Basic Audit Log Patterns (BALP)
1.1.4-current - ci-build International flag

Basic Audit Log Patterns (BALP), published by IHE IT Infrastructure Technical Committee. This guide is not an authorized publication; it is the continuous build for version 1.1.4-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/IHE/ITI.BasicAudit/ and changes regularly. See the Directory of published versions

Example AuditEvent: Audit Example of a basic SAML access token of comprehensive from QDI sample

Generated Narrative: AuditEvent ex-auditPoke-SAML-QDI-Comp

type: DICOM Controlled Terminology Definitions 110100: Application Activity

subtype: unknown poke: Boredom poke

action: Read/View/Print

recorded: 2021-12-03 09:49:00+0000

outcome: Success

agent

type: information recipient

role: Public health officier

who: Identifier: ldap:///CN%3DSAML%20User%2COU%3DHarris%2CO%3DHITS%2CL%3DMelbourne%2CST%3DFL%2CC%3DUS/UID=kskagerb

requestor: true

policy: _d87f8adf-711a-4545-bf77-ff8517b498e4

purposeOfUse: Uses and disclosures for public health activities.

agent

type: healthcare provider

who: connectred5.fedsconnect.org (Identifier: urn:oid:2.16.840.1.113883.3.333)

requestor: false

Sources

-SiteObserverType
*server.example.comDeviceAudit Event Source Type 4: Application Server

entity

what: Identifier: urn:oid:1.2.3.4.123456789

type: ResourceType Consent: Consent

detail

type: urn:ihe:iti:xua:2012:acp

value: urn:oid:1.2.3.4

detail

type: urn:oasis:names:tc:xacml:2.0:resource:resource-id

value: 500000000^^^&2.16.840.1.113883.3.333&ISO