RIVO-Noord Zorgviewer Implementation Guide
1.8.0 - CI build Netherlands flag

RIVO-Noord Zorgviewer Implementation Guide, published by RIVO-NN HL7NL. This guide is not an authorized publication; it is the continuous build for version 1.8.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/RIVO-Noord/zorgviewer-ig/ and changes regularly. See the Directory of published versions

Resource Profile: AuditEvent - Detailed Descriptions

Active as of 2024-11-19

Definitions for the AuditEvent resource profile.

Guidance on how to interpret the contents of this table can be found here

0. AuditEvent
2. AuditEvent.type
Must Supporttrue
4. AuditEvent.action
Must Supporttrue
6. AuditEvent.recorded
Must Supporttrue
8. AuditEvent.agent
Must Supporttrue
10. AuditEvent.agent.role
Must Supporttrue
12. AuditEvent.agent.userId
Must Supporttrue
14. AuditEvent.agent.name
Must Supporttrue
16. AuditEvent.agent.policy
Must Supporttrue
Fixed Valuehttps://rivo-noord.nl/zorgviewer/toestemming
18. AuditEvent.source
20. AuditEvent.source.identifier
NoteThis is a business identifier, not a resource identifier (see discussion)
Must Supporttrue
22. AuditEvent.entity
Must Supporttrue
24. AuditEvent.entity.identifier
NoteThis is a business identifier, not a resource identifier (see discussion)
Must Supporttrue
26. AuditEvent.entity.type
Must Supporttrue
28. AuditEvent.entity.detail
Must Supporttrue
Invariantszv-ae-1: At least 1 detail with name 'X-Request-Id' containing the associated HTTP Header value must exist. (type='X-Request-Id')

Guidance on how to interpret the contents of this table can be found here

0. AuditEvent
Definition

A record of an event made for purposes of maintaining a security log. Typical uses include detection of intrusion attempts and monitoring for inappropriate usage.

ShortEvent record kept for security purposes
Comments

Based on ATNA (RFC 3881).

Control0..*
Invariantsdom-2: If the resource is contained in another resource, it SHALL NOT contain nested Resources (contained.contained.empty())
dom-1: If the resource is contained in another resource, it SHALL NOT contain any narrative (contained.text.empty())
dom-4: If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated (contained.meta.versionId.empty() and contained.meta.lastUpdated.empty())
dom-3: If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource (contained.where(('#'+id in %resource.descendants().reference).not()).empty())
dom-2: If the resource is contained in another resource, it SHALL NOT contain nested Resources (contained.contained.empty())
dom-1: If the resource is contained in another resource, it SHALL NOT contain any narrative (contained.text.empty())
dom-4: If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated (contained.meta.versionId.empty() and contained.meta.lastUpdated.empty())
dom-3: If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource (contained.where(('#'+id in %resource.descendants().reference).not()).empty())
2. AuditEvent.implicitRules
Definition

A reference to a set of rules that were followed when the resource was constructed, and which must be understood when processing the content.

ShortA set of rules under which this content was created
Comments

Asserting this rule set restricts the content to be only understood by a limited set of trading partners. This inherently limits the usefulness of the data in the long term. However, the existing health eco-system is highly fractured, and not yet ready to define, collect, and exchange data in a generally computable sense. Wherever possible, implementers and/or specification writers should avoid using this element.

This element is labelled as a modifier because the implicit rules may provide additional knowledge about the resource that modifies it's meaning or interpretation.

Control0..1
Typeuri
Is Modifiertrue because No Modifier Reason provideed in previous versions of FHIR
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
Summarytrue
4. AuditEvent.modifierExtension
Definition

May be used to represent additional information that is not part of the basic definition of the resource, and that modifies the understanding of the element that contains it. Usually modifier elements provide negation or qualification. In order to make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer is allowed to define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

ShortExtensions that cannot be ignored
Comments

There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

Control0..*
TypeExtension
Is Modifiertrue because No Modifier Reason provideed in previous versions of FHIR
Alternate Namesextensions, user content
6. AuditEvent.type
Definition

Identifier for a family of the event. For example, a menu item, program, rule, policy, function code, application name or URL. It identifies the performed function.

ShortType/identifier of event
Control1..1
BindingUnless not suitable, these codes SHALL be taken from Audit Event IDhttp://hl7.org/fhir/ValueSet/audit-event-type
(extensible to http://hl7.org/fhir/ValueSet/audit-event-type)

Type of event.

TypeCoding
Must Supporttrue
Summarytrue
Requirements

This identifies the performed function. For "Execute" Event Action Code audit records, this identifies the application function performed.

8. AuditEvent.action
Definition

Indicator for type of action performed during the event that generated the audit.

ShortType of action performed during the event
Control0..1
BindingThe codes SHALL be taken from AuditEventActionhttp://hl7.org/fhir/ValueSet/audit-event-action
(required to http://hl7.org/fhir/ValueSet/audit-event-action)

Indicator for type of action performed during the event that generated the event

Typecode
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
Must Supporttrue
Summarytrue
Requirements

This broadly indicates what kind of action was done on the AuditEvent.entity by the AuditEvent.agent.

10. AuditEvent.recorded
Definition

The time when the event occurred on the source.

ShortTime when the event occurred on source
Comments

In a distributed system, some sort of common time base (e.g. an NTP [RFC1305] server) is a good implementation tactic.

Control1..1
Typeinstant
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
Must Supporttrue
Summarytrue
Requirements

This ties an event to a specific date and time. Security audits typically require a consistent time base (e.g. UTC), to eliminate time-zone issues arising from geographical distribution.

12. AuditEvent.agent
Definition

An actor taking an active role in the event or activity that is logged.

ShortActor involved in the event
Comments

Several agents may be associated (i.e. have some responsibility for an activity) with an event or activity.

For example, an activity may be initiated by one user for other users or involve more than one user. However, only one user may be the initiator/requestor for the activity.

Control1..*
TypeBackboneElement
Must Supporttrue
Requirements

An agent can be a person, an organization, software, device, or other actors that may be ascribed responsibility.

Alternate NamesActiveParticipant
Invariantsele-1: All FHIR elements must have a @value or children (hasValue() | (children().count() > id.count()))
ele-1: All FHIR elements must have a @value or children (hasValue() | (children().count() > id.count()))
14. AuditEvent.agent.modifierExtension
Definition

May be used to represent additional information that is not part of the basic definition of the element, and that modifies the understanding of the element that contains it. Usually modifier elements provide negation or qualification. In order to make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer is allowed to define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

ShortExtensions that cannot be ignored
Comments

There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

Control0..*
TypeExtension
Is Modifiertrue because No Modifier Reason provideed in previous versions of FHIR
Summarytrue
Alternate Namesextensions, user content, modifiers
16. AuditEvent.agent.role
Definition

The security role that the user was acting under, that come from local codes defined by the access control security system (e.g. RBAC, ABAC) used in the local context.

ShortAgent role in the event
Comments

Should be roles relevant to the event. Should not be an exhaustive list of roles.

Control0..*
BindingUnless not suitable, these codes SHALL be taken from SecurityRoleTypehttp://hl7.org/fhir/ValueSet/security-role-type
(extensible to http://hl7.org/fhir/ValueSet/security-role-type)

What security role enabled the agent to participate in the event

TypeCodeableConcept
Must Supporttrue
Requirements

This value ties an audited event to a user's role(s). It is an optional value that might be used to group events for analysis by user functional role categories.

18. AuditEvent.agent.userId
Definition

Unique identifier for the user actively participating in the event.

ShortUnique identifier for the user
Comments

A unique value within the Audit Source ID. For node-based authentication -- where only the system hardware or process, but not a human user, is identified -- User ID would be the node name.

Control0..1
TypeIdentifier
Must Supporttrue
Summarytrue
Requirements

This field ties an audit event to a specific user.

20. AuditEvent.agent.name
Definition

Human-meaningful name for the agent.

ShortHuman-meaningful name for the agent
Control0..1
Typestring
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
Must Supporttrue
Requirements

The User ID and Authorization User ID may be internal or otherwise obscure values. This field assists the auditor in identifying the actual user.

22. AuditEvent.agent.requestor
Definition

Indicator that the user is or is not the requestor, or initiator, for the event being audited.

ShortWhether user is initiator
Comments

There can only be one initiator. If the initiator is not clear, then do not choose any one agent as the initiator.

Control1..1
Typeboolean
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
Requirements

This value is used to distinguish between requestor-users and recipient-users. For example, one person may initiate a report-output to be sent to another user.

24. AuditEvent.agent.policy
Definition

The policy or plan that authorized the activity being recorded. Typically, a single activity may have multiple applicable policies, such as patient consent, guarantor funding, etc. The policy would also indicate the security token used.

ShortPolicy that authorized event
Comments

For example: Where an OAuth token authorizes, the unique identifier from the OAuth token is placed into the policy element Where a policy engine (e.g. XACML) holds policy logic, the unique policy identifier is placed into the policy element.

Control0..*
Typeuri
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
Must Supporttrue
Requirements

This value is used retrospectively to determine the authorization policies.

Fixed Valuehttps://rivo-noord.nl/zorgviewer/toestemming
26. AuditEvent.source
Definition

The system that is reporting the event.

ShortAudit Event Reporter
Comments

Since multi-tier, distributed, or composite applications make source identification ambiguous, this collection of fields may repeat for each application or process actively involved in the event. For example, multiple value-sets can identify participating web servers, application processes, and database server threads in an n-tier distributed application. Passive event participants (e.g. low-level network transports) need not be identified.

Control1..1
TypeBackboneElement
Requirements

The event is reported by one source.

Invariantsele-1: All FHIR elements must have a @value or children (hasValue() | (children().count() > id.count()))
ele-1: All FHIR elements must have a @value or children (hasValue() | (children().count() > id.count()))
28. AuditEvent.source.modifierExtension
Definition

May be used to represent additional information that is not part of the basic definition of the element, and that modifies the understanding of the element that contains it. Usually modifier elements provide negation or qualification. In order to make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer is allowed to define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

ShortExtensions that cannot be ignored
Comments

There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

Control0..*
TypeExtension
Is Modifiertrue because No Modifier Reason provideed in previous versions of FHIR
Summarytrue
Alternate Namesextensions, user content, modifiers
30. AuditEvent.source.identifier
Definition

Identifier of the source where the event was detected.

ShortThe identity of source detecting the event
NoteThis is a business identifier, not a resource identifier (see discussion)
Control1..1
TypeIdentifier
Must Supporttrue
Summarytrue
Requirements

This field ties the event to a specific source system. It may be used to group events for analysis according to where the event was detected.

32. AuditEvent.entity
Definition

Specific instances of data or objects that have been accessed.

ShortData or objects used
Comments

Required unless the values for event identification, agent identification, and audit source identification are sufficient to document the entire auditable event. Because events may have more than one entity, this group can be a repeating set of values.

Control0..*
TypeBackboneElement
Must Supporttrue
Requirements

The event may have other entities involved.

Alternate NamesParticipantObject
Invariantsele-1: All FHIR elements must have a @value or children (hasValue() | (children().count() > id.count()))
sev-1: Either a name or a query (NOT both) (name.empty() or query.empty())
ele-1: All FHIR elements must have a @value or children (hasValue() | (children().count() > id.count()))
sev-1: Either a name or a query (NOT both) (name.empty() or query.empty())
34. AuditEvent.entity.modifierExtension
Definition

May be used to represent additional information that is not part of the basic definition of the element, and that modifies the understanding of the element that contains it. Usually modifier elements provide negation or qualification. In order to make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer is allowed to define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

ShortExtensions that cannot be ignored
Comments

There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

Control0..*
TypeExtension
Is Modifiertrue because No Modifier Reason provideed in previous versions of FHIR
Summarytrue
Alternate Namesextensions, user content, modifiers
36. AuditEvent.entity.identifier
Definition

Identifies a specific instance of the entity. The reference should always be version specific.

ShortSpecific instance of object
Comments

Identifier detail depends on entity type.

NoteThis is a business identifier, not a resource identifier (see discussion)
Control0..1
TypeIdentifier
Must Supporttrue
Summarytrue
38. AuditEvent.entity.type
Definition

The type of the object that was involved in this audit event.

ShortType of entity involved
Comments

This value is distinct from the user's role or any user relationship to the entity.

Control0..1
BindingUnless not suitable, these codes SHALL be taken from AuditEventEntityTypehttp://hl7.org/fhir/ValueSet/audit-entity-type
(extensible to http://hl7.org/fhir/ValueSet/audit-entity-type)

Code for the entity type involved in the audit event

TypeCoding
Must Supporttrue
Requirements

To describe the object being acted upon. In addition to queries on the subject of the action in an auditable event, it is also important to be able to query on the object type for the action.

40. AuditEvent.entity.detail
Definition

Tagged value pairs for conveying additional information about the entity.

ShortAdditional Information about the entity
Control0..*
TypeBackboneElement
Must Supporttrue
Requirements

Implementation-defined data about specific details of the object accessed or used.

Invariantsele-1: All FHIR elements must have a @value or children (hasValue() | (children().count() > id.count()))
zv-ae-1: At least 1 detail with name 'X-Request-Id' containing the associated HTTP Header value must exist. (type='X-Request-Id')
ele-1: All FHIR elements must have a @value or children (hasValue() | (children().count() > id.count()))
42. AuditEvent.entity.detail.modifierExtension
Definition

May be used to represent additional information that is not part of the basic definition of the element, and that modifies the understanding of the element that contains it. Usually modifier elements provide negation or qualification. In order to make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer is allowed to define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

ShortExtensions that cannot be ignored
Comments

There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

Control0..*
TypeExtension
Is Modifiertrue because No Modifier Reason provideed in previous versions of FHIR
Summarytrue
Alternate Namesextensions, user content, modifiers
44. AuditEvent.entity.detail.type
Definition

The type of extra detail provided in the value.

ShortName of the property
Control1..1
Typestring
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
46. AuditEvent.entity.detail.value
Definition

The details, base64 encoded. Used to carry bulk information.

ShortProperty value
Comments

The value is base64 encoded to enable various encodings or binary content.

Control1..1
Typebase64Binary
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
Requirements

Should not duplicate the entity value unless absolutely necessary.

Guidance on how to interpret the contents of this table can be found here

0. AuditEvent
Definition

A record of an event made for purposes of maintaining a security log. Typical uses include detection of intrusion attempts and monitoring for inappropriate usage.

ShortEvent record kept for security purposes
Comments

Based on ATNA (RFC 3881).

Control0..*
Invariantsdom-2: If the resource is contained in another resource, it SHALL NOT contain nested Resources (contained.contained.empty())
dom-1: If the resource is contained in another resource, it SHALL NOT contain any narrative (contained.text.empty())
dom-4: If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated (contained.meta.versionId.empty() and contained.meta.lastUpdated.empty())
dom-3: If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource (contained.where(('#'+id in %resource.descendants().reference).not()).empty())
2. AuditEvent.id
Definition

The logical id of the resource, as used in the URL for the resource. Once assigned, this value never changes.

ShortLogical id of this artifact
Comments

The only time that a resource does not have an id is when it is being submitted to the server using a create operation.

Control0..1
Typeid
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
Summarytrue
4. AuditEvent.meta
Definition

The metadata about the resource. This is content that is maintained by the infrastructure. Changes to the content may not always be associated with version changes to the resource.

ShortMetadata about the resource
Control0..1
TypeMeta
Summarytrue
6. AuditEvent.implicitRules
Definition

A reference to a set of rules that were followed when the resource was constructed, and which must be understood when processing the content.

ShortA set of rules under which this content was created
Comments

Asserting this rule set restricts the content to be only understood by a limited set of trading partners. This inherently limits the usefulness of the data in the long term. However, the existing health eco-system is highly fractured, and not yet ready to define, collect, and exchange data in a generally computable sense. Wherever possible, implementers and/or specification writers should avoid using this element.

This element is labelled as a modifier because the implicit rules may provide additional knowledge about the resource that modifies it's meaning or interpretation.

Control0..1
Typeuri
Is Modifiertrue because No Modifier Reason provideed in previous versions of FHIR
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
Summarytrue
8. AuditEvent.language
Definition

The base language in which the resource is written.

ShortLanguage of the resource content
Comments

Language is provided to support indexing and accessibility (typically, services such as text to speech use the language tag). The html language tag in the narrative applies to the narrative. The language tag on the resource may be used to specify the language of other presentations generated from the data in the resource Not all the content has to be in the base language. The Resource.language should not be assumed to apply to the narrative automatically. If a language is specified, it should it also be specified on the div element in the html (see rules in HTML5 for information about the relationship between xml:lang and the html lang attribute).

Control0..1
BindingUnless not suitable, these codes SHALL be taken from Common Languages
(extensible to http://hl7.org/fhir/ValueSet/languages)

A human language.

Additional BindingsPurpose
All LanguagesMax Binding
Typecode
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
10. AuditEvent.text
Definition

A human-readable narrative that contains a summary of the resource, and may be used to represent the content of the resource to a human. The narrative need not encode all the structured data, but is required to contain sufficient detail to make it "clinically safe" for a human to just read the narrative. Resource definitions may define what content should be represented in the narrative to ensure clinical safety.

ShortText summary of the resource, for human interpretation
Comments

Contained resources do not have narrative. Resources that are not contained SHOULD have a narrative. In some cases, a resource may only have text with little or no additional discrete data (as long as all minOccurs=1 elements are satisfied). This may be necessary for data from legacy systems where information is captured as a "text blob" or where text is additionally entered raw or narrated and encoded in formation is added later.

Control0..1
This element is affected by the following invariants: dom-1
TypeNarrative
Alternate Namesnarrative, html, xhtml, display
12. AuditEvent.contained
Definition

These resources do not have an independent existence apart from the resource that contains them - they cannot be identified independently, and nor can they have their own independent transaction scope.

ShortContained, inline Resources
Comments

This should never be done when the content can be identified properly, as once identification is lost, it is extremely difficult (and context dependent) to restore it again.

Control0..*
TypeResource
Alternate Namesinline resources, anonymous resources, contained resources
14. AuditEvent.extension
Definition

May be used to represent additional information that is not part of the basic definition of the resource. In order to make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer is allowed to define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

ShortAdditional Content defined by implementations
Comments

There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

Control0..*
TypeExtension
Alternate Namesextensions, user content
16. AuditEvent.modifierExtension
Definition

May be used to represent additional information that is not part of the basic definition of the resource, and that modifies the understanding of the element that contains it. Usually modifier elements provide negation or qualification. In order to make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer is allowed to define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

ShortExtensions that cannot be ignored
Comments

There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

Control0..*
TypeExtension
Is Modifiertrue because No Modifier Reason provideed in previous versions of FHIR
Alternate Namesextensions, user content
18. AuditEvent.type
Definition

Identifier for a family of the event. For example, a menu item, program, rule, policy, function code, application name or URL. It identifies the performed function.

ShortType/identifier of event
Control1..1
BindingUnless not suitable, these codes SHALL be taken from Audit Event ID
(extensible to http://hl7.org/fhir/ValueSet/audit-event-type)

Type of event.

TypeCoding
Must Supporttrue
Summarytrue
Requirements

This identifies the performed function. For "Execute" Event Action Code audit records, this identifies the application function performed.

20. AuditEvent.subtype
Definition

Identifier for the category of event.

ShortMore specific type/id for the event
Control0..*
BindingUnless not suitable, these codes SHALL be taken from Audit Event Sub-Type
(extensible to http://hl7.org/fhir/ValueSet/audit-event-sub-type)

Sub-type of event.

TypeCoding
Summarytrue
Requirements

This field enables queries of messages by implementation-defined event categories.

22. AuditEvent.action
Definition

Indicator for type of action performed during the event that generated the audit.

ShortType of action performed during the event
Control0..1
BindingThe codes SHALL be taken from AuditEventAction
(required to http://hl7.org/fhir/ValueSet/audit-event-action)

Indicator for type of action performed during the event that generated the event

Typecode
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
Must Supporttrue
Summarytrue
Requirements

This broadly indicates what kind of action was done on the AuditEvent.entity by the AuditEvent.agent.

24. AuditEvent.recorded
Definition

The time when the event occurred on the source.

ShortTime when the event occurred on source
Comments

In a distributed system, some sort of common time base (e.g. an NTP [RFC1305] server) is a good implementation tactic.

Control1..1
Typeinstant
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
Must Supporttrue
Summarytrue
Requirements

This ties an event to a specific date and time. Security audits typically require a consistent time base (e.g. UTC), to eliminate time-zone issues arising from geographical distribution.

26. AuditEvent.outcome
Definition

Indicates whether the event succeeded or failed.

ShortWhether the event succeeded or failed
Comments

In some cases a "success" may be partial, for example, an incomplete or interrupted transfer of a radiological study. For the purpose of establishing accountability, these distinctions are not relevant.

Control0..1
BindingThe codes SHALL be taken from AuditEventOutcome
(required to http://hl7.org/fhir/ValueSet/audit-event-outcome)

Indicates whether the event succeeded or failed

Typecode
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
Summarytrue
28. AuditEvent.outcomeDesc
Definition

A free text description of the outcome of the event.

ShortDescription of the event outcome
Control0..1
Typestring
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
Summarytrue
30. AuditEvent.purposeOfEvent
Definition

The purposeOfUse (reason) that was used during the event being recorded.

ShortThe purposeOfUse of the event
Comments

Use AuditEvent.agent.purposeOfUse when you know that it is specific to the agent, otherwise use AuditEvent.purposeOfEvent. For example, during a machine-to-machine transfer it might not be obvious to the audit system who caused the event, but it does know why.

Control0..*
BindingUnless not suitable, these codes SHALL be taken from PurposeOfUse
(extensible to http://hl7.org/fhir/ValueSet/v3-PurposeOfUse)

The reason the activity took place.

TypeCodeableConcept
Summarytrue
32. AuditEvent.agent
Definition

An actor taking an active role in the event or activity that is logged.

ShortActor involved in the event
Comments

Several agents may be associated (i.e. have some responsibility for an activity) with an event or activity.

For example, an activity may be initiated by one user for other users or involve more than one user. However, only one user may be the initiator/requestor for the activity.

Control1..*
TypeBackboneElement
Must Supporttrue
Requirements

An agent can be a person, an organization, software, device, or other actors that may be ascribed responsibility.

Alternate NamesActiveParticipant
Invariantsele-1: All FHIR elements must have a @value or children (hasValue() | (children().count() > id.count()))
34. AuditEvent.agent.id
Definition

unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

Shortxml:id (or equivalent in JSON)
Control0..1
Typestring
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
XML FormatIn the XML format, this property is represented as an attribute.
36. AuditEvent.agent.extension
Definition

May be used to represent additional information that is not part of the basic definition of the element. In order to make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer is allowed to define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

ShortAdditional Content defined by implementations
Comments

There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

Control0..*
TypeExtension
Alternate Namesextensions, user content
38. AuditEvent.agent.modifierExtension
Definition

May be used to represent additional information that is not part of the basic definition of the element, and that modifies the understanding of the element that contains it. Usually modifier elements provide negation or qualification. In order to make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer is allowed to define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

ShortExtensions that cannot be ignored
Comments

There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

Control0..*
TypeExtension
Is Modifiertrue because No Modifier Reason provideed in previous versions of FHIR
Summarytrue
Alternate Namesextensions, user content, modifiers
40. AuditEvent.agent.role
Definition

The security role that the user was acting under, that come from local codes defined by the access control security system (e.g. RBAC, ABAC) used in the local context.

ShortAgent role in the event
Comments

Should be roles relevant to the event. Should not be an exhaustive list of roles.

Control0..*
BindingUnless not suitable, these codes SHALL be taken from SecurityRoleType
(extensible to http://hl7.org/fhir/ValueSet/security-role-type)

What security role enabled the agent to participate in the event

TypeCodeableConcept
Must Supporttrue
Requirements

This value ties an audited event to a user's role(s). It is an optional value that might be used to group events for analysis by user functional role categories.

42. AuditEvent.agent.reference
Definition

Direct reference to a resource that identifies the agent.

ShortDirect reference to resource
Control0..1
TypeReference(Practitioner, Organization, Device, Patient, RelatedPerson)
Summarytrue
Requirements

This field ties an audit event to a specific resource.

44. AuditEvent.agent.userId
Definition

Unique identifier for the user actively participating in the event.

ShortUnique identifier for the user
Comments

A unique value within the Audit Source ID. For node-based authentication -- where only the system hardware or process, but not a human user, is identified -- User ID would be the node name.

Control0..1
TypeIdentifier
Must Supporttrue
Summarytrue
Requirements

This field ties an audit event to a specific user.

46. AuditEvent.agent.altId
Definition

Alternative agent Identifier. For a human, this should be a user identifier text string from authentication system. This identifier would be one known to a common authentication system (e.g. single sign-on), if available.

ShortAlternative User id e.g. authentication
Control0..1
Typestring
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
Requirements

In some situations, a human user may authenticate with one identity but, to access a specific application system, may use a synonymous identify. For example, some "single sign on" implementations will do this. The alternative identifier would then be the original identify used for authentication, and the User ID is the one known to and used by the application.

48. AuditEvent.agent.name
Definition

Human-meaningful name for the agent.

ShortHuman-meaningful name for the agent
Control0..1
Typestring
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
Must Supporttrue
Requirements

The User ID and Authorization User ID may be internal or otherwise obscure values. This field assists the auditor in identifying the actual user.

50. AuditEvent.agent.requestor
Definition

Indicator that the user is or is not the requestor, or initiator, for the event being audited.

ShortWhether user is initiator
Comments

There can only be one initiator. If the initiator is not clear, then do not choose any one agent as the initiator.

Control1..1
Typeboolean
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
Requirements

This value is used to distinguish between requestor-users and recipient-users. For example, one person may initiate a report-output to be sent to another user.

52. AuditEvent.agent.location
Definition

Where the event occurred.

ShortWhere
Control0..1
TypeReference(Location)
54. AuditEvent.agent.policy
Definition

The policy or plan that authorized the activity being recorded. Typically, a single activity may have multiple applicable policies, such as patient consent, guarantor funding, etc. The policy would also indicate the security token used.

ShortPolicy that authorized event
Comments

For example: Where an OAuth token authorizes, the unique identifier from the OAuth token is placed into the policy element Where a policy engine (e.g. XACML) holds policy logic, the unique policy identifier is placed into the policy element.

Control0..*
Typeuri
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
Must Supporttrue
Requirements

This value is used retrospectively to determine the authorization policies.

Fixed Valuehttps://rivo-noord.nl/zorgviewer/toestemming
56. AuditEvent.agent.media
Definition

Type of media involved. Used when the event is about exporting/importing onto media.

ShortType of media
Control0..1
BindingUnless not suitable, these codes SHALL be taken from Media Type Code
(extensible to http://hl7.org/fhir/ValueSet/dicm-405-mediatype)

Used when the event is about exporting/importing onto media.

TypeCoding
Requirements

Usually, this is used instead of specifying a network address. This field is not used for Media Id (i.e. the serial number of a CD).

58. AuditEvent.agent.network
Definition

Logical network location for application activity, if the activity has a network location.

ShortLogical network location for application activity
Control0..1
TypeBackboneElement
Invariantsele-1: All FHIR elements must have a @value or children (hasValue() | (children().count() > id.count()))
60. AuditEvent.agent.network.id
Definition

unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

Shortxml:id (or equivalent in JSON)
Control0..1
Typestring
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
XML FormatIn the XML format, this property is represented as an attribute.
62. AuditEvent.agent.network.extension
Definition

May be used to represent additional information that is not part of the basic definition of the element. In order to make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer is allowed to define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

ShortAdditional Content defined by implementations
Comments

There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

Control0..*
TypeExtension
Alternate Namesextensions, user content
64. AuditEvent.agent.network.modifierExtension
Definition

May be used to represent additional information that is not part of the basic definition of the element, and that modifies the understanding of the element that contains it. Usually modifier elements provide negation or qualification. In order to make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer is allowed to define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

ShortExtensions that cannot be ignored
Comments

There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

Control0..*
TypeExtension
Is Modifiertrue because No Modifier Reason provideed in previous versions of FHIR
Summarytrue
Alternate Namesextensions, user content, modifiers
66. AuditEvent.agent.network.address
Definition

An identifier for the network access point of the user device for the audit event.

ShortIdentifier for the network access point of the user device
Comments

This could be a device id, IP address or some other identifier associated with a device.

Control0..1
Typestring
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
Requirements

This datum identifies the user's network access point, which may be distinct from the server that performed the action. It is an optional value that may be used to group events recorded on separate servers for analysis of a specific network access point's data access across all servers.

68. AuditEvent.agent.network.type
Definition

An identifier for the type of network access point that originated the audit event.

ShortThe type of network access point
Control0..1
BindingThe codes SHALL be taken from AuditEventAgentNetworkType
(required to http://hl7.org/fhir/ValueSet/network-type)

The type of network access point of this agent in the audit event

Typecode
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
Requirements

This datum identifies the type of network access point identifier of the user device for the audit event. It is an optional value that may be used to group events recorded on separate servers for analysis of access according to a network access point's type.

70. AuditEvent.agent.purposeOfUse
Definition

The reason (purpose of use), specific to this agent, that was used during the event being recorded.

ShortReason given for this user
Comments

Use AuditEvent.agent.purposeOfUse when you know that is specific to the agent, otherwise use AuditEvent.purposeOfEvent. For example, during a machine-to-machine transfer it might not be obvious to the audit system who caused the event, but it does know why.

Control0..*
BindingUnless not suitable, these codes SHALL be taken from PurposeOfUse
(extensible to http://hl7.org/fhir/ValueSet/v3-PurposeOfUse)

The reason the activity took place.

TypeCodeableConcept
72. AuditEvent.source
Definition

The system that is reporting the event.

ShortAudit Event Reporter
Comments

Since multi-tier, distributed, or composite applications make source identification ambiguous, this collection of fields may repeat for each application or process actively involved in the event. For example, multiple value-sets can identify participating web servers, application processes, and database server threads in an n-tier distributed application. Passive event participants (e.g. low-level network transports) need not be identified.

Control1..1
TypeBackboneElement
Requirements

The event is reported by one source.

Invariantsele-1: All FHIR elements must have a @value or children (hasValue() | (children().count() > id.count()))
74. AuditEvent.source.id
Definition

unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

Shortxml:id (or equivalent in JSON)
Control0..1
Typestring
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
XML FormatIn the XML format, this property is represented as an attribute.
76. AuditEvent.source.extension
Definition

May be used to represent additional information that is not part of the basic definition of the element. In order to make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer is allowed to define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

ShortAdditional Content defined by implementations
Comments

There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

Control0..*
TypeExtension
Alternate Namesextensions, user content
78. AuditEvent.source.modifierExtension
Definition

May be used to represent additional information that is not part of the basic definition of the element, and that modifies the understanding of the element that contains it. Usually modifier elements provide negation or qualification. In order to make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer is allowed to define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

ShortExtensions that cannot be ignored
Comments

There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

Control0..*
TypeExtension
Is Modifiertrue because No Modifier Reason provideed in previous versions of FHIR
Summarytrue
Alternate Namesextensions, user content, modifiers
80. AuditEvent.source.site
Definition

Logical source location within the healthcare enterprise network. For example, a hospital or other provider location within a multi-entity provider group.

ShortLogical source location within the enterprise
Control0..1
Typestring
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
Requirements

This value differentiates among the sites in a multi-site enterprise health information system.

82. AuditEvent.source.identifier
Definition

Identifier of the source where the event was detected.

ShortThe identity of source detecting the event
NoteThis is a business identifier, not a resource identifier (see discussion)
Control1..1
TypeIdentifier
Must Supporttrue
Summarytrue
Requirements

This field ties the event to a specific source system. It may be used to group events for analysis according to where the event was detected.

84. AuditEvent.source.type
Definition

Code specifying the type of source where event originated.

ShortThe type of source where event originated
Control0..*
BindingUnless not suitable, these codes SHALL be taken from Audit Event Source Type
(extensible to http://hl7.org/fhir/ValueSet/audit-source-type)

Code specifying the type of system that detected and recorded the event.

TypeCoding
Requirements

This field indicates which type of source is identified by the Audit Source ID. It is an optional value that may be used to group events for analysis according to the type of source where the event occurred.

86. AuditEvent.entity
Definition

Specific instances of data or objects that have been accessed.

ShortData or objects used
Comments

Required unless the values for event identification, agent identification, and audit source identification are sufficient to document the entire auditable event. Because events may have more than one entity, this group can be a repeating set of values.

Control0..*
TypeBackboneElement
Must Supporttrue
Requirements

The event may have other entities involved.

Alternate NamesParticipantObject
Invariantsele-1: All FHIR elements must have a @value or children (hasValue() | (children().count() > id.count()))
sev-1: Either a name or a query (NOT both) (name.empty() or query.empty())
88. AuditEvent.entity.id
Definition

unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

Shortxml:id (or equivalent in JSON)
Control0..1
Typestring
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
XML FormatIn the XML format, this property is represented as an attribute.
90. AuditEvent.entity.extension
Definition

May be used to represent additional information that is not part of the basic definition of the element. In order to make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer is allowed to define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

ShortAdditional Content defined by implementations
Comments

There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

Control0..*
TypeExtension
Alternate Namesextensions, user content
92. AuditEvent.entity.modifierExtension
Definition

May be used to represent additional information that is not part of the basic definition of the element, and that modifies the understanding of the element that contains it. Usually modifier elements provide negation or qualification. In order to make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer is allowed to define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

ShortExtensions that cannot be ignored
Comments

There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

Control0..*
TypeExtension
Is Modifiertrue because No Modifier Reason provideed in previous versions of FHIR
Summarytrue
Alternate Namesextensions, user content, modifiers
94. AuditEvent.entity.identifier
Definition

Identifies a specific instance of the entity. The reference should always be version specific.

ShortSpecific instance of object
Comments

Identifier detail depends on entity type.

NoteThis is a business identifier, not a resource identifier (see discussion)
Control0..1
TypeIdentifier
Must Supporttrue
Summarytrue
96. AuditEvent.entity.reference
Definition

Identifies a specific instance of the entity. The reference should be version specific.

ShortSpecific instance of resource
Control0..1
TypeReference(Resource)
Summarytrue
98. AuditEvent.entity.type
Definition

The type of the object that was involved in this audit event.

ShortType of entity involved
Comments

This value is distinct from the user's role or any user relationship to the entity.

Control0..1
BindingUnless not suitable, these codes SHALL be taken from AuditEventEntityType
(extensible to http://hl7.org/fhir/ValueSet/audit-entity-type)

Code for the entity type involved in the audit event

TypeCoding
Must Supporttrue
Requirements

To describe the object being acted upon. In addition to queries on the subject of the action in an auditable event, it is also important to be able to query on the object type for the action.

100. AuditEvent.entity.role
Definition

Code representing the role the entity played in the event being audited.

ShortWhat role the entity played
Control0..1
BindingUnless not suitable, these codes SHALL be taken from AuditEventEntityRole
(extensible to http://hl7.org/fhir/ValueSet/object-role)

Code representing the role the entity played in the audit event

TypeCoding
Requirements

For some detailed audit analysis it may be necessary to indicate a more granular type of entity, based on the application role it serves.

102. AuditEvent.entity.lifecycle
Definition

Identifier for the data life-cycle stage for the entity.

ShortLife-cycle stage for the entity
Comments

This can be used to provide an audit trail for data, over time, as it passes through the system.

Control0..1
BindingUnless not suitable, these codes SHALL be taken from ObjectLifecycleEvents
(extensible to http://hl7.org/fhir/ValueSet/object-lifecycle-events)

Identifier for the data life-cycle stage for the entity

TypeCoding
Requirements

Institutional policies for privacy and security may optionally fall under different accountability rules based on data life cycle. This provides a differentiating value for those cases.

104. AuditEvent.entity.securityLabel
Definition

Security labels for the identified entity.

ShortSecurity labels on the entity
Comments

Copied from entity meta security tags.

Control0..*
BindingUnless not suitable, these codes SHALL be taken from All Security Labels
(extensible to http://hl7.org/fhir/ValueSet/security-labels)

Security Labels from the Healthcare Privacy and Security Classification System.

TypeCoding
Requirements

This field identifies the security labels for a specific instance of an object, such as a patient, to detect/track privacy and security issues.

106. AuditEvent.entity.name
Definition

A name of the entity in the audit event.

ShortDescriptor for entity
Comments

This field may be used in a query/report to identify audit events for a specific person. For example, where multiple synonymous entity identifiers (patient number, medical record number, encounter number, etc.) have been used.

Control0..1
This element is affected by the following invariants: sev-1
Typestring
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
Summarytrue
Requirements

Use only where entity can't be identified with an identifier.

108. AuditEvent.entity.description
Definition

Text that describes the entity in more detail.

ShortDescriptive text
Control0..1
Typestring
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
Requirements

Use only where entity can't be identified with an identifier.

110. AuditEvent.entity.query
Definition

The query parameters for a query-type entities.

ShortQuery parameters
Control0..1
This element is affected by the following invariants: sev-1
Typebase64Binary
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
Summarytrue
Requirements

For query events, it may be necessary to capture the actual query input to the query process in order to identify the specific event. Because of differences among query implementations and data encoding for them, this is a base 64 encoded data blob. It may be subsequently decoded or interpreted by downstream audit analysis processing.

112. AuditEvent.entity.detail
Definition

Tagged value pairs for conveying additional information about the entity.

ShortAdditional Information about the entity
Control0..*
TypeBackboneElement
Must Supporttrue
Requirements

Implementation-defined data about specific details of the object accessed or used.

Invariantsele-1: All FHIR elements must have a @value or children (hasValue() | (children().count() > id.count()))
zv-ae-1: At least 1 detail with name 'X-Request-Id' containing the associated HTTP Header value must exist. (type='X-Request-Id')
114. AuditEvent.entity.detail.id
Definition

unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

Shortxml:id (or equivalent in JSON)
Control0..1
Typestring
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
XML FormatIn the XML format, this property is represented as an attribute.
116. AuditEvent.entity.detail.extension
Definition

May be used to represent additional information that is not part of the basic definition of the element. In order to make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer is allowed to define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

ShortAdditional Content defined by implementations
Comments

There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

Control0..*
TypeExtension
Alternate Namesextensions, user content
118. AuditEvent.entity.detail.modifierExtension
Definition

May be used to represent additional information that is not part of the basic definition of the element, and that modifies the understanding of the element that contains it. Usually modifier elements provide negation or qualification. In order to make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer is allowed to define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

ShortExtensions that cannot be ignored
Comments

There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

Control0..*
TypeExtension
Is Modifiertrue because No Modifier Reason provideed in previous versions of FHIR
Summarytrue
Alternate Namesextensions, user content, modifiers
120. AuditEvent.entity.detail.type
Definition

The type of extra detail provided in the value.

ShortName of the property
Control1..1
Typestring
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
122. AuditEvent.entity.detail.value
Definition

The details, base64 encoded. Used to carry bulk information.

ShortProperty value
Comments

The value is base64 encoded to enable various encodings or binary content.

Control1..1
Typebase64Binary
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
Requirements

Should not duplicate the entity value unless absolutely necessary.