Basic Audit Log Patterns (BALP)
1.1.4-current - ci-build International flag

Basic Audit Log Patterns (BALP), published by IHE IT Infrastructure Technical Committee. This guide is not an authorized publication; it is the continuous build for version 1.1.4-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/IHE/ITI.BasicAudit/ and changes regularly. See the Directory of published versions

Resource Profile: Basic AuditEvent pattern for when an activity was authorized by an SAML access token Minimal

Official URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/IHE.BasicAudit.SAMLaccessTokenUse.Minimal Version: 1.1.4-current
Active as of 2024-07-17 Computable Name: SAMLaccessTokenUseMinimal

A basic AuditEvent profile for when an activity was authorized by an SAML access token. This profile is expected to be used with some other detail that explains the activity. This profile only covers the SAML access token.

  • Given an activity has occurred
  • And SAML is used to authorize a transaction
  • And the given activity is using the SAML
    • XUA
    • SAML requires ID and Issuer, so this profile of AuditEvent will work with any SAML token.
    • usually SOAP, but not limited to SOAP
  • When an AuditEvent is recorded for the activity
  • Presumes that the consent and server have been identified in agent elements, best case with certificate identities
  • Then that AuditEvent would follow this profile regarding recording the SAML access token details

The following table uses a short-hand for the SAML fields and FHIR AuditEvent elements to keep the table compact. It is presumed the reader can understand the SAML field and the FHIR AuditEvent element given. Note the ~ character represents attributes under the SAML AttributeStatement.

SAML field Minimal AuditEvent
ID agent[user].policy
Issuer agent[user].who.identifier.system
Subject.NameID agent[user].who.identifier.value
~subject:purposeofuse agent[user].purposeOfUse

note: this profile records minimal information from the SAML access token, which presumes that use of the AuditEvent at a later time will be able to resolve the given information.

Usage:

Formal Views of Profile Content

Description of Profiles, Differentials, Snapshots and how the different presentations work.

This structure is derived from AuditEvent

NameFlagsCard.TypeDescription & Constraintsdoco
.. AuditEvent 0..* AuditEvent Event record kept for security purposes
... Slices for agent 1..* BackboneElement Actor involved in the event
Slice: Unordered, Open by pattern:type
.... agent:All Slices Content/Rules for all slices
..... Slices for extension 0..* Extension Extension
Slice: Unordered, Open by value:url
...... assuranceLevel S 0..* CodeableConcept AuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
...... otherId S 0..* Identifier AuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
.... agent:user 1..* BackboneElement Actor involved in the event
..... Slices for extension Content/Rules for all slices
...... assuranceLevel S 0..* CodeableConcept AuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
..... Slices for extension Content/Rules for all slices
...... otherId S 0..* Identifier AuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
..... type 1..1 CodeableConcept How agent participated
Required Pattern: At least the following
...... coding 1..* Coding Code defined by a terminology system
Fixed Value: (complex)
....... system 1..1 uri Identity of the terminology system
Fixed Value: https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes
....... code 1..1 code Symbol in syntax defined by the system
Fixed Value: UserSamlAgent
..... who 1..1 Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson) Identifier of who
...... identifier
....... system S 0..1 uri SAML Issuer
....... value S 1..1 string SAML Subject.NameID
..... requestor 1..1 boolean Whether user is initiator
Required Pattern: true
..... policy S 1..1 uri SAML token ID
..... media 0..0
..... network 0..0
..... purposeOfUse S 0..* CodeableConcept SAML subject:purposeofuse

doco Documentation for this format
NameFlagsCard.TypeDescription & Constraintsdoco
.. AuditEvent 0..* AuditEvent Event record kept for security purposes
... implicitRules ?!Σ 0..1 uri A set of rules under which this content was created
... modifierExtension ?! 0..* Extension Extensions that cannot be ignored
... type Σ 1..1 Coding Type/identifier of event
Binding: AuditEventID (extensible): Type of event.

... recorded Σ 1..1 instant Time when the event was recorded
... Slices for agent 1..* BackboneElement Actor involved in the event
Slice: Unordered, Open by pattern:type
.... agent:All Slices Content/Rules for all slices
..... Slices for extension 0..* Extension Extension
Slice: Unordered, Open by value:url
...... assuranceLevel S 0..* CodeableConcept AuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
...... otherId S 0..* Identifier AuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
..... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
..... requestor Σ 1..1 boolean Whether user is initiator
.... agent:user 1..* BackboneElement Actor involved in the event
..... Slices for extension Content/Rules for all slices
...... assuranceLevel S 0..* CodeableConcept AuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
..... Slices for extension Content/Rules for all slices
...... otherId S 0..* Identifier AuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
..... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
..... type 1..1 CodeableConcept How agent participated
Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event.


Required Pattern: At least the following
...... coding 1..* Coding Code defined by a terminology system
Fixed Value: (complex)
....... system 1..1 uri Identity of the terminology system
Fixed Value: https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes
....... code 1..1 code Symbol in syntax defined by the system
Fixed Value: UserSamlAgent
..... who Σ 1..1 Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson) Identifier of who
...... identifier Σ 0..1 Identifier Logical reference, when literal reference is not known
....... use ?!Σ 0..1 code usual | official | temp | secondary | old (If known)
Binding: IdentifierUse (required): Identifies the purpose for this identifier, if known .

....... system SΣ 0..1 uri SAML Issuer
Example General: http://www.acme.com/identifiers/patient
....... value SΣ 1..1 string SAML Subject.NameID
Example General: 123456
..... requestor Σ 1..1 boolean Whether user is initiator
Required Pattern: true
..... policy S 1..1 uri SAML token ID
..... purposeOfUse S 0..* CodeableConcept SAML subject:purposeofuse
Binding: PurposeOfUse (extensible): The reason the activity took place.


... source 1..1 BackboneElement Audit Event Reporter
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
.... observer Σ 1..1 Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson) The identity of source detecting the event

doco Documentation for this format

Terminology Bindings

PathConformanceValueSet / CodeURI
AuditEvent.typeextensibleAuditEventID
http://hl7.org/fhir/ValueSet/audit-event-type
from the FHIR Standard
AuditEvent.agent:user.typeextensiblePattern: UserSamlAgent
http://hl7.org/fhir/ValueSet/participation-role-type
from the FHIR Standard
AuditEvent.agent:user.who.identifier.userequiredIdentifierUse
http://hl7.org/fhir/ValueSet/identifier-use|4.0.1
from the FHIR Standard
AuditEvent.agent:user.purposeOfUseextensiblePurposeOfUse
http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
NameFlagsCard.TypeDescription & Constraintsdoco
.. AuditEvent 0..* AuditEvent Event record kept for security purposes
... id Σ 0..1 id Logical id of this artifact
... meta Σ 0..1 Meta Metadata about the resource
... implicitRules ?!Σ 0..1 uri A set of rules under which this content was created
... language 0..1 code Language of the resource content
Binding: CommonLanguages (preferred): A human language.

Additional BindingsPurpose
AllLanguages Max Binding
... text 0..1 Narrative Text summary of the resource, for human interpretation
... contained 0..* Resource Contained, inline Resources
... extension 0..* Extension Additional content defined by implementations
... modifierExtension ?! 0..* Extension Extensions that cannot be ignored
... type Σ 1..1 Coding Type/identifier of event
Binding: AuditEventID (extensible): Type of event.

... subtype Σ 0..* Coding More specific type/id for the event
Binding: AuditEventSub-Type (extensible): Sub-type of event.


... action Σ 0..1 code Type of action performed during the event
Binding: AuditEventAction (required): Indicator for type of action performed during the event that generated the event.

... period 0..1 Period When the activity occurred
... recorded Σ 1..1 instant Time when the event was recorded
... outcome Σ 0..1 code Whether the event succeeded or failed
Binding: AuditEventOutcome (required): Indicates whether the event succeeded or failed.

... outcomeDesc Σ 0..1 string Description of the event outcome
... purposeOfEvent Σ 0..* CodeableConcept The purposeOfUse of the event
Binding: PurposeOfUse (extensible): The reason the activity took place.


... Slices for agent 1..* BackboneElement Actor involved in the event
Slice: Unordered, Open by pattern:type
.... agent:All Slices Content/Rules for all slices
..... id 0..1 string Unique id for inter-element referencing
..... Slices for extension 0..* Extension Extension
Slice: Unordered, Open by value:url
...... assuranceLevel S 0..* CodeableConcept AuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
...... otherId S 0..* Identifier AuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
..... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
..... type 0..1 CodeableConcept How agent participated
Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event.

..... role 0..* CodeableConcept Agent role in the event
Binding: SecurityRoleType (example): What security role enabled the agent to participate in the event.


..... who Σ 0..1 Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson) Identifier of who
..... altId 0..1 string Alternative User identity
..... name 0..1 string Human friendly name for the agent
..... requestor Σ 1..1 boolean Whether user is initiator
..... location 0..1 Reference(Location) Where
..... policy 0..* uri Policy that authorized event
..... media 0..1 Coding Type of media
Binding: MediaTypeCode (extensible): Used when the event is about exporting/importing onto media.

..... network 0..1 BackboneElement Logical network location for application activity
...... id 0..1 string Unique id for inter-element referencing
...... extension 0..* Extension Additional content defined by implementations
...... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
...... address 0..1 string Identifier for the network access point of the user device
...... type 0..1 code The type of network access point
Binding: AuditEventAgentNetworkType (required): The type of network access point of this agent in the audit event.

..... purposeOfUse 0..* CodeableConcept Reason given for this user
Binding: PurposeOfUse (extensible): The reason the activity took place.


.... agent:user 1..* BackboneElement Actor involved in the event
..... id 0..1 string Unique id for inter-element referencing
..... Slices for extension 0..* Extension Extension
Slice: Unordered, Open by value:url
..... Slices for extension Content/Rules for all slices
...... assuranceLevel S 0..* CodeableConcept AuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
..... Slices for extension Content/Rules for all slices
...... otherId S 0..* Identifier AuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
..... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
..... type 1..1 CodeableConcept How agent participated
Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event.


Required Pattern: At least the following
...... id 0..1 string Unique id for inter-element referencing
...... extension 0..* Extension Additional content defined by implementations
...... coding 1..* Coding Code defined by a terminology system
Fixed Value: (complex)
....... id 0..1 string Unique id for inter-element referencing
....... extension 0..* Extension Additional content defined by implementations
....... system 1..1 uri Identity of the terminology system
Fixed Value: https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes
....... version 0..1 string Version of the system - if relevant
....... code 1..1 code Symbol in syntax defined by the system
Fixed Value: UserSamlAgent
....... display 0..1 string Representation defined by the system
....... userSelected 0..1 boolean If this coding was chosen directly by the user
...... text 0..1 string Plain text representation of the concept
..... role 0..* CodeableConcept Agent role in the event
Binding: SecurityRoleType (example): What security role enabled the agent to participate in the event.


..... who Σ 1..1 Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson) Identifier of who
...... id 0..1 string Unique id for inter-element referencing
...... extension 0..* Extension Additional content defined by implementations
Slice: Unordered, Open by value:url
...... reference ΣC 0..1 string Literal reference, Relative, internal or absolute URL
...... type Σ 0..1 uri Type the reference refers to (e.g. "Patient")
Binding: ResourceType (extensible): Aa resource (or, for logical models, the URI of the logical model).

...... identifier Σ 0..1 Identifier Logical reference, when literal reference is not known
....... id 0..1 string Unique id for inter-element referencing
....... extension 0..* Extension Additional content defined by implementations
Slice: Unordered, Open by value:url
....... use ?!Σ 0..1 code usual | official | temp | secondary | old (If known)
Binding: IdentifierUse (required): Identifies the purpose for this identifier, if known .

....... type Σ 0..1 CodeableConcept Description of identifier
Binding: Identifier Type Codes (extensible): A coded type for an identifier that can be used to determine which identifier to use for a specific purpose.

....... system SΣ 0..1 uri SAML Issuer
Example General: http://www.acme.com/identifiers/patient
....... value SΣ 1..1 string SAML Subject.NameID
Example General: 123456
....... period Σ 0..1 Period Time period when id is/was valid for use
....... assigner Σ 0..1 Reference(Organization) Organization that issued id (may be just text)
...... display Σ 0..1 string Text alternative for the resource
..... altId 0..1 string Alternative User identity
..... name 0..1 string Human friendly name for the agent
..... requestor Σ 1..1 boolean Whether user is initiator
Required Pattern: true
..... location 0..1 Reference(Location) Where
..... policy S 1..1 uri SAML token ID
..... purposeOfUse S 0..* CodeableConcept SAML subject:purposeofuse
Binding: PurposeOfUse (extensible): The reason the activity took place.


... source 1..1 BackboneElement Audit Event Reporter
.... id 0..1 string Unique id for inter-element referencing
.... extension 0..* Extension Additional content defined by implementations
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
.... site 0..1 string Logical source location within the enterprise
.... observer Σ 1..1 Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson) The identity of source detecting the event
.... type 0..* Coding The type of source where event originated
Binding: AuditEventSourceType (extensible): Code specifying the type of system that detected and recorded the event.


... entity C 0..* BackboneElement Data or objects used
sev-1: Either a name or a query (NOT both)
.... id 0..1 string Unique id for inter-element referencing
.... extension 0..* Extension Additional content defined by implementations
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
.... what Σ 0..1 Reference(Resource) Specific instance of resource
.... type 0..1 Coding Type of entity involved
Binding: AuditEventEntityType (extensible): Code for the entity type involved in the audit event.

.... role 0..1 Coding What role the entity played
Binding: AuditEventEntityRole (extensible): Code representing the role the entity played in the audit event.

.... lifecycle 0..1 Coding Life-cycle stage for the entity
Binding: ObjectLifecycleEvents (extensible): Identifier for the data life-cycle stage for the entity.

.... securityLabel 0..* Coding Security labels on the entity
Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.


.... name ΣC 0..1 string Descriptor for entity
.... description 0..1 string Descriptive text
.... query ΣC 0..1 base64Binary Query parameters
.... detail 0..* BackboneElement Additional Information about the entity
..... id 0..1 string Unique id for inter-element referencing
..... extension 0..* Extension Additional content defined by implementations
..... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
..... type 1..1 string Name of the property
..... value[x] 1..1 Property value
...... valueString string
...... valueBase64Binary base64Binary

doco Documentation for this format

Terminology Bindings

PathConformanceValueSet / CodeURI
AuditEvent.languagepreferredCommonLanguages
Additional Bindings Purpose
AllLanguages Max Binding
http://hl7.org/fhir/ValueSet/languages
from the FHIR Standard
AuditEvent.typeextensibleAuditEventID
http://hl7.org/fhir/ValueSet/audit-event-type
from the FHIR Standard
AuditEvent.subtypeextensibleAuditEventSub-Type
http://hl7.org/fhir/ValueSet/audit-event-sub-type
from the FHIR Standard
AuditEvent.actionrequiredAuditEventAction
http://hl7.org/fhir/ValueSet/audit-event-action|4.0.1
from the FHIR Standard
AuditEvent.outcomerequiredAuditEventOutcome
http://hl7.org/fhir/ValueSet/audit-event-outcome|4.0.1
from the FHIR Standard
AuditEvent.purposeOfEventextensiblePurposeOfUse
http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
AuditEvent.agent.typeextensibleParticipationRoleType
http://hl7.org/fhir/ValueSet/participation-role-type
from the FHIR Standard
AuditEvent.agent.roleexampleSecurityRoleType
http://hl7.org/fhir/ValueSet/security-role-type
from the FHIR Standard
AuditEvent.agent.mediaextensibleMediaTypeCode
http://hl7.org/fhir/ValueSet/dicm-405-mediatype
from the FHIR Standard
AuditEvent.agent.network.typerequiredAuditEventAgentNetworkType
http://hl7.org/fhir/ValueSet/network-type|4.0.1
from the FHIR Standard
AuditEvent.agent.purposeOfUseextensiblePurposeOfUse
http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
AuditEvent.agent:user.typeextensiblePattern: UserSamlAgent
http://hl7.org/fhir/ValueSet/participation-role-type
from the FHIR Standard
AuditEvent.agent:user.roleexampleSecurityRoleType
http://hl7.org/fhir/ValueSet/security-role-type
from the FHIR Standard
AuditEvent.agent:user.who.typeextensibleResourceType
http://hl7.org/fhir/ValueSet/resource-types
from the FHIR Standard
AuditEvent.agent:user.who.identifier.userequiredIdentifierUse
http://hl7.org/fhir/ValueSet/identifier-use|4.0.1
from the FHIR Standard
AuditEvent.agent:user.who.identifier.typeextensibleIdentifier Type Codes
http://hl7.org/fhir/ValueSet/identifier-type
from the FHIR Standard
AuditEvent.agent:user.network.typerequiredAuditEventAgentNetworkType
http://hl7.org/fhir/ValueSet/network-type|4.0.1
from the FHIR Standard
AuditEvent.agent:user.purposeOfUseextensiblePurposeOfUse
http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
AuditEvent.source.typeextensibleAuditEventSourceType
http://hl7.org/fhir/ValueSet/audit-source-type
from the FHIR Standard
AuditEvent.entity.typeextensibleAuditEventEntityType
http://hl7.org/fhir/ValueSet/audit-entity-type
from the FHIR Standard
AuditEvent.entity.roleextensibleAuditEventEntityRole
http://hl7.org/fhir/ValueSet/object-role
from the FHIR Standard
AuditEvent.entity.lifecycleextensibleObjectLifecycleEvents
http://hl7.org/fhir/ValueSet/object-lifecycle-events
AuditEvent.entity.securityLabelextensibleAll Security Labels
http://hl7.org/fhir/ValueSet/security-labels
from the FHIR Standard

This structure is derived from AuditEvent

Summary

Mandatory: 4 elements(1 nested mandatory element)
Must-Support: 8 elements
Prohibited: 2 elements

Extensions

This structure refers to these extensions:

Slices

This structure defines the following Slices:

  • The element 1 is sliced based on the value of AuditEvent.agent

Differential View

This structure is derived from AuditEvent

NameFlagsCard.TypeDescription & Constraintsdoco
.. AuditEvent 0..* AuditEvent Event record kept for security purposes
... Slices for agent 1..* BackboneElement Actor involved in the event
Slice: Unordered, Open by pattern:type
.... agent:All Slices Content/Rules for all slices
..... Slices for extension 0..* Extension Extension
Slice: Unordered, Open by value:url
...... assuranceLevel S 0..* CodeableConcept AuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
...... otherId S 0..* Identifier AuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
.... agent:user 1..* BackboneElement Actor involved in the event
..... Slices for extension Content/Rules for all slices
...... assuranceLevel S 0..* CodeableConcept AuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
..... Slices for extension Content/Rules for all slices
...... otherId S 0..* Identifier AuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
..... type 1..1 CodeableConcept How agent participated
Required Pattern: At least the following
...... coding 1..* Coding Code defined by a terminology system
Fixed Value: (complex)
....... system 1..1 uri Identity of the terminology system
Fixed Value: https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes
....... code 1..1 code Symbol in syntax defined by the system
Fixed Value: UserSamlAgent
..... who 1..1 Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson) Identifier of who
...... identifier
....... system S 0..1 uri SAML Issuer
....... value S 1..1 string SAML Subject.NameID
..... requestor 1..1 boolean Whether user is initiator
Required Pattern: true
..... policy S 1..1 uri SAML token ID
..... media 0..0
..... network 0..0
..... purposeOfUse S 0..* CodeableConcept SAML subject:purposeofuse

doco Documentation for this format

Key Elements View

NameFlagsCard.TypeDescription & Constraintsdoco
.. AuditEvent 0..* AuditEvent Event record kept for security purposes
... implicitRules ?!Σ 0..1 uri A set of rules under which this content was created
... modifierExtension ?! 0..* Extension Extensions that cannot be ignored
... type Σ 1..1 Coding Type/identifier of event
Binding: AuditEventID (extensible): Type of event.

... recorded Σ 1..1 instant Time when the event was recorded
... Slices for agent 1..* BackboneElement Actor involved in the event
Slice: Unordered, Open by pattern:type
.... agent:All Slices Content/Rules for all slices
..... Slices for extension 0..* Extension Extension
Slice: Unordered, Open by value:url
...... assuranceLevel S 0..* CodeableConcept AuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
...... otherId S 0..* Identifier AuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
..... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
..... requestor Σ 1..1 boolean Whether user is initiator
.... agent:user 1..* BackboneElement Actor involved in the event
..... Slices for extension Content/Rules for all slices
...... assuranceLevel S 0..* CodeableConcept AuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
..... Slices for extension Content/Rules for all slices
...... otherId S 0..* Identifier AuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
..... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
..... type 1..1 CodeableConcept How agent participated
Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event.


Required Pattern: At least the following
...... coding 1..* Coding Code defined by a terminology system
Fixed Value: (complex)
....... system 1..1 uri Identity of the terminology system
Fixed Value: https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes
....... code 1..1 code Symbol in syntax defined by the system
Fixed Value: UserSamlAgent
..... who Σ 1..1 Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson) Identifier of who
...... identifier Σ 0..1 Identifier Logical reference, when literal reference is not known
....... use ?!Σ 0..1 code usual | official | temp | secondary | old (If known)
Binding: IdentifierUse (required): Identifies the purpose for this identifier, if known .

....... system SΣ 0..1 uri SAML Issuer
Example General: http://www.acme.com/identifiers/patient
....... value SΣ 1..1 string SAML Subject.NameID
Example General: 123456
..... requestor Σ 1..1 boolean Whether user is initiator
Required Pattern: true
..... policy S 1..1 uri SAML token ID
..... purposeOfUse S 0..* CodeableConcept SAML subject:purposeofuse
Binding: PurposeOfUse (extensible): The reason the activity took place.


... source 1..1 BackboneElement Audit Event Reporter
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
.... observer Σ 1..1 Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson) The identity of source detecting the event

doco Documentation for this format

Terminology Bindings

PathConformanceValueSet / CodeURI
AuditEvent.typeextensibleAuditEventID
http://hl7.org/fhir/ValueSet/audit-event-type
from the FHIR Standard
AuditEvent.agent:user.typeextensiblePattern: UserSamlAgent
http://hl7.org/fhir/ValueSet/participation-role-type
from the FHIR Standard
AuditEvent.agent:user.who.identifier.userequiredIdentifierUse
http://hl7.org/fhir/ValueSet/identifier-use|4.0.1
from the FHIR Standard
AuditEvent.agent:user.purposeOfUseextensiblePurposeOfUse
http://terminology.hl7.org/ValueSet/v3-PurposeOfUse

Snapshot View

NameFlagsCard.TypeDescription & Constraintsdoco
.. AuditEvent 0..* AuditEvent Event record kept for security purposes
... id Σ 0..1 id Logical id of this artifact
... meta Σ 0..1 Meta Metadata about the resource
... implicitRules ?!Σ 0..1 uri A set of rules under which this content was created
... language 0..1 code Language of the resource content
Binding: CommonLanguages (preferred): A human language.

Additional BindingsPurpose
AllLanguages Max Binding
... text 0..1 Narrative Text summary of the resource, for human interpretation
... contained 0..* Resource Contained, inline Resources
... extension 0..* Extension Additional content defined by implementations
... modifierExtension ?! 0..* Extension Extensions that cannot be ignored
... type Σ 1..1 Coding Type/identifier of event
Binding: AuditEventID (extensible): Type of event.

... subtype Σ 0..* Coding More specific type/id for the event
Binding: AuditEventSub-Type (extensible): Sub-type of event.


... action Σ 0..1 code Type of action performed during the event
Binding: AuditEventAction (required): Indicator for type of action performed during the event that generated the event.

... period 0..1 Period When the activity occurred
... recorded Σ 1..1 instant Time when the event was recorded
... outcome Σ 0..1 code Whether the event succeeded or failed
Binding: AuditEventOutcome (required): Indicates whether the event succeeded or failed.

... outcomeDesc Σ 0..1 string Description of the event outcome
... purposeOfEvent Σ 0..* CodeableConcept The purposeOfUse of the event
Binding: PurposeOfUse (extensible): The reason the activity took place.


... Slices for agent 1..* BackboneElement Actor involved in the event
Slice: Unordered, Open by pattern:type
.... agent:All Slices Content/Rules for all slices
..... id 0..1 string Unique id for inter-element referencing
..... Slices for extension 0..* Extension Extension
Slice: Unordered, Open by value:url
...... assuranceLevel S 0..* CodeableConcept AuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
...... otherId S 0..* Identifier AuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
..... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
..... type 0..1 CodeableConcept How agent participated
Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event.

..... role 0..* CodeableConcept Agent role in the event
Binding: SecurityRoleType (example): What security role enabled the agent to participate in the event.


..... who Σ 0..1 Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson) Identifier of who
..... altId 0..1 string Alternative User identity
..... name 0..1 string Human friendly name for the agent
..... requestor Σ 1..1 boolean Whether user is initiator
..... location 0..1 Reference(Location) Where
..... policy 0..* uri Policy that authorized event
..... media 0..1 Coding Type of media
Binding: MediaTypeCode (extensible): Used when the event is about exporting/importing onto media.

..... network 0..1 BackboneElement Logical network location for application activity
...... id 0..1 string Unique id for inter-element referencing
...... extension 0..* Extension Additional content defined by implementations
...... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
...... address 0..1 string Identifier for the network access point of the user device
...... type 0..1 code The type of network access point
Binding: AuditEventAgentNetworkType (required): The type of network access point of this agent in the audit event.

..... purposeOfUse 0..* CodeableConcept Reason given for this user
Binding: PurposeOfUse (extensible): The reason the activity took place.


.... agent:user 1..* BackboneElement Actor involved in the event
..... id 0..1 string Unique id for inter-element referencing
..... Slices for extension 0..* Extension Extension
Slice: Unordered, Open by value:url
..... Slices for extension Content/Rules for all slices
...... assuranceLevel S 0..* CodeableConcept AuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
..... Slices for extension Content/Rules for all slices
...... otherId S 0..* Identifier AuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
..... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
..... type 1..1 CodeableConcept How agent participated
Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event.


Required Pattern: At least the following
...... id 0..1 string Unique id for inter-element referencing
...... extension 0..* Extension Additional content defined by implementations
...... coding 1..* Coding Code defined by a terminology system
Fixed Value: (complex)
....... id 0..1 string Unique id for inter-element referencing
....... extension 0..* Extension Additional content defined by implementations
....... system 1..1 uri Identity of the terminology system
Fixed Value: https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes
....... version 0..1 string Version of the system - if relevant
....... code 1..1 code Symbol in syntax defined by the system
Fixed Value: UserSamlAgent
....... display 0..1 string Representation defined by the system
....... userSelected 0..1 boolean If this coding was chosen directly by the user
...... text 0..1 string Plain text representation of the concept
..... role 0..* CodeableConcept Agent role in the event
Binding: SecurityRoleType (example): What security role enabled the agent to participate in the event.


..... who Σ 1..1 Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson) Identifier of who
...... id 0..1 string Unique id for inter-element referencing
...... extension 0..* Extension Additional content defined by implementations
Slice: Unordered, Open by value:url
...... reference ΣC 0..1 string Literal reference, Relative, internal or absolute URL
...... type Σ 0..1 uri Type the reference refers to (e.g. "Patient")
Binding: ResourceType (extensible): Aa resource (or, for logical models, the URI of the logical model).

...... identifier Σ 0..1 Identifier Logical reference, when literal reference is not known
....... id 0..1 string Unique id for inter-element referencing
....... extension 0..* Extension Additional content defined by implementations
Slice: Unordered, Open by value:url
....... use ?!Σ 0..1 code usual | official | temp | secondary | old (If known)
Binding: IdentifierUse (required): Identifies the purpose for this identifier, if known .

....... type Σ 0..1 CodeableConcept Description of identifier
Binding: Identifier Type Codes (extensible): A coded type for an identifier that can be used to determine which identifier to use for a specific purpose.

....... system SΣ 0..1 uri SAML Issuer
Example General: http://www.acme.com/identifiers/patient
....... value SΣ 1..1 string SAML Subject.NameID
Example General: 123456
....... period Σ 0..1 Period Time period when id is/was valid for use
....... assigner Σ 0..1 Reference(Organization) Organization that issued id (may be just text)
...... display Σ 0..1 string Text alternative for the resource
..... altId 0..1 string Alternative User identity
..... name 0..1 string Human friendly name for the agent
..... requestor Σ 1..1 boolean Whether user is initiator
Required Pattern: true
..... location 0..1 Reference(Location) Where
..... policy S 1..1 uri SAML token ID
..... purposeOfUse S 0..* CodeableConcept SAML subject:purposeofuse
Binding: PurposeOfUse (extensible): The reason the activity took place.


... source 1..1 BackboneElement Audit Event Reporter
.... id 0..1 string Unique id for inter-element referencing
.... extension 0..* Extension Additional content defined by implementations
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
.... site 0..1 string Logical source location within the enterprise
.... observer Σ 1..1 Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson) The identity of source detecting the event
.... type 0..* Coding The type of source where event originated
Binding: AuditEventSourceType (extensible): Code specifying the type of system that detected and recorded the event.


... entity C 0..* BackboneElement Data or objects used
sev-1: Either a name or a query (NOT both)
.... id 0..1 string Unique id for inter-element referencing
.... extension 0..* Extension Additional content defined by implementations
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
.... what Σ 0..1 Reference(Resource) Specific instance of resource
.... type 0..1 Coding Type of entity involved
Binding: AuditEventEntityType (extensible): Code for the entity type involved in the audit event.

.... role 0..1 Coding What role the entity played
Binding: AuditEventEntityRole (extensible): Code representing the role the entity played in the audit event.

.... lifecycle 0..1 Coding Life-cycle stage for the entity
Binding: ObjectLifecycleEvents (extensible): Identifier for the data life-cycle stage for the entity.

.... securityLabel 0..* Coding Security labels on the entity
Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.


.... name ΣC 0..1 string Descriptor for entity
.... description 0..1 string Descriptive text
.... query ΣC 0..1 base64Binary Query parameters
.... detail 0..* BackboneElement Additional Information about the entity
..... id 0..1 string Unique id for inter-element referencing
..... extension 0..* Extension Additional content defined by implementations
..... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
..... type 1..1 string Name of the property
..... value[x] 1..1 Property value
...... valueString string
...... valueBase64Binary base64Binary

doco Documentation for this format

Terminology Bindings

PathConformanceValueSet / CodeURI
AuditEvent.languagepreferredCommonLanguages
Additional Bindings Purpose
AllLanguages Max Binding
http://hl7.org/fhir/ValueSet/languages
from the FHIR Standard
AuditEvent.typeextensibleAuditEventID
http://hl7.org/fhir/ValueSet/audit-event-type
from the FHIR Standard
AuditEvent.subtypeextensibleAuditEventSub-Type
http://hl7.org/fhir/ValueSet/audit-event-sub-type
from the FHIR Standard
AuditEvent.actionrequiredAuditEventAction
http://hl7.org/fhir/ValueSet/audit-event-action|4.0.1
from the FHIR Standard
AuditEvent.outcomerequiredAuditEventOutcome
http://hl7.org/fhir/ValueSet/audit-event-outcome|4.0.1
from the FHIR Standard
AuditEvent.purposeOfEventextensiblePurposeOfUse
http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
AuditEvent.agent.typeextensibleParticipationRoleType
http://hl7.org/fhir/ValueSet/participation-role-type
from the FHIR Standard
AuditEvent.agent.roleexampleSecurityRoleType
http://hl7.org/fhir/ValueSet/security-role-type
from the FHIR Standard
AuditEvent.agent.mediaextensibleMediaTypeCode
http://hl7.org/fhir/ValueSet/dicm-405-mediatype
from the FHIR Standard
AuditEvent.agent.network.typerequiredAuditEventAgentNetworkType
http://hl7.org/fhir/ValueSet/network-type|4.0.1
from the FHIR Standard
AuditEvent.agent.purposeOfUseextensiblePurposeOfUse
http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
AuditEvent.agent:user.typeextensiblePattern: UserSamlAgent
http://hl7.org/fhir/ValueSet/participation-role-type
from the FHIR Standard
AuditEvent.agent:user.roleexampleSecurityRoleType
http://hl7.org/fhir/ValueSet/security-role-type
from the FHIR Standard
AuditEvent.agent:user.who.typeextensibleResourceType
http://hl7.org/fhir/ValueSet/resource-types
from the FHIR Standard
AuditEvent.agent:user.who.identifier.userequiredIdentifierUse
http://hl7.org/fhir/ValueSet/identifier-use|4.0.1
from the FHIR Standard
AuditEvent.agent:user.who.identifier.typeextensibleIdentifier Type Codes
http://hl7.org/fhir/ValueSet/identifier-type
from the FHIR Standard
AuditEvent.agent:user.network.typerequiredAuditEventAgentNetworkType
http://hl7.org/fhir/ValueSet/network-type|4.0.1
from the FHIR Standard
AuditEvent.agent:user.purposeOfUseextensiblePurposeOfUse
http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
AuditEvent.source.typeextensibleAuditEventSourceType
http://hl7.org/fhir/ValueSet/audit-source-type
from the FHIR Standard
AuditEvent.entity.typeextensibleAuditEventEntityType
http://hl7.org/fhir/ValueSet/audit-entity-type
from the FHIR Standard
AuditEvent.entity.roleextensibleAuditEventEntityRole
http://hl7.org/fhir/ValueSet/object-role
from the FHIR Standard
AuditEvent.entity.lifecycleextensibleObjectLifecycleEvents
http://hl7.org/fhir/ValueSet/object-lifecycle-events
AuditEvent.entity.securityLabelextensibleAll Security Labels
http://hl7.org/fhir/ValueSet/security-labels
from the FHIR Standard

This structure is derived from AuditEvent

Summary

Mandatory: 4 elements(1 nested mandatory element)
Must-Support: 8 elements
Prohibited: 2 elements

Extensions

This structure refers to these extensions:

Slices

This structure defines the following Slices:

  • The element 1 is sliced based on the value of AuditEvent.agent

 

Other representations of profile: CSV, Excel, Schematron