Uzbekistan Digital Health Platform
0.5.0 - ci-build Uzbekistan flag

Uzbekistan Digital Health Platform, published by Ministry of Health of the Republic of Uzbekistan. This guide is not an authorized publication; it is the continuous build for version 0.5.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/uzinfocom-org/digital-health-ig/ and changes regularly. See the Directory of published versions

Resource Profile: UZ Core Provenance ( Experimental )

Official URL: https://dhp.uz/fhir/core/StructureDefinition/uz-core-provenance Version: 0.5.0
Active as of 2025-03-13 Computable Name: UZCoreProvenance

Uzbekistan Core Provenance profile, used to digitally sign documents via oneID

UZ Core Provenance records the origin, authorship and signature of a clinical record on the Digital Health Platform. Every clinically significant record should have a Provenance saying who recorded it and when; for signed documents it carries the digital signature - obtained when the practitioner authenticates via oneID in a DHP-hosted iframe - and references the signed resource. Your system writes the Provenance alongside the data it submits - both to record who authored the record and, for signed documents, to carry the signature.

Mandatory and Must Support data elements

The elements below must always be present (mandatory) or must be supported when the data is available (Must Support) - not all are required, but your system must populate each Must Support element when it has the data and process it on receipt. This is the human-readable summary; the formal views below give the exact cardinalities, types, and terminology bindings.

Each UZ Core Provenance Must Have

This profile adds no mandatory cardinality of its own. The required elements are the ones inherited from the base resource: at least one target (the resource this Provenance describes) and at least one agent with a who (the actor responsible). Here the target is constrained to a DocumentReference or Medication, and the agent's who to a PractitionerRole.

Each UZ Core Provenance Must Support

  • the target - the record this Provenance is about;
  • the occurredDateTime - when the activity took place;
  • the activity that was performed (required binding);
  • the patient the activity involved;
  • an agent with its type (the participation role, required binding) and who (a PractitionerRole);
  • an entity with its role (required binding) and what it points to;
  • a signature carrying its type (required binding), when it was made, who signed (a PractitionerRole), the sigFormat and the signature data.

For signed documents, the signature blob lives in signature.data; target references the document that was signed.

Building the JSON, step by step

You build a Provenance when you submit clinically significant data - to record who authored it and, for signed documents, to carry the signature. The examples below go from the smallest record the server will accept to a fully signed document event. Copy one and adapt it - every value shown validates against this profile. The full reference instance is the example Provenance.

The smallest Provenance you should send

A Provenance needs at least one target (the record it is about) and at least one agent with a who (the actor responsible). Here target is constrained to a DocumentReference or Medication, and agent.who to a PractitionerRole. Both target and agent.who are plain References. In practice you also send occurredDateTime (when the activity happened), the activity performed, and the patient it involved:

{
  "resourceType": "Provenance",
  "meta": { "profile": ["https://dhp.uz/fhir/core/StructureDefinition/uz-core-provenance"] },
  "target": [
    { "reference": "DocumentReference/example-pdf-document" }
  ],
  "occurredDateTime": "2025-02-05T12:58:00+05:00",
  "activity": {
    "coding": [{ "system": "http://terminology.hl7.org/CodeSystem/v3-DocumentCompletion", "code": "LA" }]
  },
  "patient": { "reference": "Patient/example-patient" },
  "agent": [
    {
      "type": {
        "coding": [{ "system": "http://terminology.hl7.org/CodeSystem/provenance-participant-type", "code": "author" }]
      },
      "who": { "reference": "PractitionerRole/example-practitionerrole" }
    }
  ]
}

activity and agent.type each use a required binding - the value must come from the bound value set (the Snapshot view below lists each one). agent.who must reference a PractitionerRole.

Adding the digital signature

The reason this profile exists is to carry the digital signature the platform returns after the practitioner authenticates via oneID in a DHP-hosted iframe. Add a signature entry: its type says how it was made (required binding), when is the moment it was applied, who references the same PractitionerRole, sigFormat is the media type of the blob, and data is the base64-encoded signature itself:

{
  "resourceType": "Provenance",
  "meta": { "profile": ["https://dhp.uz/fhir/core/StructureDefinition/uz-core-provenance"] },
  "target": [
    { "reference": "DocumentReference/example-pdf-document" }
  ],
  "occurredDateTime": "2025-02-05T12:58:00+05:00",
  "activity": {
    "coding": [{ "system": "http://terminology.hl7.org/CodeSystem/v3-DocumentCompletion", "code": "LA" }]
  },
  "patient": { "reference": "Patient/example-patient" },
  "agent": [
    {
      "type": {
        "coding": [{ "system": "http://terminology.hl7.org/CodeSystem/provenance-participant-type", "code": "author" }]
      },
      "who": { "reference": "PractitionerRole/example-practitionerrole" }
    }
  ],
  "signature": [
    {
      "type": [
        { "system": "https://terminology.dhp.uz/fhir/core/CodeSystem/signature-type-cs", "code": "biometricAuth" }
      ],
      "when": "2025-02-05T12:58:00+05:00",
      "who": { "reference": "PractitionerRole/example-practitionerrole" },
      "sigFormat": "application/signature+xml",
      "data": "dGhpcyBibG9iIGlzIHNuaXBwZWQ="
    }
  ]
}

target here references the DocumentReference that was signed. The data value is the base64 signature blob (truncated above); send the full blob in production.

For example API calls and a sample payload, see the Quick Start at the bottom of this page.

Usages:

You can also check for usages in the FHIR IG Statistics

Formal Views of Profile Content

Description Differentials, Snapshots, and other representations.

NameFlagsCard.TypeDescription & Constraints    Filter: Filtersdoco
.. Provenance 0..* Provenance(5.0.0) Who, What, When for a set of resources
... implicitRules ?!Σ 0..1 uri A set of rules under which this content was created
... contained 0..* Resource Contained, inline Resources
... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored
Constraints: ext-1
... Slices for occurred[x] 0..1 When the activity occurred
Slice: Unordered, Open by type:$this
.... occurredPeriod Period
.... occurredDateTime dateTime
.... occurred[x]:occurredDateTime S 0..1 dateTime When the activity occurred
... activity S 0..1 CodeableConcept Activity that occurred
Binding: ProvenanceActivityTypesVS (0.5.0) (required)
... patient S 0..1 Reference(Patient) The patient is the subject of the data created/updated (.target) by the activity
... agent SΣC 1..* BackboneElement Actor involved
Constraints: prov-1, prov-2, prov-3
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
Constraints: ext-1
.... type SΣ 0..1 CodeableConcept How the agent participated
Binding: ProvenanceParticipationRoleTypeVS (0.5.0) (required)
.... who SΣC 1..1 Reference(UZ Core PractitionerRole(0.5.0)) The agent that participated in the event
.... onBehalfOf C 0..1 Reference(Practitioner | PractitionerRole | Organization | CareTeam | Patient) The agent that delegated
... entity SΣ 0..* BackboneElement An entity used in this activity
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
Constraints: ext-1
.... role SΣ 1..1 code revision | quotation | source | instantiates | removal
Binding: ProvenanceEntityRoleVS (0.5.0) (required)
.... what SΣ 1..1 Reference(Resource) Identity of entity
... signature S 0..* Signature Signature on target
.... type SΣ 0..* Coding Indication of the reason the entity signed the object(s)
Binding: SignatureTypeVS (0.5.0) (required)
.... when SΣ 0..1 instant When the signature was created
.... who SΣ 0..1 Reference(UZ Core PractitionerRole(0.5.0)) Who signed
.... sigFormat S 0..1 code The technical format of the signature
Binding: MimeTypes (required): BCP 13 (RFCs 2045, 2046, 2047, 4288, 4289 and 2049)
.... data S 0..1 base64Binary The actual signature content (XML DigSig. JWS, picture, etc.)

doco Documentation for this format

Terminology Bindings

Path Status Usage ValueSet Version Source
Provenance.activity Base required Provenance Activity Types 📍0.5.0 This IG
Provenance.agent.type Base required Provenance Participation Role Type 📍0.5.0 This IG
Provenance.entity.role Base required Provenance Entity Role 📍0.5.0 This IG
Provenance.signature.​type Base required Signature Type 📍0.5.0 This IG
Provenance.signature.​sigFormat Base required Mime Types 📍5.0.0 FHIR Std.

Constraints

Id Grade Path(s) Description Expression
dom-2 error Provenance If the resource is contained in another resource, it SHALL NOT contain nested Resources contained.contained.empty()
dom-3 error Provenance If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().ofType(canonical) | %resource.descendants().ofType(uri) | %resource.descendants().ofType(url))) or descendants().where(reference = '#').exists() or descendants().where(ofType(canonical) = '#').exists() or descendants().where(ofType(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
dom-4 error Provenance If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5 error Provenance If a resource is contained in another resource, it SHALL NOT have a security label contained.meta.security.empty()
dom-6 best practice Provenance A resource should have narrative for robust management text.`div`.exists()
ele-1 error Provenance.implicitRules, Provenance.modifierExtension, Provenance.target, Provenance.occurred[x], Provenance.occurred[x]:occurredDateTime, Provenance.activity, Provenance.patient, Provenance.agent, Provenance.agent.modifierExtension, Provenance.agent.type, Provenance.agent.who, Provenance.agent.onBehalfOf, Provenance.entity, Provenance.entity.modifierExtension, Provenance.entity.role, Provenance.entity.what, Provenance.signature, Provenance.signature.type, Provenance.signature.when, Provenance.signature.who, Provenance.signature.sigFormat, Provenance.signature.data All FHIR elements must have a @value or children hasValue() or (children().count() > id.count())
ext-1 error Provenance.modifierExtension, Provenance.agent.modifierExtension, Provenance.entity.modifierExtension Must have either extensions or value[x], not both extension.exists() != value.exists()
prov-1 error Provenance.agent Who and onBehalfOf cannot be the same who.resolve().exists() and onBehalfOf.resolve().exists() implies who.resolve() != onBehalfOf.resolve()
prov-2 error Provenance.agent If who is a PractitionerRole, onBehalfOf can't reference the same Practitioner who.resolve().ofType(PractitionerRole).practitioner.resolve().exists() and onBehalfOf.resolve().ofType(Practitioner).exists() implies who.resolve().practitioner.resolve() != onBehalfOf.resolve()
prov-3 error Provenance.agent If who is an organization, onBehalfOf can't be a PractitionerRole within that organization who.resolve().ofType(Organization).exists() and onBehalfOf.resolve().ofType(PractitionerRole).organization.resolve().exists() implies who.resolve() != onBehalfOf.resolve().organization.resolve()

NameFlagsCard.TypeDescription & Constraints    Filter: Filtersdoco
.. Provenance 0..* Provenance(5.0.0) Who, What, When for a set of resources
... target S 1..* Reference(Medication | DocumentReference) Target Reference(s) (usually version specific)
... Slices for occurred[x] 0..1 Period, dateTime When the activity occurred
Slice: Unordered, Open by type:$this
.... occurred[x]:occurredDateTime S 0..1 dateTime When the activity occurred
... activity S 0..1 CodeableConcept Activity that occurred
Binding: ProvenanceActivityTypesVS (0.5.0) (required)
... agent S 1..* BackboneElement Actor involved
.... type S 0..1 CodeableConcept How the agent participated
Binding: ProvenanceParticipationRoleTypeVS (0.5.0) (required)
.... who S 1..1 Reference(UZ Core PractitionerRole(0.5.0)) The agent that participated in the event
... entity S 0..* BackboneElement An entity used in this activity
.... role S 1..1 code revision | quotation | source | instantiates | removal
Binding: ProvenanceEntityRoleVS (0.5.0) (required)
.... what S 1..1 Reference(Resource) Identity of entity
... signature S 0..* Signature Signature on target
.... type S 0..* Coding Indication of the reason the entity signed the object(s)
Binding: SignatureTypeVS (0.5.0) (required)
.... when S 0..1 instant When the signature was created
.... who S 0..1 Reference(UZ Core PractitionerRole(0.5.0)) Who signed
.... sigFormat S 0..1 code The technical format of the signature
.... data S 0..1 base64Binary The actual signature content (XML DigSig. JWS, picture, etc.)

doco Documentation for this format

Terminology Bindings (Differential)

Path Status Usage ValueSet Version Source
Provenance.activity Base required Provenance Activity Types 📍0.5.0 This IG
Provenance.agent.type Base required Provenance Participation Role Type 📍0.5.0 This IG
Provenance.entity.role Base required Provenance Entity Role 📍0.5.0 This IG
Provenance.signature.​type Base required Signature Type 📍0.5.0 This IG
NameFlagsCard.TypeDescription & Constraints    Filter: Filtersdoco
.. Provenance 0..* Provenance(5.0.0) Who, What, When for a set of resources
... id Σ 0..1 id Logical id of this artifact
... meta Σ 0..1 Meta Metadata about the resource
... implicitRules ?!Σ 0..1 uri A set of rules under which this content was created
... text 0..1 Narrative Text summary of the resource, for human interpretation
This profile does not constrain the narrative in regard to content, language, or traceability to data elements
... contained 0..* Resource Contained, inline Resources
... extension 0..* Extension Additional content defined by implementations
Constraints: ext-1
... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored
Constraints: ext-1
... target SΣ 1..* Reference(Medication | DocumentReference) Target Reference(s) (usually version specific)
... Slices for occurred[x] 0..1 When the activity occurred
Slice: Unordered, Open by type:$this
.... occurredPeriod Period
.... occurredDateTime dateTime
.... occurred[x]:occurredDateTime S 0..1 dateTime When the activity occurred
... recorded Σ 0..1 instant When the activity was recorded / updated
... policy 0..* uri Policy or plan the activity was defined by
... location 0..1 Reference(Location) Where the activity occurred, if relevant
... authorization 0..* CodeableReference() Authorization (purposeOfUse) related to the event
Binding: PurposeOfUse (3.1.0) (example): The authorized purposeOfUse for the activity.
... activity S 0..1 CodeableConcept Activity that occurred
Binding: ProvenanceActivityTypesVS (0.5.0) (required)
... basedOn 0..* Reference(CarePlan | DeviceRequest | ImmunizationRecommendation | MedicationRequest | NutritionOrder | ServiceRequest | Task) Workflow authorization within which this event occurred
... patient S 0..1 Reference(Patient) The patient is the subject of the data created/updated (.target) by the activity
... encounter 0..1 Reference(Encounter) Encounter within which this event occurred or which the event is tightly associated
... agent SΣC 1..* BackboneElement Actor involved
Constraints: prov-1, prov-2, prov-3
.... id 0..1 string Unique id for inter-element referencing
.... extension 0..* Extension Additional content defined by implementations
Constraints: ext-1
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
Constraints: ext-1
.... type SΣ 0..1 CodeableConcept How the agent participated
Binding: ProvenanceParticipationRoleTypeVS (0.5.0) (required)
.... role 0..* CodeableConcept What the agents role was
Binding: SecurityRoleType (example): The role that a provenance agent played with respect to the activity.
.... who SΣC 1..1 Reference(UZ Core PractitionerRole(0.5.0)) The agent that participated in the event
.... onBehalfOf C 0..1 Reference(Practitioner | PractitionerRole | Organization | CareTeam | Patient) The agent that delegated
... entity SΣ 0..* BackboneElement An entity used in this activity
.... id 0..1 string Unique id for inter-element referencing
.... extension 0..* Extension Additional content defined by implementations
Constraints: ext-1
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
Constraints: ext-1
.... role SΣ 1..1 code revision | quotation | source | instantiates | removal
Binding: ProvenanceEntityRoleVS (0.5.0) (required)
.... what SΣ 1..1 Reference(Resource) Identity of entity
.... agent 0..* See agent (Provenance) Entity is attributed to this agent
... signature S 0..* Signature Signature on target
.... id 0..1 id Unique id for inter-element referencing
.... extension 0..* Extension Additional content defined by implementations
Slice: Unordered, Open by value:url
Constraints: ext-1
.... type SΣ 0..* Coding Indication of the reason the entity signed the object(s)
Binding: SignatureTypeVS (0.5.0) (required)
.... when SΣ 0..1 instant When the signature was created
.... who SΣ 0..1 Reference(UZ Core PractitionerRole(0.5.0)) Who signed
.... onBehalfOf Σ 0..1 Reference(Practitioner | PractitionerRole | RelatedPerson | Patient | Device | Organization) The party represented
.... targetFormat 0..1 code The technical format of the signed resources
Binding: MimeTypes (required): BCP 13 (RFCs 2045, 2046, 2047, 4288, 4289 and 2049)
.... sigFormat S 0..1 code The technical format of the signature
Binding: MimeTypes (required): BCP 13 (RFCs 2045, 2046, 2047, 4288, 4289 and 2049)
.... data S 0..1 base64Binary The actual signature content (XML DigSig. JWS, picture, etc.)

doco Documentation for this format

Terminology Bindings

Path Status Usage ValueSet Version Source
Provenance.language Base required All Languages 📍5.0.0 FHIR Std.
Provenance.authorization Base example PurposeOfUse 📍3.1.0 THO v7.1
Provenance.activity Base required Provenance Activity Types 📍0.5.0 This IG
Provenance.agent.type Base required Provenance Participation Role Type 📍0.5.0 This IG
Provenance.agent.role Base example Security Role Type 📍5.0.0 FHIR Std.
Provenance.entity.role Base required Provenance Entity Role 📍0.5.0 This IG
Provenance.signature.​type Base required Signature Type 📍0.5.0 This IG
Provenance.signature.​targetFormat Base required Mime Types 📍5.0.0 FHIR Std.
Provenance.signature.​sigFormat Base required Mime Types 📍5.0.0 FHIR Std.

Constraints

Id Grade Path(s) Description Expression
dom-2 error Provenance If the resource is contained in another resource, it SHALL NOT contain nested Resources contained.contained.empty()
dom-3 error Provenance If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().ofType(canonical) | %resource.descendants().ofType(uri) | %resource.descendants().ofType(url))) or descendants().where(reference = '#').exists() or descendants().where(ofType(canonical) = '#').exists() or descendants().where(ofType(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
dom-4 error Provenance If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5 error Provenance If a resource is contained in another resource, it SHALL NOT have a security label contained.meta.security.empty()
dom-6 best practice Provenance A resource should have narrative for robust management text.`div`.exists()
ele-1 error Provenance.meta, Provenance.implicitRules, Provenance.language, Provenance.text, Provenance.extension, Provenance.modifierExtension, Provenance.target, Provenance.occurred[x], Provenance.occurred[x]:occurredDateTime, Provenance.recorded, Provenance.policy, Provenance.location, Provenance.authorization, Provenance.activity, Provenance.basedOn, Provenance.patient, Provenance.encounter, Provenance.agent, Provenance.agent.extension, Provenance.agent.modifierExtension, Provenance.agent.type, Provenance.agent.role, Provenance.agent.who, Provenance.agent.onBehalfOf, Provenance.entity, Provenance.entity.extension, Provenance.entity.modifierExtension, Provenance.entity.role, Provenance.entity.what, Provenance.entity.agent, Provenance.signature, Provenance.signature.extension, Provenance.signature.type, Provenance.signature.when, Provenance.signature.who, Provenance.signature.onBehalfOf, Provenance.signature.targetFormat, Provenance.signature.sigFormat, Provenance.signature.data All FHIR elements must have a @value or children hasValue() or (children().count() > id.count())
ext-1 error Provenance.extension, Provenance.modifierExtension, Provenance.agent.extension, Provenance.agent.modifierExtension, Provenance.entity.extension, Provenance.entity.modifierExtension, Provenance.signature.extension Must have either extensions or value[x], not both extension.exists() != value.exists()
prov-1 error Provenance.agent Who and onBehalfOf cannot be the same who.resolve().exists() and onBehalfOf.resolve().exists() implies who.resolve() != onBehalfOf.resolve()
prov-2 error Provenance.agent If who is a PractitionerRole, onBehalfOf can't reference the same Practitioner who.resolve().ofType(PractitionerRole).practitioner.resolve().exists() and onBehalfOf.resolve().ofType(Practitioner).exists() implies who.resolve().practitioner.resolve() != onBehalfOf.resolve()
prov-3 error Provenance.agent If who is an organization, onBehalfOf can't be a PractitionerRole within that organization who.resolve().ofType(Organization).exists() and onBehalfOf.resolve().ofType(PractitionerRole).organization.resolve().exists() implies who.resolve() != onBehalfOf.resolve().organization.resolve()

Summary

Must-Support: 16 elements

Structures

This structure refers to these other structures:

Slices

This structure defines the following Slices:

  • The element 1 is sliced based on the value of Provenance.occurred[x]

Key Elements View

NameFlagsCard.TypeDescription & Constraints    Filter: Filtersdoco
.. Provenance 0..* Provenance(5.0.0) Who, What, When for a set of resources
... implicitRules ?!Σ 0..1 uri A set of rules under which this content was created
... contained 0..* Resource Contained, inline Resources
... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored
Constraints: ext-1
... Slices for occurred[x] 0..1 When the activity occurred
Slice: Unordered, Open by type:$this
.... occurredPeriod Period
.... occurredDateTime dateTime
.... occurred[x]:occurredDateTime S 0..1 dateTime When the activity occurred
... activity S 0..1 CodeableConcept Activity that occurred
Binding: ProvenanceActivityTypesVS (0.5.0) (required)
... patient S 0..1 Reference(Patient) The patient is the subject of the data created/updated (.target) by the activity
... agent SΣC 1..* BackboneElement Actor involved
Constraints: prov-1, prov-2, prov-3
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
Constraints: ext-1
.... type SΣ 0..1 CodeableConcept How the agent participated
Binding: ProvenanceParticipationRoleTypeVS (0.5.0) (required)
.... who SΣC 1..1 Reference(UZ Core PractitionerRole(0.5.0)) The agent that participated in the event
.... onBehalfOf C 0..1 Reference(Practitioner | PractitionerRole | Organization | CareTeam | Patient) The agent that delegated
... entity SΣ 0..* BackboneElement An entity used in this activity
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
Constraints: ext-1
.... role SΣ 1..1 code revision | quotation | source | instantiates | removal
Binding: ProvenanceEntityRoleVS (0.5.0) (required)
.... what SΣ 1..1 Reference(Resource) Identity of entity
... signature S 0..* Signature Signature on target
.... type SΣ 0..* Coding Indication of the reason the entity signed the object(s)
Binding: SignatureTypeVS (0.5.0) (required)
.... when SΣ 0..1 instant When the signature was created
.... who SΣ 0..1 Reference(UZ Core PractitionerRole(0.5.0)) Who signed
.... sigFormat S 0..1 code The technical format of the signature
Binding: MimeTypes (required): BCP 13 (RFCs 2045, 2046, 2047, 4288, 4289 and 2049)
.... data S 0..1 base64Binary The actual signature content (XML DigSig. JWS, picture, etc.)

doco Documentation for this format

Terminology Bindings

Path Status Usage ValueSet Version Source
Provenance.activity Base required Provenance Activity Types 📍0.5.0 This IG
Provenance.agent.type Base required Provenance Participation Role Type 📍0.5.0 This IG
Provenance.entity.role Base required Provenance Entity Role 📍0.5.0 This IG
Provenance.signature.​type Base required Signature Type 📍0.5.0 This IG
Provenance.signature.​sigFormat Base required Mime Types 📍5.0.0 FHIR Std.

Constraints

Id Grade Path(s) Description Expression
dom-2 error Provenance If the resource is contained in another resource, it SHALL NOT contain nested Resources contained.contained.empty()
dom-3 error Provenance If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().ofType(canonical) | %resource.descendants().ofType(uri) | %resource.descendants().ofType(url))) or descendants().where(reference = '#').exists() or descendants().where(ofType(canonical) = '#').exists() or descendants().where(ofType(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
dom-4 error Provenance If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5 error Provenance If a resource is contained in another resource, it SHALL NOT have a security label contained.meta.security.empty()
dom-6 best practice Provenance A resource should have narrative for robust management text.`div`.exists()
ele-1 error Provenance.implicitRules, Provenance.modifierExtension, Provenance.target, Provenance.occurred[x], Provenance.occurred[x]:occurredDateTime, Provenance.activity, Provenance.patient, Provenance.agent, Provenance.agent.modifierExtension, Provenance.agent.type, Provenance.agent.who, Provenance.agent.onBehalfOf, Provenance.entity, Provenance.entity.modifierExtension, Provenance.entity.role, Provenance.entity.what, Provenance.signature, Provenance.signature.type, Provenance.signature.when, Provenance.signature.who, Provenance.signature.sigFormat, Provenance.signature.data All FHIR elements must have a @value or children hasValue() or (children().count() > id.count())
ext-1 error Provenance.modifierExtension, Provenance.agent.modifierExtension, Provenance.entity.modifierExtension Must have either extensions or value[x], not both extension.exists() != value.exists()
prov-1 error Provenance.agent Who and onBehalfOf cannot be the same who.resolve().exists() and onBehalfOf.resolve().exists() implies who.resolve() != onBehalfOf.resolve()
prov-2 error Provenance.agent If who is a PractitionerRole, onBehalfOf can't reference the same Practitioner who.resolve().ofType(PractitionerRole).practitioner.resolve().exists() and onBehalfOf.resolve().ofType(Practitioner).exists() implies who.resolve().practitioner.resolve() != onBehalfOf.resolve()
prov-3 error Provenance.agent If who is an organization, onBehalfOf can't be a PractitionerRole within that organization who.resolve().ofType(Organization).exists() and onBehalfOf.resolve().ofType(PractitionerRole).organization.resolve().exists() implies who.resolve() != onBehalfOf.resolve().organization.resolve()

Differential View

NameFlagsCard.TypeDescription & Constraints    Filter: Filtersdoco
.. Provenance 0..* Provenance(5.0.0) Who, What, When for a set of resources
... target S 1..* Reference(Medication | DocumentReference) Target Reference(s) (usually version specific)
... Slices for occurred[x] 0..1 Period, dateTime When the activity occurred
Slice: Unordered, Open by type:$this
.... occurred[x]:occurredDateTime S 0..1 dateTime When the activity occurred
... activity S 0..1 CodeableConcept Activity that occurred
Binding: ProvenanceActivityTypesVS (0.5.0) (required)
... agent S 1..* BackboneElement Actor involved
.... type S 0..1 CodeableConcept How the agent participated
Binding: ProvenanceParticipationRoleTypeVS (0.5.0) (required)
.... who S 1..1 Reference(UZ Core PractitionerRole(0.5.0)) The agent that participated in the event
... entity S 0..* BackboneElement An entity used in this activity
.... role S 1..1 code revision | quotation | source | instantiates | removal
Binding: ProvenanceEntityRoleVS (0.5.0) (required)
.... what S 1..1 Reference(Resource) Identity of entity
... signature S 0..* Signature Signature on target
.... type S 0..* Coding Indication of the reason the entity signed the object(s)
Binding: SignatureTypeVS (0.5.0) (required)
.... when S 0..1 instant When the signature was created
.... who S 0..1 Reference(UZ Core PractitionerRole(0.5.0)) Who signed
.... sigFormat S 0..1 code The technical format of the signature
.... data S 0..1 base64Binary The actual signature content (XML DigSig. JWS, picture, etc.)

doco Documentation for this format

Terminology Bindings (Differential)

Path Status Usage ValueSet Version Source
Provenance.activity Base required Provenance Activity Types 📍0.5.0 This IG
Provenance.agent.type Base required Provenance Participation Role Type 📍0.5.0 This IG
Provenance.entity.role Base required Provenance Entity Role 📍0.5.0 This IG
Provenance.signature.​type Base required Signature Type 📍0.5.0 This IG

Snapshot ViewView

NameFlagsCard.TypeDescription & Constraints    Filter: Filtersdoco
.. Provenance 0..* Provenance(5.0.0) Who, What, When for a set of resources
... id Σ 0..1 id Logical id of this artifact
... meta Σ 0..1 Meta Metadata about the resource
... implicitRules ?!Σ 0..1 uri A set of rules under which this content was created
... text 0..1 Narrative Text summary of the resource, for human interpretation
This profile does not constrain the narrative in regard to content, language, or traceability to data elements
... contained 0..* Resource Contained, inline Resources
... extension 0..* Extension Additional content defined by implementations
Constraints: ext-1
... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored
Constraints: ext-1
... target SΣ 1..* Reference(Medication | DocumentReference) Target Reference(s) (usually version specific)
... Slices for occurred[x] 0..1 When the activity occurred
Slice: Unordered, Open by type:$this
.... occurredPeriod Period
.... occurredDateTime dateTime
.... occurred[x]:occurredDateTime S 0..1 dateTime When the activity occurred
... recorded Σ 0..1 instant When the activity was recorded / updated
... policy 0..* uri Policy or plan the activity was defined by
... location 0..1 Reference(Location) Where the activity occurred, if relevant
... authorization 0..* CodeableReference() Authorization (purposeOfUse) related to the event
Binding: PurposeOfUse (3.1.0) (example): The authorized purposeOfUse for the activity.
... activity S 0..1 CodeableConcept Activity that occurred
Binding: ProvenanceActivityTypesVS (0.5.0) (required)
... basedOn 0..* Reference(CarePlan | DeviceRequest | ImmunizationRecommendation | MedicationRequest | NutritionOrder | ServiceRequest | Task) Workflow authorization within which this event occurred
... patient S 0..1 Reference(Patient) The patient is the subject of the data created/updated (.target) by the activity
... encounter 0..1 Reference(Encounter) Encounter within which this event occurred or which the event is tightly associated
... agent SΣC 1..* BackboneElement Actor involved
Constraints: prov-1, prov-2, prov-3
.... id 0..1 string Unique id for inter-element referencing
.... extension 0..* Extension Additional content defined by implementations
Constraints: ext-1
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
Constraints: ext-1
.... type SΣ 0..1 CodeableConcept How the agent participated
Binding: ProvenanceParticipationRoleTypeVS (0.5.0) (required)
.... role 0..* CodeableConcept What the agents role was
Binding: SecurityRoleType (example): The role that a provenance agent played with respect to the activity.
.... who SΣC 1..1 Reference(UZ Core PractitionerRole(0.5.0)) The agent that participated in the event
.... onBehalfOf C 0..1 Reference(Practitioner | PractitionerRole | Organization | CareTeam | Patient) The agent that delegated
... entity SΣ 0..* BackboneElement An entity used in this activity
.... id 0..1 string Unique id for inter-element referencing
.... extension 0..* Extension Additional content defined by implementations
Constraints: ext-1
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
Constraints: ext-1
.... role SΣ 1..1 code revision | quotation | source | instantiates | removal
Binding: ProvenanceEntityRoleVS (0.5.0) (required)
.... what SΣ 1..1 Reference(Resource) Identity of entity
.... agent 0..* See agent (Provenance) Entity is attributed to this agent
... signature S 0..* Signature Signature on target
.... id 0..1 id Unique id for inter-element referencing
.... extension 0..* Extension Additional content defined by implementations
Slice: Unordered, Open by value:url
Constraints: ext-1
.... type SΣ 0..* Coding Indication of the reason the entity signed the object(s)
Binding: SignatureTypeVS (0.5.0) (required)
.... when SΣ 0..1 instant When the signature was created
.... who SΣ 0..1 Reference(UZ Core PractitionerRole(0.5.0)) Who signed
.... onBehalfOf Σ 0..1 Reference(Practitioner | PractitionerRole | RelatedPerson | Patient | Device | Organization) The party represented
.... targetFormat 0..1 code The technical format of the signed resources
Binding: MimeTypes (required): BCP 13 (RFCs 2045, 2046, 2047, 4288, 4289 and 2049)
.... sigFormat S 0..1 code The technical format of the signature
Binding: MimeTypes (required): BCP 13 (RFCs 2045, 2046, 2047, 4288, 4289 and 2049)
.... data S 0..1 base64Binary The actual signature content (XML DigSig. JWS, picture, etc.)

doco Documentation for this format

Terminology Bindings

Path Status Usage ValueSet Version Source
Provenance.language Base required All Languages 📍5.0.0 FHIR Std.
Provenance.authorization Base example PurposeOfUse 📍3.1.0 THO v7.1
Provenance.activity Base required Provenance Activity Types 📍0.5.0 This IG
Provenance.agent.type Base required Provenance Participation Role Type 📍0.5.0 This IG
Provenance.agent.role Base example Security Role Type 📍5.0.0 FHIR Std.
Provenance.entity.role Base required Provenance Entity Role 📍0.5.0 This IG
Provenance.signature.​type Base required Signature Type 📍0.5.0 This IG
Provenance.signature.​targetFormat Base required Mime Types 📍5.0.0 FHIR Std.
Provenance.signature.​sigFormat Base required Mime Types 📍5.0.0 FHIR Std.

Constraints

Id Grade Path(s) Description Expression
dom-2 error Provenance If the resource is contained in another resource, it SHALL NOT contain nested Resources contained.contained.empty()
dom-3 error Provenance If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().ofType(canonical) | %resource.descendants().ofType(uri) | %resource.descendants().ofType(url))) or descendants().where(reference = '#').exists() or descendants().where(ofType(canonical) = '#').exists() or descendants().where(ofType(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
dom-4 error Provenance If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5 error Provenance If a resource is contained in another resource, it SHALL NOT have a security label contained.meta.security.empty()
dom-6 best practice Provenance A resource should have narrative for robust management text.`div`.exists()
ele-1 error Provenance.meta, Provenance.implicitRules, Provenance.language, Provenance.text, Provenance.extension, Provenance.modifierExtension, Provenance.target, Provenance.occurred[x], Provenance.occurred[x]:occurredDateTime, Provenance.recorded, Provenance.policy, Provenance.location, Provenance.authorization, Provenance.activity, Provenance.basedOn, Provenance.patient, Provenance.encounter, Provenance.agent, Provenance.agent.extension, Provenance.agent.modifierExtension, Provenance.agent.type, Provenance.agent.role, Provenance.agent.who, Provenance.agent.onBehalfOf, Provenance.entity, Provenance.entity.extension, Provenance.entity.modifierExtension, Provenance.entity.role, Provenance.entity.what, Provenance.entity.agent, Provenance.signature, Provenance.signature.extension, Provenance.signature.type, Provenance.signature.when, Provenance.signature.who, Provenance.signature.onBehalfOf, Provenance.signature.targetFormat, Provenance.signature.sigFormat, Provenance.signature.data All FHIR elements must have a @value or children hasValue() or (children().count() > id.count())
ext-1 error Provenance.extension, Provenance.modifierExtension, Provenance.agent.extension, Provenance.agent.modifierExtension, Provenance.entity.extension, Provenance.entity.modifierExtension, Provenance.signature.extension Must have either extensions or value[x], not both extension.exists() != value.exists()
prov-1 error Provenance.agent Who and onBehalfOf cannot be the same who.resolve().exists() and onBehalfOf.resolve().exists() implies who.resolve() != onBehalfOf.resolve()
prov-2 error Provenance.agent If who is a PractitionerRole, onBehalfOf can't reference the same Practitioner who.resolve().ofType(PractitionerRole).practitioner.resolve().exists() and onBehalfOf.resolve().ofType(Practitioner).exists() implies who.resolve().practitioner.resolve() != onBehalfOf.resolve()
prov-3 error Provenance.agent If who is an organization, onBehalfOf can't be a PractitionerRole within that organization who.resolve().ofType(Organization).exists() and onBehalfOf.resolve().ofType(PractitionerRole).organization.resolve().exists() implies who.resolve() != onBehalfOf.resolve().organization.resolve()

Summary

Must-Support: 16 elements

Structures

This structure refers to these other structures:

Slices

This structure defines the following Slices:

  • The element 1 is sliced based on the value of Provenance.occurred[x]

 

Other representations of profile: CSV, Excel, Schematron

Quick Start

Common API interactions for this profile. Requests require a JWT access token - see Security and authentication. [base] is the FHIR server base URL; | separates a code system from its value and must be URL-encoded as %7C.

Provenance is generally written by the originating system alongside the data it describes, so most clients read it by following the record's target rather than creating it directly.

Read by server id

GET [base]/Provenance/[id]

Find the provenance of a record, or a patient's signed records

GET [base]/Provenance?target=DocumentReference/[id]
GET [base]/Provenance?patient=Patient/[id]
GET [base]/Provenance?patient=Patient/[id]&agent=PractitionerRole/[id]
GET [base]/Provenance?patient=Patient/[id]&when=ge2025-01-01
GET [base]/Provenance?entity=DocumentReference/[id]

To retrieve a record together with its provenance in one call, use a reverse include, for example GET [base]/DocumentReference?_id=[id]&_revinclude=Provenance:target.

See the CapabilityStatement for the full list of supported search parameters.