CapabilityStatement for DeIdentification Audit Creator Actor in DeIdentification Handbook.

This Actor is derived off of the ATNA Secure Application or ATNA Secure Node actor with ATNA ATX:FHIR Feed Option.

This Actor is derived off of the Basic Audit Log Patterns (BALP) Audit Creator recording rich audit log entries to ATNA.

• This Actor is involved in the generation of De-Identified data, and thus would record De-Identification Audit Events
• Ths Actor may be involved in events that uncover a Privacy Disclosure, and thus would record Privacy Disclosure Audit Events.

Defines constraints on the AuditEvent Resource to record when a De-Identification happens at the Source. Note that a De-Identification event often impacts many different patients, so many AuditEvent resources need to be created so that each Patient is individually represented. This prevents leakage of other patients' that were also De-Identified at the same time.

• Export event
• subtype of deidentify or pseudonymize
• shall have source of itself
• shall have a source agent
• should have a recipient agent(s) if known
• may have user, app, organization agent(s)
  • combine with the Security Token pattern
• should have the custodian that released the data
• should have the authorizer that represented the patient (may be the patient)
• shall have a patient entity
• may have the consent that authorized the de-identification
• may have the authorizing client token (saml, jwt, etc)
• may have the set of data entity(ies)

Defines the AuditEvent Subtype for De-Identification events. This is used to indicate that the AuditEvent is specifically for a De-Identification event. The code is based on the ISO 21089 lifecycle code for de-identification.

ValueSet Entity Type for De-Identification

These AuditEvent.entity.type are related to De-Identification policy identification.

Audit Example for a De-Identification from source perspective

Audit Example for an authorized Re-Identification from source perspective