Basic Audit Log Patterns (BALP)
1.1.4 - Trial-Implementation International flag

This page is part of the IHE Basic Audit Log Patterns (BALP) (v1.1.4: Publication) based on FHIR (HL7® FHIR® Standard) R4. This is the current published version. For a full list of available versions, see the Directory of published versions

CapabilityStatement: IHE ATNA Audit Record Repository supporting BALP Content

Official URL: https://profiles.ihe.net/ITI/BALP/CapabilityStatement/IHE.BALP.ATNA.AuditRecordRepository Version: 1.1.4
Active as of 2022-10-28 Computable Name: IHE_BALP_ATNA_AuditRecordRepository

CapabilityStatement for ATNA Audit Record Repository Actor with the ATNA ATX:FHIR Feed Option and Retrieve Audit Message Option defined in RESTful-ATNA Supplement that also has support for BALP Content.

This Actor is derived off of the ATNA Audit Record Repository actor that is not yet defined fully in an IG. This CapabilityStatement does not represent a formal Actor, but rather a system that has grouped ATNA and BALP.

Raw OpenAPI-Swagger Definition file | Download

IHE ATNA Audit Record Repository supporting BALP Content

  • Implementation Guide Version: 1.1.4
  • FHIR Version: 4.0.1
  • Supported Formats: application/fhir+xml, application/fhir+json
  • Published on: 2022-10-28
  • Published by: IHE IT Infrastructure Technical Committee

Note to Implementers: FHIR Capabilities

Any FHIR capability may be 'allowed' by the system unless explicitly marked as 'SHALL NOT'. A few items are marked as MAY in the Implementation Guide to highlight their potential relevance to the use case.

FHIR RESTful Capabilities

Mode: server

Security

ATNA required, encouraged IHE-IUA or SMART-on-FHIR

Capabilities by Resource/Profile

Summary

The summary table lists the resources that are part of this configuration, and for each resource it lists:

  • The relevant profiles (if any)
  • The interactions supported by each resource (Read, Search, Update, and Create, are always shown, while VRead, Patch, Delete, History on Instance, or History on Type are only present if at least one of the resources has support for them.
  • The required, recommended, and some optional search parameters (if any).
  • The linked resources enabled for _include
  • The other resources enabled for _revinclude
  • The operations on the resource (if any)
Resource TypeProfileRSUCSearches_include_revincludeOperations
AuditEventSupported Profiles
  Basic AuditEvent for a successful Create not related to a Patient
  Basic AuditEvent for a successful Read
  Basic AuditEvent for a successful Update
  Basic AuditEvent for a successful Delete
  Basic AuditEvent for a successful Query
  Basic AuditEvent for a successful Create with known Patient subject
  Basic AuditEvent for a successful Read with a Patient
  Basic AuditEvent for a successful Update with a Patient subject
  Basic AuditEvent for a successful Delete with Patient
  Basic AuditEvent for a successful Query with Patient
  IHE IUA ITI-71 AuditEvent for a successful Get Access Token
  Basic AuditEvent pattern for when an activity was authorized by an IUA access token
  Basic AuditEvent pattern for oAuth Opaque
  Basic AuditEvent pattern for oAuth Opaque
  Basic AuditEvent pattern for when an activity was authorized by an SAML access token Comprehensive
  Basic AuditEvent pattern for when an activity was authorized by an SAML access token Minimal
  Basic AuditEvent pattern for when an Authorization permit is decided
  Audit Event for a Privacy Disclosure as recorded by a Recipient
  Audit Event for Privacy Disclosure at Source		yyy_id, _lastUpdated, date, address, agent.identifier, patient.identifier, entity.identifier, entity-type, entity-role, source.identifier, type, subtype, outcome

Resource Conformance: supported AuditEvent

Core FHIR Resource
AuditEvent
Reference Policy
Interaction summary
  • Supports search-type, read, create.

Supported Profiles

Basic AuditEvent for a successful Create not related to a Patient
Basic AuditEvent for a successful Read
Basic AuditEvent for a successful Update
Basic AuditEvent for a successful Delete
Basic AuditEvent for a successful Query
Basic AuditEvent for a successful Create with known Patient subject
Basic AuditEvent for a successful Read with a Patient
Basic AuditEvent for a successful Update with a Patient subject
Basic AuditEvent for a successful Delete with Patient
Basic AuditEvent for a successful Query with Patient
IHE IUA ITI-71 AuditEvent for a successful Get Access Token
Basic AuditEvent pattern for when an activity was authorized by an IUA access token
Basic AuditEvent pattern for oAuth Opaque
Basic AuditEvent pattern for oAuth Opaque
Basic AuditEvent pattern for when an activity was authorized by an SAML access token Comprehensive
Basic AuditEvent pattern for when an activity was authorized by an SAML access token Minimal
Basic AuditEvent pattern for when an Authorization permit is decided
Audit Event for a Privacy Disclosure as recorded by a Recipient
Audit Event for Privacy Disclosure at Source

Documentation

For Retrieve ATNA Audit Event [ITI-81] and the FHIR Record Audit Event [ITI-20]. Note that all BALP Content profiles are listed here.

Search Parameters
ConformanceParameterTypeDocumentation
SHALL_idtoken
SHALL_lastUpdateddate
SHALLdatedate
SHALLaddressstring
SHALLagent.identifiertoken
SHALLpatient.identifiertoken
SHALLentity.identifiertoken
SHALLentity-typetoken
SHALLentity-roletoken
SHALLsource.identifiertoken
SHALLtypetoken
SHALLsubtypetoken
SHALLoutcometoken