Basic Audit Log Patterns (BALP)
1.1.3 - Trial-Implementation International flag

This page is part of the IHE Basic Audit Log Patterns (BALP) (v1.1.3: Publication) based on FHIR (HL7® FHIR® Standard) R4. This is the current published version. For a full list of available versions, see the Directory of published versions

Resource Profile: OAUTHaccessTokenUseComprehensive - Mappings

Active as of 2024-02-14

Mappings for the IHE.BasicAudit.OAUTHaccessTokenUse.Comprehensive resource profile.

Mappings for Workflow Pattern (http://hl7.org/fhir/workflow)

OAUTHaccessTokenUseComprehensive
AuditEventEvent
   typeEvent.code
   periodEvent.occurred[x]
   purposeOfEventEvent.reasonCode
   agentEvent.performer
      typeEvent.performer.function
      whoEvent.performer.actor
      locationEvent.location
   agent (oClient)Event.performer
      typeEvent.performer.function
      whoEvent.performer.actor
      locationEvent.location
   agent (oUser)Event.performer
      typeEvent.performer.function
      whoEvent.performer.actor
      locationEvent.location

Mappings for RIM Mapping (http://hl7.org/v3)

OAUTHaccessTokenUseComprehensive
AuditEventEntity. Role, or Act, ControlAct[moodCode=EVN]
   textAct.text?
   containedN/A
   extensionN/A
   modifierExtensionN/A
   type.code (type, subtype and action are pre-coordinated or sent as translations)
   subtype.code (type, subtype and action are pre-coordinated or sent as translations)
   action.code (type, subtype and action are pre-coordinated or sent as translations)
   period./effectiveTime[type=IVL_TS]
   recorded.effectiveTime
   outcome.actionNegationInd
   outcomeDesc.outboundRelationship[typeCode=OUT].target.text
   purposeOfEvent* .reasonCode [ControlActReason when Act.class = CACT Control Act] *.outboundRelationship[typeCode=RSON].target
   agent.participation
      idn/a
      extensionn/a
      modifierExtensionN/A
      type.typeCode and/or .functionCode
      role.role
      who.id
      altId.id (distinguish id type by root)
      name.name
      requestorIf participation.typeCode was author, then true
      location* Role.Class =SDLOC *Role.Code = ServiceDeliveryLocationRoleType *Entity.Code = PlaceEntityType = df.Types of places for Entity.Class = PLC *EntityClass = PLC = df.A physical place or site with its containing structure. May be natural or man-made. The geographic position of a place might or might not be constant.
      policyActPolicyType
      media.player.description.mediaType
      network.player.description.reference
         idn/a
         extensionn/a
         modifierExtensionN/A
         addresspre-coordinated into URL
         typepre-coordinated into URL
      purposeOfUse*.reasonCode [ActHealthInformationPurposeOfUseReason codes/v:PurposeOfUse (2.16.840.1.113883.1.11.20448) * .outboundRelationship[typeCode=RSON or SUBJ].target
   agent (oClient).participation
      idn/a
      extensionn/a
      modifierExtensionN/A
      type.typeCode and/or .functionCode
      role.role
      who.id
         idn/a
         extensionn/a
         referenceN/A
         typeN/A
         identifier.identifier
            idn/a
            extensionn/a
            useRole.code or implied by context
            typeRole.code or implied by context
            systemII.root or Role.id.root
            valueII.extension or II.root if system indicates OID or GUID (Or Role.id.extension or root)
            periodRole.effectiveTime or implied by context
            assignerII.assigningAuthorityName but note that this is an improper use by the definition of the field. Also Role.scoper
         displayN/A
      altId.id (distinguish id type by root)
      name.name
      requestorIf participation.typeCode was author, then true
      location* Role.Class =SDLOC *Role.Code = ServiceDeliveryLocationRoleType *Entity.Code = PlaceEntityType = df.Types of places for Entity.Class = PLC *EntityClass = PLC = df.A physical place or site with its containing structure. May be natural or man-made. The geographic position of a place might or might not be constant.
      policyActPolicyType
      network.player.description.reference
         idn/a
         extensionn/a
         modifierExtensionN/A
         addresspre-coordinated into URL
         typepre-coordinated into URL
      purposeOfUse*.reasonCode [ActHealthInformationPurposeOfUseReason codes/v:PurposeOfUse (2.16.840.1.113883.1.11.20448) * .outboundRelationship[typeCode=RSON or SUBJ].target
   agent (oUser).participation
      idn/a
      extensionn/a
      modifierExtensionN/A
      type.typeCode and/or .functionCode
      role.role
      who.id
         idn/a
         extensionn/a
         referenceN/A
         typeN/A
         identifier.identifier
            idn/a
            extensionn/a
            useRole.code or implied by context
            typeRole.code or implied by context
            systemII.root or Role.id.root
            valueII.extension or II.root if system indicates OID or GUID (Or Role.id.extension or root)
            periodRole.effectiveTime or implied by context
            assignerII.assigningAuthorityName but note that this is an improper use by the definition of the field. Also Role.scoper
         displayN/A
      altId.id (distinguish id type by root)
      name.name
      requestorIf participation.typeCode was author, then true
      location* Role.Class =SDLOC *Role.Code = ServiceDeliveryLocationRoleType *Entity.Code = PlaceEntityType = df.Types of places for Entity.Class = PLC *EntityClass = PLC = df.A physical place or site with its containing structure. May be natural or man-made. The geographic position of a place might or might not be constant.
      policyActPolicyType
      purposeOfUse*.reasonCode [ActHealthInformationPurposeOfUseReason codes/v:PurposeOfUse (2.16.840.1.113883.1.11.20448) * .outboundRelationship[typeCode=RSON or SUBJ].target
   source.participation[typeCode=INF].role[classCode=ASSIGN].player[classCode=DEV, determinerCode=INSTANCE]
      idn/a
      extensionn/a
      modifierExtensionN/A
      site.scopedRole[classCode=LOCE].player.desc
      observer.id
      type.code
   entity.outboundRelationship[typeCode=SUBJ].target or .participation[typeCode=SBJ].role
      idn/a
      extensionn/a
      modifierExtensionN/A
      what.id
      type[self::Act].code or role.player.code
      rolerole.code (not sure what this would mean for an Act)
      lifecycletarget of ObservationEvent[code="lifecycle"].value
      securityLabel.confidentialityCode
      name.title
      description.text
      queryNo mapping
      detail.inboundRelationship[typeCode=SUBJ].target[classCode=OBS, moodCode=EVN]
         idn/a
         extensionn/a
         modifierExtensionN/A
         type.code
         value[x].value

Mappings for DICOM Tag Mapping (http://nema.org/dicom)

OAUTHaccessTokenUseComprehensive
AuditEventMessage
   typeEventId
   subtypeEventTypeCode
   actionEventActionCode
   periodEventDateTime
   outcomeEventOutcomeIndicator
   outcomeDescEventOutcomeDescription
   purposeOfEventEventPurposeOfUse
   agentActiveParticipant
      typeRoleIdCode
      roleRoleIdCode
      whoUserId
      altIdAlternativeUserId
      nameUserName
      requestorUserIsRequestor
      policyParticipantRoleIDCode
      mediaMediaType
      network
         addressNetworkAccessPointID
         typeNetworkAccessPointTypeCode
   agent (oClient)ActiveParticipant
      typeRoleIdCode
      roleRoleIdCode
      whoUserId
      altIdAlternativeUserId
      nameUserName
      requestorUserIsRequestor
      policyParticipantRoleIDCode
      network
         addressNetworkAccessPointID
         typeNetworkAccessPointTypeCode
   agent (oUser)ActiveParticipant
      typeRoleIdCode
      roleRoleIdCode
      whoUserId
      altIdAlternativeUserId
      nameUserName
      requestorUserIsRequestor
      policyParticipantRoleIDCode
   sourceAuditSourceIdentification
      siteAuditEnterpriseSiteId
      observerAuditSourceId
      typeAuditSourceTypeCode
   entityParticipantObjectIdentification
      whatParticipantObjectID and ParticipantObjectIDTypeCode
      typeParticipantObjectTypeCode
      roleParticipantObjectTypeCodeRole
      lifecycleParticipantObjectDataLifeCycle
      securityLabelParticipantObjectSensitivity
      nameParticipantObjectName
      descriptionParticipantObjectDescription
      queryParticipantObjectQuery
      detailParticipantObjectDetail
         typeParticipantObjectDetail.type
         value[x]ParticipantObjectDetail.value

Mappings for FiveWs Pattern Mapping (http://hl7.org/fhir/fivews)

OAUTHaccessTokenUseComprehensive
AuditEvent
   typeFiveWs.what[x]
   subtypeFiveWs.what[x]
   actionFiveWs.what[x]
   periodFiveWs.done[x]
   recordedFiveWs.recorded
   outcomeFiveWs.what[x]
   outcomeDescFiveWs.what[x]
   purposeOfEventFiveWs.why[x]
   agentFiveWs.who
      typeFiveWs.who
      roleFiveWs.who
      whoFiveWs.who
      altIdFiveWs.who
      nameFiveWs.who
      requestorFiveWs.who
      locationFiveWs.where[x]
      policyFiveWs.why[x]
      mediaFiveWs.where[x]
      networkFiveWs.where[x]
         addressFiveWs.where[x]
         typeFiveWs.where[x]
      purposeOfUseFiveWs.why[x]
   agent (oClient)FiveWs.who
      typeFiveWs.who
      roleFiveWs.who
      whoFiveWs.who
      altIdFiveWs.who
      nameFiveWs.who
      requestorFiveWs.who
      locationFiveWs.where[x]
      policyFiveWs.why[x]
      networkFiveWs.where[x]
         addressFiveWs.where[x]
         typeFiveWs.where[x]
      purposeOfUseFiveWs.why[x]
   agent (oUser)FiveWs.who
      typeFiveWs.who
      roleFiveWs.who
      whoFiveWs.who
      altIdFiveWs.who
      nameFiveWs.who
      requestorFiveWs.who
      locationFiveWs.where[x]
      policyFiveWs.why[x]
      purposeOfUseFiveWs.why[x]
   sourceFiveWs.witness
      siteFiveWs.witness
      observerFiveWs.witness
      typeFiveWs.witness
   entityFiveWs.what[x]
      whatFiveWs.what[x]
      typeFiveWs.what[x]
      roleFiveWs.context
      lifecycleFiveWs.context
      securityLabelFiveWs.context
      nameFiveWs.context
      descriptionFiveWs.context
      queryFiveWs.context
      detailFiveWs.context
         typeFiveWs.context
         value[x]FiveWs.context

Mappings for W3C PROV (http://www.w3.org/ns/prov)

OAUTHaccessTokenUseComprehensive
AuditEvent
   typeActivity
   periodActivity.startTime & Activity.endTime
   recordedActivity.when
   purposeOfEventActivity.Activity
   agentAgent
      typeAgent.Attribution
      roleAgent.Attribution
      whoAgent.Identity
      altIdAgent.Identity
      nameAgent.Identity
      locationActivity.location
      network
         addressAgent.Location
      purposeOfUseAgent.Activity
   agent (oClient)Agent
      typeAgent.Attribution
      roleAgent.Attribution
      whoAgent.Identity
      altIdAgent.Identity
      nameAgent.Identity
      locationActivity.location
      network
         addressAgent.Location
      purposeOfUseAgent.Activity
   agent (oUser)Agent
      typeAgent.Attribution
      roleAgent.Attribution
      whoAgent.Identity
      altIdAgent.Identity
      nameAgent.Identity
      locationActivity.location
      purposeOfUseAgent.Activity
   entityEntity
      typeEntity.type
      roleEntity.role
      lifecycleEntity.role
      nameEntity.Label

Mappings for FHIR Provenance Mapping (http://hl7.org/fhir/provenance)

OAUTHaccessTokenUseComprehensive
AuditEvent
   periodProvenance.occurred[x]
   recordedProvenance.recorded
   purposeOfEventProvenance.reason, Provenance.activity
   agentProvenance.agent
      typeProvenance.agent.type
      roleProvenance.agent.role
      whoProvenance.agent.who
      locationProvenance.location
      policyProvenance.policy
   agent (oClient)Provenance.agent
      typeProvenance.agent.type
      roleProvenance.agent.role
      whoProvenance.agent.who
      locationProvenance.location
      policyProvenance.policy
   agent (oUser)Provenance.agent
      typeProvenance.agent.type
      roleProvenance.agent.role
      whoProvenance.agent.who
      locationProvenance.location
      policyProvenance.policy
   entityProvenance.target, Provenance.entity
      whatProvenance.target, Provenance.entity.what
      typeProvenance.entity.type
      lifecycleProvenance.entity.role