HL7 Electronic Health Record System Functional Model, Release 2.1.1
2.1.1 - International flag

HL7 Electronic Health Record System Functional Model, Release 2.1.1, published by HL7 International / Electronic Health Records. This guide is not an authorized publication; it is the continuous build for version 2.1.1 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/mvdzel/ehrsfm-fhir-r5/ and changes regularly. See the Directory of published versions

Requirements: TI.2.1.2.7 User Attempts to Access Data (Unsuccessful – Access Denied) Security Audit Trigger (Function)

Official URL: http://hl7.org/ehrs/uv/ehrsfmr2/Requirements/EHRSFMR2-TI.2.1.2.7 Version: 2.1.1
Standards status: Normative Active as of 2025-10-31 Computable Name: TI_2_1_2_7_User_Attempts_to_Access_Data__Unsuccessful___Access_Denied__Security_Audit_Trigger

Manage Audit Trigger initiated to track user attempts to access data (unsuccessful – access denied).

Statement N:

Manage Audit Trigger initiated to track user attempts to access data (unsuccessful – access denied).

Description I:

Capture user attempts to access data (unsuccessful – access denied), both routine and exceptional, including key metadata (who, what, when, where, why).

Criteria N:
TI.2.1.2.7#01
SHALL

The system SHALL audit each occurrence when user access is unsuccessful (denied).
TI.2.1.2.7#02
SHALL

The system SHALL capture identity of the organization.
TI.2.1.2.7#03
 conditional
SHALL

IF known, THEN the system SHALL capture identity of the user.
TI.2.1.2.7#04
SHALL

The system SHALL capture identity of the system.
TI.2.1.2.7#05
SHALL

The system SHALL capture the event initiating audit trigger.
TI.2.1.2.7#06
SHALL

The system SHALL capture the date and time of the event initiating audit trigger.
TI.2.1.2.7#07
SHALL

The system SHALL capture identity of the location (i.e., network address).