Basic Audit Log Patterns (BALP)
1.1.4-current - ci-build International flag

Basic Audit Log Patterns (BALP), published by IHE IT Infrastructure Technical Committee. This guide is not an authorized publication; it is the continuous build for version 1.1.4-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/IHE/ITI.BasicAudit/ and changes regularly. See the Directory of published versions

Resource Profile: SAMLaccessTokenUseComprehensive - Mappings

Active as of 2024-07-17

Mappings for the IHE.BasicAudit.SAMLaccessTokenUse.Comprehensive resource profile.

Mappings for Workflow Pattern (http://hl7.org/fhir/workflow)

SAMLaccessTokenUseComprehensive
AuditEventEvent
   typeEvent.code
   periodEvent.occurred[x]
   purposeOfEventEvent.reasonCode
   agentEvent.performer
      typeEvent.performer.function
      whoEvent.performer.actor
      locationEvent.location
   agent (user)Event.performer
      typeEvent.performer.function
      whoEvent.performer.actor
      locationEvent.location
   agent (userorg)Event.performer
      typeEvent.performer.function
      whoEvent.performer.actor
   agent (homeCommunityId)Event.performer
      typeEvent.performer.function
      whoEvent.performer.actor

Mappings for RIM Mapping (http://hl7.org/v3)

SAMLaccessTokenUseComprehensive
AuditEventEntity. Role, or Act, ControlAct[moodCode=EVN]
   textAct.text?
   containedN/A
   extensionN/A
   modifierExtensionN/A
   type.code (type, subtype and action are pre-coordinated or sent as translations)
   subtype.code (type, subtype and action are pre-coordinated or sent as translations)
   action.code (type, subtype and action are pre-coordinated or sent as translations)
   period./effectiveTime[type=IVL_TS]
   recorded.effectiveTime
   outcome.actionNegationInd
   outcomeDesc.outboundRelationship[typeCode=OUT].target.text
   purposeOfEvent* .reasonCode [ControlActReason when Act.class = CACT Control Act] *.outboundRelationship[typeCode=RSON].target
   agent.participation
      idn/a
      extension
      extension (assuranceLevel)
      extension (otherId)
      modifierExtensionN/A
      type.typeCode and/or .functionCode
      role.role
      who.id
      altId.id (distinguish id type by root)
      name.name
      requestorIf participation.typeCode was author, then true
      location* Role.Class =SDLOC *Role.Code = ServiceDeliveryLocationRoleType *Entity.Code = PlaceEntityType = df.Types of places for Entity.Class = PLC *EntityClass = PLC = df.A physical place or site with its containing structure. May be natural or man-made. The geographic position of a place might or might not be constant.
      policyActPolicyType
      media.player.description.mediaType
      network.player.description.reference
         idn/a
         extensionn/a
         modifierExtensionN/A
         addresspre-coordinated into URL
         typepre-coordinated into URL
      purposeOfUse*.reasonCode [ActHealthInformationPurposeOfUseReason codes/v:PurposeOfUse (2.16.840.1.113883.1.11.20448) * .outboundRelationship[typeCode=RSON or SUBJ].target
   agent (user).participation
      idn/a
      extension
      extension (assuranceLevel)
      extension (otherId)
      extension (otherId/subject-id)
         idn/a
         urlN/A
         value[x]N/A
            idn/a
            extensionn/a
            useRole.code or implied by context
            typeRole.code or implied by context
            systemII.root or Role.id.root
            valueII.extension or II.root if system indicates OID or GUID (Or Role.id.extension or root)
            periodRole.effectiveTime or implied by context
            assignerII.assigningAuthorityName but note that this is an improper use by the definition of the field. Also Role.scoper
      extension (otherId/npi)
         idn/a
         urlN/A
         value[x]N/A
            idn/a
            extensionn/a
            useRole.code or implied by context
            typeRole.code or implied by context
            systemII.root or Role.id.root
            valueII.extension or II.root if system indicates OID or GUID (Or Role.id.extension or root)
            periodRole.effectiveTime or implied by context
            assignerII.assigningAuthorityName but note that this is an improper use by the definition of the field. Also Role.scoper
      extension (otherId/provider-id)
         idn/a
         urlN/A
         value[x]N/A
            idn/a
            extensionn/a
            useRole.code or implied by context
            typeRole.code or implied by context
            systemII.root or Role.id.root
            valueII.extension or II.root if system indicates OID or GUID (Or Role.id.extension or root)
            periodRole.effectiveTime or implied by context
            assignerII.assigningAuthorityName but note that this is an improper use by the definition of the field. Also Role.scoper
      modifierExtensionN/A
      type.typeCode and/or .functionCode
      role.role
      who.id
         idn/a
         extensionn/a
         referenceN/A
         typeN/A
         identifier.identifier
            idn/a
            extensionn/a
            useRole.code or implied by context
            typeRole.code or implied by context
            systemII.root or Role.id.root
            valueII.extension or II.root if system indicates OID or GUID (Or Role.id.extension or root)
            periodRole.effectiveTime or implied by context
            assignerII.assigningAuthorityName but note that this is an improper use by the definition of the field. Also Role.scoper
         displayN/A
      name.name
      requestorIf participation.typeCode was author, then true
      location* Role.Class =SDLOC *Role.Code = ServiceDeliveryLocationRoleType *Entity.Code = PlaceEntityType = df.Types of places for Entity.Class = PLC *EntityClass = PLC = df.A physical place or site with its containing structure. May be natural or man-made. The geographic position of a place might or might not be constant.
      policyActPolicyType
      purposeOfUse*.reasonCode [ActHealthInformationPurposeOfUseReason codes/v:PurposeOfUse (2.16.840.1.113883.1.11.20448) * .outboundRelationship[typeCode=RSON or SUBJ].target
   agent (userorg).participation
      idn/a
      modifierExtensionN/A
      type.typeCode and/or .functionCode
      who.id
         idn/a
         extensionn/a
         referenceN/A
         typeN/A
         identifier.identifier
            idn/a
            extensionn/a
            useRole.code or implied by context
            typeRole.code or implied by context
            systemII.root or Role.id.root
            valueII.extension or II.root if system indicates OID or GUID (Or Role.id.extension or root)
            periodRole.effectiveTime or implied by context
            assignerII.assigningAuthorityName but note that this is an improper use by the definition of the field. Also Role.scoper
         displayN/A
      requestorIf participation.typeCode was author, then true
   agent (homeCommunityId).participation
      idn/a
      modifierExtensionN/A
      type.typeCode and/or .functionCode
      who.id
         idn/a
         extensionn/a
         referenceN/A
         typeN/A
         identifier.identifier
         displayN/A
      requestorIf participation.typeCode was author, then true
   source.participation[typeCode=INF].role[classCode=ASSIGN].player[classCode=DEV, determinerCode=INSTANCE]
      idn/a
      extensionn/a
      modifierExtensionN/A
      site.scopedRole[classCode=LOCE].player.desc
      observer.id
      type.code
   entity.outboundRelationship[typeCode=SUBJ].target or .participation[typeCode=SBJ].role
      idn/a
      extensionn/a
      modifierExtensionN/A
      what.id
      type[self::Act].code or role.player.code
      rolerole.code (not sure what this would mean for an Act)
      lifecycletarget of ObservationEvent[code="lifecycle"].value
      securityLabel.confidentialityCode
      name.title
      description.text
      queryNo mapping
      detail.inboundRelationship[typeCode=SUBJ].target[classCode=OBS, moodCode=EVN]
         idn/a
         extensionn/a
         modifierExtensionN/A
         type.code
         value[x].value
   entity (consent).outboundRelationship[typeCode=SUBJ].target or .participation[typeCode=SBJ].role
      idn/a
      extensionn/a
      modifierExtensionN/A
      what.id
         idn/a
         extensionn/a
         referenceN/A
         typeN/A
         identifier.identifier
         displayN/A
      type[self::Act].code or role.player.code
      rolerole.code (not sure what this would mean for an Act)
      lifecycletarget of ObservationEvent[code="lifecycle"].value
      securityLabel.confidentialityCode
      name.title
      description.text
      queryNo mapping
      detail.inboundRelationship[typeCode=SUBJ].target[classCode=OBS, moodCode=EVN]
         idn/a
         extensionn/a
         modifierExtensionN/A
         type.code
         value[x].value
      detail (acp).inboundRelationship[typeCode=SUBJ].target[classCode=OBS, moodCode=EVN]
         idn/a
         extensionn/a
         modifierExtensionN/A
         type.code
         value[x].value
      detail (patient-id).inboundRelationship[typeCode=SUBJ].target[classCode=OBS, moodCode=EVN]
         idn/a
         extensionn/a
         modifierExtensionN/A
         type.code
         value[x].value

Mappings for DICOM Tag Mapping (http://nema.org/dicom)

SAMLaccessTokenUseComprehensive
AuditEventMessage
   typeEventId
   subtypeEventTypeCode
   actionEventActionCode
   periodEventDateTime
   outcomeEventOutcomeIndicator
   outcomeDescEventOutcomeDescription
   purposeOfEventEventPurposeOfUse
   agentActiveParticipant
      typeRoleIdCode
      roleRoleIdCode
      whoUserId
      altIdAlternativeUserId
      nameUserName
      requestorUserIsRequestor
      policyParticipantRoleIDCode
      mediaMediaType
      network
         addressNetworkAccessPointID
         typeNetworkAccessPointTypeCode
   agent (user)ActiveParticipant
      typeRoleIdCode
      roleRoleIdCode
      whoUserId
      nameUserName
      requestorUserIsRequestor
      policyParticipantRoleIDCode
   agent (userorg)ActiveParticipant
      typeRoleIdCode
      whoUserId
      requestorUserIsRequestor
   agent (homeCommunityId)ActiveParticipant
      typeRoleIdCode
      whoUserId
      requestorUserIsRequestor
   sourceAuditSourceIdentification
      siteAuditEnterpriseSiteId
      observerAuditSourceId
      typeAuditSourceTypeCode
   entityParticipantObjectIdentification
      whatParticipantObjectID and ParticipantObjectIDTypeCode
      typeParticipantObjectTypeCode
      roleParticipantObjectTypeCodeRole
      lifecycleParticipantObjectDataLifeCycle
      securityLabelParticipantObjectSensitivity
      nameParticipantObjectName
      descriptionParticipantObjectDescription
      queryParticipantObjectQuery
      detailParticipantObjectDetail
         typeParticipantObjectDetail.type
         value[x]ParticipantObjectDetail.value
   entity (consent)ParticipantObjectIdentification
      whatParticipantObjectID and ParticipantObjectIDTypeCode
      typeParticipantObjectTypeCode
      roleParticipantObjectTypeCodeRole
      lifecycleParticipantObjectDataLifeCycle
      securityLabelParticipantObjectSensitivity
      nameParticipantObjectName
      descriptionParticipantObjectDescription
      queryParticipantObjectQuery
      detailParticipantObjectDetail
         typeParticipantObjectDetail.type
         value[x]ParticipantObjectDetail.value
      detail (acp)ParticipantObjectDetail
         typeParticipantObjectDetail.type
         value[x]ParticipantObjectDetail.value
      detail (patient-id)ParticipantObjectDetail
         typeParticipantObjectDetail.type
         value[x]ParticipantObjectDetail.value

Mappings for FiveWs Pattern Mapping (http://hl7.org/fhir/fivews)

SAMLaccessTokenUseComprehensive
AuditEvent
   typeFiveWs.what[x]
   subtypeFiveWs.what[x]
   actionFiveWs.what[x]
   periodFiveWs.done[x]
   recordedFiveWs.recorded
   outcomeFiveWs.what[x]
   outcomeDescFiveWs.what[x]
   purposeOfEventFiveWs.why[x]
   agentFiveWs.who
      typeFiveWs.who
      roleFiveWs.who
      whoFiveWs.who
      altIdFiveWs.who
      nameFiveWs.who
      requestorFiveWs.who
      locationFiveWs.where[x]
      policyFiveWs.why[x]
      mediaFiveWs.where[x]
      networkFiveWs.where[x]
         addressFiveWs.where[x]
         typeFiveWs.where[x]
      purposeOfUseFiveWs.why[x]
   agent (user)FiveWs.who
      typeFiveWs.who
      roleFiveWs.who
      whoFiveWs.who
      nameFiveWs.who
      requestorFiveWs.who
      locationFiveWs.where[x]
      policyFiveWs.why[x]
      purposeOfUseFiveWs.why[x]
   agent (userorg)FiveWs.who
      typeFiveWs.who
      whoFiveWs.who
      requestorFiveWs.who
   agent (homeCommunityId)FiveWs.who
      typeFiveWs.who
      whoFiveWs.who
      requestorFiveWs.who
   sourceFiveWs.witness
      siteFiveWs.witness
      observerFiveWs.witness
      typeFiveWs.witness
   entityFiveWs.what[x]
      whatFiveWs.what[x]
      typeFiveWs.what[x]
      roleFiveWs.context
      lifecycleFiveWs.context
      securityLabelFiveWs.context
      nameFiveWs.context
      descriptionFiveWs.context
      queryFiveWs.context
      detailFiveWs.context
         typeFiveWs.context
         value[x]FiveWs.context
   entity (consent)FiveWs.what[x]
      whatFiveWs.what[x]
      typeFiveWs.what[x]
      roleFiveWs.context
      lifecycleFiveWs.context
      securityLabelFiveWs.context
      nameFiveWs.context
      descriptionFiveWs.context
      queryFiveWs.context
      detailFiveWs.context
         typeFiveWs.context
         value[x]FiveWs.context
      detail (acp)FiveWs.context
         typeFiveWs.context
         value[x]FiveWs.context
      detail (patient-id)FiveWs.context
         typeFiveWs.context
         value[x]FiveWs.context

Mappings for W3C PROV (http://www.w3.org/ns/prov)

SAMLaccessTokenUseComprehensive
AuditEvent
   typeActivity
   periodActivity.startTime & Activity.endTime
   recordedActivity.when
   purposeOfEventActivity.Activity
   agentAgent
      typeAgent.Attribution
      roleAgent.Attribution
      whoAgent.Identity
      altIdAgent.Identity
      nameAgent.Identity
      locationActivity.location
      network
         addressAgent.Location
      purposeOfUseAgent.Activity
   agent (user)Agent
      typeAgent.Attribution
      roleAgent.Attribution
      whoAgent.Identity
      nameAgent.Identity
      locationActivity.location
      purposeOfUseAgent.Activity
   agent (userorg)Agent
      typeAgent.Attribution
      whoAgent.Identity
   agent (homeCommunityId)Agent
      typeAgent.Attribution
      whoAgent.Identity
   entityEntity
      typeEntity.type
      roleEntity.role
      lifecycleEntity.role
      nameEntity.Label
   entity (consent)Entity
      typeEntity.type
      roleEntity.role
      lifecycleEntity.role
      nameEntity.Label

Mappings for FHIR Provenance Mapping (http://hl7.org/fhir/provenance)

SAMLaccessTokenUseComprehensive
AuditEvent
   periodProvenance.occurred[x]
   recordedProvenance.recorded
   purposeOfEventProvenance.reason, Provenance.activity
   agentProvenance.agent
      typeProvenance.agent.type
      roleProvenance.agent.role
      whoProvenance.agent.who
      locationProvenance.location
      policyProvenance.policy
   agent (user)Provenance.agent
      typeProvenance.agent.type
      roleProvenance.agent.role
      whoProvenance.agent.who
      locationProvenance.location
      policyProvenance.policy
   agent (userorg)Provenance.agent
      typeProvenance.agent.type
      whoProvenance.agent.who
   agent (homeCommunityId)Provenance.agent
      typeProvenance.agent.type
      whoProvenance.agent.who
   entityProvenance.target, Provenance.entity
      whatProvenance.target, Provenance.entity.what
      typeProvenance.entity.type
      lifecycleProvenance.entity.role
   entity (consent)Provenance.target, Provenance.entity
      whatProvenance.target, Provenance.entity.what
      typeProvenance.entity.type
      lifecycleProvenance.entity.role