Basic Audit Log Patterns (BALP)
1.1.0 - Trial-Implementation International flag

This page is part of the IHE Basic Audit Log Patterns (BALP) (v1.1.0: Trial Implementation) based on FHIR R4. This is the current published version. For a full list of available versions, see the Directory of published versions

AuditEvent use in IHE Implementation Guides

In general, IHE Profiles should have “Security Considerations” sections in both Volume 1 and in Volume 2. In Volume 2, the Security Considerations section should have a definition of how the AuditEvent is filled out when the given transaction happens. This definition usually includes one specification of an AuditEvent to be created by each of the actors involved in the transaction.

All of the AuditEvent (AuditMessage) encodings can be found on Gazelle AuditTrail section. These specifications usually use a table format. These are in the format of DICOM AuditMessage, but the mapping to FHIR AuditEvent is defined in the FHIR AuditEvent mapping to DICOM.

The IHE ITI-18 transaction has prototyped the documentation change to use the gazelle method rather than using a table. See the (XDS) Registry Stored Query Transaction 2:3.18.5 Security Considerations.

IG Publisher

Some of the IHE Profiles are being converted to using the IG Publisher. When this is done, the AuditEvent is “profiled” using the FHIR StructureDefinition and Examples are provided for each.

MHD

The MHD Implementation Guide has the following AuditEvent profiles:

MHD open issue to align AuditEvents with BasicAudit

PDQm

The PDQm Implementation Guide has the following AuditEvent profiles:

PDQm open issue to align AuditEvents with BasicAudit

PIXm

The PIXm Implementation Guide has the following AuditEvent profiles:

PIXm open issue to align AuditEvents

QEDm

The QEDm Implementation Guide has not yet defined AuditEvent profiles. So it should derive off the Patient Query profile, likely with an OAuth use profile.

mCSD

The mCSD should create AuditEvents based on AuditEvent