HL7 Czech Health information exchange Implementation Guide
0.0.1 - ci-build
HL7 Czech Health information exchange Implementation Guide
0.0.1 - ci-build
HL7 Czech Health information exchange Implementation Guide, published by HL7 Czech Republic. This guide is not an authorized publication; it is the continuous build for version 0.0.1 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7-cz/HIE/ and changes regularly. See the Directory of published versions
There are four different categories of Audit Events in the context of the EPR:
Each category is described as a content profile. These content profiles are based on the AuditEvent Resource, http://hl7.org/fhir/R4/auditevent.html.
The AuditEvent Resource has mapping rules to the DICOM audit message format, which allows to map to ATNA.
The following Audit Trail Consumption Event Types are defined and shall be supported.
| Type | Description | Profile Ref | Opt Community |
|---|---|---|---|
| ATC_DOC_CREATE | Document upload | Document Audit Event Content Profile | R |
| ATC_DOC_READ | Document retrieval | Document Audit Event Content Profile | R |
| ATC_DOC_UPDATE | Document or Document Metadata update | Document Audit Event Content Profile | R |
| ATC_DOC_DELETE | Document removal | Document Audit Event Content Profile | R |
| ATC_DOC_SEARCH | Document search | Document Audit Event Content Profile | R |
| ATC_POL_CREATE_AUT_PART_AL | Authorize participants to access level/date | Policy Audit Event Content Profile | R, (NP if not reference community) |
| ATC_POL_UPDATE_AUT_PART_AL | Update access level/date of authorized participants | Policy Audit Event Content Profile | R, (NP: if not reference community) |
| ATC_POL_REMOVE_AUT_PART_AL | Remove authorization for participants | Policy Audit Event Content Profile | R, (NP: if not reference community) |
| ATC_POL_DEF_CONFLEVEL | Set or update default Confidentiality Level | Policy Audit Event Content Profile | R, (NP: if not reference community) |
| ATC_POL_DIS_EMER_USE | Disabling Emergency Access | Policy Audit Event Content Profile | R, (NP: if not reference community) |
| ATC_POL_ENA_EMER_USE | Enabling Emergency Access | Policy Audit Event Content Profile | R, (NP: if not reference community) |
| ATC_POL_INCL_BLACKLIST | Assign Healthcare Professional to Blacklist | Policy Audit Event Content Profile | R, (NP: if not reference community) |
| ATC_POL_EXL_BLACKLIST | Exclude Healthcare Professional from Blacklist | Policy Audit Event Content Profile | R, (NP: if not reference community) |
| ATC_LOG_READ | Accessing Patient Audit Record Repository | Access Audit Trail Content Profile | R |
| ATC_HPD_GROUP_ENTRY_NOTIFY | Entry of healthcare professionals into a group | HPD Group Entry Audit Event Content Profile | R, (NP: if not reference community) |
Table 1: Audit Trail Consumption Event Types
This content profile describes Audit Event related to Document Management. The following Data Elements shall be provided:
|
Data Element |
Description |
Property/Value |
|
Event Type |
Document upload |
|
|
Event Date and Time |
|
FHIR instant |
|
Participants |
|
|
|
Initiator |
Patient |
Name |
|
Representative of patient |
Name |
|
|
Authorized Healthcare Professional |
Name |
|
|
Assistant of a Healthcare Professional |
Name |
|
|
Technical User |
Name |
|
|
Document Administrator |
Name |
|
|
Responsible[2.1] |
Patient |
Name |
|
Healthcare Professional |
Name |
|
|
Groups where Healthcare Professional is member |
|
Name of Group |
|
Purpose of Use |
|
NORM, EMER, AUTO, DICOM_AUTO |
|
Patient |
Involved patient |
RID |
|
Document[2.2] |
type of document |
typeCode (SNOMED CT code) |
|
reference to document |
uniqueId |
|
|
title of document |
title |
|
[2.1] If different from Initiator (Representative of patient acting on behalf of a patient then patient is responsible).
[2.2] Required for Document upload, Document retrieval, Document or Document Metadata update and Document removal but not for Document search.
Table 2: Document Audit Event Data Elements
This profile defines the content of the document audit events which a community has to provide for a patient's audit trail. This profile builds on AuditEvent (http://hl7.org/fhir/R4/auditevent.html).
It will be added
This content profile describes Audit Events related to Policy Management. The following Data Elements shall be provided:
|
Data Element |
Description |
Property/Value |
|
Event Type |
Authorize participants to access level/date |
|
|
Update access level/date of authorized participants |
||
|
Remove authorization for participants to access level/date |
||
|
Set or update the default Confidentiality Level for new documents |
||
|
Disabling Emergency Access |
||
|
Enabling Emergency Access |
||
|
Exclude a Healthcare Professional from accessing the EPR |
||
|
Revoke the exclusion of a Healthcare Professional from accessing the EPR |
||
|
Event Date Time |
FHIR instant |
|
|
Participants |
||
|
Initiator |
Patient |
Name |
|
Representative of patient |
Name |
|
|
Authorized Healthcare Professional[3.1] |
Name |
|
|
Assistant of a Healthcare Professional |
Name |
|
|
Policy Administrator |
Name |
|
|
Responsible |
Patient |
Name |
|
Healthcare Professional |
Name |
|
|
Patient |
Involved patient |
RID |
|
Resource |
Resource Role |
HCP, GRP or REP |
|
Healthcare Professional |
Name |
|
|
Group of Healthcare Professional |
Name of Group |
|
|
Representative of patient |
Name |
|
|
AccessLevel[3.2] |
one of urn:e-health-suisse:2015:policies:access-level: |
|
|
AccessLimitedToDate[3.2] |
Date |
|
|
ProvideLevel[3.3] |
one of urn:e-health-suisse:2015:policies:provide-level: |
|
[3.1] Healthcare Professional or Assistant of Healthcare Professional can only be a participant for the first Event Type (Authorize participants to access level).
[3.2] Access Level and the date if the access is limited (AccessLimitedToDate) are required for the first two Event Types (Authorize, update Authorization participants to access level/date), for the other Event Types these parameters do not need to be specified.
[3.3] Provide Level is only relevant for the Event Type Default Confidentiality Level for new Documents.
Table 3: Policy Audit Event Data Elements
This content profile defines the document audit events which a community has to provide for a patients audit trail. This profile builds on AuditEvent (http://hl7.org/fhir/R4/auditevent.html).
It will be added
This content profile describes Audit Event related to Accessing the Audit Trail of a Patient from a Patient Audit Record Repository. The following Data Elements shall be provided:
|
Data Element |
Description |
Property/Value |
|
Event Type |
|
Access Audit Trail |
|
Event Date and Time |
|
FHIR instant |
|
Participants |
|
|
|
Initiator |
Patient |
Name |
|
Representative of patient |
Name |
|
|
Responsible |
Patient |
Name |
|
Patient |
Involved patient |
RID |
Table 11: Access Audit Trail Data Elements
This content profile defines the access audit trail event, which a community has to provide for a patient’s audit trail. This profile builds on AuditEvent (http://hl7.org/fhir/R4/auditevent.html).
It will be added
This content profile describe the Audit Event related to the entry of a healthcare professional into a HPD group for which the patient is notified. The following Data Elements shall be provided:
|
Data Element |
Description |
Property/Value |
|
Event Type |
Patient notified of Healthcare Professionals added to a group |
|
|
Event Date and Time |
|
FHIR instant |
|
Notification Service |
|
Name |
|
Patient |
Notified patient |
RID |
|
Healthcare Professionals |
Healthcare professionals |
Name |
|
Group |
Group where Healthcare Professionals are added as members |
Name of Group |
Table 13: HPD Group Entry Audit Event Elements
This profile defines the content of the HPD group entry audit event. This profile builds on AuditEvent (http://hl7.org/fhir/R4/auditevent.html).
It will be added