Others titles
- FHIR Audit Event Resource
- Electronic Health Records Exchange Through FHIR
Keywords
- FHIR
- HL7
- Medical Terminology
- Processes Data
- Processes Information
- Processes Documentation
- Health Information Exchange
- Electronic Health Records
- FHIR Smart
- Smart on FHIR
Audit Event

Audit Event is a record of an event made for purposes of maintaining a security log. Typical uses include detection of intrusion attempts and monitoring for inappropriate usage. All actors – such as applications, processes, and services – involved in an auditable event should record an Audit Event. This will likely result in multiple Audit Event entries that show whether privacy and security safeguards, such as access control, are properly functioning across an enterprise’s system-of-systems.
Get The Data
- Research
Non-Commercial,
Share-Alike,
Attribution Free Forever
- Commercial
Commercial Use,
Remix & Adapt,
White Label Log in to download
Description
It is typical to get an auditable event recorded by both the application in a workflow process and the servers that support them. For this reason, duplicate entries are expected, which is helpful because it may aid in the detection of, for example, fewer than expected actors being recorded in a multi-actor process or attributes related to those records being in conflict, which is an indication of a security problem. There may be non-participating actors, such as trusted intermediary, that also detect a security relevant event and thus would record an Audit Event, such as a trusted intermediary.
Security relevant events are not limited to communications or RESTful events. They include:
– Software start-up and shutdown
– User login and logout
– Access control decisions
– Configuration events
– Software installation
– Policy rules changes
– Manipulation of data that exposes the data to users.
The content of an Audit Event is intended for use by security system administrators, security and privacy information managers, and records management personnel. This content is not intended to be accessible or used directly by other healthcare users, such as providers or patients, although reports generated from the raw data would be useful. An example is a patient-centric accounting of disclosures or an access report. Servers that provide support for Audit Event resources would not generally accept update or delete operations on the resources, as this would compromise the integrity of the audit record. Access to the Audit Event would typically be limited to security, privacy, or other system administration purposes.
Relationship of Audit Event and Provenance resources are often (though not exclusively) created by the application responding to the create/read/query/update/delete/execute etc. event. A Provenance resource contains overlapping information but is a record-keeping assertion that gathers information about the context in which the information in a resource “came to be” in its current state, e.g., whether it was created de novo or obtained from another entity in whole, part, or by transformation. Provenance resources are prepared by the application that initiates the create/update of the resource and may be persisted with the Audit Event target resource.
The audit event is based on the IHE-ATNA (Integrating the Healthcare Enterprise – Audit Trail and Node Authentication) Audit record definitions, originally from RFC 3881, and now managed by DICOM. This resource is managed collaboratively between HL7, DICOM, and IHE. The primary purpose of this resource is the maintenance of security audit log information. However, it can also be used for any audit logging needs and simple event-based notification.
Fast Healthcare Interoperability Resources (FHIR) is a draft standard describing data formats and elements (known as “resources”) and an application programming interface (API) for exchanging electronic health records. The standard was created by the Health Level Seven International (HL7) health-care standards organization.
Its goal is to facilitate interoperation between legacy healthcare systems, to make it easy to provide healthcare information to healthcare providers and individuals on a wide variety of devices from computers to tablets to cell phones, and to allow third-party application developers to provide medical applications which can be easily integrated into existing systems.
FHIR provides an alternative to document-centric approaches by directly exposing discrete data elements as services. For example, basic elements of healthcare like patients, admissions, diagnostic reports and medications can each be retrieved and manipulated via their own resource URLs (Uniform Resource Locators). FHIR was supported at an American Medical Informatics Association meeting by many EHR (Electronic Health Record) vendors which value its open and extensible nature.
About this Dataset
Data Info
Date Created | 2018-09-20 |
---|---|
Last Modified | 2023-03-26 |
Version | 5.0.0 |
Update Frequency |
Annual |
Temporal Coverage |
N/A |
Spatial Coverage |
United States |
Source | John Snow Labs; Health Level Seven International; |
Source License URL | |
Source License Requirements |
N/A |
Source Citation |
N/A |
Keywords | FHIR, HL7, Medical Terminology, Processes Data, Processes Information, Processes Documentation, Health Information Exchange, Electronic Health Records, FHIR Smart, Smart on FHIR |
Other Titles | FHIR Audit Event Resource, Electronic Health Records Exchange Through FHIR |
Data Fields
Name | Description | Type | Constraints |
---|---|---|---|
Concept_Name | Name of the concept in the FHIR structure | string | required : 1 |
Computer_Ready_Name | A Computer-ready name (e.g. a token) that identifies the structure - suitable for code generation. Note that this name (and other names relevant for code generation, including element & slice names, codes etc) may collide with reserved words in the relevant target language, and code generators will need to handle this. | string | - |
Type | The type the structure describes. | string | - |
Dollar_Ref | The Dollar_Ref ($ref) string value contains a Uniform Resource Identifier (URI) which identifies the location of the JSON (JavaScript Object Notation) value being referenced. | string | - |
Description | A free text natural language description of the structure and its use | string | - |
Items | The value of the keyword should be an object or an array of objects. If the keyword value is an object, then for the data array to be valid each item of the array should be valid according to the schema in this value. | string | - |
Enum | The enum is used to restrict a value to a fixed set of values. It must be an array with at least one element, where each element is unique. | string | - |
Required | The value of the keyword should be an array of unique strings. The data object to be valid should contain all properties with names equal to the elements in the keyword value. | string | - |
Const | The value of this keyword can be anything. The data is valid if it is deeply equal to the value of the keyword. | string | - |
Data Preview
Concept Name | Computer Ready Name | Type | Dollar Ref | Description | Items | Enum | Required | Const |
AuditEvent | resourceType | This is a AuditEvent resource | AuditEvent | |||||
AuditEvent | id | #/definitions/id | The logical id of the resource | |||||
AuditEvent | meta | #/definitions/Meta | The metadata about the resource. This is content that is maintained by the infrastructure. Changes to the content might not always be associated with version changes to the resource. | |||||
AuditEvent | implicitRules | #/definitions/uri | A reference to a set of rules that were followed when the resource was constructed | |||||
AuditEvent | _implicitRules | #/definitions/Element | Extensions for implicitRules | |||||
AuditEvent | language | #/definitions/code | The base language in which the resource is written. | |||||
AuditEvent | _language | #/definitions/Element | Extensions for language | |||||
AuditEvent | text | #/definitions/Narrative | A human-readable narrative that contains a summary of the resource and can be used to represent the content of the resource to a human. The narrative need not encode all the structured data | |||||
AuditEvent | contained | array | These resources do not have an independent existence apart from the resource that contains them - they cannot be identified independently | |||||
AuditEvent | extension | array | May be used to represent additional information that is not part of the basic definition of the resource. To make the use of extensions safe and managable |