This page is part of the IHE Basic Audit Log Patterns (BALP) (v1.1.3: Publication) based on FHIR (HL7® FHIR® Standard) R4. This is the current published version. For a full list of available versions, see the Directory of published versions

• Content
• Detailed Descriptions
• Mappings
• Examples
• XML
• JSON
• TTL

Resource Profile: Basic AuditEvent pattern for when an activity was authorized by an IUA access token

A basic AuditEvent profile for when an activity was authorized by an IUA access token. This profile is expected to be used with some other detail that explains the activity. This profile only covers the IUA access token.

• Given an activity has occured
• And OAuth is used to authorize (both app and user)
• And the given activity is using http with authorization: bearer mechanism
  • IUA - 3.72 Incorporate Access Token [ITI-72]
  • Bulk Data Access - 11. Presenting an Access Token to FHIR API
  • SMART-app-launch - 7.1.5 Step 4: App accesses clinical data via FHIR API
  • HL7 Security for Scalable Registration, Authentication, and Authorization (aka UDAP) when it gets published
• When an AuditEvent is recorded for the activity
• Then that AuditEvent would follow this profile regarding recording the IUA access token details
• note: this profile records minimal information from the IUA access token, which presumes that use of the AuditEvent at a later time will be able to resolve the given information.
• client slice holds the application details
  • This is likely replicated in other slices, but is consistently identified as the Application slice for ease of tracking all events caused by this client
  • place the client_id into .who.identifier.value (system is not needed, but avaialble if you have a system)
  • any network identification detail should be placed in .network (may be a IP address, or hostname)
• oUser slice holds the user details
  • user id is recorded in the .who.identifier
  • user id is also recorded in .name to be more easy searched
  • if roles or purposeOfUse are known record them here
  • the JWT ID is recorded in .policy. Expecting that during audit anaysis this ID can be looked up and dereferenced

Usage:

• Examples for this Resource Profile: AuditEvent/ex-auditBasicReadOServer

Formal Views of Profile Content

Description of Profiles, Differentials, Snapshots and how the different presentations work.

• Differential Table
• Key Elements Table
• Snapshot Table
• Statistics/References
• All

This structure is derived from AuditEvent

Name	Flags	Card.	Type	Description & Constraints
AuditEvent		0..*	AuditEvent	Event record kept for security purposes
Slices for agent		1..*	BackboneElement	Actor involved in the event Slice: Unordered, Open by pattern:type
agent:oClient		1..1	BackboneElement	Actor involved in the event
type		1..1	CodeableConcept	How agent participated Required Pattern: At least the following
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (complex)
system		1..1	uri	Identity of the terminology system Fixed Value: http://dicom.nema.org/resources/ontology/DCM
code		1..1	code	Symbol in syntax defined by the system Fixed Value: 110150
who		1..1	Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)	client identifier
identifier		1..1	Identifier	Logical reference, when literal reference is not known
value		1..1	string	Token client ID (client_id)
media		0..0
network	S	0..1	BackboneElement	The client as known by TCP connection information
agent:oUser		0..1	BackboneElement	Actor involved in the event
type		1..1	CodeableConcept	How agent participated Required Pattern: At least the following
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (complex)
system		1..1	uri	Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/v3-ParticipationType
code		1..1	code	Symbol in syntax defined by the system Fixed Value: IRCP
role	S	0..*	CodeableConcept	Agent role in the event
who		1..1	Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)	May be a Resource, but likely just an identifier from the OAuth token
identifier		1..1	Identifier	Logical reference, when literal reference is not known
system	S	0..1	uri	Token Issuer (TOKEN_ISSUER)
value	S	0..1	string	User ID (USER_ID)
display	S	0..1	string	User Name (USER_NAME)
name	S	0..1	string	User Name (USER_NAME)
requestor		1..1	boolean	Whether user is initiator Required Pattern: true
policy		1..1	uri	jti (JWT ID)
media		0..0
network		0..0
purposeOfUse	S	0..*	CodeableConcept	Reason given for this user
Documentation for this format

Name	Flags	Card.	Type	Description & Constraints
AuditEvent		0..*	AuditEvent	Event record kept for security purposes
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
type	Σ	1..1	Coding	Type/identifier of event Binding: AuditEventID (extensible): Type of event.
recorded	Σ	1..1	instant	Time when the event was recorded
Slices for agent		1..*	BackboneElement	Actor involved in the event Slice: Unordered, Open by pattern:type
agent:All Slices				Content/Rules for all slices
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
requestor	Σ	1..1	boolean	Whether user is initiator
agent:oClient		1..1	BackboneElement	Actor involved in the event
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type		1..1	CodeableConcept	How agent participated Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event. Required Pattern: At least the following
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (complex)
system		1..1	uri	Identity of the terminology system Fixed Value: http://dicom.nema.org/resources/ontology/DCM
code		1..1	code	Symbol in syntax defined by the system Fixed Value: 110150
who	Σ	1..1	Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)	client identifier
identifier	Σ	1..1	Identifier	Logical reference, when literal reference is not known
use	?!Σ	0..1	code	usual | official | temp | secondary | old (If known) Binding: IdentifierUse (required): Identifies the purpose for this identifier, if known .
value	Σ	1..1	string	Token client ID (client_id) Example General: 123456
requestor	Σ	1..1	boolean	Whether user is initiator
network	S	0..1	BackboneElement	The client as known by TCP connection information
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
agent:oUser		0..1	BackboneElement	Actor involved in the event
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type		1..1	CodeableConcept	How agent participated Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event. Required Pattern: At least the following
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (complex)
system		1..1	uri	Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/v3-ParticipationType
code		1..1	code	Symbol in syntax defined by the system Fixed Value: IRCP
role	S	0..*	CodeableConcept	Agent role in the event Binding: SecurityRoleType (example): What security role enabled the agent to participate in the event.
who	Σ	1..1	Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)	May be a Resource, but likely just an identifier from the OAuth token
identifier	Σ	1..1	Identifier	Logical reference, when literal reference is not known
use	?!Σ	0..1	code	usual | official | temp | secondary | old (If known) Binding: IdentifierUse (required): Identifies the purpose for this identifier, if known .
system	SΣ	0..1	uri	Token Issuer (TOKEN_ISSUER) Example General: http://www.acme.com/identifiers/patient
value	SΣ	0..1	string	User ID (USER_ID) Example General: 123456
display	SΣ	0..1	string	User Name (USER_NAME)
name	S	0..1	string	User Name (USER_NAME)
requestor	Σ	1..1	boolean	Whether user is initiator Required Pattern: true
policy		1..1	uri	jti (JWT ID)
purposeOfUse	S	0..*	CodeableConcept	Reason given for this user Binding: PurposeOfUse (extensible): The reason the activity took place.
source		1..1	BackboneElement	Audit Event Reporter
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
observer	Σ	1..1	Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)	The identity of source detecting the event
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet / Code	URI
AuditEvent.type	extensible	AuditEventID http://hl7.org/fhir/ValueSet/audit-event-type from the FHIR Standard
AuditEvent.agent:oClient.type	extensible	Pattern: 110150 http://hl7.org/fhir/ValueSet/participation-role-type from the FHIR Standard
AuditEvent.agent:oClient.who.identifier.use	required	IdentifierUse http://hl7.org/fhir/ValueSet/identifier-use|4.0.1 from the FHIR Standard
AuditEvent.agent:oUser.type	extensible	Pattern: IRCP http://hl7.org/fhir/ValueSet/participation-role-type from the FHIR Standard
AuditEvent.agent:oUser.role	example	SecurityRoleType http://hl7.org/fhir/ValueSet/security-role-type from the FHIR Standard
AuditEvent.agent:oUser.who.identifier.use	required	IdentifierUse http://hl7.org/fhir/ValueSet/identifier-use|4.0.1 from the FHIR Standard
AuditEvent.agent:oUser.purposeOfUse	extensible	PurposeOfUse http://terminology.hl7.org/ValueSet/v3-PurposeOfUse

Name	Flags	Card.	Type	Description & Constraints
AuditEvent		0..*	AuditEvent	Event record kept for security purposes
id	Σ	0..1	id	Logical id of this artifact
meta	Σ	0..1	Meta	Metadata about the resource
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
language		0..1	code	Language of the resource content Binding: CommonLanguages (preferred): A human language. Additional Bindings Purpose AllLanguages Max Binding
text		0..1	Narrative	Text summary of the resource, for human interpretation
contained		0..*	Resource	Contained, inline Resources
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
type	Σ	1..1	Coding	Type/identifier of event Binding: AuditEventID (extensible): Type of event.
subtype	Σ	0..*	Coding	More specific type/id for the event Binding: AuditEventSub-Type (extensible): Sub-type of event.
action	Σ	0..1	code	Type of action performed during the event Binding: AuditEventAction (required): Indicator for type of action performed during the event that generated the event.
period		0..1	Period	When the activity occurred
recorded	Σ	1..1	instant	Time when the event was recorded
outcome	Σ	0..1	code	Whether the event succeeded or failed Binding: AuditEventOutcome (required): Indicates whether the event succeeded or failed.
outcomeDesc	Σ	0..1	string	Description of the event outcome
purposeOfEvent	Σ	0..*	CodeableConcept	The purposeOfUse of the event Binding: PurposeOfUse (extensible): The reason the activity took place.
Slices for agent		1..*	BackboneElement	Actor involved in the event Slice: Unordered, Open by pattern:type
agent:All Slices				Content/Rules for all slices
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type		0..1	CodeableConcept	How agent participated Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event.
role		0..*	CodeableConcept	Agent role in the event Binding: SecurityRoleType (example): What security role enabled the agent to participate in the event.
who	Σ	0..1	Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)	Identifier of who
altId		0..1	string	Alternative User identity
name		0..1	string	Human friendly name for the agent
requestor	Σ	1..1	boolean	Whether user is initiator
location		0..1	Reference(Location)	Where
policy		0..*	uri	Policy that authorized event
media		0..1	Coding	Type of media Binding: MediaTypeCode (extensible): Used when the event is about exporting/importing onto media.
network		0..1	BackboneElement	Logical network location for application activity
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
address		0..1	string	Identifier for the network access point of the user device
type		0..1	code	The type of network access point Binding: AuditEventAgentNetworkType (required): The type of network access point of this agent in the audit event.
purposeOfUse		0..*	CodeableConcept	Reason given for this user Binding: PurposeOfUse (extensible): The reason the activity took place.
agent:oClient		1..1	BackboneElement	Actor involved in the event
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type		1..1	CodeableConcept	How agent participated Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event. Required Pattern: At least the following
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (complex)
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
system		1..1	uri	Identity of the terminology system Fixed Value: http://dicom.nema.org/resources/ontology/DCM
version		0..1	string	Version of the system - if relevant
code		1..1	code	Symbol in syntax defined by the system Fixed Value: 110150
display		0..1	string	Representation defined by the system
userSelected		0..1	boolean	If this coding was chosen directly by the user
text		0..1	string	Plain text representation of the concept
role		0..*	CodeableConcept	Agent role in the event Binding: SecurityRoleType (example): What security role enabled the agent to participate in the event.
who	Σ	1..1	Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)	client identifier
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url
reference	ΣC	0..1	string	Literal reference, Relative, internal or absolute URL
type	Σ	0..1	uri	Type the reference refers to (e.g. "Patient") Binding: ResourceType (extensible): Aa resource (or, for logical models, the URI of the logical model).
identifier	Σ	1..1	Identifier	Logical reference, when literal reference is not known
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url
use	?!Σ	0..1	code	usual | official | temp | secondary | old (If known) Binding: IdentifierUse (required): Identifies the purpose for this identifier, if known .
type	Σ	0..1	CodeableConcept	Description of identifier Binding: Identifier Type Codes (extensible): A coded type for an identifier that can be used to determine which identifier to use for a specific purpose.
system	Σ	0..1	uri	The namespace for the identifier value Example General: http://www.acme.com/identifiers/patient
value	Σ	1..1	string	Token client ID (client_id) Example General: 123456
period	Σ	0..1	Period	Time period when id is/was valid for use
assigner	Σ	0..1	Reference(Organization)	Organization that issued id (may be just text)
display	Σ	0..1	string	Text alternative for the resource
altId		0..1	string	Alternative User identity
name		0..1	string	Human friendly name for the agent
requestor	Σ	1..1	boolean	Whether user is initiator
location		0..1	Reference(Location)	Where
policy		0..*	uri	Policy that authorized event
network	S	0..1	BackboneElement	The client as known by TCP connection information
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
address		0..1	string	Identifier for the network access point of the user device
type		0..1	code	The type of network access point Binding: AuditEventAgentNetworkType (required): The type of network access point of this agent in the audit event.
purposeOfUse		0..*	CodeableConcept	Reason given for this user Binding: PurposeOfUse (extensible): The reason the activity took place.
agent:oUser		0..1	BackboneElement	Actor involved in the event
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type		1..1	CodeableConcept	How agent participated Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event. Required Pattern: At least the following
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (complex)
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
system		1..1	uri	Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/v3-ParticipationType
version		0..1	string	Version of the system - if relevant
code		1..1	code	Symbol in syntax defined by the system Fixed Value: IRCP
display		0..1	string	Representation defined by the system
userSelected		0..1	boolean	If this coding was chosen directly by the user
text		0..1	string	Plain text representation of the concept
role	S	0..*	CodeableConcept	Agent role in the event Binding: SecurityRoleType (example): What security role enabled the agent to participate in the event.
who	Σ	1..1	Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)	May be a Resource, but likely just an identifier from the OAuth token
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url
reference	ΣC	0..1	string	Literal reference, Relative, internal or absolute URL
type	Σ	0..1	uri	Type the reference refers to (e.g. "Patient") Binding: ResourceType (extensible): Aa resource (or, for logical models, the URI of the logical model).
identifier	Σ	1..1	Identifier	Logical reference, when literal reference is not known
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url
use	?!Σ	0..1	code	usual | official | temp | secondary | old (If known) Binding: IdentifierUse (required): Identifies the purpose for this identifier, if known .
type	Σ	0..1	CodeableConcept	Description of identifier Binding: Identifier Type Codes (extensible): A coded type for an identifier that can be used to determine which identifier to use for a specific purpose.
system	SΣ	0..1	uri	Token Issuer (TOKEN_ISSUER) Example General: http://www.acme.com/identifiers/patient
value	SΣ	0..1	string	User ID (USER_ID) Example General: 123456
period	Σ	0..1	Period	Time period when id is/was valid for use
assigner	Σ	0..1	Reference(Organization)	Organization that issued id (may be just text)
display	SΣ	0..1	string	User Name (USER_NAME)
altId		0..1	string	Alternative User identity
name	S	0..1	string	User Name (USER_NAME)
requestor	Σ	1..1	boolean	Whether user is initiator Required Pattern: true
location		0..1	Reference(Location)	Where
policy		1..1	uri	jti (JWT ID)
purposeOfUse	S	0..*	CodeableConcept	Reason given for this user Binding: PurposeOfUse (extensible): The reason the activity took place.
source		1..1	BackboneElement	Audit Event Reporter
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
site		0..1	string	Logical source location within the enterprise
observer	Σ	1..1	Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)	The identity of source detecting the event
type		0..*	Coding	The type of source where event originated Binding: AuditEventSourceType (extensible): Code specifying the type of system that detected and recorded the event.
entity	C	0..*	BackboneElement	Data or objects used
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
what	Σ	0..1	Reference(Resource)	Specific instance of resource
type		0..1	Coding	Type of entity involved Binding: AuditEventEntityType (extensible): Code for the entity type involved in the audit event.
role		0..1	Coding	What role the entity played Binding: AuditEventEntityRole (extensible): Code representing the role the entity played in the audit event.
lifecycle		0..1	Coding	Life-cycle stage for the entity Binding: ObjectLifecycleEvents (extensible): Identifier for the data life-cycle stage for the entity.
securityLabel		0..*	Coding	Security labels on the entity Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.
name	ΣC	0..1	string	Descriptor for entity
description		0..1	string	Descriptive text
query	ΣC	0..1	base64Binary	Query parameters
detail		0..*	BackboneElement	Additional Information about the entity
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type		1..1	string	Name of the property
value[x]		1..1		Property value
valueString			string
valueBase64Binary			base64Binary
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet / Code	URI
AuditEvent.language	preferred	CommonLanguages Additional Bindings Purpose AllLanguages Max Binding http://hl7.org/fhir/ValueSet/languages from the FHIR Standard
AuditEvent.type	extensible	AuditEventID http://hl7.org/fhir/ValueSet/audit-event-type from the FHIR Standard
AuditEvent.subtype	extensible	AuditEventSub-Type http://hl7.org/fhir/ValueSet/audit-event-sub-type from the FHIR Standard
AuditEvent.action	required	AuditEventAction http://hl7.org/fhir/ValueSet/audit-event-action|4.0.1 from the FHIR Standard
AuditEvent.outcome	required	AuditEventOutcome http://hl7.org/fhir/ValueSet/audit-event-outcome|4.0.1 from the FHIR Standard
AuditEvent.purposeOfEvent	extensible	PurposeOfUse http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
AuditEvent.agent.type	extensible	ParticipationRoleType http://hl7.org/fhir/ValueSet/participation-role-type from the FHIR Standard
AuditEvent.agent.role	example	SecurityRoleType http://hl7.org/fhir/ValueSet/security-role-type from the FHIR Standard
AuditEvent.agent.media	extensible	MediaTypeCode http://hl7.org/fhir/ValueSet/dicm-405-mediatype from the FHIR Standard
AuditEvent.agent.network.type	required	AuditEventAgentNetworkType http://hl7.org/fhir/ValueSet/network-type|4.0.1 from the FHIR Standard
AuditEvent.agent.purposeOfUse	extensible	PurposeOfUse http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
AuditEvent.agent:oClient.type	extensible	Pattern: 110150 http://hl7.org/fhir/ValueSet/participation-role-type from the FHIR Standard
AuditEvent.agent:oClient.role	example	SecurityRoleType http://hl7.org/fhir/ValueSet/security-role-type from the FHIR Standard
AuditEvent.agent:oClient.who.type	extensible	ResourceType http://hl7.org/fhir/ValueSet/resource-types
AuditEvent.agent:oClient.who.identifier.use	required	IdentifierUse http://hl7.org/fhir/ValueSet/identifier-use|4.0.1 from the FHIR Standard
AuditEvent.agent:oClient.who.identifier.type	extensible	Identifier Type Codes http://hl7.org/fhir/ValueSet/identifier-type from the FHIR Standard
AuditEvent.agent:oClient.network.type	required	AuditEventAgentNetworkType http://hl7.org/fhir/ValueSet/network-type|4.0.1 from the FHIR Standard
AuditEvent.agent:oClient.purposeOfUse	extensible	PurposeOfUse http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
AuditEvent.agent:oUser.type	extensible	Pattern: IRCP http://hl7.org/fhir/ValueSet/participation-role-type from the FHIR Standard
AuditEvent.agent:oUser.role	example	SecurityRoleType http://hl7.org/fhir/ValueSet/security-role-type from the FHIR Standard
AuditEvent.agent:oUser.who.type	extensible	ResourceType http://hl7.org/fhir/ValueSet/resource-types
AuditEvent.agent:oUser.who.identifier.use	required	IdentifierUse http://hl7.org/fhir/ValueSet/identifier-use|4.0.1 from the FHIR Standard
AuditEvent.agent:oUser.who.identifier.type	extensible	Identifier Type Codes http://hl7.org/fhir/ValueSet/identifier-type from the FHIR Standard
AuditEvent.agent:oUser.network.type	required	AuditEventAgentNetworkType http://hl7.org/fhir/ValueSet/network-type|4.0.1 from the FHIR Standard
AuditEvent.agent:oUser.purposeOfUse	extensible	PurposeOfUse http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
AuditEvent.source.type	extensible	AuditEventSourceType http://hl7.org/fhir/ValueSet/audit-source-type from the FHIR Standard
AuditEvent.entity.type	extensible	AuditEventEntityType http://hl7.org/fhir/ValueSet/audit-entity-type from the FHIR Standard
AuditEvent.entity.role	extensible	AuditEventEntityRole http://hl7.org/fhir/ValueSet/object-role from the FHIR Standard
AuditEvent.entity.lifecycle	extensible	ObjectLifecycleEvents http://hl7.org/fhir/ValueSet/object-lifecycle-events from the FHIR Standard
AuditEvent.entity.securityLabel	extensible	All Security Labels http://hl7.org/fhir/ValueSet/security-labels from the FHIR Standard

This structure is derived from AuditEvent

Summary

Mandatory: 5 elements (4 nested mandatory elements)
Must-Support: 7 elements
Prohibited: 3 elements

Slices

This structure defines the following Slices:

• The element AuditEvent.agent is sliced based on the value of pattern:type

Differential View

This structure is derived from AuditEvent

Name	Flags	Card.	Type	Description & Constraints
AuditEvent		0..*	AuditEvent	Event record kept for security purposes
Slices for agent		1..*	BackboneElement	Actor involved in the event Slice: Unordered, Open by pattern:type
agent:oClient		1..1	BackboneElement	Actor involved in the event
type		1..1	CodeableConcept	How agent participated Required Pattern: At least the following
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (complex)
system		1..1	uri	Identity of the terminology system Fixed Value: http://dicom.nema.org/resources/ontology/DCM
code		1..1	code	Symbol in syntax defined by the system Fixed Value: 110150
who		1..1	Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)	client identifier
identifier		1..1	Identifier	Logical reference, when literal reference is not known
value		1..1	string	Token client ID (client_id)
media		0..0
network	S	0..1	BackboneElement	The client as known by TCP connection information
agent:oUser		0..1	BackboneElement	Actor involved in the event
type		1..1	CodeableConcept	How agent participated Required Pattern: At least the following
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (complex)
system		1..1	uri	Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/v3-ParticipationType
code		1..1	code	Symbol in syntax defined by the system Fixed Value: IRCP
role	S	0..*	CodeableConcept	Agent role in the event
who		1..1	Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)	May be a Resource, but likely just an identifier from the OAuth token
identifier		1..1	Identifier	Logical reference, when literal reference is not known
system	S	0..1	uri	Token Issuer (TOKEN_ISSUER)
value	S	0..1	string	User ID (USER_ID)
display	S	0..1	string	User Name (USER_NAME)
name	S	0..1	string	User Name (USER_NAME)
requestor		1..1	boolean	Whether user is initiator Required Pattern: true
policy		1..1	uri	jti (JWT ID)
media		0..0
network		0..0
purposeOfUse	S	0..*	CodeableConcept	Reason given for this user
Documentation for this format

Key Elements View

Name	Flags	Card.	Type	Description & Constraints
AuditEvent		0..*	AuditEvent	Event record kept for security purposes
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
type	Σ	1..1	Coding	Type/identifier of event Binding: AuditEventID (extensible): Type of event.
recorded	Σ	1..1	instant	Time when the event was recorded
Slices for agent		1..*	BackboneElement	Actor involved in the event Slice: Unordered, Open by pattern:type
agent:All Slices				Content/Rules for all slices
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
requestor	Σ	1..1	boolean	Whether user is initiator
agent:oClient		1..1	BackboneElement	Actor involved in the event
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type		1..1	CodeableConcept	How agent participated Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event. Required Pattern: At least the following
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (complex)
system		1..1	uri	Identity of the terminology system Fixed Value: http://dicom.nema.org/resources/ontology/DCM
code		1..1	code	Symbol in syntax defined by the system Fixed Value: 110150
who	Σ	1..1	Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)	client identifier
identifier	Σ	1..1	Identifier	Logical reference, when literal reference is not known
use	?!Σ	0..1	code	usual | official | temp | secondary | old (If known) Binding: IdentifierUse (required): Identifies the purpose for this identifier, if known .
value	Σ	1..1	string	Token client ID (client_id) Example General: 123456
requestor	Σ	1..1	boolean	Whether user is initiator
network	S	0..1	BackboneElement	The client as known by TCP connection information
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
agent:oUser		0..1	BackboneElement	Actor involved in the event
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type		1..1	CodeableConcept	How agent participated Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event. Required Pattern: At least the following
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (complex)
system		1..1	uri	Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/v3-ParticipationType
code		1..1	code	Symbol in syntax defined by the system Fixed Value: IRCP
role	S	0..*	CodeableConcept	Agent role in the event Binding: SecurityRoleType (example): What security role enabled the agent to participate in the event.
who	Σ	1..1	Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)	May be a Resource, but likely just an identifier from the OAuth token
identifier	Σ	1..1	Identifier	Logical reference, when literal reference is not known
use	?!Σ	0..1	code	usual | official | temp | secondary | old (If known) Binding: IdentifierUse (required): Identifies the purpose for this identifier, if known .
system	SΣ	0..1	uri	Token Issuer (TOKEN_ISSUER) Example General: http://www.acme.com/identifiers/patient
value	SΣ	0..1	string	User ID (USER_ID) Example General: 123456
display	SΣ	0..1	string	User Name (USER_NAME)
name	S	0..1	string	User Name (USER_NAME)
requestor	Σ	1..1	boolean	Whether user is initiator Required Pattern: true
policy		1..1	uri	jti (JWT ID)
purposeOfUse	S	0..*	CodeableConcept	Reason given for this user Binding: PurposeOfUse (extensible): The reason the activity took place.
source		1..1	BackboneElement	Audit Event Reporter
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
observer	Σ	1..1	Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)	The identity of source detecting the event
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet / Code	URI
AuditEvent.type	extensible	AuditEventID http://hl7.org/fhir/ValueSet/audit-event-type from the FHIR Standard
AuditEvent.agent:oClient.type	extensible	Pattern: 110150 http://hl7.org/fhir/ValueSet/participation-role-type from the FHIR Standard
AuditEvent.agent:oClient.who.identifier.use	required	IdentifierUse http://hl7.org/fhir/ValueSet/identifier-use|4.0.1 from the FHIR Standard
AuditEvent.agent:oUser.type	extensible	Pattern: IRCP http://hl7.org/fhir/ValueSet/participation-role-type from the FHIR Standard
AuditEvent.agent:oUser.role	example	SecurityRoleType http://hl7.org/fhir/ValueSet/security-role-type from the FHIR Standard
AuditEvent.agent:oUser.who.identifier.use	required	IdentifierUse http://hl7.org/fhir/ValueSet/identifier-use|4.0.1 from the FHIR Standard
AuditEvent.agent:oUser.purposeOfUse	extensible	PurposeOfUse http://terminology.hl7.org/ValueSet/v3-PurposeOfUse

Snapshot View

Name	Flags	Card.	Type	Description & Constraints
AuditEvent		0..*	AuditEvent	Event record kept for security purposes
id	Σ	0..1	id	Logical id of this artifact
meta	Σ	0..1	Meta	Metadata about the resource
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
language		0..1	code	Language of the resource content Binding: CommonLanguages (preferred): A human language. Additional Bindings Purpose AllLanguages Max Binding
text		0..1	Narrative	Text summary of the resource, for human interpretation
contained		0..*	Resource	Contained, inline Resources
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
type	Σ	1..1	Coding	Type/identifier of event Binding: AuditEventID (extensible): Type of event.
subtype	Σ	0..*	Coding	More specific type/id for the event Binding: AuditEventSub-Type (extensible): Sub-type of event.
action	Σ	0..1	code	Type of action performed during the event Binding: AuditEventAction (required): Indicator for type of action performed during the event that generated the event.
period		0..1	Period	When the activity occurred
recorded	Σ	1..1	instant	Time when the event was recorded
outcome	Σ	0..1	code	Whether the event succeeded or failed Binding: AuditEventOutcome (required): Indicates whether the event succeeded or failed.
outcomeDesc	Σ	0..1	string	Description of the event outcome
purposeOfEvent	Σ	0..*	CodeableConcept	The purposeOfUse of the event Binding: PurposeOfUse (extensible): The reason the activity took place.
Slices for agent		1..*	BackboneElement	Actor involved in the event Slice: Unordered, Open by pattern:type
agent:All Slices				Content/Rules for all slices
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type		0..1	CodeableConcept	How agent participated Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event.
role		0..*	CodeableConcept	Agent role in the event Binding: SecurityRoleType (example): What security role enabled the agent to participate in the event.
who	Σ	0..1	Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)	Identifier of who
altId		0..1	string	Alternative User identity
name		0..1	string	Human friendly name for the agent
requestor	Σ	1..1	boolean	Whether user is initiator
location		0..1	Reference(Location)	Where
policy		0..*	uri	Policy that authorized event
media		0..1	Coding	Type of media Binding: MediaTypeCode (extensible): Used when the event is about exporting/importing onto media.
network		0..1	BackboneElement	Logical network location for application activity
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
address		0..1	string	Identifier for the network access point of the user device
type		0..1	code	The type of network access point Binding: AuditEventAgentNetworkType (required): The type of network access point of this agent in the audit event.
purposeOfUse		0..*	CodeableConcept	Reason given for this user Binding: PurposeOfUse (extensible): The reason the activity took place.
agent:oClient		1..1	BackboneElement	Actor involved in the event
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type		1..1	CodeableConcept	How agent participated Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event. Required Pattern: At least the following
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (complex)
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
system		1..1	uri	Identity of the terminology system Fixed Value: http://dicom.nema.org/resources/ontology/DCM
version		0..1	string	Version of the system - if relevant
code		1..1	code	Symbol in syntax defined by the system Fixed Value: 110150
display		0..1	string	Representation defined by the system
userSelected		0..1	boolean	If this coding was chosen directly by the user
text		0..1	string	Plain text representation of the concept
role		0..*	CodeableConcept	Agent role in the event Binding: SecurityRoleType (example): What security role enabled the agent to participate in the event.
who	Σ	1..1	Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)	client identifier
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url
reference	ΣC	0..1	string	Literal reference, Relative, internal or absolute URL
type	Σ	0..1	uri	Type the reference refers to (e.g. "Patient") Binding: ResourceType (extensible): Aa resource (or, for logical models, the URI of the logical model).
identifier	Σ	1..1	Identifier	Logical reference, when literal reference is not known
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url
use	?!Σ	0..1	code	usual | official | temp | secondary | old (If known) Binding: IdentifierUse (required): Identifies the purpose for this identifier, if known .
type	Σ	0..1	CodeableConcept	Description of identifier Binding: Identifier Type Codes (extensible): A coded type for an identifier that can be used to determine which identifier to use for a specific purpose.
system	Σ	0..1	uri	The namespace for the identifier value Example General: http://www.acme.com/identifiers/patient
value	Σ	1..1	string	Token client ID (client_id) Example General: 123456
period	Σ	0..1	Period	Time period when id is/was valid for use
assigner	Σ	0..1	Reference(Organization)	Organization that issued id (may be just text)
display	Σ	0..1	string	Text alternative for the resource
altId		0..1	string	Alternative User identity
name		0..1	string	Human friendly name for the agent
requestor	Σ	1..1	boolean	Whether user is initiator
location		0..1	Reference(Location)	Where
policy		0..*	uri	Policy that authorized event
network	S	0..1	BackboneElement	The client as known by TCP connection information
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
address		0..1	string	Identifier for the network access point of the user device
type		0..1	code	The type of network access point Binding: AuditEventAgentNetworkType (required): The type of network access point of this agent in the audit event.
purposeOfUse		0..*	CodeableConcept	Reason given for this user Binding: PurposeOfUse (extensible): The reason the activity took place.
agent:oUser		0..1	BackboneElement	Actor involved in the event
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type		1..1	CodeableConcept	How agent participated Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event. Required Pattern: At least the following
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (complex)
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
system		1..1	uri	Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/v3-ParticipationType
version		0..1	string	Version of the system - if relevant
code		1..1	code	Symbol in syntax defined by the system Fixed Value: IRCP
display		0..1	string	Representation defined by the system
userSelected		0..1	boolean	If this coding was chosen directly by the user
text		0..1	string	Plain text representation of the concept
role	S	0..*	CodeableConcept	Agent role in the event Binding: SecurityRoleType (example): What security role enabled the agent to participate in the event.
who	Σ	1..1	Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)	May be a Resource, but likely just an identifier from the OAuth token
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url
reference	ΣC	0..1	string	Literal reference, Relative, internal or absolute URL
type	Σ	0..1	uri	Type the reference refers to (e.g. "Patient") Binding: ResourceType (extensible): Aa resource (or, for logical models, the URI of the logical model).
identifier	Σ	1..1	Identifier	Logical reference, when literal reference is not known
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url
use	?!Σ	0..1	code	usual | official | temp | secondary | old (If known) Binding: IdentifierUse (required): Identifies the purpose for this identifier, if known .
type	Σ	0..1	CodeableConcept	Description of identifier Binding: Identifier Type Codes (extensible): A coded type for an identifier that can be used to determine which identifier to use for a specific purpose.
system	SΣ	0..1	uri	Token Issuer (TOKEN_ISSUER) Example General: http://www.acme.com/identifiers/patient
value	SΣ	0..1	string	User ID (USER_ID) Example General: 123456
period	Σ	0..1	Period	Time period when id is/was valid for use
assigner	Σ	0..1	Reference(Organization)	Organization that issued id (may be just text)
display	SΣ	0..1	string	User Name (USER_NAME)
altId		0..1	string	Alternative User identity
name	S	0..1	string	User Name (USER_NAME)
requestor	Σ	1..1	boolean	Whether user is initiator Required Pattern: true
location		0..1	Reference(Location)	Where
policy		1..1	uri	jti (JWT ID)
purposeOfUse	S	0..*	CodeableConcept	Reason given for this user Binding: PurposeOfUse (extensible): The reason the activity took place.
source		1..1	BackboneElement	Audit Event Reporter
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
site		0..1	string	Logical source location within the enterprise
observer	Σ	1..1	Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)	The identity of source detecting the event
type		0..*	Coding	The type of source where event originated Binding: AuditEventSourceType (extensible): Code specifying the type of system that detected and recorded the event.
entity	C	0..*	BackboneElement	Data or objects used
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
what	Σ	0..1	Reference(Resource)	Specific instance of resource
type		0..1	Coding	Type of entity involved Binding: AuditEventEntityType (extensible): Code for the entity type involved in the audit event.
role		0..1	Coding	What role the entity played Binding: AuditEventEntityRole (extensible): Code representing the role the entity played in the audit event.
lifecycle		0..1	Coding	Life-cycle stage for the entity Binding: ObjectLifecycleEvents (extensible): Identifier for the data life-cycle stage for the entity.
securityLabel		0..*	Coding	Security labels on the entity Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.
name	ΣC	0..1	string	Descriptor for entity
description		0..1	string	Descriptive text
query	ΣC	0..1	base64Binary	Query parameters
detail		0..*	BackboneElement	Additional Information about the entity
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type		1..1	string	Name of the property
value[x]		1..1		Property value
valueString			string
valueBase64Binary			base64Binary
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet / Code	URI
AuditEvent.language	preferred	CommonLanguages Additional Bindings Purpose AllLanguages Max Binding http://hl7.org/fhir/ValueSet/languages from the FHIR Standard
AuditEvent.type	extensible	AuditEventID http://hl7.org/fhir/ValueSet/audit-event-type from the FHIR Standard
AuditEvent.subtype	extensible	AuditEventSub-Type http://hl7.org/fhir/ValueSet/audit-event-sub-type from the FHIR Standard
AuditEvent.action	required	AuditEventAction http://hl7.org/fhir/ValueSet/audit-event-action|4.0.1 from the FHIR Standard
AuditEvent.outcome	required	AuditEventOutcome http://hl7.org/fhir/ValueSet/audit-event-outcome|4.0.1 from the FHIR Standard
AuditEvent.purposeOfEvent	extensible	PurposeOfUse http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
AuditEvent.agent.type	extensible	ParticipationRoleType http://hl7.org/fhir/ValueSet/participation-role-type from the FHIR Standard
AuditEvent.agent.role	example	SecurityRoleType http://hl7.org/fhir/ValueSet/security-role-type from the FHIR Standard
AuditEvent.agent.media	extensible	MediaTypeCode http://hl7.org/fhir/ValueSet/dicm-405-mediatype from the FHIR Standard
AuditEvent.agent.network.type	required	AuditEventAgentNetworkType http://hl7.org/fhir/ValueSet/network-type|4.0.1 from the FHIR Standard
AuditEvent.agent.purposeOfUse	extensible	PurposeOfUse http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
AuditEvent.agent:oClient.type	extensible	Pattern: 110150 http://hl7.org/fhir/ValueSet/participation-role-type from the FHIR Standard
AuditEvent.agent:oClient.role	example	SecurityRoleType http://hl7.org/fhir/ValueSet/security-role-type from the FHIR Standard
AuditEvent.agent:oClient.who.type	extensible	ResourceType http://hl7.org/fhir/ValueSet/resource-types
AuditEvent.agent:oClient.who.identifier.use	required	IdentifierUse http://hl7.org/fhir/ValueSet/identifier-use|4.0.1 from the FHIR Standard
AuditEvent.agent:oClient.who.identifier.type	extensible	Identifier Type Codes http://hl7.org/fhir/ValueSet/identifier-type from the FHIR Standard
AuditEvent.agent:oClient.network.type	required	AuditEventAgentNetworkType http://hl7.org/fhir/ValueSet/network-type|4.0.1 from the FHIR Standard
AuditEvent.agent:oClient.purposeOfUse	extensible	PurposeOfUse http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
AuditEvent.agent:oUser.type	extensible	Pattern: IRCP http://hl7.org/fhir/ValueSet/participation-role-type from the FHIR Standard
AuditEvent.agent:oUser.role	example	SecurityRoleType http://hl7.org/fhir/ValueSet/security-role-type from the FHIR Standard
AuditEvent.agent:oUser.who.type	extensible	ResourceType http://hl7.org/fhir/ValueSet/resource-types
AuditEvent.agent:oUser.who.identifier.use	required	IdentifierUse http://hl7.org/fhir/ValueSet/identifier-use|4.0.1 from the FHIR Standard
AuditEvent.agent:oUser.who.identifier.type	extensible	Identifier Type Codes http://hl7.org/fhir/ValueSet/identifier-type from the FHIR Standard
AuditEvent.agent:oUser.network.type	required	AuditEventAgentNetworkType http://hl7.org/fhir/ValueSet/network-type|4.0.1 from the FHIR Standard
AuditEvent.agent:oUser.purposeOfUse	extensible	PurposeOfUse http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
AuditEvent.source.type	extensible	AuditEventSourceType http://hl7.org/fhir/ValueSet/audit-source-type from the FHIR Standard
AuditEvent.entity.type	extensible	AuditEventEntityType http://hl7.org/fhir/ValueSet/audit-entity-type from the FHIR Standard
AuditEvent.entity.role	extensible	AuditEventEntityRole http://hl7.org/fhir/ValueSet/object-role from the FHIR Standard
AuditEvent.entity.lifecycle	extensible	ObjectLifecycleEvents http://hl7.org/fhir/ValueSet/object-lifecycle-events from the FHIR Standard
AuditEvent.entity.securityLabel	extensible	All Security Labels http://hl7.org/fhir/ValueSet/security-labels from the FHIR Standard

This structure is derived from AuditEvent

Summary

Mandatory: 5 elements (4 nested mandatory elements)
Must-Support: 7 elements
Prohibited: 3 elements

Slices

This structure defines the following Slices:

• The element AuditEvent.agent is sliced based on the value of pattern:type