>\n\t\t\t<p>\n\t\t\t\t<b> recorded:</b> September 22, 2013</p>\n\t\t\t<p>\n\t\t\t\t<b> PurposeOfEvent:</b> Healthcare Marketing</p>\n\t\t\t<p>\n\t\t\t\t<b> source agent:</b> user ID</p>\n\t\t\t<p>\n\t\t\t\t<b> source agent location:</b> Location 1</p>\n\t\t\t<p>\n\t\t\t\t<b> source agent network id:</b> custodian.net</p>\n\t\t\t<p>\n\t\t\t\t<b> recipient agent:</b> practitioner ID</p>\n\t\t\t<p>\n\t\t\t\t<b> recipient agent network id:</b> marketing.land</p>\n\t\t\t<p>\n\t\t\t\t<b> patient:</b> patient identity</p>\n\t\t\t<p>\n\t\t\t\t<b> data exposed:</b> list of data</p>\n\t\t</div>"
  },
  "type": {
    "system": "http://dicom.nema.org/resources/ontology/DCM",
    "code": "110106",
    "display": "Export"
  },
  "subtype": [
    {
      "code": "Disclosure",
      "display": "HIPAA disclosure"
    }
  ],
  "action": "R",
  "severity": "notice",
  "recorded": "2013-09-22T00:08:00Z",
  "outcome": {
    "coding": [
      {
        "system": "http://terminology.hl7.org/CodeSystem/audit-event-outcome",
        "code": "0",
        "display": "Success"
      }
    ],
    "text": "Successful Disclosure"
  },
  "purposeOfEvent": [
    {
      "coding": [
        {
          "system": "http://terminology.hl7.org/CodeSystem/v3-ActReason",
          "code": "HMARKT",
          "display": "healthcare marketing"
        }
      ]
    }
  ],
  "agent": [
    {
      "type": {
        "coding": [
          {
            "system": "http://dicom.nema.org/resources/ontology/DCM",
            "code": "110153",
            "display": "Source Role ID"
          }
        ]
      },
      "who": {
        "identifier": {
          "value": "SomeIdiot@nowhere"
        }
      },
      "altId": "notMe",
      "name": "That guy everyone wishes would be caught",
      "requestor": true,
      "location": {
        "reference": "Location/1"
      },
      "policy": [
        "http://consent.com/yes"
      ],
      "network": {
        "address": "custodian.net",
        "type": "1"
      }
    },
    {
      "type": {
        "coding": [
          {
            "system": "http://dicom.nema.org/resources/ontology/DCM",
            "code": "110152",
            "display": "Destination Role ID"
          }
        ]
      },
      "who": {
        "reference": "Practitioner/example",
        "display": "Where"
      },
      "requestor": false,
      "network": {
        "address": "marketing.land",
        "type": "1"
      },
      "purposeOfUse": [
        {
          "coding": [
            {
              "system": "http://terminology.hl7.org/CodeSystem/v3-ActReason",
              "code": "HMARKT",
              "display": "healthcare marketing"
            }
          ]
        }
      ]
    }
  ],
  "source": {
    "site": "Watcher",
    "observer": {
      "display": "Watchers Accounting of Disclosures Application"
    },
    "type": [
      {
        "system": "http://terminology.hl7.org/CodeSystem/security-source-type",
        "code": "4",
        "display": "Application Server"
      }
    ]
  },
  "entity": [
    {
      "what": {
        "reference": "Patient/example"
      },
      "type": {
        "system": "http://terminology.hl7.org/CodeSystem/audit-entity-type",
        "code": "1",
        "display": "Person"
      },
      "role": {
        "system": "http://terminology.hl7.org/CodeSystem/object-role",
        "code": "1",
        "display": "Patient"
      }
    },
    {
      "what": {
        "reference": "Patient/example/_history/1",
        "identifier": {
          "value": "What.id"
        }
      },
      "type": {
        "system": "http://terminology.hl7.org/CodeSystem/audit-entity-type",
        "code": "2",
        "display": "System Object"
      },
      "role": {
        "system": "http://terminology.hl7.org/CodeSystem/object-role",
        "code": "4",
        "display": "Domain Resource"
      },
      "lifecycle": {
        "system": "http://terminology.hl7.org/CodeSystem/dicom-audit-lifecycle",
        "code": "11",
        "display": "Disclosure"
      },
      "securityLabel": [
        {
          "system": "http://terminology.hl7.org/CodeSystem/v3-Confidentiality",
          "code": "V",
          "display": "very restricted"
        },
        {
          "system": "http://terminology.hl7.org/CodeSystem/v3-ActCode",
          "code": "STD",
          "display": "sexually transmitted disease information sensitivity"
        },
        {
          "system": "http://terminology.hl7.org/CodeSystem/v3-ActCode",
          "code": "DELAU",
          "display": "delete after use"
        }
      ],
      "name": "data about Everthing important"
    }
  ]
}

Usage note: every effort has been made to ensure that the examples are correct and useful, but they are not a normative part of the specification.