Left: | Basic AuditEvent pattern for when an activity was authorized by an IUA access token (https://profiles.ihe.net/ITI/BALP/StructureDefinition/IHE.BasicAudit.OAUTHaccessTokenUse.Comprehensive) |
Right: | Basic AuditEvent pattern for when an activity was authorized by an IUA access token (https://profiles.ihe.net/ITI/BALP/StructureDefinition/IHE.BasicAudit.OAUTHaccessTokenUse.Comprehensive) |
Error | StructureDefinition.version | Values for version differ: '1.1.2' vs '1.1.3' |
Information | StructureDefinition.date | Values for date differ: '2023-08-01T08:42:00-05:00' vs '2024-02-14T15:31:49-06:00' |
Name | Value | Comments | |
---|---|---|---|
abstract | false | ||
baseDefinition | http://hl7.org/fhir/StructureDefinition/AuditEvent | ||
copyright | |||
date | 2023-08-01T08:42:00-05:00 | 2024-02-14T15:31:49-06:00 |
|
description | A basic AuditEvent profile for when an activity was authorized by an IUA access token. This profile is expected to be used with some other detail that explains the activity. This profile only covers the IUA access token. - Given an activity has occured - And OAuth is used to authorize (both app and user) - And the given activity is using http with authorization: bearer mechanism - IUA - [3.72 Incorporate Access Token \[ITI-72\]](https://profiles.ihe.net/ITI/IUA/index.html#372-incorporate-access-token-iti-72) - Bulk Data Access - [11. Presenting an Access Token to FHIR API](https://hl7.org/fhir/uv/bulkdata/authorization/index.html#presenting-an-access-token-to-fhir-api) - SMART-app-launch - [7.1.5 Step 4: App accesses clinical data via FHIR API](http://hl7.org/fhir/smart-app-launch/index.html#step-4-app-accesses-clinical-data-via-fhir-api) - [HL7 Security for Scalable Registration, Authentication, and Authorization (aka UDAP) ](http://hl7.org/fhir/us/udap-security/history.html) when it gets published - When an AuditEvent is recorded for the activity - Then that AuditEvent would follow this profile regarding recording the IUA access token details - note: this profile records minimal information from the IUA access token, which presumes that use of the AuditEvent at a later time will be able to resolve the given information. - client slice holds the application details - This is likely replicated in other slices, but is consistently identified as the Application slice for ease of tracking all events caused by this client - place the client_id into .who.identifier.value (system is not needed, but avaialble if you have a system) - any network identification detail should be placed in .network (may be a IP address, or hostname) - oUser slice holds the user details - user id is recorded in the .who.identifier - user id is also recorded in .name to be more easy searched - if roles or purposeOfUse are known record them here - the JWT ID is recorded in .policy. Expecting that during audit anaysis this ID can be looked up and dereferenced | ||
experimental | |||
fhirVersion | 4.0.1 | ||
jurisdiction | |||
jurisdiction[0] | http://unstats.un.org/unsd/methods/m49/m49.htm#001 | ||
kind | resource | ||
name | OAUTHaccessTokenUseComprehensive | ||
publisher | IHE IT Infrastructure Technical Committee | ||
purpose | |||
status | active | ||
title | Basic AuditEvent pattern for when an activity was authorized by an IUA access token | ||
type | AuditEvent | ||
url | https://profiles.ihe.net/ITI/BALP/StructureDefinition/IHE.BasicAudit.OAUTHaccessTokenUse.Comprehensive | ||
version | 1.1.2 | 1.1.3 |
|
Name | L Flags | L Card. | L Type | L Description & Constraints | R Flags | R Card. | L Type | L Description & Constraints | Comments | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
AuditEvent | 0..* | AuditEvent | Event record kept for security purposes | 0..* | AuditEvent | Event record kept for security purposes | |||||||||||
id | Σ | 0..1 | id | Logical id of this artifact | Σ | 0..1 | id | Logical id of this artifact | |||||||||
meta | Σ | 0..1 | Meta | Metadata about the resource | Σ | 0..1 | Meta | Metadata about the resource | |||||||||
implicitRules | ?!Σ | 0..1 | uri | A set of rules under which this content was created | ?!Σ | 0..1 | uri | A set of rules under which this content was created | |||||||||
language | 0..1 | code | Language of the resource content Binding: ?? (preferred): A human language.
| 0..1 | code | Language of the resource content Binding: ?? (preferred): A human language.
| |||||||||||
text | 0..1 | Narrative | Text summary of the resource, for human interpretation | 0..1 | Narrative | Text summary of the resource, for human interpretation | |||||||||||
contained | 0..* | Resource | Contained, inline Resources | 0..* | Resource | Contained, inline Resources | |||||||||||
extension | 0..* | Extension | Additional content defined by implementations | 0..* | Extension | Additional content defined by implementations | |||||||||||
modifierExtension | ?! | 0..* | Extension | Extensions that cannot be ignored | ?! | 0..* | Extension | Extensions that cannot be ignored | |||||||||
type | Σ | 1..1 | Coding | Type/identifier of event Binding: ?? (extensible): Type of event. | Σ | 1..1 | Coding | Type/identifier of event Binding: ?? (extensible): Type of event. | |||||||||
subtype | Σ | 0..* | Coding | More specific type/id for the event Binding: ?? (extensible): Sub-type of event. | Σ | 0..* | Coding | More specific type/id for the event Binding: ?? (extensible): Sub-type of event. | |||||||||
action | Σ | 0..1 | code | Type of action performed during the event Binding: ?? (required): Indicator for type of action performed during the event that generated the event. | Σ | 0..1 | code | Type of action performed during the event Binding: ?? (required): Indicator for type of action performed during the event that generated the event. | |||||||||
period | 0..1 | Period | When the activity occurred | 0..1 | Period | When the activity occurred | |||||||||||
recorded | Σ | 1..1 | instant | Time when the event was recorded | Σ | 1..1 | instant | Time when the event was recorded | |||||||||
outcome | Σ | 0..1 | code | Whether the event succeeded or failed Binding: ?? (required): Indicates whether the event succeeded or failed. | Σ | 0..1 | code | Whether the event succeeded or failed Binding: ?? (required): Indicates whether the event succeeded or failed. | |||||||||
outcomeDesc | Σ | 0..1 | string | Description of the event outcome | Σ | 0..1 | string | Description of the event outcome | |||||||||
purposeOfEvent | Σ | 0..* | CodeableConcept | The purposeOfUse of the event Binding: ?? (extensible): The reason the activity took place. | Σ | 0..* | CodeableConcept | The purposeOfUse of the event Binding: ?? (extensible): The reason the activity took place. | |||||||||
Slices for agent | 1..* | BackboneElement | Actor involved in the event Slice: Unordered, Open by pattern:type | 1..* | BackboneElement | Actor involved in the event Slice: Unordered, Open by pattern:type | |||||||||||
id | 0..1 | string | Unique id for inter-element referencing | 0..1 | string | Unique id for inter-element referencing | |||||||||||
extension | 0..* | Extension | Additional content defined by implementations | 0..* | Extension | Additional content defined by implementations | |||||||||||
modifierExtension | ?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | |||||||||
type | 0..1 | CodeableConcept | How agent participated Binding: ?? (extensible): The Participation type of the agent to the event. | 0..1 | CodeableConcept | How agent participated Binding: ?? (extensible): The Participation type of the agent to the event. | |||||||||||
role | 0..* | CodeableConcept | Agent role in the event Binding: ?? (example): What security role enabled the agent to participate in the event. | 0..* | CodeableConcept | Agent role in the event Binding: ?? (example): What security role enabled the agent to participate in the event. | |||||||||||
who | Σ | 0..1 | Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson) | Identifier of who | Σ | 0..1 | Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson) | Identifier of who | |||||||||
altId | 0..1 | string | Alternative User identity | 0..1 | string | Alternative User identity | |||||||||||
name | 0..1 | string | Human friendly name for the agent | 0..1 | string | Human friendly name for the agent | |||||||||||
requestor | Σ | 1..1 | boolean | Whether user is initiator | Σ | 1..1 | boolean | Whether user is initiator | |||||||||
location | 0..1 | Reference(Location) | Where | 0..1 | Reference(Location) | Where | |||||||||||
policy | 0..* | uri | Policy that authorized event | 0..* | uri | Policy that authorized event | |||||||||||
media | 0..1 | Coding | Type of media Binding: ?? (extensible): Used when the event is about exporting/importing onto media. | 0..1 | Coding | Type of media Binding: ?? (extensible): Used when the event is about exporting/importing onto media. | |||||||||||
network | 0..1 | BackboneElement | Logical network location for application activity | 0..1 | BackboneElement | Logical network location for application activity | |||||||||||
id | 0..1 | string | Unique id for inter-element referencing | 0..1 | string | Unique id for inter-element referencing | |||||||||||
extension | 0..* | Extension | Additional content defined by implementations | 0..* | Extension | Additional content defined by implementations | |||||||||||
modifierExtension | ?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | |||||||||
address | 0..1 | string | Identifier for the network access point of the user device | 0..1 | string | Identifier for the network access point of the user device | |||||||||||
type | 0..1 | code | The type of network access point Binding: ?? (required): The type of network access point of this agent in the audit event. | 0..1 | code | The type of network access point Binding: ?? (required): The type of network access point of this agent in the audit event. | |||||||||||
purposeOfUse | 0..* | CodeableConcept | Reason given for this user Binding: ?? (extensible): The reason the activity took place. | 0..* | CodeableConcept | Reason given for this user Binding: ?? (extensible): The reason the activity took place. | |||||||||||
source | 1..1 | BackboneElement | Audit Event Reporter | 1..1 | BackboneElement | Audit Event Reporter | |||||||||||
id | 0..1 | string | Unique id for inter-element referencing | 0..1 | string | Unique id for inter-element referencing | |||||||||||
extension | 0..* | Extension | Additional content defined by implementations | 0..* | Extension | Additional content defined by implementations | |||||||||||
modifierExtension | ?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | |||||||||
site | 0..1 | string | Logical source location within the enterprise | 0..1 | string | Logical source location within the enterprise | |||||||||||
observer | Σ | 1..1 | Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson) | The identity of source detecting the event | Σ | 1..1 | Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson) | The identity of source detecting the event | |||||||||
type | 0..* | Coding | The type of source where event originated Binding: ?? (extensible): Code specifying the type of system that detected and recorded the event. | 0..* | Coding | The type of source where event originated Binding: ?? (extensible): Code specifying the type of system that detected and recorded the event. | |||||||||||
entity | C | 0..* | BackboneElement | Data or objects used | C | 0..* | BackboneElement | Data or objects used | |||||||||
id | 0..1 | string | Unique id for inter-element referencing | 0..1 | string | Unique id for inter-element referencing | |||||||||||
extension | 0..* | Extension | Additional content defined by implementations | 0..* | Extension | Additional content defined by implementations | |||||||||||
modifierExtension | ?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | |||||||||
what | Σ | 0..1 | Reference(Resource) | Specific instance of resource | Σ | 0..1 | Reference(Resource) | Specific instance of resource | |||||||||
type | 0..1 | Coding | Type of entity involved Binding: ?? (extensible): Code for the entity type involved in the audit event. | 0..1 | Coding | Type of entity involved Binding: ?? (extensible): Code for the entity type involved in the audit event. | |||||||||||
role | 0..1 | Coding | What role the entity played Binding: ?? (extensible): Code representing the role the entity played in the audit event. | 0..1 | Coding | What role the entity played Binding: ?? (extensible): Code representing the role the entity played in the audit event. | |||||||||||
lifecycle | 0..1 | Coding | Life-cycle stage for the entity Binding: ?? (extensible): Identifier for the data life-cycle stage for the entity. | 0..1 | Coding | Life-cycle stage for the entity Binding: ?? (extensible): Identifier for the data life-cycle stage for the entity. | |||||||||||
securityLabel | 0..* | Coding | Security labels on the entity Binding: ?? (extensible): Security Labels from the Healthcare Privacy and Security Classification System. | 0..* | Coding | Security labels on the entity Binding: ?? (extensible): Security Labels from the Healthcare Privacy and Security Classification System. | |||||||||||
name | ΣC | 0..1 | string | Descriptor for entity | ΣC | 0..1 | string | Descriptor for entity | |||||||||
description | 0..1 | string | Descriptive text | 0..1 | string | Descriptive text | |||||||||||
query | ΣC | 0..1 | base64Binary | Query parameters | ΣC | 0..1 | base64Binary | Query parameters | |||||||||
detail | 0..* | BackboneElement | Additional Information about the entity | 0..* | BackboneElement | Additional Information about the entity | |||||||||||
id | 0..1 | string | Unique id for inter-element referencing | 0..1 | string | Unique id for inter-element referencing | |||||||||||
extension | 0..* | Extension | Additional content defined by implementations | 0..* | Extension | Additional content defined by implementations | |||||||||||
modifierExtension | ?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | |||||||||
type | 1..1 | string | Name of the property | 1..1 | string | Name of the property | |||||||||||
value[x] | 1..1 | string, base64Binary | Property value | 1..1 | string, base64Binary | Property value | |||||||||||
Documentation for this format |