AuditEvent - RIVO-Noord Zorgviewer Implementation Guide v1.7.0

RIVO-Noord Zorgviewer Implementation Guide
1.7.0 - CI build Netherlands flag

RIVO-Noord Zorgviewer Implementation Guide, published by RIVO-NN HL7NL. This guide is not an authorized publication; it is the continuous build for version 1.7.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/RIVO-Noord/zorgviewer-ig/ and changes regularly. See the Directory of published versions

Resource Profile: AuditEvent

Official URL: http://hl7.nl/fhir/zorgviewer/StructureDefinition/AuditEvent				Version: 1.7.0
Active as of 2024-10-30				Computable Name: AuditEvent

AuditEvent

NEN 7513:2018 ~vrij beschikbaar na registratie~
- gebeurtenissen in scope van de Zorgviewer
  - Als de Zorgviewer een patient opent: "gegevens lezen"
  - Als een beheerder loggegevens inziet: "loggegevens lezen"
Zie AuditEvent-example-1

key	value	FHIR Path
Gebeurtenis		`AuditEvent`
gebeurteniscode	DCM,110110,'Patient Record'	`AuditEvent.type.coding.system = http://dicom.nema.org/resources/ontology/DCM` `AuditEvent.type.coding.code = 110110` `AuditEvent.type.coding.code = Patient Record`
actiecode	R	`AuditEvent.action = R`
datum en tijd	1986‐09‐14T14:12:12	`AuditEvent.recorded`
Gebruiker		`AuditEvent.agent`
gebruikers-id	Schroder, CP, Arts en system urn:oid:2.16.840.1.113883.2.4.3.8 of AGB-Z 06020101 met system http://fhir.nl/fhir/NamingSystem/agb-z	zorgaanbieder OID `AuditEvent.agent.userId.system` `AuditEvent.agent.userId.value` en `AuditEvent.agent.name`
	Zelfde als voor ToestemmingConsent.policy: https://rivo-noord.nl/zorgviewer/toestemming	`AuditEvent.agent.policy`
gebruikersrol	05 Directly involved healthcare professional	`AuditEvent.agent.role.coding.system` `AuditEvent.agent.role.coding.code` `AuditEvent.agent.role.coding.display`
ID van verantwoordelijke gebruiker	zie gebruikers-id
Rol van verantwoordelijke gebruiker	zie gebruikersrol
Object		`AuditEvent.entity`
Identificatortype	Patiëntnummer	`AuditEvent.entity.type.code = 1` `AuditEvent.entity.type.system = http://hl7.org/fhir/audit-entity-type`
Identificator	http://fhir.nl/fhir/NamingSystem/bsn 999911120	`AuditEvent.entity.identifier.system` `AuditEvent.entity.identifier.value`
Autorisatieprotocol	?
Toestemmingsprofiel	?
Loggegevens		`AuditEvent.source`
Identificatie van de bron	Zorgviewer RIVO-Noord	`AuditEvent.source.identifier.value`

NEN 7513 overzicht datamodel<br/>geel is verplicht

NEN 7513 overzicht datamodel
geel is verplicht

Usage:

This Resource Profile is not used by any profiles in this Implementation Guide

Formal Views of Profile Content

Description of Profiles, Differentials, Snapshots and how the different presentations work.

Differential Table
Key Elements Table
Snapshot Table
Statistics/References
All

This structure is derived from AuditEvent

Name	Flags	Card.	Type	Description & Constraints
AuditEvent		0..*	AuditEvent	Event record kept for security purposes
type	S	1..1	Coding	Type/identifier of event
action	S	0..1	code	Type of action performed during the event
recorded	S	1..1	instant	Time when the event occurred on source
agent	S	1..*	BackboneElement	Actor involved in the event
role	S	0..*	CodeableConcept	Agent role in the event
userId	S	0..1	Identifier	Unique identifier for the user
name	S	0..1	string	Human-meaningful name for the agent
policy	S	0..*	uri	Policy that authorized event Fixed Value: https://rivo-noord.nl/zorgviewer/toestemming
source
identifier	S	1..1	Identifier	The identity of source detecting the event
entity	S	0..*	BackboneElement	Data or objects used
identifier	S	0..1	Identifier	Specific instance of object
type	S	0..1	Coding	Type of entity involved
detail	SC	0..*	BackboneElement	Additional Information about the entity zv-ae-1: At least 1 detail with name 'X-Request-Id' containing the associated HTTP Header value must exist.
Documentation for this format

Constraints

Id	Grade	Path(s)	Details	Requirements
zv-ae-1	error	AuditEvent.entity.detail	At least 1 detail with name 'X-Request-Id' containing the associated HTTP Header value must exist. : type='X-Request-Id'

Name	Flags	Card.	Type	Description & Constraints
AuditEvent		0..*	AuditEvent	Event record kept for security purposes
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
type	SΣ	1..1	Coding	Type/identifier of event Binding: Audit Event ID (extensible): Type of event.
action	SΣ	0..1	code	Type of action performed during the event Binding: AuditEventAction (required): Indicator for type of action performed during the event that generated the event
recorded	SΣ	1..1	instant	Time when the event occurred on source
agent	S	1..*	BackboneElement	Actor involved in the event
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
role	S	0..*	CodeableConcept	Agent role in the event Binding: SecurityRoleType (extensible): What security role enabled the agent to participate in the event
userId	SΣ	0..1	Identifier	Unique identifier for the user
name	S	0..1	string	Human-meaningful name for the agent
requestor		1..1	boolean	Whether user is initiator
policy	S	0..*	uri	Policy that authorized event Fixed Value: https://rivo-noord.nl/zorgviewer/toestemming
source		1..1	BackboneElement	Audit Event Reporter
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
identifier	SΣ	1..1	Identifier	The identity of source detecting the event
entity	SC	0..*	BackboneElement	Data or objects used sev-1: Either a name or a query (NOT both)
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
identifier	SΣ	0..1	Identifier	Specific instance of object
type	S	0..1	Coding	Type of entity involved Binding: AuditEventEntityType (extensible): Code for the entity type involved in the audit event
detail	SC	0..*	BackboneElement	Additional Information about the entity zv-ae-1: At least 1 detail with name 'X-Request-Id' containing the associated HTTP Header value must exist.
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
type		1..1	string	Name of the property
value		1..1	base64Binary	Property value
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet	URI
AuditEvent.type	extensible	Audit Event ID `http://hl7.org/fhir/ValueSet/audit-event-type` from the FHIR Standard
AuditEvent.action	required	AuditEventAction `http://hl7.org/fhir/ValueSet/audit-event-action` from the FHIR Standard
AuditEvent.agent.role	extensible	SecurityRoleType `http://hl7.org/fhir/ValueSet/security-role-type` from the FHIR Standard
AuditEvent.entity.type	extensible	AuditEventEntityType `http://hl7.org/fhir/ValueSet/audit-entity-type` from the FHIR Standard

Constraints

Id	Grade	Path(s)	Details	Requirements
dom-1	error	AuditEvent	If the resource is contained in another resource, it SHALL NOT contain any narrative : contained.text.empty()
dom-2	error	AuditEvent	If the resource is contained in another resource, it SHALL NOT contain nested Resources : contained.contained.empty()
dom-3	error	AuditEvent	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource : contained.where(('#'+id in %resource.descendants().reference).not()).empty()
dom-4	error	AuditEvent	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated : contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
ele-1	error	ALL elements	All FHIR elements must have a @value or children : hasValue() \| (children().count() > id.count())
sev-1	error	AuditEvent.entity	Either a name or a query (NOT both) : name.empty() or query.empty()
zv-ae-1	error	AuditEvent.entity.detail	At least 1 detail with name 'X-Request-Id' containing the associated HTTP Header value must exist. : type='X-Request-Id'