HL7 Personal Health Record System Functional Model, Release 2
2.0.1-ballot - Normative Ballot

HL7 Personal Health Record System Functional Model, Release 2, published by EHR WG. This guide is not an authorized publication; it is the continuous build for version 2.0.1-ballot built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/phrsfm-ig/ and changes regularly. See the Directory of published versions

: TI.2.3 Audit Notification and Review (Function) - XML Representation

Page standards status: Informative

Raw xml | Download


<Requirements xmlns="http://hl7.org/fhir">
  <id value="PHRSFMR2-TI.2.3"/>
  <meta>
    <profile
             value="http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/FMFunction"/>
  </meta>
  <text>
    <status value="extensions"/>
    <div xmlns="http://www.w3.org/1999/xhtml">
    <span id="description"><b>Statement <a href="https://hl7.org/fhir/versions.html#std-process" title="Normative Content" class="normative-flag">N</a>:</b> <div><p>Notify of Audit Events, Review Audit Log</p>
</div></span>

    
    <span id="purpose"><b>Description <a href="https://hl7.org/fhir/versions.html#std-process" title="Informative Content" class="informative-flag">I</a>:</b> <div><p>PHR system functions allow various methods of critical event notification (from audit triggers) as well as routine log review.</p>
<p>Audit log notification and review functions implement requirements according to scope of practice, organizational policy, and jurisdictional law.</p>
</div></span>
    

    
    
    

    
    <span id="requirements"><b>Criteria <a href="https://hl7.org/fhir/versions.html#std-process" title="Normative Content" class="normative-flag">N</a>:</b></span>
    
    <table id="statements" class="grid dict">
        
        <tr>
            <td style="padding-left: 4px;">
                
                <span>TI.2.3#01</span>
                
            </td>
            <td style="padding-left: 4px;">
                
                
                
                <span>SHALL</span>
                
            </td>
            <td style="padding-left: 4px;" class="requirement">
                
                <span><div><p>The system SHALL provide the ability to render a report based on audit log entries.</p>
</div></span>
                
                
            </td>
        </tr>
        
        <tr>
            <td style="padding-left: 4px;">
                
                <span>TI.2.3#02</span>
                
            </td>
            <td style="padding-left: 4px;">
                
                
                
                <span>SHALL</span>
                
            </td>
            <td style="padding-left: 4px;" class="requirement">
                
                <span><div><p>The system SHALL provide the ability to render reports based on ranges of system date and time that audit log entries were captured.</p>
</div></span>
                
                
            </td>
        </tr>
        
        <tr>
            <td style="padding-left: 4px;">
                
                <span>TI.2.3#03</span>
                
            </td>
            <td style="padding-left: 4px;">
                
                
                
                <span>SHOULD</span>
                
            </td>
            <td style="padding-left: 4px;" class="requirement">
                
                <span><div><p>The system SHOULD provide the ability to render audit log entry time stamps using UTC (based on ISO 8601).</p>
</div></span>
                
                
            </td>
        </tr>
        
        <tr>
            <td style="padding-left: 4px;">
                
                <span>TI.2.3#04</span>
                
            </td>
            <td style="padding-left: 4px;">
                
                <i>dependent</i>
                
                
                
                <span>SHALL</span>
                
            </td>
            <td style="padding-left: 4px;" class="requirement">
                
                <span><div><p>The system SHALL provide the ability to authorize emergency access to certain logs based on criteria such as individual work assignment, specific user role, specific reason(s), or a need to access a specific patient's information/record entries according to organizational policy and/or jurisdictional law.</p>
</div></span>
                
                
            </td>
        </tr>
        
    </table>
</div>
  </text>
  <extension
             url="http://hl7.org/fhir/StructureDefinition/structuredefinition-wg">
    <valueCode value="ehr"/>
  </extension>
  <url value="http://hl7.org/ehrs/uv/phrsfmr2/Requirements/PHRSFMR2-TI.2.3"/>
  <version value="2.0.1-ballot"/>
  <name value="TI_2_3_Audit_Notification_and_Review"/>
  <title value="TI.2.3 Audit Notification and Review (Function)"/>
  <status value="active"/>
  <date value="2025-08-29T14:03:44+00:00"/>
  <publisher value="EHR WG"/>
  <contact>
    <telecom>
      <system value="url"/>
      <value value="http://www.hl7.org/Special/committees/ehr"/>
    </telecom>
  </contact>
  <description value="Notify of Audit Events, Review Audit Log"/>
  <purpose
           value="PHR system functions allow various methods of critical event notification (from audit triggers) as well as routine log review.

Audit log notification and review functions implement requirements according to scope of practice, organizational policy, and jurisdictional law."/>
  <statement>
    <extension
               url="http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent">
      <valueBoolean value="false"/>
    </extension>
    <key value="PHRSFMR2-TI.2.3-01"/>
    <label value="TI.2.3#01"/>
    <conformance value="SHALL"/>
    <conditionality value="false"/>
    <requirement
                 value="The system SHALL provide the ability to render a report based on audit log entries."/>
  </statement>
  <statement>
    <extension
               url="http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent">
      <valueBoolean value="false"/>
    </extension>
    <key value="PHRSFMR2-TI.2.3-02"/>
    <label value="TI.2.3#02"/>
    <conformance value="SHALL"/>
    <conditionality value="false"/>
    <requirement
                 value="The system SHALL provide the ability to render reports based on ranges of system date and time that audit log entries were captured."/>
  </statement>
  <statement>
    <extension
               url="http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent">
      <valueBoolean value="false"/>
    </extension>
    <key value="PHRSFMR2-TI.2.3-03"/>
    <label value="TI.2.3#03"/>
    <conformance value="SHOULD"/>
    <conditionality value="false"/>
    <requirement
                 value="The system SHOULD provide the ability to render audit log entry time stamps using UTC (based on ISO 8601)."/>
  </statement>
  <statement>
    <extension
               url="http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent">
      <valueBoolean value="true"/>
    </extension>
    <key value="PHRSFMR2-TI.2.3-04"/>
    <label value="TI.2.3#04"/>
    <conformance value="SHALL"/>
    <conditionality value="false"/>
    <requirement
                 value="The system SHALL provide the ability to authorize emergency access to certain logs based on criteria such as individual work assignment, specific user role, specific reason(s), or a need to access a specific patient's information/record entries according to organizational policy and/or jurisdictional law."/>
  </statement>
</Requirements>