Basic Audit Log Patterns (BALP)
1.1.1 - Trial-Implementation International flag

This page is part of the IHE Basic Audit Log Patterns (BALP) (v1.1.1: Trial Implementation) based on FHIR R4. This is the current published version. For a full list of available versions, see the Directory of published versions

Resource Profile: Basic AuditEvent pattern for when an activity was authorized by an SAML access token Minimal

Official URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/IHE.BasicAudit.SAMLaccessTokenUse.Minimal Version: 1.1.1
Active as of 2022-10-21 Computable Name: SAMLaccessTokenUseMinimal

A basic AuditEvent profile for when an activity was authorized by an SAML access token. This profile is expected to be used with some other detail that explains the activity. This profile only covers the SAML access token.

  • Given an activity has occurred
  • And SAML is used to authorize a transaction
  • And the given activity is using the SAML
    • XUA
    • SAML requires ID and Issuer, so this profile of AuditEvent will work with any SAML token.
    • usually SOAP, but not limited to SOAP
  • When an AuditEvent is recorded for the activity
  • Presumes that the consent and server have been identified in agent elements, best case with certificate identities
  • Then that AuditEvent would follow this profile regarding recording the SAML access token details

The following table uses a short-hand for the SAML fields and FHIR AuditEvent elements to keep the table compact. It is presumed the reader can understand the SAML field and the FHIR AuditEvent element given. Note the ~ character represents attributes under the SAML AttributeStatement.

SAML field Minimal AuditEvent
ID agent[user].policy
Issuer agent[user].who.identifier.system
Subject.NameID agent[user].who.identifier.value
~subject:purposeofuse agent[user].purposeOfUse

note: this profile records minimal information from the SAML access token, which presumes that use of the AuditEvent at a later time will be able to resolve the given information.

Usage:

Formal Views of Profile Content

Description of Profiles, Differentials, Snapshots and how the different presentations work.

This structure is derived from AuditEvent

NameFlagsCard.TypeDescription & Constraintsdoco
.. AuditEvent 0..*AuditEventEvent record kept for security purposes
... Slices for agent 1..*BackboneElementActor involved in the event
Slice: Unordered, Open by pattern:type
.... agent:All Slices Content/Rules for all slices
..... Slices for extension 0..*ExtensionExtension
Slice: Unordered, Open by value:url
..... assuranceLevel S0..*CodeableConceptAuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
..... otherId S0..*IdentifierAuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
.... agent:user 1..*BackboneElementActor involved in the event
..... assuranceLevel S0..*CodeableConceptAuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
..... otherId S0..*IdentifierAuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
..... type 1..1CodeableConceptHow agent participated
Required Pattern: At least the following
...... coding1..*CodingCode defined by a terminology system
Fixed Value: (complex)
....... system1..1uriIdentity of the terminology system
Fixed Value: https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes
....... code1..1codeSymbol in syntax defined by the system
Fixed Value: UserSamlAgent
..... who 1..1Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)Identifier of who
...... identifier
....... system S0..1uriSAML Issuer
....... value S1..1stringSAML Subject.NameID
..... requestor 1..1booleanWhether user is initiator
Required Pattern: true
..... policy S1..1uriSAML token ID
..... media 0..0
..... network 0..0
..... purposeOfUse S0..*CodeableConceptSAML subject:purposeofuse

doco Documentation for this format
NameFlagsCard.TypeDescription & Constraintsdoco
.. AuditEvent 0..*AuditEventEvent record kept for security purposes
... implicitRules ?!Σ0..1uriA set of rules under which this content was created
... modifierExtension ?!0..*ExtensionExtensions that cannot be ignored
... type Σ1..1CodingType/identifier of event
Binding: AuditEventID (extensible): Type of event.

... recorded Σ1..1instantTime when the event was recorded
... Slices for agent 1..*BackboneElementActor involved in the event
Slice: Unordered, Open by pattern:type
.... agent:All Slices Content/Rules for all slices
..... Slices for extension 0..*ExtensionExtension
Slice: Unordered, Open by value:url
..... assuranceLevel S0..*CodeableConceptAuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
..... otherId S0..*IdentifierAuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
..... requestor Σ1..1booleanWhether user is initiator
.... agent:user 1..*BackboneElementActor involved in the event
..... assuranceLevel S0..*CodeableConceptAuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
..... otherId S0..*IdentifierAuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
..... type 1..1CodeableConceptHow agent participated
Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event.


Required Pattern: At least the following
...... coding1..*CodingCode defined by a terminology system
Fixed Value: (complex)
....... system1..1uriIdentity of the terminology system
Fixed Value: https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes
....... code1..1codeSymbol in syntax defined by the system
Fixed Value: UserSamlAgent
..... who Σ1..1Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)Identifier of who
...... identifier Σ0..1IdentifierLogical reference, when literal reference is not known
....... use ?!Σ0..1codeusual | official | temp | secondary | old (If known)
Binding: IdentifierUse (required): Identifies the purpose for this identifier, if known .

....... system SΣ0..1uriSAML Issuer
Example General: http://www.acme.com/identifiers/patient
....... value SΣ1..1stringSAML Subject.NameID
Example General: 123456
..... requestor Σ1..1booleanWhether user is initiator
Required Pattern: true
..... policy S1..1uriSAML token ID
..... purposeOfUse S0..*CodeableConceptSAML subject:purposeofuse
Binding: PurposeOfUse (extensible): The reason the activity took place.


... source 1..1BackboneElementAudit Event Reporter
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
.... observer Σ1..1Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)The identity of source detecting the event

doco Documentation for this format

Terminology Bindings

PathConformanceValueSet / Code
AuditEvent.typeextensibleAuditEventID
AuditEvent.agent:user.typeextensiblePattern: UserSamlAgent
AuditEvent.agent:user.who.identifier.userequiredIdentifierUse
AuditEvent.agent:user.purposeOfUseextensiblePurposeOfUse
NameFlagsCard.TypeDescription & Constraintsdoco
.. AuditEvent 0..*AuditEventEvent record kept for security purposes
... id Σ0..1idLogical id of this artifact
... meta Σ0..1MetaMetadata about the resource
... implicitRules ?!Σ0..1uriA set of rules under which this content was created
... language 0..1codeLanguage of the resource content
Binding: CommonLanguages (preferred): A human language.

Additional BindingsPurpose
AllLanguagesMax Binding
... text 0..1NarrativeText summary of the resource, for human interpretation
... contained 0..*ResourceContained, inline Resources
... extension 0..*ExtensionAdditional content defined by implementations
... modifierExtension ?!0..*ExtensionExtensions that cannot be ignored
... type Σ1..1CodingType/identifier of event
Binding: AuditEventID (extensible): Type of event.

... subtype Σ0..*CodingMore specific type/id for the event
Binding: AuditEventSub-Type (extensible): Sub-type of event.


... action Σ0..1codeType of action performed during the event
Binding: AuditEventAction (required): Indicator for type of action performed during the event that generated the event.

... period 0..1PeriodWhen the activity occurred
... recorded Σ1..1instantTime when the event was recorded
... outcome Σ0..1codeWhether the event succeeded or failed
Binding: AuditEventOutcome (required): Indicates whether the event succeeded or failed.

... outcomeDesc Σ0..1stringDescription of the event outcome
... purposeOfEvent Σ0..*CodeableConceptThe purposeOfUse of the event
Binding: PurposeOfUse (extensible): The reason the activity took place.


... Slices for agent 1..*BackboneElementActor involved in the event
Slice: Unordered, Open by pattern:type
.... agent:All Slices Content/Rules for all slices
..... id 0..1stringUnique id for inter-element referencing
..... Slices for extension 0..*ExtensionExtension
Slice: Unordered, Open by value:url
..... assuranceLevel S0..*CodeableConceptAuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
..... otherId S0..*IdentifierAuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
..... type 0..1CodeableConceptHow agent participated
Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event.

..... role 0..*CodeableConceptAgent role in the event
Binding: SecurityRoleType (example): What security role enabled the agent to participate in the event.


..... who Σ0..1Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)Identifier of who
..... altId 0..1stringAlternative User identity
..... name 0..1stringHuman friendly name for the agent
..... requestor Σ1..1booleanWhether user is initiator
..... location 0..1Reference(Location)Where
..... policy 0..*uriPolicy that authorized event
..... media 0..1CodingType of media
Binding: MediaTypeCode (extensible): Used when the event is about exporting/importing onto media.

..... network 0..1BackboneElementLogical network location for application activity
...... id 0..1stringUnique id for inter-element referencing
...... extension 0..*ExtensionAdditional content defined by implementations
...... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
...... address 0..1stringIdentifier for the network access point of the user device
...... type 0..1codeThe type of network access point
Binding: AuditEventAgentNetworkType (required): The type of network access point of this agent in the audit event.

..... purposeOfUse 0..*CodeableConceptReason given for this user
Binding: PurposeOfUse (extensible): The reason the activity took place.


.... agent:user 1..*BackboneElementActor involved in the event
..... id 0..1stringUnique id for inter-element referencing
..... Slices for extension 0..*ExtensionExtension
Slice: Unordered, Open by value:url
..... assuranceLevel S0..*CodeableConceptAuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
..... otherId S0..*IdentifierAuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
..... type 1..1CodeableConceptHow agent participated
Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event.


Required Pattern: At least the following
...... id0..1idUnique id for inter-element referencing
...... extension0..*ExtensionAdditional content defined by implementations
...... coding1..*CodingCode defined by a terminology system
Fixed Value: (complex)
....... id0..1idUnique id for inter-element referencing
....... extension0..*ExtensionAdditional content defined by implementations
....... system1..1uriIdentity of the terminology system
Fixed Value: https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes
....... version0..1stringVersion of the system - if relevant
....... code1..1codeSymbol in syntax defined by the system
Fixed Value: UserSamlAgent
....... display0..1stringRepresentation defined by the system
....... userSelected0..1booleanIf this coding was chosen directly by the user
...... text0..1stringPlain text representation of the concept
..... role 0..*CodeableConceptAgent role in the event
Binding: SecurityRoleType (example): What security role enabled the agent to participate in the event.


..... who Σ1..1Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)Identifier of who
...... id 0..1stringUnique id for inter-element referencing
...... extension 0..*ExtensionAdditional content defined by implementations
Slice: Unordered, Open by value:url
...... reference ΣC0..1stringLiteral reference, Relative, internal or absolute URL
...... type Σ0..1uriType the reference refers to (e.g. "Patient")
Binding: ResourceType (extensible): Aa resource (or, for logical models, the URI of the logical model).

...... identifier Σ0..1IdentifierLogical reference, when literal reference is not known
....... id 0..1stringUnique id for inter-element referencing
....... extension 0..*ExtensionAdditional content defined by implementations
Slice: Unordered, Open by value:url
....... use ?!Σ0..1codeusual | official | temp | secondary | old (If known)
Binding: IdentifierUse (required): Identifies the purpose for this identifier, if known .

....... type Σ0..1CodeableConceptDescription of identifier
Binding: Identifier Type Codes (extensible): A coded type for an identifier that can be used to determine which identifier to use for a specific purpose.

....... system SΣ0..1uriSAML Issuer
Example General: http://www.acme.com/identifiers/patient
....... value SΣ1..1stringSAML Subject.NameID
Example General: 123456
....... period Σ0..1PeriodTime period when id is/was valid for use
....... assigner Σ0..1Reference(Organization)Organization that issued id (may be just text)
...... display Σ0..1stringText alternative for the resource
..... altId 0..1stringAlternative User identity
..... name 0..1stringHuman friendly name for the agent
..... requestor Σ1..1booleanWhether user is initiator
Required Pattern: true
..... location 0..1Reference(Location)Where
..... policy S1..1uriSAML token ID
..... purposeOfUse S0..*CodeableConceptSAML subject:purposeofuse
Binding: PurposeOfUse (extensible): The reason the activity took place.


... source 1..1BackboneElementAudit Event Reporter
.... id 0..1stringUnique id for inter-element referencing
.... extension 0..*ExtensionAdditional content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
.... site 0..1stringLogical source location within the enterprise
.... observer Σ1..1Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)The identity of source detecting the event
.... type 0..*CodingThe type of source where event originated
Binding: AuditEventSourceType (extensible): Code specifying the type of system that detected and recorded the event.


... entity C0..*BackboneElementData or objects used
.... id 0..1stringUnique id for inter-element referencing
.... extension 0..*ExtensionAdditional content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
.... what Σ0..1Reference(Resource)Specific instance of resource
.... type 0..1CodingType of entity involved
Binding: AuditEventEntityType (extensible): Code for the entity type involved in the audit event.

.... role 0..1CodingWhat role the entity played
Binding: AuditEventEntityRole (extensible): Code representing the role the entity played in the audit event.

.... lifecycle 0..1CodingLife-cycle stage for the entity
Binding: ObjectLifecycleEvents (extensible): Identifier for the data life-cycle stage for the entity.

.... securityLabel 0..*CodingSecurity labels on the entity
Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.


.... name ΣC0..1stringDescriptor for entity
.... description 0..1stringDescriptive text
.... query ΣC0..1base64BinaryQuery parameters
.... detail 0..*BackboneElementAdditional Information about the entity
..... id 0..1stringUnique id for inter-element referencing
..... extension 0..*ExtensionAdditional content defined by implementations
..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
..... type 1..1stringName of the property
..... value[x] 1..1Property value
...... valueStringstring
...... valueBase64Binarybase64Binary

doco Documentation for this format

Terminology Bindings

PathConformanceValueSet / Code
AuditEvent.languagepreferredCommonLanguages
Additional Bindings Purpose
AllLanguages Max Binding
AuditEvent.typeextensibleAuditEventID
AuditEvent.subtypeextensibleAuditEventSub-Type
AuditEvent.actionrequiredAuditEventAction
AuditEvent.outcomerequiredAuditEventOutcome
AuditEvent.purposeOfEventextensiblePurposeOfUse
AuditEvent.agent.typeextensibleParticipationRoleType
AuditEvent.agent.roleexampleSecurityRoleType
AuditEvent.agent.mediaextensibleMediaTypeCode
AuditEvent.agent.network.typerequiredAuditEventAgentNetworkType
AuditEvent.agent.purposeOfUseextensiblePurposeOfUse
AuditEvent.agent:user.typeextensiblePattern: UserSamlAgent
AuditEvent.agent:user.roleexampleSecurityRoleType
AuditEvent.agent:user.who.typeextensibleResourceType
AuditEvent.agent:user.who.identifier.userequiredIdentifierUse
AuditEvent.agent:user.who.identifier.typeextensibleIdentifier Type Codes
AuditEvent.agent:user.network.typerequiredAuditEventAgentNetworkType
AuditEvent.agent:user.purposeOfUseextensiblePurposeOfUse
AuditEvent.source.typeextensibleAuditEventSourceType
AuditEvent.entity.typeextensibleAuditEventEntityType
AuditEvent.entity.roleextensibleAuditEventEntityRole
AuditEvent.entity.lifecycleextensibleObjectLifecycleEvents
AuditEvent.entity.securityLabelextensibleAll Security Labels

This structure is derived from AuditEvent

Summary

Mandatory: 4 elements (1 nested mandatory element)
Must-Support: 8 elements
Prohibited: 2 elements

Extensions

This structure refers to these extensions:

Slices

This structure defines the following Slices:

  • The element AuditEvent.agent is sliced based on the value of pattern:type

Differential View

This structure is derived from AuditEvent

NameFlagsCard.TypeDescription & Constraintsdoco
.. AuditEvent 0..*AuditEventEvent record kept for security purposes
... Slices for agent 1..*BackboneElementActor involved in the event
Slice: Unordered, Open by pattern:type
.... agent:All Slices Content/Rules for all slices
..... Slices for extension 0..*ExtensionExtension
Slice: Unordered, Open by value:url
..... assuranceLevel S0..*CodeableConceptAuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
..... otherId S0..*IdentifierAuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
.... agent:user 1..*BackboneElementActor involved in the event
..... assuranceLevel S0..*CodeableConceptAuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
..... otherId S0..*IdentifierAuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
..... type 1..1CodeableConceptHow agent participated
Required Pattern: At least the following
...... coding1..*CodingCode defined by a terminology system
Fixed Value: (complex)
....... system1..1uriIdentity of the terminology system
Fixed Value: https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes
....... code1..1codeSymbol in syntax defined by the system
Fixed Value: UserSamlAgent
..... who 1..1Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)Identifier of who
...... identifier
....... system S0..1uriSAML Issuer
....... value S1..1stringSAML Subject.NameID
..... requestor 1..1booleanWhether user is initiator
Required Pattern: true
..... policy S1..1uriSAML token ID
..... media 0..0
..... network 0..0
..... purposeOfUse S0..*CodeableConceptSAML subject:purposeofuse

doco Documentation for this format

Key Elements View

NameFlagsCard.TypeDescription & Constraintsdoco
.. AuditEvent 0..*AuditEventEvent record kept for security purposes
... implicitRules ?!Σ0..1uriA set of rules under which this content was created
... modifierExtension ?!0..*ExtensionExtensions that cannot be ignored
... type Σ1..1CodingType/identifier of event
Binding: AuditEventID (extensible): Type of event.

... recorded Σ1..1instantTime when the event was recorded
... Slices for agent 1..*BackboneElementActor involved in the event
Slice: Unordered, Open by pattern:type
.... agent:All Slices Content/Rules for all slices
..... Slices for extension 0..*ExtensionExtension
Slice: Unordered, Open by value:url
..... assuranceLevel S0..*CodeableConceptAuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
..... otherId S0..*IdentifierAuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
..... requestor Σ1..1booleanWhether user is initiator
.... agent:user 1..*BackboneElementActor involved in the event
..... assuranceLevel S0..*CodeableConceptAuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
..... otherId S0..*IdentifierAuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
..... type 1..1CodeableConceptHow agent participated
Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event.


Required Pattern: At least the following
...... coding1..*CodingCode defined by a terminology system
Fixed Value: (complex)
....... system1..1uriIdentity of the terminology system
Fixed Value: https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes
....... code1..1codeSymbol in syntax defined by the system
Fixed Value: UserSamlAgent
..... who Σ1..1Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)Identifier of who
...... identifier Σ0..1IdentifierLogical reference, when literal reference is not known
....... use ?!Σ0..1codeusual | official | temp | secondary | old (If known)
Binding: IdentifierUse (required): Identifies the purpose for this identifier, if known .

....... system SΣ0..1uriSAML Issuer
Example General: http://www.acme.com/identifiers/patient
....... value SΣ1..1stringSAML Subject.NameID
Example General: 123456
..... requestor Σ1..1booleanWhether user is initiator
Required Pattern: true
..... policy S1..1uriSAML token ID
..... purposeOfUse S0..*CodeableConceptSAML subject:purposeofuse
Binding: PurposeOfUse (extensible): The reason the activity took place.


... source 1..1BackboneElementAudit Event Reporter
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
.... observer Σ1..1Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)The identity of source detecting the event

doco Documentation for this format

Terminology Bindings

PathConformanceValueSet / Code
AuditEvent.typeextensibleAuditEventID
AuditEvent.agent:user.typeextensiblePattern: UserSamlAgent
AuditEvent.agent:user.who.identifier.userequiredIdentifierUse
AuditEvent.agent:user.purposeOfUseextensiblePurposeOfUse

Snapshot View

NameFlagsCard.TypeDescription & Constraintsdoco
.. AuditEvent 0..*AuditEventEvent record kept for security purposes
... id Σ0..1idLogical id of this artifact
... meta Σ0..1MetaMetadata about the resource
... implicitRules ?!Σ0..1uriA set of rules under which this content was created
... language 0..1codeLanguage of the resource content
Binding: CommonLanguages (preferred): A human language.

Additional BindingsPurpose
AllLanguagesMax Binding
... text 0..1NarrativeText summary of the resource, for human interpretation
... contained 0..*ResourceContained, inline Resources
... extension 0..*ExtensionAdditional content defined by implementations
... modifierExtension ?!0..*ExtensionExtensions that cannot be ignored
... type Σ1..1CodingType/identifier of event
Binding: AuditEventID (extensible): Type of event.

... subtype Σ0..*CodingMore specific type/id for the event
Binding: AuditEventSub-Type (extensible): Sub-type of event.


... action Σ0..1codeType of action performed during the event
Binding: AuditEventAction (required): Indicator for type of action performed during the event that generated the event.

... period 0..1PeriodWhen the activity occurred
... recorded Σ1..1instantTime when the event was recorded
... outcome Σ0..1codeWhether the event succeeded or failed
Binding: AuditEventOutcome (required): Indicates whether the event succeeded or failed.

... outcomeDesc Σ0..1stringDescription of the event outcome
... purposeOfEvent Σ0..*CodeableConceptThe purposeOfUse of the event
Binding: PurposeOfUse (extensible): The reason the activity took place.


... Slices for agent 1..*BackboneElementActor involved in the event
Slice: Unordered, Open by pattern:type
.... agent:All Slices Content/Rules for all slices
..... id 0..1stringUnique id for inter-element referencing
..... Slices for extension 0..*ExtensionExtension
Slice: Unordered, Open by value:url
..... assuranceLevel S0..*CodeableConceptAuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
..... otherId S0..*IdentifierAuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
..... type 0..1CodeableConceptHow agent participated
Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event.

..... role 0..*CodeableConceptAgent role in the event
Binding: SecurityRoleType (example): What security role enabled the agent to participate in the event.


..... who Σ0..1Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)Identifier of who
..... altId 0..1stringAlternative User identity
..... name 0..1stringHuman friendly name for the agent
..... requestor Σ1..1booleanWhether user is initiator
..... location 0..1Reference(Location)Where
..... policy 0..*uriPolicy that authorized event
..... media 0..1CodingType of media
Binding: MediaTypeCode (extensible): Used when the event is about exporting/importing onto media.

..... network 0..1BackboneElementLogical network location for application activity
...... id 0..1stringUnique id for inter-element referencing
...... extension 0..*ExtensionAdditional content defined by implementations
...... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
...... address 0..1stringIdentifier for the network access point of the user device
...... type 0..1codeThe type of network access point
Binding: AuditEventAgentNetworkType (required): The type of network access point of this agent in the audit event.

..... purposeOfUse 0..*CodeableConceptReason given for this user
Binding: PurposeOfUse (extensible): The reason the activity took place.


.... agent:user 1..*BackboneElementActor involved in the event
..... id 0..1stringUnique id for inter-element referencing
..... Slices for extension 0..*ExtensionExtension
Slice: Unordered, Open by value:url
..... assuranceLevel S0..*CodeableConceptAuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
..... otherId S0..*IdentifierAuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
..... type 1..1CodeableConceptHow agent participated
Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event.


Required Pattern: At least the following
...... id0..1idUnique id for inter-element referencing
...... extension0..*ExtensionAdditional content defined by implementations
...... coding1..*CodingCode defined by a terminology system
Fixed Value: (complex)
....... id0..1idUnique id for inter-element referencing
....... extension0..*ExtensionAdditional content defined by implementations
....... system1..1uriIdentity of the terminology system
Fixed Value: https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes
....... version0..1stringVersion of the system - if relevant
....... code1..1codeSymbol in syntax defined by the system
Fixed Value: UserSamlAgent
....... display0..1stringRepresentation defined by the system
....... userSelected0..1booleanIf this coding was chosen directly by the user
...... text0..1stringPlain text representation of the concept
..... role 0..*CodeableConceptAgent role in the event
Binding: SecurityRoleType (example): What security role enabled the agent to participate in the event.


..... who Σ1..1Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)Identifier of who
...... id 0..1stringUnique id for inter-element referencing
...... extension 0..*ExtensionAdditional content defined by implementations
Slice: Unordered, Open by value:url
...... reference ΣC0..1stringLiteral reference, Relative, internal or absolute URL
...... type Σ0..1uriType the reference refers to (e.g. "Patient")
Binding: ResourceType (extensible): Aa resource (or, for logical models, the URI of the logical model).

...... identifier Σ0..1IdentifierLogical reference, when literal reference is not known
....... id 0..1stringUnique id for inter-element referencing
....... extension 0..*ExtensionAdditional content defined by implementations
Slice: Unordered, Open by value:url
....... use ?!Σ0..1codeusual | official | temp | secondary | old (If known)
Binding: IdentifierUse (required): Identifies the purpose for this identifier, if known .

....... type Σ0..1CodeableConceptDescription of identifier
Binding: Identifier Type Codes (extensible): A coded type for an identifier that can be used to determine which identifier to use for a specific purpose.

....... system SΣ0..1uriSAML Issuer
Example General: http://www.acme.com/identifiers/patient
....... value SΣ1..1stringSAML Subject.NameID
Example General: 123456
....... period Σ0..1PeriodTime period when id is/was valid for use
....... assigner Σ0..1Reference(Organization)Organization that issued id (may be just text)
...... display Σ0..1stringText alternative for the resource
..... altId 0..1stringAlternative User identity
..... name 0..1stringHuman friendly name for the agent
..... requestor Σ1..1booleanWhether user is initiator
Required Pattern: true
..... location 0..1Reference(Location)Where
..... policy S1..1uriSAML token ID
..... purposeOfUse S0..*CodeableConceptSAML subject:purposeofuse
Binding: PurposeOfUse (extensible): The reason the activity took place.


... source 1..1BackboneElementAudit Event Reporter
.... id 0..1stringUnique id for inter-element referencing
.... extension 0..*ExtensionAdditional content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
.... site 0..1stringLogical source location within the enterprise
.... observer Σ1..1Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)The identity of source detecting the event
.... type 0..*CodingThe type of source where event originated
Binding: AuditEventSourceType (extensible): Code specifying the type of system that detected and recorded the event.


... entity C0..*BackboneElementData or objects used
.... id 0..1stringUnique id for inter-element referencing
.... extension 0..*ExtensionAdditional content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
.... what Σ0..1Reference(Resource)Specific instance of resource
.... type 0..1CodingType of entity involved
Binding: AuditEventEntityType (extensible): Code for the entity type involved in the audit event.

.... role 0..1CodingWhat role the entity played
Binding: AuditEventEntityRole (extensible): Code representing the role the entity played in the audit event.

.... lifecycle 0..1CodingLife-cycle stage for the entity
Binding: ObjectLifecycleEvents (extensible): Identifier for the data life-cycle stage for the entity.

.... securityLabel 0..*CodingSecurity labels on the entity
Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.


.... name ΣC0..1stringDescriptor for entity
.... description 0..1stringDescriptive text
.... query ΣC0..1base64BinaryQuery parameters
.... detail 0..*BackboneElementAdditional Information about the entity
..... id 0..1stringUnique id for inter-element referencing
..... extension 0..*ExtensionAdditional content defined by implementations
..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
..... type 1..1stringName of the property
..... value[x] 1..1Property value
...... valueStringstring
...... valueBase64Binarybase64Binary

doco Documentation for this format

Terminology Bindings

PathConformanceValueSet / Code
AuditEvent.languagepreferredCommonLanguages
Additional Bindings Purpose
AllLanguages Max Binding
AuditEvent.typeextensibleAuditEventID
AuditEvent.subtypeextensibleAuditEventSub-Type
AuditEvent.actionrequiredAuditEventAction
AuditEvent.outcomerequiredAuditEventOutcome
AuditEvent.purposeOfEventextensiblePurposeOfUse
AuditEvent.agent.typeextensibleParticipationRoleType
AuditEvent.agent.roleexampleSecurityRoleType
AuditEvent.agent.mediaextensibleMediaTypeCode
AuditEvent.agent.network.typerequiredAuditEventAgentNetworkType
AuditEvent.agent.purposeOfUseextensiblePurposeOfUse
AuditEvent.agent:user.typeextensiblePattern: UserSamlAgent
AuditEvent.agent:user.roleexampleSecurityRoleType
AuditEvent.agent:user.who.typeextensibleResourceType
AuditEvent.agent:user.who.identifier.userequiredIdentifierUse
AuditEvent.agent:user.who.identifier.typeextensibleIdentifier Type Codes
AuditEvent.agent:user.network.typerequiredAuditEventAgentNetworkType
AuditEvent.agent:user.purposeOfUseextensiblePurposeOfUse
AuditEvent.source.typeextensibleAuditEventSourceType
AuditEvent.entity.typeextensibleAuditEventEntityType
AuditEvent.entity.roleextensibleAuditEventEntityRole
AuditEvent.entity.lifecycleextensibleObjectLifecycleEvents
AuditEvent.entity.securityLabelextensibleAll Security Labels

This structure is derived from AuditEvent

Summary

Mandatory: 4 elements (1 nested mandatory element)
Must-Support: 8 elements
Prohibited: 2 elements

Extensions

This structure refers to these extensions:

Slices

This structure defines the following Slices:

  • The element AuditEvent.agent is sliced based on the value of pattern:type

 

Other representations of profile: CSV, Excel, Schematron