Release 5 Draft Ballot

This is the Continuous Integration Build of FHIR (will be incorrect/inconsistent at times).
See the Directory of published versions

Security Work GroupMaturity Level: N/AStandards Status: Informative Compartments: Device, Patient, Practitioner

This is a representation of the json schema for AuditEvent, which is just a part of the full JSON Schema.

{
  "$schema": "http://json-schema.org/draft-06/schema#",
  "id": "http://hl7.org/fhir/json-schema/AuditEvent",
  "$ref": "#/definitions/AuditEvent",
  "description": "see http://hl7.org/fhir/json.html#schema for information about the FHIR Json Schemas",
  "definitions": {
    "AuditEvent": {
      "description": "A record of an event relevant for purposes such as operations, privacy, security, maintenance, and performance analysis.",
      "properties": {
        "resourceType": {
          "description": "This is a AuditEvent resource",
          "const": "AuditEvent"
        },
        "id": {
          "description": "The logical id of the resource, as used in the URL for the resource. Once assigned, this value never changes.",
          "$ref": "id.schema.json#/definitions/id"
        },
        "meta": {
          "description": "The metadata about the resource. This is content that is maintained by the infrastructure. Changes to the content might not always be associated with version changes to the resource.",
          "$ref": "Meta.schema.json#/definitions/Meta"
        },
        "implicitRules": {
          "description": "A reference to a set of rules that were followed when the resource was constructed, and which must be understood when processing the content. Often, this is a reference to an implementation guide that defines the special rules along with other profiles etc.",
          "$ref": "#/definitions/uri"
        },
        "_implicitRules": {
          "description": "Extensions for implicitRules",
          "$ref": "Element.schema.json#/definitions/Element"
        },
        "language": {
          "description": "The base language in which the resource is written.",
          "$ref": "#/definitions/code"
        },
        "_language": {
          "description": "Extensions for language",
          "$ref": "Element.schema.json#/definitions/Element"
        },
        "text": {
          "description": "A human-readable narrative that contains a summary of the resource and can be used to represent the content of the resource to a human. The narrative need not encode all the structured data, but is required to contain sufficient detail to make it \"clinically safe\" for a human to just read the narrative. Resource definitions may define what content should be represented in the narrative to ensure clinical safety.",
          "$ref": "Narrative.schema.json#/definitions/Narrative"
        },
        "contained": {
          "description": "These resources do not have an independent existence apart from the resource that contains them - they cannot be identified independently, nor can they have their own independent transaction scope.",
          "items": {
            "$ref": "ResourceList.schema.json#/definitions/ResourceList"
          },
          "type": "array"
        },
        "extension": {
          "description": "May be used to represent additional information that is not part of the basic definition of the resource. To make the use of extensions safe and manageable, there is a strict set of governance  applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.",
          "items": {
            "$ref": "Extension.schema.json#/definitions/Extension"
          },
          "type": "array"
        },
        "modifierExtension": {
          "description": "May be used to represent additional information that is not part of the basic definition of the resource and that modifies the understanding of the element that contains it and/or the understanding of the containing element\u0027s descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer is allowed to define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.\n\nModifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).",
          "items": {
            "$ref": "Extension.schema.json#/definitions/Extension"
          },
          "type": "array"
        },
        "category": {
          "description": "Classification of the type of event.",
          "items": {
            "$ref": "CodeableConcept.schema.json#/definitions/CodeableConcept"
          },
          "type": "array"
        },
        "code": {
          "description": "Describes what happened. The most specific code for the event.",
          "$ref": "CodeableConcept.schema.json#/definitions/CodeableConcept"
        },
        "action": {
          "description": "Indicator for type of action performed during the event that generated the audit.",
          "$ref": "#/definitions/code"
        },
        "_action": {
          "description": "Extensions for action",
          "$ref": "Element.schema.json#/definitions/Element"
        },
        "severity": {
          "description": "Indicates and enables segmentation of various severity including debugging from critical.",
          "$ref": "#/definitions/code"
        },
        "_severity": {
          "description": "Extensions for severity",
          "$ref": "Element.schema.json#/definitions/Element"
        },
        "occurredPeriod": {
          "description": "The time or period during which the activity occurred.",
          "$ref": "Period.schema.json#/definitions/Period"
        },
        "occurredDateTime": {
          "description": "The time or period during which the activity occurred.",
          "pattern": "^([0-9]([0-9]([0-9][1-9]|[1-9]0)|[1-9]00)|[1-9]000)(-(0[1-9]|1[0-2])(-(0[1-9]|[1-2][0-9]|3[0-1])(T([01][0-9]|2[0-3]):[0-5][0-9]:([0-5][0-9]|60)(\\.[0-9]+)?(Z|(\\+|-)((0[0-9]|1[0-3]):[0-5][0-9]|14:00)))?)?)?$",
          "type": "string"
        },
        "_occurredDateTime": {
          "description": "Extensions for occurredDateTime",
          "$ref": "Element.schema.json#/definitions/Element"
        },
        "recorded": {
          "description": "The time when the event was recorded.",
          "$ref": "#/definitions/instant"
        },
        "_recorded": {
          "description": "Extensions for recorded",
          "$ref": "Element.schema.json#/definitions/Element"
        },
        "outcome": {
          "description": "Indicates whether the event succeeded or failed. A free text descripiton can be given in outcome.text.",
          "$ref": "#/definitions/AuditEvent_Outcome"
        },
        "authorization": {
          "description": "The authorization (e.g., PurposeOfUse) that was used during the event being recorded.",
          "items": {
            "$ref": "CodeableConcept.schema.json#/definitions/CodeableConcept"
          },
          "type": "array"
        },
        "basedOn": {
          "description": "Allows tracing of authorizatino for the events and tracking whether proposals/recommendations were acted upon.",
          "items": {
            "$ref": "Reference.schema.json#/definitions/Reference"
          },
          "type": "array"
        },
        "patient": {
          "description": "The patient element is available to enable deterministic tracking of activities that involve the patient as the subject of the data used in an activity.",
          "$ref": "Reference.schema.json#/definitions/Reference"
        },
        "encounter": {
          "description": "This will typically be the encounter the event occurred, but some events may be initiated prior to or after the official completion of an encounter but still be tied to the context of the encounter (e.g. pre-admission lab tests).",
          "$ref": "Reference.schema.json#/definitions/Reference"
        },
        "agent": {
          "description": "An actor taking an active role in the event or activity that is logged.",
          "items": {
            "$ref": "#/definitions/AuditEvent_Agent"
          },
          "type": "array"
        },
        "source": {
          "description": "The actor that is reporting the event.",
          "$ref": "#/definitions/AuditEvent_Source"
        },
        "entity": {
          "description": "Specific instances of data or objects that have been accessed.",
          "items": {
            "$ref": "#/definitions/AuditEvent_Entity"
          },
          "type": "array"
        }
      },
      "additionalProperties": false,
      "required": [
        "agent",
        "code",
        "source",
        "resourceType"
      ]
    },
    "AuditEvent_Outcome": {
      "description": "A record of an event relevant for purposes such as operations, privacy, security, maintenance, and performance analysis.",
      "properties": {
        "id": {
          "description": "Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.",
          "$ref": "string.schema.json#/definitions/string"
        },
        "extension": {
          "description": "May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance  applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.",
          "items": {
            "$ref": "Extension.schema.json#/definitions/Extension"
          },
          "type": "array"
        },
        "modifierExtension": {
          "description": "May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element\u0027s descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.\n\nModifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).",
          "items": {
            "$ref": "Extension.schema.json#/definitions/Extension"
          },
          "type": "array"
        },
        "code": {
          "description": "Indicates whether the event succeeded or failed.",
          "$ref": "Coding.schema.json#/definitions/Coding"
        },
        "detail": {
          "description": "Additional details about the error. This may be a text description of the error or a system code that identifies the error.",
          "items": {
            "$ref": "CodeableConcept.schema.json#/definitions/CodeableConcept"
          },
          "type": "array"
        }
      },
      "additionalProperties": false,
      "required": [
        "code"
      ]
    },
    "AuditEvent_Agent": {
      "description": "A record of an event relevant for purposes such as operations, privacy, security, maintenance, and performance analysis.",
      "properties": {
        "id": {
          "description": "Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.",
          "$ref": "string.schema.json#/definitions/string"
        },
        "extension": {
          "description": "May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance  applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.",
          "items": {
            "$ref": "Extension.schema.json#/definitions/Extension"
          },
          "type": "array"
        },
        "modifierExtension": {
          "description": "May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element\u0027s descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.\n\nModifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).",
          "items": {
            "$ref": "Extension.schema.json#/definitions/Extension"
          },
          "type": "array"
        },
        "type": {
          "description": "The Functional Role of the user when performing the event.",
          "$ref": "CodeableConcept.schema.json#/definitions/CodeableConcept"
        },
        "role": {
          "description": "The structural roles of the agent indicating the agent\u0027s competency. The security role enabling the agent with respect to the activity.",
          "items": {
            "$ref": "CodeableConcept.schema.json#/definitions/CodeableConcept"
          },
          "type": "array"
        },
        "who": {
          "description": "Reference to who this agent is that was involved in the event.",
          "$ref": "Reference.schema.json#/definitions/Reference"
        },
        "requestor": {
          "description": "Indicator that the user is or is not the requestor, or initiator, for the event being audited.",
          "$ref": "#/definitions/boolean"
        },
        "_requestor": {
          "description": "Extensions for requestor",
          "$ref": "Element.schema.json#/definitions/Element"
        },
        "location": {
          "description": "Where the agent location is known, the agent location when the event occurred.",
          "$ref": "Reference.schema.json#/definitions/Reference"
        },
        "policy": {
          "description": "Where the policy(ies) are known that authorized the agent participation in the event. Typically, a single activity may have multiple applicable policies, such as patient consent, guarantor funding, etc. The policy would also indicate the security token used.",
          "items": {
            "$ref": "#/definitions/uri"
          },
          "type": "array"
        },
        "_policy": {
          "description": "Extensions for policy",
          "items": {
            "$ref": "Element.schema.json#/definitions/Element"
          },
          "type": "array"
        },
        "networkReference": {
          "description": "When the event utilizes a network there should be an agent describing the local system, and an agent describing remote system, with the network interface details.",
          "$ref": "Reference.schema.json#/definitions/Reference"
        },
        "networkUri": {
          "description": "When the event utilizes a network there should be an agent describing the local system, and an agent describing remote system, with the network interface details.",
          "pattern": "^\\S*$",
          "type": "string"
        },
        "_networkUri": {
          "description": "Extensions for networkUri",
          "$ref": "Element.schema.json#/definitions/Element"
        },
        "networkString": {
          "description": "When the event utilizes a network there should be an agent describing the local system, and an agent describing remote system, with the network interface details.",
          "pattern": "^[ \\r\\n\\t\\S]+$",
          "type": "string"
        },
        "_networkString": {
          "description": "Extensions for networkString",
          "$ref": "Element.schema.json#/definitions/Element"
        },
        "authorization": {
          "description": "The authorization (e.g., PurposeOfUse) that was used during the event being recorded.",
          "items": {
            "$ref": "CodeableConcept.schema.json#/definitions/CodeableConcept"
          },
          "type": "array"
        }
      },
      "additionalProperties": false,
      "required": [
        "who"
      ]
    },
    "AuditEvent_Source": {
      "description": "A record of an event relevant for purposes such as operations, privacy, security, maintenance, and performance analysis.",
      "properties": {
        "id": {
          "description": "Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.",
          "$ref": "string.schema.json#/definitions/string"
        },
        "extension": {
          "description": "May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance  applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.",
          "items": {
            "$ref": "Extension.schema.json#/definitions/Extension"
          },
          "type": "array"
        },
        "modifierExtension": {
          "description": "May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element\u0027s descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.\n\nModifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).",
          "items": {
            "$ref": "Extension.schema.json#/definitions/Extension"
          },
          "type": "array"
        },
        "site": {
          "description": "Logical source location within the healthcare enterprise network.  For example, a hospital or other provider location within a multi-entity provider group.",
          "$ref": "Reference.schema.json#/definitions/Reference"
        },
        "observer": {
          "description": "Identifier of the source where the event was detected.",
          "$ref": "Reference.schema.json#/definitions/Reference"
        },
        "type": {
          "description": "Code specifying the type of source where event originated.",
          "items": {
            "$ref": "CodeableConcept.schema.json#/definitions/CodeableConcept"
          },
          "type": "array"
        }
      },
      "additionalProperties": false,
      "required": [
        "observer"
      ]
    },
    "AuditEvent_Entity": {
      "description": "A record of an event relevant for purposes such as operations, privacy, security, maintenance, and performance analysis.",
      "properties": {
        "id": {
          "description": "Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.",
          "$ref": "string.schema.json#/definitions/string"
        },
        "extension": {
          "description": "May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance  applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.",
          "items": {
            "$ref": "Extension.schema.json#/definitions/Extension"
          },
          "type": "array"
        },
        "modifierExtension": {
          "description": "May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element\u0027s descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.\n\nModifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).",
          "items": {
            "$ref": "Extension.schema.json#/definitions/Extension"
          },
          "type": "array"
        },
        "what": {
          "description": "Identifies a specific instance of the entity. The reference should be version specific.",
          "$ref": "Reference.schema.json#/definitions/Reference"
        },
        "role": {
          "description": "Code representing the role the entity played in the event being audited.",
          "$ref": "CodeableConcept.schema.json#/definitions/CodeableConcept"
        },
        "securityLabel": {
          "description": "Security labels for the identified entity.",
          "items": {
            "$ref": "CodeableConcept.schema.json#/definitions/CodeableConcept"
          },
          "type": "array"
        },
        "query": {
          "description": "The query parameters for a query-type entities.",
          "$ref": "#/definitions/base64Binary"
        },
        "_query": {
          "description": "Extensions for query",
          "$ref": "Element.schema.json#/definitions/Element"
        },
        "detail": {
          "description": "Tagged value pairs for conveying additional information about the entity.",
          "items": {
            "$ref": "#/definitions/AuditEvent_Detail"
          },
          "type": "array"
        },
        "agent": {
          "description": "The entity is attributed to an agent to express the agent\u0027s responsibility for that entity in the activity. This is most used to indicate when persistence media (the entity) are used by an agent. For example when importing data from a device, the device would be described in an entity, and the user importing data from that media would be indicated as the entity.agent.",
          "items": {
            "$ref": "#/definitions/AuditEvent_Agent"
          },
          "type": "array"
        }
      },
      "additionalProperties": false
    },
    "AuditEvent_Detail": {
      "description": "A record of an event relevant for purposes such as operations, privacy, security, maintenance, and performance analysis.",
      "properties": {
        "id": {
          "description": "Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.",
          "$ref": "string.schema.json#/definitions/string"
        },
        "extension": {
          "description": "May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance  applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.",
          "items": {
            "$ref": "Extension.schema.json#/definitions/Extension"
          },
          "type": "array"
        },
        "modifierExtension": {
          "description": "May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element\u0027s descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.\n\nModifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).",
          "items": {
            "$ref": "Extension.schema.json#/definitions/Extension"
          },
          "type": "array"
        },
        "type": {
          "description": "The type of extra detail provided in the value.",
          "$ref": "CodeableConcept.schema.json#/definitions/CodeableConcept"
        },
        "valueQuantity": {
          "description": "The  value of the extra detail.",
          "$ref": "Quantity.schema.json#/definitions/Quantity"
        },
        "valueCodeableConcept": {
          "description": "The  value of the extra detail.",
          "$ref": "CodeableConcept.schema.json#/definitions/CodeableConcept"
        },
        "valueString": {
          "description": "The  value of the extra detail.",
          "pattern": "^[ \\r\\n\\t\\S]+$",
          "type": "string"
        },
        "_valueString": {
          "description": "Extensions for valueString",
          "$ref": "Element.schema.json#/definitions/Element"
        },
        "valueBoolean": {
          "description": "The  value of the extra detail.",
          "pattern": "^true|false$",
          "type": "boolean"
        },
        "_valueBoolean": {
          "description": "Extensions for valueBoolean",
          "$ref": "Element.schema.json#/definitions/Element"
        },
        "valueInteger": {
          "description": "The  value of the extra detail.",
          "pattern": "^-?([0]|([1-9][0-9]*))$",
          "type": "number"
        },
        "_valueInteger": {
          "description": "Extensions for valueInteger",
          "$ref": "Element.schema.json#/definitions/Element"
        },
        "valueRange": {
          "description": "The  value of the extra detail.",
          "$ref": "Range.schema.json#/definitions/Range"
        },
        "valueRatio": {
          "description": "The  value of the extra detail.",
          "$ref": "Ratio.schema.json#/definitions/Ratio"
        },
        "valueTime": {
          "description": "The  value of the extra detail.",
          "pattern": "^([01][0-9]|2[0-3]):[0-5][0-9]:([0-5][0-9]|60)(\\.[0-9]+)?$",
          "type": "string"
        },
        "_valueTime": {
          "description": "Extensions for valueTime",
          "$ref": "Element.schema.json#/definitions/Element"
        },
        "valueDateTime": {
          "description": "The  value of the extra detail.",
          "pattern": "^([0-9]([0-9]([0-9][1-9]|[1-9]0)|[1-9]00)|[1-9]000)(-(0[1-9]|1[0-2])(-(0[1-9]|[1-2][0-9]|3[0-1])(T([01][0-9]|2[0-3]):[0-5][0-9]:([0-5][0-9]|60)(\\.[0-9]+)?(Z|(\\+|-)((0[0-9]|1[0-3]):[0-5][0-9]|14:00)))?)?)?$",
          "type": "string"
        },
        "_valueDateTime": {
          "description": "Extensions for valueDateTime",
          "$ref": "Element.schema.json#/definitions/Element"
        },
        "valuePeriod": {
          "description": "The  value of the extra detail.",
          "$ref": "Period.schema.json#/definitions/Period"
        },
        "valueBase64Binary": {
          "description": "The  value of the extra detail.",
          "pattern": "^\\s*([A-Za-z0-9+\\\\/]{4})*(([A-Za-z0-9+\\\\/]{2}\u003d\u003d)|([A-Za-z0-9+\\\\/]{3}\u003d)|([A-Za-z0-9+\\\\/]{4}))\\s*$",
          "type": "string"
        },
        "_valueBase64Binary": {
          "description": "Extensions for valueBase64Binary",
          "$ref": "Element.schema.json#/definitions/Element"
        }
      },
      "additionalProperties": false,
      "required": [
        "type"
      ]
    }
  }
}