HL7 Personal Health Record System Functional Model, Release 2
2.0.1-ballot - Normative Ballot

HL7 Personal Health Record System Functional Model, Release 2, published by EHR WG. This guide is not an authorized publication; it is the continuous build for version 2.0.1-ballot built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/phrsfm-ig/ and changes regularly. See the Directory of published versions

: TI.2 Audit (Function) - XML Representation

Page standards status: Informative

Raw xml | Download


<Requirements xmlns="http://hl7.org/fhir">
  <id value="PHRSFMR2-TI.2"/>
  <meta>
    <profile
             value="http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/FMFunction"/>
  </meta>
  <text>
    <status value="extensions"/>
    <div xmlns="http://www.w3.org/1999/xhtml">
    <span id="description"><b>Statement <a href="https://hl7.org/fhir/versions.html#std-process" title="Normative Content" class="normative-flag">N</a>:</b> <div><p>Audit Key Record, Security, System and Clinical Events</p>
</div></span>

    
    <span id="purpose"><b>Description <a href="https://hl7.org/fhir/versions.html#std-process" title="Informative Content" class="informative-flag">I</a>:</b> <div><p>PHR Systems have built in audit triggers to capture key events in real-time, including events related to record management, security, system operations or performance or clinical situations.</p>
<p>Event details, including key metadata (who, what, when, where), are captured in an Audit Log.</p>
<p>Audit Review functions allow various methods of critical event notification as well as routine log review.</p>
<p>Audit functions implement requirements according to scope of practice, organizational policy, and jurisdictional law.</p>
</div></span>
    

    
    
    

    
    <span id="requirements"><b>Criteria <a href="https://hl7.org/fhir/versions.html#std-process" title="Normative Content" class="normative-flag">N</a>:</b></span>
    
    <table id="statements" class="grid dict">
        
        <tr>
            <td style="padding-left: 4px;">
                
                <span>TI.2#01</span>
                
            </td>
            <td style="padding-left: 4px;">
                
                <i>dependent</i>
                
                
                
                <span>SHALL</span>
                
            </td>
            <td style="padding-left: 4px;" class="requirement">
                
                <span><div><p>The system SHALL conform to function <a href="Requirements-PHRSFMR2-TI.1.3.html">TI.1.3</a> (Entity Access Control) to limit access to, or modification of, audit record information to appropriate entities according to scope of practice, organizational policy, and/or jurisdictional law.</p>
</div></span>
                
                
            </td>
        </tr>
        
        <tr>
            <td style="padding-left: 4px;">
                
                <span>TI.2#02</span>
                
            </td>
            <td style="padding-left: 4px;">
                
                <i>dependent</i>
                
                
                
                <span>SHALL</span>
                
            </td>
            <td style="padding-left: 4px;" class="requirement">
                
                <span><div><p>The system SHALL conform to function <a href="Requirements-PHRSFMR2-TI.1.3.html">TI.1.3</a> (Entity Access Control) to limit access to audit record information for purposes of deletion according to scope of practice, organizational policy, and/or jurisdictional law (e.g., limit access to only allow a specific system administrator to delete audit record information).</p>
</div></span>
                
                
            </td>
        </tr>
        
    </table>
</div>
  </text>
  <extension
             url="http://hl7.org/fhir/StructureDefinition/structuredefinition-wg">
    <valueCode value="ehr"/>
  </extension>
  <url value="http://hl7.org/ehrs/uv/phrsfmr2/Requirements/PHRSFMR2-TI.2"/>
  <version value="2.0.1-ballot"/>
  <name value="TI_2_Audit"/>
  <title value="TI.2 Audit (Function)"/>
  <status value="active"/>
  <date value="2025-08-29T14:03:44+00:00"/>
  <publisher value="EHR WG"/>
  <contact>
    <telecom>
      <system value="url"/>
      <value value="http://www.hl7.org/Special/committees/ehr"/>
    </telecom>
  </contact>
  <description
               value="Audit Key Record, Security, System and Clinical Events"/>
  <purpose
           value="PHR Systems have built in audit triggers to capture key events in real-time, including events related to record management, security, system operations or performance or clinical situations.

Event details, including key metadata (who, what, when, where), are captured in an Audit Log.

Audit Review functions allow various methods of critical event notification as well as routine log review.

Audit functions implement requirements according to scope of practice, organizational policy, and jurisdictional law."/>
  <statement>
    <extension
               url="http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent">
      <valueBoolean value="true"/>
    </extension>
    <key value="PHRSFMR2-TI.2-01"/>
    <label value="TI.2#01"/>
    <conformance value="SHALL"/>
    <conditionality value="false"/>
    <requirement
                 value="The system SHALL conform to function [TI.1.3](Requirements-PHRSFMR2-TI.1.3.html) (Entity Access Control) to limit access to, or modification of, audit record information to appropriate entities according to scope of practice, organizational policy, and/or jurisdictional law."/>
  </statement>
  <statement>
    <extension
               url="http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent">
      <valueBoolean value="true"/>
    </extension>
    <key value="PHRSFMR2-TI.2-02"/>
    <label value="TI.2#02"/>
    <conformance value="SHALL"/>
    <conditionality value="false"/>
    <requirement
                 value="The system SHALL conform to function [TI.1.3](Requirements-PHRSFMR2-TI.1.3.html) (Entity Access Control) to limit access to audit record information for purposes of deletion according to scope of practice, organizational policy, and/or jurisdictional law (e.g., limit access to only allow a specific system administrator to delete audit record information)."/>
  </statement>
</Requirements>