HL7 Czech Health information exchange Implementation Guide
0.0.1 - ci-build Czechia flag

HL7 Czech Health information exchange Implementation Guide, published by HL7 Czech Republic. This guide is not an authorized publication; it is the continuous build for version 0.0.1 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7-cz/HIE/ and changes regularly. See the Directory of published versions

Record Audit Event [ITI-20]

Scope

This section describes the national extension for the Swiss EPR of the Send Audit Resource Request Message – RESTful interaction [ITI-20] transaction defined in the RESTful ATNA profile which is currently prepared as IHE Trial Implementation with the working title ”Add RESTful ATNA (Query and Feed)”. The Audit Record Repository SHALL support the ATX: FHIR Feed Option.

Actor Roles

Actor: Any actor or any other application that is grouped with the Secure Node or Secure Application (Audit Creator).
Role: Create an audit record and transmit this record to the Audit Record Repository.
Actor: Audit Record Repository
Role: Receive an audit record from the Audit Record Creator and store this for audit purposes.

Referenced Standards

  1. Add RESTful ATNA (Query and Feed), Rev. 3.3
  2. This RESTful ATNA profile is based on Release 4 of the HL7® FHIR® standard.

Messages

The “Send Audit Resource Request Message – FHIR Feed Interaction” is used for auditing the FHIR Audit Event Resource using the RESTful protocol.

Interaction Diagram for [ITI-20]Interaction Diagram for [ITI-20]Audit Record RepositoryAudit Record RepositorySecure ApplicationAudit Record RepositorySecure ApplicationSecure NodeAudit Record ForwarderAudit Record RepositoryAudit Record RepositoryAudit Record RepositorySend Audit Resource RequestSend Audit Resource ResponseSend Audit Bundle RequestSend Audit Bundle Response

Send Audit Resource Request Message – FHIR Feed Interaction

Trigger Events

This message is sent when an actor that is grouped with Secure Node or Secure Application or an Audit Record Forwarder needs to post a single or multiple AuditEvent Resource to the Audit Record Repository.

Message Semantics

The base profiles for the Czech AuditEvents in the EPR are:

  • CZ Audit Event with a Basic Auth Token when a transaction is secured with a Basic IUA Token.
  • CZ Audit Event with an Extended Token when a transaction is secured with an Extended IUA Token.
Expected Actions

Same message semantics and expected actions apply as described in the ITI-20 transaction.

Send Audit Resource Response

CapabilityStatement Resource

The CapabilityStatement resource for the Audit Creator is ATNA Audit Creator.

The CapabilityStatement resource for the Audit Record Repository is ATNA Audit Record Repository.

Security Consideration

The transaction SHALL be secured by Transport Layer Security (TLS) encryption and server authentication with server certificates.

The transaction SHALL use client authentication and authorization using one of the following strategies:

  1. Use a basic access token defined in IUA conveyed as defined in the Incorporate Access Token [ITI-72] transaction.
  2. or, use mutual authentication (mTLS) on the transport layer.