Skip to main content

AuditEvent

PropertyValue
Publisher
NameAuditEvent
URLhttp://hl7.org/fhir/StructureDefinition/AuditEvent
Statusdraft
Description
Abstractfalse

Structure

PathCardinalityTypeDescription
AuditEvent0..*AuditEventA record of an event made for purposes of maintaining a security log. Typical uses include detection of intrusion attempts and monitoring for inappropriate usage.
AuditEvent.id0..1http://hl7.org/fhirpath/System.StringThe logical id of the resource, as used in the URL for the resource. Once assigned, this value never changes.
AuditEvent.meta0..1MetaThe metadata about the resource. This is content that is maintained by the infrastructure. Changes to the content might not always be associated with version changes to the resource.
AuditEvent.implicitRules0..1uriA reference to a set of rules that were followed when the resource was constructed, and which must be understood when processing the content. Often, this is a reference to an implementation guide that defines the special rules along with other profiles etc.
AuditEvent.language0..1codeThe base language in which the resource is written.
AuditEvent.text0..1NarrativeA human-readable narrative that contains a summary of the resource and can be used to represent the content of the resource to a human. The narrative need not encode all the structured data, but is required to contain sufficient detail to make it "clinically safe" for a human to just read the narrative. Resource definitions may define what content should be represented in the narrative to ensure clinical safety.
AuditEvent.contained0..*ResourceThese resources do not have an independent existence apart from the resource that contains them - they cannot be identified independently, and nor can they have their own independent transaction scope.
AuditEvent.extension0..*ExtensionMay be used to represent additional information that is not part of the basic definition of the resource. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.
AuditEvent.modifierExtension0..*ExtensionMay be used to represent additional information that is not part of the basic definition of the resource and that modifies the understanding of the element that contains it and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer is allowed to define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).
AuditEvent.type1..1CodingIdentifier for a family of the event. For example, a menu item, program, rule, policy, function code, application name or URL. It identifies the performed function.
AuditEvent.subtype0..*CodingIdentifier for the category of event.
AuditEvent.action0..1codeIndicator for type of action performed during the event that generated the audit.
AuditEvent.period0..1PeriodThe period during which the activity occurred.
AuditEvent.recorded1..1instantThe time when the event was recorded.
AuditEvent.outcome0..1codeIndicates whether the event succeeded or failed.
AuditEvent.outcomeDesc0..1stringA free text description of the outcome of the event.
AuditEvent.purposeOfEvent0..*CodeableConceptThe purposeOfUse (reason) that was used during the event being recorded.
AuditEvent.agent1..*BackboneElementAn actor taking an active role in the event or activity that is logged.
AuditEvent.agent.id0..1http://hl7.org/fhirpath/System.StringUnique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.
AuditEvent.agent.extension0..*ExtensionMay be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.
AuditEvent.agent.modifierExtension0..*ExtensionMay be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).
AuditEvent.agent.type0..1CodeableConceptSpecification of the participation type the user plays when performing the event.
AuditEvent.agent.role0..*CodeableConceptThe security role that the user was acting under, that come from local codes defined by the access control security system (e.g. RBAC, ABAC) used in the local context.
AuditEvent.agent.who0..1ReferenceReference to who this agent is that was involved in the event.
AuditEvent.agent.altId0..1stringAlternative agent Identifier. For a human, this should be a user identifier text string from authentication system. This identifier would be one known to a common authentication system (e.g. single sign-on), if available.
AuditEvent.agent.name0..1stringHuman-meaningful name for the agent.
AuditEvent.agent.requestor1..1booleanIndicator that the user is or is not the requestor, or initiator, for the event being audited.
AuditEvent.agent.location0..1ReferenceWhere the event occurred.
AuditEvent.agent.policy0..*uriThe policy or plan that authorized the activity being recorded. Typically, a single activity may have multiple applicable policies, such as patient consent, guarantor funding, etc. The policy would also indicate the security token used.
AuditEvent.agent.media0..1CodingType of media involved. Used when the event is about exporting/importing onto media.
AuditEvent.agent.network0..1BackboneElementLogical network location for application activity, if the activity has a network location.
AuditEvent.agent.network.id0..1http://hl7.org/fhirpath/System.StringUnique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.
AuditEvent.agent.network.extension0..*ExtensionMay be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.
AuditEvent.agent.network.modifierExtension0..*ExtensionMay be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).
AuditEvent.agent.network.address0..1stringAn identifier for the network access point of the user device for the audit event.
AuditEvent.agent.network.type0..1codeAn identifier for the type of network access point that originated the audit event.
AuditEvent.agent.purposeOfUse0..*CodeableConceptThe reason (purpose of use), specific to this agent, that was used during the event being recorded.
AuditEvent.source1..1BackboneElementThe system that is reporting the event.
AuditEvent.source.id0..1http://hl7.org/fhirpath/System.StringUnique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.
AuditEvent.source.extension0..*ExtensionMay be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.
AuditEvent.source.modifierExtension0..*ExtensionMay be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).
AuditEvent.source.site0..1stringLogical source location within the healthcare enterprise network. For example, a hospital or other provider location within a multi-entity provider group.
AuditEvent.source.observer1..1ReferenceIdentifier of the source where the event was detected.
AuditEvent.source.type0..*CodingCode specifying the type of source where event originated.
AuditEvent.entity0..*BackboneElementSpecific instances of data or objects that have been accessed.
AuditEvent.entity.id0..1http://hl7.org/fhirpath/System.StringUnique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.
AuditEvent.entity.extension0..*ExtensionMay be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.
AuditEvent.entity.modifierExtension0..*ExtensionMay be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).
AuditEvent.entity.what0..1ReferenceIdentifies a specific instance of the entity. The reference should be version specific.
AuditEvent.entity.type0..1CodingThe type of the object that was involved in this audit event.
AuditEvent.entity.role0..1CodingCode representing the role the entity played in the event being audited.
AuditEvent.entity.lifecycle0..1CodingIdentifier for the data life-cycle stage for the entity.
AuditEvent.entity.securityLabel0..*CodingSecurity labels for the identified entity.
AuditEvent.entity.name0..1stringA name of the entity in the audit event.
AuditEvent.entity.description0..1stringText that describes the entity in more detail.
AuditEvent.entity.query0..1base64BinaryThe query parameters for a query-type entities.
AuditEvent.entity.detail0..*BackboneElementTagged value pairs for conveying additional information about the entity.
AuditEvent.entity.detail.id0..1http://hl7.org/fhirpath/System.StringUnique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.
AuditEvent.entity.detail.extension0..*ExtensionMay be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.
AuditEvent.entity.detail.modifierExtension0..*ExtensionMay be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).
AuditEvent.entity.detail.type1..1stringThe type of extra detail provided in the value.
AuditEvent.entity.detail.value[x]1..1stringThe value of the extra detail.

Search Parameters

NameTypeDescriptionExpression
_textstringSearch on the narrative of the resource
_contentstringSearch on the entire content of the resource
_filtertokenFilter search parameter which supports a more sophisticated grammar for searching. See documentation for further details
_hasstringProvides limited support for reverse chaining - that is, selecting resources based on the properties of resources that refer to them (instead of chaining where resources can be selected based on the properties of resources that they refer to). See the FHIR search page for further documentation
_idtokenLogical id of this artifactResource.id
_lastUpdateddateWhen the resource version last changedResource.meta.lastUpdated
_liststringAll resources in nominated list (by id, Type/id, url or one of the magic List types)
_profileuriProfiles this resource claims to conform toResource.meta.profile
_querytokenA custom search profile that describes a specific defined query operation
_securitytokenSecurity Labels applied to this resourceResource.meta.security
_sourceuriIdentifies where the resource comes fromResource.meta.source
_tagtokenTags applied to this resourceResource.meta.tag
_textstringSearch on the narrative text (html) of the resource
_typetokenUsed when a search is performed in a context which doesn't limit the search to indicate which types are being searched. See the FHIR search page for further discussion
actiontokenType of action performed during the eventAuditEvent.action
addressstringIdentifier for the network access point of the user deviceAuditEvent.agent.network.address
agentreferenceIdentifier of whoAuditEvent.agent.who
agent-namestringHuman friendly name for the agentAuditEvent.agent.name
agent-roletokenAgent role in the eventAuditEvent.agent.role
altidtokenAlternative User identityAuditEvent.agent.altId
datedateTime when the event was recordedAuditEvent.recorded
entityreferenceSpecific instance of resourceAuditEvent.entity.what
entity-namestringDescriptor for entityAuditEvent.entity.name
entity-roletokenWhat role the entity playedAuditEvent.entity.role
entity-typetokenType of entity involvedAuditEvent.entity.type
outcometokenWhether the event succeeded or failedAuditEvent.outcome
patientreferenceIdentifier of whoAuditEvent.agent.who.where(resolve() is Patient) / AuditEvent.entity.what.where(resolve() is Patient)
policyuriPolicy that authorized eventAuditEvent.agent.policy
sitetokenLogical source location within the enterpriseAuditEvent.source.site
sourcereferenceThe identity of source detecting the eventAuditEvent.source.observer
subtypetokenMore specific type/id for the eventAuditEvent.subtype
typetokenType/identifier of eventAuditEvent.type