FASTConsentAuditEvent - Scalable Consent Management v0.1.0

Scalable Consent Management
0.1.0 - ci-build United States of America flag

Scalable Consent Management, published by HL7 International / Community Based Collaborative Care. This guide is not an authorized publication; it is the continuous build for version 0.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/fhir-consent-management/ and changes regularly. See the Directory of published versions

Resource Profile: FASTConsentAuditEvent

Official URL: http://hl7.org/fhir/us/consent-management/StructureDefinition/FASTConsentAuditEvent				Version: 0.1.0
Standards status: Trial-use			Maturity Level: 1	Computable Name: FASTConsentAuditEvent

This profile captures the event of disclosing information after consulting a filed Consent.

Mandatory and Must Support Data Elements

The following data elements must always be present or must be supported if the data is present in the sending system Must Support. They are presented below in a simple human-readable explanation. Profile specific guidance and examples are provided as well. The Formal Views below provides the formal summary, definitions, and terminology requirements.

Each Audit Event Must Have:

a type fixed to Dicom code 110106 "Export"
an action fixed to R "read"
a period
an entity

Each Audit Event Must Support:

all Must Have
a recorded
a purposeOfEvent
an agent, which Must Support:
a type
a role
a who
a requestor
a purposeOfUse
a source, which Must Support:
an observer
an entity what
an entity type

Referencing External Participants

Since a FHIR reference can contain a RESTful id to a patient, organization, practitioner, or related person, and those RESTful ids may not be useful once an Audit Event instance has propogated to other consent servers, this guide requires that an external identifier for those participants SHALL be populated. The RESTful id can also be sent but it is not necessary since the mandatory identifier conveys the identity of the participant. The FHIR additionalIdentifier extension is also included in the Reference to allow for multiple identifiers for participants to be conveyed.

Usages:

Use this Profile: Record Disclosure Operation Parameters
CapabilityStatements using this Profile: Consent Administrative Server Capabilities and Consent Client Capabilities

You can also check for usages in the FHIR IG Statistics

Formal Views of Profile Content

Description of Profiles, Differentials, Snapshots and how the different presentations work.

Key Elements Table
Differential Table
Snapshot Table
Statistics/References
All

Name	Flags	Card.	Type	Description & Constraints Filter: Bindings Constraints Obligations
AuditEvent		0..*	AuditEvent	Event record kept for security purposes
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
type	Σ	1..1	Coding	Type/identifier of event Binding: AuditEventID (extensible): Type of event. Required Pattern: At least the following
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
system		1..1	uri	Identity of the terminology system Fixed Value: http://dicom.nema.org/resources/ontology/DCM
version		0..1	string	Version of the system - if relevant
code		1..1	code	Symbol in syntax defined by the system Fixed Value: 110106
display		0..1	string	Representation defined by the system
userSelected		0..1	boolean	If this coding was chosen directly by the user
action	Σ	0..1	code	Type of action performed during the event Binding: AuditEventAction (required): Indicator for type of action performed during the event that generated the event. Required Pattern: R
period	S	1..1	Period	When the activity occurred
recorded	SΣ	1..1	instant	Time when the event was recorded
purposeOfEvent	SΣ	0..*	CodeableConcept	The purposeOfUse of the event Binding: PurposeOfUse (3.1.0) (extensible): The reason the activity took place.
agent	S	1..*	BackboneElement	Actor involved in the event
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type	S	0..1	CodeableConcept	How agent participated Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event.
role	S	0..*	CodeableConcept	Agent role in the event Binding: SecurityRoleType (example): What security role enabled the agent to participate in the event.
who	SΣ	1..1	FASTReference(US Core Organization Profile \| US Core Patient Profile \| US Core Practitioner Profile \| US Core RelatedPerson Profile \| US Core PractitionerRole Profile)	Identifier of who
requestor	SΣ	1..1	boolean	Whether user is initiator
purposeOfUse	S	1..*	CodeableConcept	Reason given for this user Binding: PurposeOfUse (3.1.0) (extensible): The reason the activity took place.
source	S	1..1	BackboneElement	Audit Event Reporter
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
observer	SΣ	1..1	FASTReference(US Core Organization Profile \| US Core Patient Profile \| US Core Practitioner Profile \| US Core RelatedPerson Profile \| US Core PractitionerRole Profile)	The identity of source detecting the event
type	S	0..*	Coding	The type of source where event originated Binding: AuditEventSourceType (extensible): Code specifying the type of system that detected and recorded the event.
entity	SC	1..*	BackboneElement	Data or objects used Constraints: sev-1
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
what	SΣ	0..1	Reference(Resource)	Specific instance of resource
type	S	0..1	Coding	Type of entity involved Binding: AuditEventEntityType (extensible): Code for the entity type involved in the audit event.
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet / Code	URI
AuditEvent.type	extensible	Pattern Value: 110106 `http://hl7.org/fhir/ValueSet/audit-event-type` From the FHIR Standard
AuditEvent.action	required	Pattern Value: R `http://hl7.org/fhir/ValueSet/audit-event-action\|4.0.1` From the FHIR Standard
AuditEvent.purposeOfEvent	extensible	PurposeOfUse `http://terminology.hl7.org/ValueSet/v3-PurposeOfUse\|3.1.0`
AuditEvent.agent.type	extensible	ParticipationRoleType `http://hl7.org/fhir/ValueSet/participation-role-type` From the FHIR Standard
AuditEvent.agent.role	example	SecurityRoleType `http://hl7.org/fhir/ValueSet/security-role-type` From the FHIR Standard
AuditEvent.agent.purposeOfUse	extensible	PurposeOfUse `http://terminology.hl7.org/ValueSet/v3-PurposeOfUse\|3.1.0`
AuditEvent.source.type	extensible	AuditEventSourceType `http://hl7.org/fhir/ValueSet/audit-source-type` From the FHIR Standard
AuditEvent.entity.type	extensible	AuditEventEntityType `http://hl7.org/fhir/ValueSet/audit-entity-type` From the FHIR Standard

Constraints

Id	Grade	Path(s)	Details	Requirements
dom-2	error	AuditEvent	If the resource is contained in another resource, it SHALL NOT contain nested Resources : contained.contained.empty()
dom-3	error	AuditEvent	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource : contained.where((('#'+id in (%resource.descendants().reference \| %resource.descendants().as(canonical) \| %resource.descendants().as(uri) \| %resource.descendants().as(url))) or descendants().where(reference = '#').exists() or descendants().where(as(canonical) = '#').exists() or descendants().where(as(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	AuditEvent	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated : contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	AuditEvent	If a resource is contained in another resource, it SHALL NOT have a security label : contained.meta.security.empty()
dom-6	best practice	AuditEvent	A resource should have narrative for robust management : text.`div`.exists()
ele-1	error	ALL elements	All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count())
ext-1	error	ALL extensions	Must have either extensions or value[x], not both : extension.exists() != value.exists()
sev-1	error	AuditEvent.entity	Either a name or a query (NOT both) : name.empty() or query.empty()

This structure is derived from AuditEvent

Name	Flags	Card.	Type	Description & Constraints Filter: Bindings Constraints Obligations
AuditEvent		0..*	AuditEvent	Event record kept for security purposes
type		1..1	Coding	Type/identifier of event Required Pattern: At least the following
system		1..1	uri	Identity of the terminology system Fixed Value: http://dicom.nema.org/resources/ontology/DCM
code		1..1	code	Symbol in syntax defined by the system Fixed Value: 110106
action		0..1	code	Type of action performed during the event Required Pattern: R
period	S	1..1	Period	When the activity occurred
recorded	S	1..1	instant	Time when the event was recorded
purposeOfEvent	S	0..*	CodeableConcept	The purposeOfUse of the event
agent	S	1..*	BackboneElement	Actor involved in the event
type	S	0..1	CodeableConcept	How agent participated
role	S	0..*	CodeableConcept	Agent role in the event
who	S	1..1	FASTReference(US Core Organization Profile \| US Core Patient Profile \| US Core Practitioner Profile \| US Core RelatedPerson Profile \| US Core PractitionerRole Profile)	Identifier of who
requestor	S	1..1	boolean	Whether user is initiator
purposeOfUse	S	1..*	CodeableConcept	Reason given for this user
source	S	1..1	BackboneElement	Audit Event Reporter
observer	S	1..1	FASTReference(US Core Organization Profile \| US Core Patient Profile \| US Core Practitioner Profile \| US Core RelatedPerson Profile \| US Core PractitionerRole Profile)	The identity of source detecting the event
type	S	0..*	Coding	The type of source where event originated
entity	S	1..*	BackboneElement	Data or objects used
what	S	0..1	Reference(Resource)	Specific instance of resource
type	S	0..1	Coding	Type of entity involved
Documentation for this format