Release 5 Draft Ballot

This is the Continuous Integration Build of FHIR (will be incorrect/inconsistent at times).
See the Directory of published versions

Security Work GroupMaturity Level: N/AStandards Status: InformativeSecurity Category: Not Classified Compartments: Device, Patient, Practitioner

Mappings for the auditevent resource (see Mappings to Other Standards for further information & status).

AuditEvent
    categoryFiveWs.what[x]
    codeFiveWs.what[x]
    actionFiveWs.what[x]
    occurred[x]FiveWs.done[x]
    recordedFiveWs.recorded
    outcomeFiveWs.what[x]
        codeFiveWs.what[x]
        detailFiveWs.what[x]
    authorizationFiveWs.why[x]
    basedOnFiveWs.why[x]
    patientFiveWs.subject[x]
    encounterFiveWs.why[x]
    agentFiveWs.who
        typeFiveWs.who
        roleFiveWs.who
        whoFiveWs.who
        requestorFiveWs.who
        locationFiveWs.where[x]
        policyFiveWs.why[x]
        network[x]FiveWs.where[x]
        authorizationFiveWs.why[x]
    sourceFiveWs.witness
        siteFiveWs.witness
        observerFiveWs.witness
        typeFiveWs.witness
    entityFiveWs.what[x]
        whatFiveWs.what[x]
        roleFiveWs.context
        securityLabelFiveWs.context
        queryFiveWs.context
        detailFiveWs.context
            typeFiveWs.context
            value[x]FiveWs.context
AuditEventEvent
    categoryEvent.code
    occurred[x]Event.occurred[x]
    authorizationEvent.reasonCode
    basedOnEvent.code
    patientEvent.patient
    encounterEvent.code
    agentEvent.performer
        typeEvent.performer.function
        whoEvent.performer.actor
        locationEvent.location
AuditEventControlAct[moodCode=EVN]
    category.code (type, subtype and action are pre-coordinated or sent as translations)
    code.code (type, subtype and action are pre-coordinated or sent as translations)
    action.code (type, subtype and action are pre-coordinated or sent as translations)
    severityN/A
    occurred[x]./effectiveTime[type=IVL_TS]
    recorded.effectiveTime
    outcome.outboundRelationship[typeCode=OUT].target.text
        code.outboundRelationship[typeCode=OUT].target.text
        detail.outboundRelationship[typeCode=OUT].target.text
    authorization* .reasonCode [ControlActReason when Act.class = CACT Control Act]
*.outboundRelationship[typeCode=RSON].target
    basedOnAct.code
    patientparticipation[typeCode=RTGT]
    encounterAct.code
    agent.participation
        type.typeCode and/or .functionCode
        role.role
        who.id
        requestorIf participation.typeCode was author, then true
        location* Role.Class =SDLOC
*Role.Code = ServiceDeliveryLocationRoleType
*Entity.Code = PlaceEntityType = df.Types of places for Entity.Class = PLC
*EntityClass = PLC = df.A physical place or site with its containing structure. May be natural or man-made. The geographic position of a place might or might not be constant.
        policyActPolicyType
        network[x].player.description
        authorization*.reasonCode [ActHealthInformationPurposeOfUseReason codes/v:PurposeOfUse
(2.16.840.1.113883.1.11.20448)
* .outboundRelationship[typeCode=RSON or SUBJ].target
    source.participation[typeCode=INF].role[classCode=ASSIGN].player[classCode=DEV, determinerCode=INSTANCE]
        site.scopedRole[classCode=LOCE].player.desc
        observer.id
        type.code
    entity.outboundRelationship[typeCode=SUBJ].target or .participation[typeCode=SBJ].role
        what.id
        rolerole.code (not sure what this would mean for an Act)
        securityLabel.confidentialityCode
        queryNo mapping
        detail.inboundRelationship[typeCode=SUBJ].target[classCode=OBS, moodCode=EVN]
            type.code
            value[x].value
        agent./author/role
AuditEventMessage
    categoryEventId
    codeEventTypeCode
    actionEventActionCode
    severityPRI
    occurred[x]
    recordedEventDateTime
    outcome
        codeEventOutcomeIndicator EventOutcomeIndicator
        detail
    authorizationEventPurposeOfUse
    basedOn
    patient
    encounter
    agentActiveParticipant
        typeprime RoleIdCode
        roleall RoleIdCode
        whoUserName and UserId
        requestorUserIsRequestor
        location
        policyParticipantRoleIDCode
        network[x]NetworkAccessPointID and NetworkAccessPointTypeCode
        authorization
    sourceAuditSourceIdentification
        siteAuditEnterpriseSiteId
        observerAuditSourceId
        typeAuditSourceTypeCode
    entityParticipantObjectIdentification
        whatParticipantObjectTypeCode, ParticipantObjectName, ParticipantObjectID and ParticipantObjectIDTypeCode
        roleParticipantObjectTypeCodeRole
        securityLabelParticipantObjectSensitivity
        queryParticipantObjectQuery
        detailParticipantObjectDetail
            typeParticipantObjectDetail.type
            value[x]ParticipantObjectDetail.value
        agentActiveParticipant.MediaType

The provenance resource is based on known practices in the HL7 implementation space, particularly those found in the v2 EVN segment, the v3 ControlAct Wrapper, the CDA header, and IHE ATNA. The conceptual model underlying the design is the W3C provenance Specification . Though the content and format of the resource is designed to meet specific requirements for FHIR, all the parts of the resource are formally mapped to the PROV-O specification, and FHIR resources can be transformed to their W3C PROV equivalent.

AuditEvent
    categoryActivity
    code
    action
    severity
    occurred[x]Activity.startTime & Activity.endTime
    recordedActivity.when
    outcome
        code
        detail
    authorizationActivity.Activity
    basedOnActivity.Activity
    patientEntity.Identity
    encounterActivity.Activity
    agentAgent
        typeAgent.Attribution
        roleAgent.Attribution
        whoAgent.Identity
        requestor
        locationActivity.location
        policy
        network[x]Agent.Location
        authorizationAgent.Activity
    source
        site
        observer
        type
    entityEntity
        what
        roleEntity.role
        securityLabel
        query
        detail
            type
            value[x]
        agent
AuditEvent
    category
    codeProvenance.activity
    action
    severity
    occurred[x]Provenance.occurred[x]
    recordedProvenance.recorded
    outcome
        code
        detail
    authorizationProvenance.authorization
    basedOn
    patient
    encounter
    agentProvenance.agent
        typeProvenance.agent.type
        roleProvenance.agent.role
        whoProvenance.agent.who
        requestor
        locationProvenance.location
        policyProvenance.policy
        network[x]
        authorization
    source
        site
        observer
        type
    entityProvenance.target, Provenance.entity
        whatProvenance.target, Provenance.entity.what
        role
        securityLabel
        query
        detail
            type
            value[x]
        agentProvenance.entity.agent