Basic Audit Log Patterns (BALP)
1.1.4-current - ci-build International flag

Basic Audit Log Patterns (BALP), published by IHE IT Infrastructure Technical Committee. This guide is not an authorized publication; it is the continuous build for version 1.1.4-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/IHE/ITI.BasicAudit/ and changes regularly. See the Directory of published versions

: Audit Example of a basic SAML access token of minimal from QDI sample - XML Representation

Raw xml | Download


<AuditEvent xmlns="http://hl7.org/fhir">
  <id value="ex-auditPoke-SAML-QDI-Min"/>
  <meta>
    <profile
             value="https://profiles.ihe.net/ITI/BALP/StructureDefinition/IHE.BasicAudit.SAMLaccessTokenUse.Minimal"/>
    <security>
      <system value="http://terminology.hl7.org/CodeSystem/v3-ActReason"/>
      <code value="HTEST"/>
    </security>
  </meta>
  <text>
    <status value="generated"/>
    <div xmlns="http://www.w3.org/1999/xhtml"><p class="res-header-id"><b>Generated Narrative: AuditEvent ex-auditPoke-SAML-QDI-Min</b></p><a name="ex-auditPoke-SAML-QDI-Min"> </a><a name="hcex-auditPoke-SAML-QDI-Min"> </a><a name="ex-auditPoke-SAML-QDI-Min-en-US"> </a><p><b>type</b>: <a href="http://hl7.org/fhir/R4/codesystem-dicom-dcim.html#dicom-dcim-110100">DICOM 110100</a>: Application Activity</p><p><b>subtype</b>: unknown poke: Boredom poke</p><p><b>action</b>: Read/View/Print</p><p><b>recorded</b>: 2021-12-03 09:49:00+0000</p><p><b>outcome</b>: Success</p><h3>Agents</h3><table class="grid"><tr><td style="display: none">-</td><td><b>Type</b></td><td><b>Who</b></td><td><b>Requestor</b></td><td><b>Policy</b></td><td><b>PurposeOfUse</b></td></tr><tr><td style="display: none">*</td><td><span title="Codes:{http://terminology.hl7.org/CodeSystem/v3-ParticipationType IRCP}, {https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes UserSamlAgent}">information recipient</span></td><td>Identifier: <code>ldap:///CN%3DSAML%20User%2COU%3DHarris%2CO%3DHITS%2CL%3DMelbourne%2CST%3DFL%2CC%3DUS</code>/UID=kskagerb</td><td>true</td><td>_d87f8adf-711a-4545-bf77-ff8517b498e4</td><td><span title="Codes:{urn:oid:2.16.840.1.113883.3.18.7.1 PUBLICHEALTH}">Uses and disclosures for public health activities.</span></td></tr></table><h3>Sources</h3><table class="grid"><tr><td style="display: none">-</td><td><b>Site</b></td><td><b>Observer</b></td><td><b>Type</b></td></tr><tr><td style="display: none">*</td><td>server.example.com</td><td><a href="Device-ex-device.html">Device</a></td><td><a href="http://terminology.hl7.org/6.0.2/CodeSystem-security-source-type.html#security-source-type-4">Audit Event Source Type 4</a>: Application Server</td></tr></table></div>
  </text>
  <type>
    <system value="http://dicom.nema.org/resources/ontology/DCM"/>
    <code value="110100"/>
    <display value="Application Activity"/>
  </type>
  <subtype>
    <system value="urn:ietf:rfc:1438"/>
    <code value="poke"/>
    <display value="Boredom poke"/>
  </subtype>
  <action value="R"/>
  <recorded value="2021-12-03T09:49:00.000Z"/>
  <outcome value="0"/>
  <agent>
    <type>
      <coding>
        <system
                value="http://terminology.hl7.org/CodeSystem/v3-ParticipationType"/>
        <code value="IRCP"/>
        <display value="information recipient"/>
      </coding>
      <coding>
        <system
                value="https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes"/>
        <code value="UserSamlAgent"/>
      </coding>
    </type>
    <who>
      <identifier>
        <system
                value="ldap:///CN%3DSAML%20User%2COU%3DHarris%2CO%3DHITS%2CL%3DMelbourne%2CST%3DFL%2CC%3DUS"/>
        <value value="UID=kskagerb"/>
      </identifier>
    </who>
    <requestor value="true"/>
    <policy value="_d87f8adf-711a-4545-bf77-ff8517b498e4"/>
    <purposeOfUse>
      <coding>
        <system value="urn:oid:2.16.840.1.113883.3.18.7.1"/>
        <code value="PUBLICHEALTH"/>
        <display value="Uses and disclosures for public health activities."/>
      </coding>
    </purposeOfUse>
  </agent>
  <source>
    <site value="server.example.com"/>
    <observer>🔗 
      <reference value="Device/ex-device"/>
    </observer>
    <type>
      <system
              value="http://terminology.hl7.org/CodeSystem/security-source-type"/>
      <code value="4"/>
      <display value="Application Server"/>
    </type>
  </source>
</AuditEvent>