Release 4 FHIR CI-Build

This page is part of the Continuous Integration Build of FHIR Specification (v4.0.1: R4 - Mixed Normative and STU ) in it's permanent home (it will always (will be available incorrect/inconsistent at this URL). The current version which supercedes this version is 5.0.0 . For a full list of available versions, see times).
See the Directory of published versions icon . Page versions: R5 R4B R4 R3 R2

6.3 Resource Provenance - Content

Responsible Owner: Security icon Work Group Maturity Level : 3   Trial Use Normative Security Category : Not Classified Compartments : Device , Group , Patient , Practitioner , RelatedPerson

Provenance of a resource is a record that describes entities and processes involved in producing and delivering or otherwise influencing that resource. Provenance provides a critical foundation for assessing authenticity, enabling trust, and allowing reproducibility. Provenance assertions are a form of contextual metadata and can themselves become important records with their own provenance. Provenance statement indicates clinical significance in terms of confidence in authenticity, reliability, and trustworthiness, integrity, and stage in lifecycle (e.g. Document Completion - has the artifact been legally authenticated), all of which may MAY impact security, privacy, and trust policies.

6.3.1 Scope and Usage

The Provenance resource tracks information about the activity that created, revised, deleted, or signed a version of a resource, describing the entities and agents involved. This information can be used to form assessments about its quality, reliability, trustworthiness, or to provide pointers for where to go to further investigate the origins of the resource and the information in it.

Provenance resources are a record-keeping assertion that gathers information about the context in which the information in a resource was obtained. Provenance resources are prepared by the application that initiates the create/update etc. of the resource. An AuditEvent resource contains overlapping information, but is created as events occur, to track and audit the events. AuditEvent resources are often (though not exclusively) created by the application responding to the read/query/create/update/etc. event.

6.3.2 Boundaries and Relationships

Many other FHIR resources contain some elements that represent information about how the resource was obtained, and therefore they overlap with the functionality of the Provenance resource. These properties in other resources should SHOULD always be used in preference to the Provenance resource, and the Provenance resource should SHOULD be used where additional information is required, or explicit record or provenance is desired. Details on this overlap can be found on the FiveWs , including a mapping at the Resource Element level.

The relationship between a resource and its provenance is established by a reference from the provenance resource to its target. In this way, provenance may MAY be provided about any resource or version, including past versions. There may MAY be multiple provenance records for a given resource or version of a resource.

6.3.3 Background and Context

The Provenance resource is based on the W3C Provenance specification icon , and mappings are provided. The Provenance resource is tailored to fit the FHIR use-cases for provenance more directly. In terms of W3C Provenance icon the FHIR Provenance resource covers "Generation" of "Entity" with respect to FHIR defined resources for creation or updating; whereas AuditEvent covers "Usage" of "Entity" and all other "Activity" as defined in W3C Provenance.

The W3C Provenance Specification has the following fundamental model:

Key concepts

Where:

  • Entity - An entity is a physical, digital, conceptual or other kind of thing with some fixed aspects; entities may MAY be real or imaginary. One or more entities can be the input (.entity) of an activity, and one or more entities can be the output (.target).
  • Agent - An agent is something that bears some form of the responsibility for an identified by the type of participation in the activity taking place, for the existence of an entity, or for another agent's activity. An Agent MAY be a person, device, system, organization, group, care-team, or identifiable thing.
  • Activity - An activity is something that occurs over a time period and acts upon or with entities. It may MAY include consuming, processing, transforming, modifying, relocating, using, or generating entities.

The Provenance resource corresponds to a single activity that identifies a set of resources ( target ) generated by the activity. The activity also references other entities ( entity ) that were used and the agents ( agent ) that were associated with the activity. To record multiple activities that resulted in one ( target ), record each ( activity ) in independent Provenance records all pointing at that ( target ).

The Provenance resource depends upon having References to all the resources, entities, and agents involved in the activity. These References need not be resolvable. The references must provide a unique and unambiguous identification. If a resource, entity, or agent can have different versions that must be identified, then the Reference must have versioning information included.

Versioning and unique identification are not mandated for all systems that provide Resources, entities, and agents. But, inclusion of Provenance requirements may MAY introduce requirements for versioning and unique identification on those systems

The Provenance resource is based on leveraging the W3C Provenance specification to represent HL7 support of provenance throughout its standards and explicitly modeled as functional capabilities in ISO/HL7 10781 EHR System Functional Model Release 2 and ISO 21089 Trusted End-to-End Information Flows. Mappings are provided. The Provenance resource is tailored to fit the FHIR use-cases for provenance more directly. In terms of W3C Provenance the FHIR Provenance resources covers "Generation" of "Entity" with respect to FHIR defined resources for creation or updating; whereas AuditEvent covers "Usage" of "Entity" and all other "Activity" as defined in W3C Provenance.

This resource is referenced by

6.3.4 References to this Resource

6.3.4 6.3.5 Resource Content

Structure

1..1 Reason Who Who the derivation |
Name Flags Card. Type Description & Constraints      Filter: Filters doco
. . Provenance TU N DomainResource Who, What, When for a set of resources

Elements defined in Ancestors: id , meta , implicitRules , language , text , contained , extension , modifierExtension
. . . target Σ 1..* Reference ( Any ) Target Reference(s) (usually version specific)

. . . occurred[x] Σ 0..1 When the activity occurred
. . . . occurredPeriod Period
. . . . occurredDateTime dateTime
. . . recorded Σ 0..1 instant When the activity was recorded / updated
. . . location 0..1 Reference ( Location ) Where the activity occurred, if relevant occurred
. . reason . authorization 0..* CodeableConcept CodeableReference () Authorization (purposeOfUse) related to the activity is occurring event
Binding: PurposeOfUse icon V3 Value SetPurposeOfUse ( Extensible Example )

. . activity . why 0..1 markdown Why was the event performed?
0..1
. . . activity Σ 0..1 CodeableConcept Activity that occurred
Provenance Binding: ValueSet of representative activity type codes. ( Extensible Example )
. . . basedOn 0..* Reference ( Any ) Workflow authorization within which this event occurred

... patient Σ 0..1 Reference ( Patient ) The patient is the subject of the data created/updated (.target) by the activity
. . . encounter 0..1 Reference ( Encounter ) Encounter within which this event occurred or which the event is tightly associated
.. . agent Σ C 1..* BackboneElement Actor involved
+ Rule: Who and onBehalfOf cannot be the same
+ Rule: If who is a PractitionerRole, onBehalfOf can't reference the same Practitioner
+ Rule: If who is an organization, onBehalfOf can't be a PractitionerRole within that organization
+ Rule: If who is an organization, onBehalfOf can't be a healthcare service within that organization

. . . . type Σ 0..1 CodeableConcept How the agent participated
Provenance participant type Binding: Participation Role Type ( Extensible Example )
. . . . role 0..* CodeableConcept What the agents role was
SecurityRoleType Binding: Example Security Role Type ( Example )

. . . . who Σ C 1..1 Reference ( Practitioner | PractitionerRole | RelatedPerson Organization | CareTeam | Patient | Device | Organization RelatedPerson | Group | HealthcareService ) The agent that participated in the event
. . . . onBehalfOf C 0..1 Reference ( Practitioner | PractitionerRole | RelatedPerson Organization | CareTeam | Patient | Device Group | Organization HealthcareService ) The agent is representing that delegated
. . . entity Σ 0..* BackboneElement An entity used in this activity

. . . . role Σ 1..1 code revision | quotation | source | instantiates | removal
ProvenanceEntityRole Binding: Provenance Entity Role ( Required )
. . . . what Σ 1..1 Reference ( Any ) Identity of entity
. . . . agent 0..* see agent Entity is attributed to this agent

. . . signature 0..* Signature Signature on target


doco Documentation for this format icon

See the Extensions for this resource

UML Diagram ( Legend )

Provenance ( DomainResource ) The Reference(s) that were generated or updated by the activity described in this resource. A provenance can point to more than one target if multiple resources were created/updated by the same activity target : Reference [1..*] « Any » The period during which the activity occurred occurred[x] : Type DataType [0..1] « Period | dateTime » The instant of date and time at which the activity provenance information was recorded / updated, whether in the FHIR Provenance resource or in some other form that is later communicated in the FHIR Provenance recorded : instant [1..1] [0..1] Policy or plan the activity was defined by. Typically, a single activity may MAY have multiple applicable policy documents, such as patient consent, guarantor funding, etc policy : uri [0..*] Where the activity occurred, if relevant occurred location : Reference [0..1] « Location » The reason authorization (e.g., PurposeOfUse) that the activity was taking place used during the event being recorded reason authorization : CodeableConcept CodeableReference [0..*] « ; The reason the activity took place. (Strength=Extensible) null (Strength=Example) v3.PurposeOfUse PurposeOfUse + ?? » Describes why the event recorded in this provenenace occurred in textual form why : markdown [0..1] An activity is something that occurs over a period of time and acts upon or with entities; it may MAY include consuming, processing, transforming, modifying, relocating, using, or generating entities activity : CodeableConcept [0..1] « null (Strength=Example) ProvenanceActivityType ?? » A plan, proposal or order that is fulfilled in whole or in part by this provenance basedOn : Reference [0..*] « Any » The activity patient element is available to enable deterministic tracking of activities that took place. (Strength=Extensible) involve the patient as the subject of the data used in an activity ProvenanceActivityType patient : Reference [0..1] « Patient + » This will typically be the encounter the event occurred, but some events MAY be initiated prior to or after the official completion of an encounter but still be tied to the context of the encounter (e.g. pre-admission lab tests) encounter : Reference [0..1] « Encounter » A digital signature on the target Reference(s). The signer should SHOULD match a Provenance.agent. The purpose of the signature is indicated signature : Signature [0..*] Agent The participation Functional Role of the agent had with respect to the activity type : CodeableConcept [0..1] « The type of participation that a provenance agent played with respect to the activity. (Strength=Extensible) null (Strength=Example) ProvenanceParticipantType ParticipationRoleType + ?? » The function structural roles of the agent with respect to indicating the activity. agent's competency. The security role enabling the agent with respect to the activity role : CodeableConcept [0..*] « The role that a provenance agent played with respect to the activity. null (Strength=Example) SecurityRoleType SecurityRoleTypeExamples ?? » The individual, device Indicates who or organization that participated what performed in the event who : Reference [1..1] « Practitioner | PractitionerRole | RelatedPerson Organization | CareTeam | Patient | Device | Organization RelatedPerson | Group | HealthcareService » « This element has or is affected by some invariants C » The individual, device, or organization for whom agent that delegated authority to perform the change was made activity performed by the agent.who element onBehalfOf : Reference [0..1] « Practitioner | PractitionerRole | RelatedPerson Organization | CareTeam | Patient | Device Group | Organization HealthcareService » « This element has or is affected by some invariants C » Entity How the entity was used during the activity role : code [1..1] « How an entity was used in an activity. null (Strength=Required) ProvenanceEntityRole ! » Identity of the Entity used. May be a logical or physical uri and maybe absolute or relative what : Reference [1..1] « Any » An actor taking a role in an activity for which it can be assigned some degree of responsibility for the activity taking place agent [1..*] The entity is attributed to an agent to express the agent's responsibility for that entity, possibly along with other agents. This description can be understood as shorthand for saying that the agent was responsible for the activity which generated used the entity agent [0..*] An entity used in this activity entity [0..*]

XML Template 

<

<Provenance xmlns="http://hl7.org/fhir"> doco

 <!-- from Resource: id, meta, implicitRules, and language -->
 <!-- from DomainResource: text, contained, extension, and modifierExtension -->
 <target><!-- 1..* Reference(Any) Target Reference(s) (usually version specific) --></target>
 <occurred[x]><!-- 0..1 Period|dateTime When the activity occurred --></occurred[x]>
 <
 <
 <</location>
 <</reason>
 <</activity>

 <recorded value="[instant]"/><!-- 0..1 When the activity was recorded / updated -->
 <policy value="[uri]"/><!-- 0..* Policy or plan the activity was defined by -->
 <location><!-- 0..1 Reference(Location) Where the activity occurred --></location>
 <authorization><!-- 0..* CodeableReference Authorization (purposeOfUse) related to the event icon --></authorization>
 <why value="[markdown]"/><!-- 0..1 Why was the event performed? -->
 <activity><!-- 0..1 CodeableConcept Activity that occurred --></activity>
 <basedOn><!-- 0..* Reference(Any) Workflow authorization within which this event occurred --></basedOn>
 <patient><!-- 0..1 Reference(Patient) The patient is the subject of the data created/updated (.target) by the activity --></patient>
 <encounter><!-- 0..1 Reference(Encounter) Encounter within which this event occurred or which the event is tightly associated --></encounter>

 <agent>  <!-- 1..* Actor involved -->
  <</type>
  <</role>
  <|
    </who>
  <|
    </onBehalfOf>

  <type><!-- 0..1 CodeableConcept How the agent participated --></type>
  <role><!-- 0..* CodeableConcept What the agents role was --></role>
  <who><!-- I 1..1 Reference(CareTeam|Device|Group|HealthcareService|Organization|
    Patient|Practitioner|PractitionerRole|RelatedPerson) The agent that participated in the event --></who>

  <onBehalfOf><!-- I 0..1 Reference(CareTeam|Group|HealthcareService|Organization|
    Patient|Practitioner|PractitionerRole) The agent that delegated --></onBehalfOf>
 </agent>
 <entity>  <!-- 0..* An entity used in this activity -->
  <

  <role value="[code]"/><!-- 1..1 revision | quotation | source | instantiates | removal -->

  <what><!-- 1..1 Reference(Any) Identity of entity --></what>
  <</agent>

  <agent><!-- 0..* Content as for Provenance.agent Entity is attributed to this agent --></agent>

 </entity>
 <</signature>

 <signature><!-- 0..* Signature Signature on target --></signature>

</Provenance>

JSON Template 

{doco
  "resourceType" : "",

  "resourceType" : "Provenance",

  // from Resource: id, meta, implicitRules, and language
  // from DomainResource: text, contained, extension, and modifierExtension
  "target" : [{ Reference(Any) }], // R!  Target Reference(s) (usually version specific)
  // occurred[x]: When the activity occurred. One of these 2:
  "occurredPeriod" : { Period },
  "occurredDateTime" : "<dateTime>",
  "
  "
  "
  "
  "

  "recorded" : "<instant>", // When the activity was recorded / updated
  "policy" : ["<uri>"], // Policy or plan the activity was defined by
  "location" : { Reference(Location) }, // Where the activity occurred
  "authorization" : [{ CodeableReference }], // Authorization (purposeOfUse) related to the event icon
  "why" : "<markdown>", // Why was the event performed?
  "activity" : { CodeableConcept }, // Activity that occurred
  "basedOn" : [{ Reference(Any) }], // Workflow authorization within which this event occurred
  "patient" : { Reference(Patient) }, // The patient is the subject of the data created/updated (.target) by the activity
  "encounter" : { Reference(Encounter) }, // Encounter within which this event occurred or which the event is tightly associated

  "agent" : [{ // R!  Actor involved
    "
    "
    "|
    
    "|
    

    "type" : { CodeableConcept }, // How the agent participated
    "role" : [{ CodeableConcept }], // What the agents role was
    "who" : { Reference(CareTeam|Device|Group|HealthcareService|Organization|
    Patient|Practitioner|PractitionerRole|RelatedPerson) }, // I R!  The agent that participated in the event

    "onBehalfOf" : { Reference(CareTeam|Group|HealthcareService|Organization|
    Patient|Practitioner|PractitionerRole) } // I The agent that delegated
  }],
  "entity" : [{ // An entity used in this activity
    "

    "role" : "<code>", // R!  revision | quotation | source | instantiates | removal

    "what" : { Reference(Any) }, // R!  Identity of entity
    "

    "agent" : [{ Content as for Provenance.agent }] // Entity is attributed to this agent

  }],
  "

  "signature" : [{ Signature }] // Signature on target

}

Turtle Template 

@prefix fhir: <http://hl7.org/fhir/> .doco


[ a fhir:;

[ a fhir:Provenance;

  fhir:nodeRole fhir:treeRoot; # if this is the parser root

  # from 
  # from 
  fhir:
  # . One of these 2
    fhir: ]
    fhir: ]
  fhir:
  fhir:
  fhir:
  fhir:
  fhir:
  fhir:
    fhir:
    fhir:
    fhir:
    fhir:
  ], ...;
  fhir:
    fhir:
    fhir:
    fhir:
  ], ...;
  fhir:

  # from Resource: fhir:id, fhir:meta, fhir:implicitRules, and fhir:language
  # from DomainResource: fhir:text, fhir:contained, fhir:extension, and fhir:modifierExtension
  fhir:target  ( [ Reference(Any) ] ... ) ; # 1..* Target Reference(s) (usually version specific)
  # occurred[x] : 0..1 When the activity occurred. One of these 2
    fhir:occurred [  a fhir:Period ; Period ]
    fhir:occurred [  a fhir:DateTime ; dateTime ]
  fhir:recorded [ instant ] ; # 0..1 When the activity was recorded / updated
  fhir:policy  ( [ uri ] ... ) ; # 0..* Policy or plan the activity was defined by
  fhir:location [ Reference(Location) ] ; # 0..1 Where the activity occurred
  fhir:authorization  ( [ CodeableReference ] ... ) ; # 0..* Authorization (purposeOfUse) related to the event
  fhir:why [ markdown ] ; # 0..1 Why was the event performed?
  fhir:activity [ CodeableConcept ] ; # 0..1 Activity that occurred
  fhir:basedOn  ( [ Reference(Any) ] ... ) ; # 0..* Workflow authorization within which this event occurred
  fhir:patient [ Reference(Patient) ] ; # 0..1 The patient is the subject of the data created/updated (.target) by the activity
  fhir:encounter [ Reference(Encounter) ] ; # 0..1 Encounter within which this event occurred or which the event is tightly associated
  fhir:agent ( [ # 1..* Actor involved
    fhir:type [ CodeableConcept ] ; # 0..1 How the agent participated
    fhir:role  ( [ CodeableConcept ] ... ) ; # 0..* What the agents role was
    fhir:who [ Reference(CareTeam|Device|Group|HealthcareService|Organization|Patient|Practitioner|
  PractitionerRole|RelatedPerson) ] ; # 1..1 I The agent that participated in the event

    fhir:onBehalfOf [ Reference(CareTeam|Group|HealthcareService|Organization|Patient|Practitioner|
  PractitionerRole) ] ; # 0..1 I The agent that delegated

  ] ... ) ;
  fhir:entity ( [ # 0..* An entity used in this activity
    fhir:role [ code ] ; # 1..1 revision | quotation | source | instantiates | removal
    fhir:what [ Reference(Any) ] ; # 1..1 Identity of entity
    fhir:agent  ( [ See Provenance.agent ] ... ) ; # 0..* Entity is attributed to this agent
  ] ... ) ;
  fhir:signature  ( [ Signature ] ... ) ; # 0..* Signature on target

]

Changes since R3 from both R4 and R4B

Provenance
Provenance.occurred[x] Provenance.recorded
  • Renamed Min Cardinality changed from period 1 to occurred[x] Add Type dateTime 0
Provenance.reason Provenance.authorization
  • Type changed Renamed from Coding reason to CodeableConcept authorization
    • Provenance.activity
  • Type changed from Coding to CodeableConcept to CodeableReference
  • Remove Binding `http://terminology.hl7.org/ValueSet/v3-PurposeOfUse` (extensible)
Provenance.agent.type Provenance.why
  • Added Element
Provenance.agent.role Provenance.activity
  • Remove Binding http://hl7.org/fhir/ValueSet/security-role-type `http://hl7.org/fhir/ValueSet/provenance-activity-type` (extensible)
Provenance.agent.who Provenance.basedOn
  • Renamed from who[x] to who Added Element
Provenance.patient
  • Remove Type uri Added Element
Provenance.agent.onBehalfOf Provenance.encounter
  • Renamed from onBehalfOf[x] to onBehalfOf Added Element
Provenance.agent.type
  • Remove Type uri Binding `http://hl7.org/fhir/ValueSet/provenance-agent-type` (extensible)
Provenance.entity.role Provenance.agent.who
  • Change value set from http://hl7.org/fhir/ValueSet/provenance-entity-role to http://hl7.org/fhir/ValueSet/provenance-entity-role|4.0.1 Type Reference: Added Target Types CareTeam, Group, HealthcareService
Provenance.entity.what Provenance.agent.onBehalfOf
  • Renamed from what[x] to what Type Reference: Added Target Types CareTeam, Group, HealthcareService
  • Remove Type Reference: Removed Target Types uri, Identifier RelatedPerson, Device
Provenance.agent.relatedAgentType Provenance.entity.role
  • deleted Remove code derivation
  • Add code instantiates

See the Full Difference for further information

This analysis is available for R4 as XML or JSON . See R3 <--> R4 Conversion Maps (status = 5 tests that all execute ok. All tests pass round-trip testing and 2 r3 resources are invalid (0 errors). ) for R4B as XML or JSON .

Structure

1..1 Reason Who Who the derivation |
Name Flags Card. Type Description & Constraints      Filter: Filters doco
. . Provenance TU N DomainResource Who, What, When for a set of resources

Elements defined in Ancestors: id , meta , implicitRules , language , text , contained , extension , modifierExtension
. . . target Σ 1..* Reference ( Any ) Target Reference(s) (usually version specific)

. . . occurred[x] Σ 0..1 When the activity occurred
. . . . occurredPeriod Period
. . . . occurredDateTime dateTime
. . . recorded Σ 0..1 instant When the activity was recorded / updated
. . . location 0..1 Reference ( Location ) Where the activity occurred, if relevant occurred
. . reason . authorization 0..* CodeableConcept CodeableReference () Authorization (purposeOfUse) related to the activity is occurring event
Binding: PurposeOfUse icon V3 Value SetPurposeOfUse ( Extensible Example )

. . activity . why 0..1 markdown Why was the event performed?
0..1
. . . activity Σ 0..1 CodeableConcept Activity that occurred
Provenance Binding: ValueSet of representative activity type codes. ( Extensible Example )
. . . basedOn 0..* Reference ( Any ) Workflow authorization within which this event occurred

. . . patient Σ 0..1 Reference ( Patient ) The patient is the subject of the data created/updated (.target) by the activity
... encounter 0..1 Reference ( Encounter ) Encounter within which this event occurred or which the event is tightly associated
.. . agent Σ C 1..* BackboneElement Actor involved
+ Rule: Who and onBehalfOf cannot be the same
+ Rule: If who is a PractitionerRole, onBehalfOf can't reference the same Practitioner
+ Rule: If who is an organization, onBehalfOf can't be a PractitionerRole within that organization
+ Rule: If who is an organization, onBehalfOf can't be a healthcare service within that organization

. . . . type Σ 0..1 CodeableConcept How the agent participated
Provenance participant type Binding: Participation Role Type ( Extensible Example )
. . . . role 0..* CodeableConcept What the agents role was
SecurityRoleType Binding: Example Security Role Type ( Example )

. . . . who Σ C 1..1 Reference ( Practitioner | PractitionerRole | RelatedPerson Organization | CareTeam | Patient | Device | Organization RelatedPerson | Group | HealthcareService ) The agent that participated in the event
. . . . onBehalfOf C 0..1 Reference ( Practitioner | PractitionerRole | RelatedPerson Organization | CareTeam | Patient | Device Group | Organization HealthcareService ) The agent is representing that delegated
. . . entity Σ 0..* BackboneElement An entity used in this activity

. . . . role Σ 1..1 code revision | quotation | source | instantiates | removal
ProvenanceEntityRole Binding: Provenance Entity Role ( Required )
. . . . what Σ 1..1 Reference ( Any ) Identity of entity
. . . . agent 0..* see agent Entity is attributed to this agent

. . . signature 0..* Signature Signature on target


doco Documentation for this format icon

See the Extensions for this resource

UML Diagram ( Legend )

Provenance ( DomainResource ) The Reference(s) that were generated or updated by the activity described in this resource. A provenance can point to more than one target if multiple resources were created/updated by the same activity target : Reference [1..*] « Any » The period during which the activity occurred occurred[x] : Type DataType [0..1] « Period | dateTime » The instant of date and time at which the activity provenance information was recorded / updated, whether in the FHIR Provenance resource or in some other form that is later communicated in the FHIR Provenance recorded : instant [1..1] [0..1] Policy or plan the activity was defined by. Typically, a single activity may MAY have multiple applicable policy documents, such as patient consent, guarantor funding, etc policy : uri [0..*] Where the activity occurred, if relevant occurred location : Reference [0..1] « Location » The reason authorization (e.g., PurposeOfUse) that the activity was taking place used during the event being recorded reason authorization : CodeableConcept CodeableReference [0..*] « ; The reason the activity took place. (Strength=Extensible) null (Strength=Example) v3.PurposeOfUse PurposeOfUse + ?? » Describes why the event recorded in this provenenace occurred in textual form why : markdown [0..1] An activity is something that occurs over a period of time and acts upon or with entities; it may MAY include consuming, processing, transforming, modifying, relocating, using, or generating entities activity : CodeableConcept [0..1] « null (Strength=Example) ProvenanceActivityType ?? » A plan, proposal or order that is fulfilled in whole or in part by this provenance basedOn : Reference [0..*] « Any » The activity patient element is available to enable deterministic tracking of activities that took place. (Strength=Extensible) involve the patient as the subject of the data used in an activity ProvenanceActivityType patient : Reference [0..1] « Patient + » This will typically be the encounter the event occurred, but some events MAY be initiated prior to or after the official completion of an encounter but still be tied to the context of the encounter (e.g. pre-admission lab tests) encounter : Reference [0..1] « Encounter » A digital signature on the target Reference(s). The signer should SHOULD match a Provenance.agent. The purpose of the signature is indicated signature : Signature [0..*] Agent The participation Functional Role of the agent had with respect to the activity type : CodeableConcept [0..1] « The type of participation that a provenance agent played with respect to the activity. (Strength=Extensible) null (Strength=Example) ProvenanceParticipantType ParticipationRoleType + ?? » The function structural roles of the agent with respect to indicating the activity. agent's competency. The security role enabling the agent with respect to the activity role : CodeableConcept [0..*] « The role that a provenance agent played with respect to the activity. null (Strength=Example) SecurityRoleType SecurityRoleTypeExamples ?? » The individual, device Indicates who or organization that participated what performed in the event who : Reference [1..1] « Practitioner | PractitionerRole | RelatedPerson Organization | CareTeam | Patient | Device | Organization RelatedPerson | Group | HealthcareService » « This element has or is affected by some invariants C » The individual, device, or organization for whom agent that delegated authority to perform the change was made activity performed by the agent.who element onBehalfOf : Reference [0..1] « Practitioner | PractitionerRole | RelatedPerson Organization | CareTeam | Patient | Device Group | Organization HealthcareService » « This element has or is affected by some invariants C » Entity How the entity was used during the activity role : code [1..1] « How an entity was used in an activity. null (Strength=Required) ProvenanceEntityRole ! » Identity of the Entity used. May be a logical or physical uri and maybe absolute or relative what : Reference [1..1] « Any » An actor taking a role in an activity for which it can be assigned some degree of responsibility for the activity taking place agent [1..*] The entity is attributed to an agent to express the agent's responsibility for that entity, possibly along with other agents. This description can be understood as shorthand for saying that the agent was responsible for the activity which generated used the entity agent [0..*] An entity used in this activity entity [0..*]

XML Template 

<

<Provenance xmlns="http://hl7.org/fhir"> doco

 <!-- from Resource: id, meta, implicitRules, and language -->
 <!-- from DomainResource: text, contained, extension, and modifierExtension -->
 <target><!-- 1..* Reference(Any) Target Reference(s) (usually version specific) --></target>
 <occurred[x]><!-- 0..1 Period|dateTime When the activity occurred --></occurred[x]>
 <
 <
 <</location>
 <</reason>
 <</activity>

 <recorded value="[instant]"/><!-- 0..1 When the activity was recorded / updated -->
 <policy value="[uri]"/><!-- 0..* Policy or plan the activity was defined by -->
 <location><!-- 0..1 Reference(Location) Where the activity occurred --></location>
 <authorization><!-- 0..* CodeableReference Authorization (purposeOfUse) related to the event icon --></authorization>
 <why value="[markdown]"/><!-- 0..1 Why was the event performed? -->
 <activity><!-- 0..1 CodeableConcept Activity that occurred --></activity>
 <basedOn><!-- 0..* Reference(Any) Workflow authorization within which this event occurred --></basedOn>
 <patient><!-- 0..1 Reference(Patient) The patient is the subject of the data created/updated (.target) by the activity --></patient>
 <encounter><!-- 0..1 Reference(Encounter) Encounter within which this event occurred or which the event is tightly associated --></encounter>

 <agent>  <!-- 1..* Actor involved -->
  <</type>
  <</role>
  <|
    </who>
  <|
    </onBehalfOf>

  <type><!-- 0..1 CodeableConcept How the agent participated --></type>
  <role><!-- 0..* CodeableConcept What the agents role was --></role>
  <who><!-- I 1..1 Reference(CareTeam|Device|Group|HealthcareService|Organization|
    Patient|Practitioner|PractitionerRole|RelatedPerson) The agent that participated in the event --></who>

  <onBehalfOf><!-- I 0..1 Reference(CareTeam|Group|HealthcareService|Organization|
    Patient|Practitioner|PractitionerRole) The agent that delegated --></onBehalfOf>
 </agent>
 <entity>  <!-- 0..* An entity used in this activity -->
  <

  <role value="[code]"/><!-- 1..1 revision | quotation | source | instantiates | removal -->

  <what><!-- 1..1 Reference(Any) Identity of entity --></what>
  <</agent>

  <agent><!-- 0..* Content as for Provenance.agent Entity is attributed to this agent --></agent>

 </entity>
 <</signature>

 <signature><!-- 0..* Signature Signature on target --></signature>

</Provenance>

JSON Template 

{doco
  "resourceType" : "",

  "resourceType" : "Provenance",

  // from Resource: id, meta, implicitRules, and language
  // from DomainResource: text, contained, extension, and modifierExtension
  "target" : [{ Reference(Any) }], // R!  Target Reference(s) (usually version specific)
  // occurred[x]: When the activity occurred. One of these 2:
  "occurredPeriod" : { Period },
  "occurredDateTime" : "<dateTime>",
  "
  "
  "
  "
  "

  "recorded" : "<instant>", // When the activity was recorded / updated
  "policy" : ["<uri>"], // Policy or plan the activity was defined by
  "location" : { Reference(Location) }, // Where the activity occurred
  "authorization" : [{ CodeableReference }], // Authorization (purposeOfUse) related to the event icon
  "why" : "<markdown>", // Why was the event performed?
  "activity" : { CodeableConcept }, // Activity that occurred
  "basedOn" : [{ Reference(Any) }], // Workflow authorization within which this event occurred
  "patient" : { Reference(Patient) }, // The patient is the subject of the data created/updated (.target) by the activity
  "encounter" : { Reference(Encounter) }, // Encounter within which this event occurred or which the event is tightly associated

  "agent" : [{ // R!  Actor involved
    "
    "
    "|
    
    "|
    

    "type" : { CodeableConcept }, // How the agent participated
    "role" : [{ CodeableConcept }], // What the agents role was
    "who" : { Reference(CareTeam|Device|Group|HealthcareService|Organization|
    Patient|Practitioner|PractitionerRole|RelatedPerson) }, // I R!  The agent that participated in the event

    "onBehalfOf" : { Reference(CareTeam|Group|HealthcareService|Organization|
    Patient|Practitioner|PractitionerRole) } // I The agent that delegated
  }],
  "entity" : [{ // An entity used in this activity
    "

    "role" : "<code>", // R!  revision | quotation | source | instantiates | removal

    "what" : { Reference(Any) }, // R!  Identity of entity
    "

    "agent" : [{ Content as for Provenance.agent }] // Entity is attributed to this agent

  }],
  "

  "signature" : [{ Signature }] // Signature on target

}

Turtle Template 

@prefix fhir: <http://hl7.org/fhir/> .doco


[ a fhir:;

[ a fhir:Provenance;

  fhir:nodeRole fhir:treeRoot; # if this is the parser root

  # from 
  # from 
  fhir:
  # . One of these 2
    fhir: ]
    fhir: ]
  fhir:
  fhir:
  fhir:
  fhir:
  fhir:
  fhir:
    fhir:
    fhir:
    fhir:
    fhir:
  ], ...;
  fhir:
    fhir:
    fhir:
    fhir:
  ], ...;
  fhir:

  # from Resource: fhir:id, fhir:meta, fhir:implicitRules, and fhir:language
  # from DomainResource: fhir:text, fhir:contained, fhir:extension, and fhir:modifierExtension
  fhir:target  ( [ Reference(Any) ] ... ) ; # 1..* Target Reference(s) (usually version specific)
  # occurred[x] : 0..1 When the activity occurred. One of these 2
    fhir:occurred [  a fhir:Period ; Period ]
    fhir:occurred [  a fhir:DateTime ; dateTime ]
  fhir:recorded [ instant ] ; # 0..1 When the activity was recorded / updated
  fhir:policy  ( [ uri ] ... ) ; # 0..* Policy or plan the activity was defined by
  fhir:location [ Reference(Location) ] ; # 0..1 Where the activity occurred
  fhir:authorization  ( [ CodeableReference ] ... ) ; # 0..* Authorization (purposeOfUse) related to the event
  fhir:why [ markdown ] ; # 0..1 Why was the event performed?
  fhir:activity [ CodeableConcept ] ; # 0..1 Activity that occurred
  fhir:basedOn  ( [ Reference(Any) ] ... ) ; # 0..* Workflow authorization within which this event occurred
  fhir:patient [ Reference(Patient) ] ; # 0..1 The patient is the subject of the data created/updated (.target) by the activity
  fhir:encounter [ Reference(Encounter) ] ; # 0..1 Encounter within which this event occurred or which the event is tightly associated
  fhir:agent ( [ # 1..* Actor involved
    fhir:type [ CodeableConcept ] ; # 0..1 How the agent participated
    fhir:role  ( [ CodeableConcept ] ... ) ; # 0..* What the agents role was
    fhir:who [ Reference(CareTeam|Device|Group|HealthcareService|Organization|Patient|Practitioner|
  PractitionerRole|RelatedPerson) ] ; # 1..1 I The agent that participated in the event

    fhir:onBehalfOf [ Reference(CareTeam|Group|HealthcareService|Organization|Patient|Practitioner|
  PractitionerRole) ] ; # 0..1 I The agent that delegated

  ] ... ) ;
  fhir:entity ( [ # 0..* An entity used in this activity
    fhir:role [ code ] ; # 1..1 revision | quotation | source | instantiates | removal
    fhir:what [ Reference(Any) ] ; # 1..1 Identity of entity
    fhir:agent  ( [ See Provenance.agent ] ... ) ; # 0..* Entity is attributed to this agent
  ] ... ) ;
  fhir:signature  ( [ Signature ] ... ) ; # 0..* Signature on target

]

Changes since Release 3 from both R4 and R4B

Provenance
Provenance.occurred[x] Provenance.recorded
  • Renamed Min Cardinality changed from period 1 to occurred[x] Add Type dateTime 0
Provenance.reason Provenance.authorization
  • Type changed Renamed from Coding reason to CodeableConcept authorization
    • Provenance.activity
  • Type changed from Coding to CodeableConcept to CodeableReference
  • Remove Binding `http://terminology.hl7.org/ValueSet/v3-PurposeOfUse` (extensible)
Provenance.agent.type Provenance.why
  • Added Element
Provenance.agent.role Provenance.activity
  • Remove Binding http://hl7.org/fhir/ValueSet/security-role-type `http://hl7.org/fhir/ValueSet/provenance-activity-type` (extensible)
Provenance.agent.who Provenance.basedOn
  • Renamed from who[x] to who Added Element
Provenance.patient
  • Remove Type uri Added Element
Provenance.agent.onBehalfOf Provenance.encounter
  • Renamed from onBehalfOf[x] to onBehalfOf Added Element
Provenance.agent.type
  • Remove Type uri Binding `http://hl7.org/fhir/ValueSet/provenance-agent-type` (extensible)
Provenance.entity.role Provenance.agent.who
  • Change value set from http://hl7.org/fhir/ValueSet/provenance-entity-role to http://hl7.org/fhir/ValueSet/provenance-entity-role|4.0.1 Type Reference: Added Target Types CareTeam, Group, HealthcareService
Provenance.entity.what Provenance.agent.onBehalfOf
  • Renamed from what[x] to what Type Reference: Added Target Types CareTeam, Group, HealthcareService
  • Remove Type Reference: Removed Target Types uri, Identifier RelatedPerson, Device
Provenance.agent.relatedAgentType Provenance.entity.role
  • deleted Remove code derivation
  • Add code instantiates

See the Full Difference for further information

This analysis is available for R4 as XML or JSON . See R3 <--> R4 Conversion Maps (status = 5 tests that all execute ok. All tests pass round-trip testing and 2 r3 resources are invalid (0 errors). ) for R4B as XML or JSON .

 

See the Profiles & Extensions and the alternate Additional definitions: Master Definition XML + JSON , XML Schema / Schematron + JSON Schema , ShEx (for Turtle ) + see the extensions , the spreadsheet version & the dependency analysis

6.3.4.1 6.3.5.1 Terminology Bindings

Provenance.reason Provenance.agent.role
Path Definition ValueSet Type Reference Documentation
Provenance.authorization The reason the activity took place. PurposeOfUse icon Extensible Example v3.PurposeOfUse

Supports communication of purpose of use at a general level.

Provenance.activity The activity that took place. ProvenanceActivityType Extensible Example ProvenanceActivityType

code systems are:

Provenance.agent.type ParticipationRoleType Example The

This FHIR value set is comprised of Actor participation Type codes, which can be used to value FHIR agents, actors, and other role that a provenance elements. The codes are intended to express how the agent played with respect participated in some activity. Sometimes refered to the agent functional-role relative to the activity.

Provenance.agent.role SecurityRoleTypeExamples (a valid code from Example Codes for Security Structural Role ) Example SecurityRoleType

This value set contains example structural roles. In general, two types of roles can be distinguished: structural roles and functional roles. Structural Roles reflect human or organizational categories (hierarchies), and describe prerequisites, feasibilities, or competences for actions. Functional roles are bound to the realization or performance of actions.

Provenance.entity.role ProvenanceEntityRole Required

How an entity was used in an activity.

6.3.5.2 Constraints

ProvenanceEntityRole
UniqueKey Required Level Location Description Expression
img  prov-1 Rule Provenance.agent Who and onBehalfOf cannot be the same who.resolve().exists() and onBehalfOf.resolve().exists() implies who.resolve() != onBehalfOf.resolve()
img  prov-2 Rule Provenance.agent If who is a PractitionerRole, onBehalfOf can't reference the same Practitioner who.resolve().ofType(PractitionerRole).practitioner.resolve().exists() and onBehalfOf.resolve().ofType(Practitioner).exists() implies who.resolve().practitioner.resolve() != onBehalfOf.resolve()
img  prov-3 Rule Provenance.agent If who is an organization, onBehalfOf can't be a PractitionerRole within that organization who.resolve().ofType(Organization).exists() and onBehalfOf.resolve().ofType(PractitionerRole).organization.resolve().exists() implies who.resolve() != onBehalfOf.resolve().organization.resolve()
img  prov-4 Rule Provenance.agent If who is an organization, onBehalfOf can't be a healthcare service within that organization who.resolve().ofType(Organization).exists() and onBehalfOf.resolve().ofType(HealthcareService).providedBy.resolve().exists() implies who.resolve() != onBehalfOf.resolve().ofType(HealthcareService).providedBy.resolve()

6.3.4.2 6.3.5.3 Using the Provenance Resource

The Provenance resource identifies information about another resource (the reference target element). The Provenance resource may MAY be used in several different ways:

  • As part of a document bundle Bundle where it identifies the provenance of part or all of the document resources in the Bundle (e.g. Documents )
  • On a RESTful system where it keeps track of provenance information relating to resources

When used The resources found in a document bundle, the references Bundle are often not explicitly versioned, but they always implicitly pertain to the latest version of and don't have a version identified , yet Provenance resources in the Bundle MAY have references (e.g. .target) to version specific resources. When de-referencing resource references that MAY have a version identified one SHOULD look for the non-version resource found in the document. Bundle.

On a RESTful system, the target resource reference should SHOULD be version specific, but this requires special care: For new resources that need to have a corresponding Provenance resource, the version-specific reference is often not knowable until after the target resource has been updated. This can create an integrity problem for the system - what if the Provenance resource cannot be created after the target resource has been updated? To avoid any such integrity problems, the target resource and the Provenance resources should SHOULD be submitted as a pair using a transaction (see the Transaction Example ). Alternatively, the Provenance http header MAY be used if supported.

6.3.5.3.1 Element Level Provenance

The Provenance.target MAY point at a specific element within the targeted resource using the target element extension or target path extension . For example when updating a Patient resource with a new official name, such as shown in example 1 , where the Provenance is indicating that the official name was provided by the Patient themselves.

6.3.4.2.1 6.3.5.3.2 HTTP Header

The custom header X-Provenance to provide a provenance resource when performing PUT or POST operations using the RESTful interface : 

POST [base]/Observation
Content-Type: application/fhir+?
X-Provenance: { "resourceType": "Provenance", "location": { "reference": "Location/1" }," agent" ... }

[body]

The intent is that the server picks up the provenance, fills out the target , and then stores the provenance information as it normally would. Notes:

  • Irrespective of the Content-Type or Accept headers, the Provenance resource is in the JSON format
  • The provenance SHALL not NOT have a specified Provenance.target . The server will fill the target in as it processes the contents of the POST/PUT and determines the ids of the resource(s) to which the interaction applies
  • Servers MAY ignore the header, but SHOULD process it if they support provenance
  • Some server frameworks impose a length limit on individual HTTP headers, or on the the headers as a whole. Servers MAY reject a request if the X-Provenance header is too long
  • The use of the header is not documented for other HTTP methods (GET etc) etc.)
  • When recording an AuditEvent, one AuditEvent MAY be used to record the create of the resource and provenance

6.3.4.3 6.3.5.4 Signatures

The Provenance resource includes a signature element (digital signature) which can be used for standards based integrity verification and non-repudiation purposes. The Signature datatype provides details on use of the signature element. The Signature.type coded value of "Source" should SHOULD be used when the signature is for simply proving that the resource content is the same as it was when the resource was updated or created.

6.3.4.4 6.3.5.5 Provenance of Removal

A Provenance record can be recorded to indicate who deleted a Resource. If versioning is supported, the version that was deleted is referenced in Provenance.target; if versioning is not supported then Provenance.target contains the non-version reference. Provenance.entity is not used unless there is a business requirement to do so.

6.3.4.5

6.3.5.6 Use of Provenance to record Import and Transform

Provenance can be used to record activities of an automaton that transforms input. Such as middleware that extracts information from a HL7 v2 V2 message and creates FHIR resources, or middleware that extracts information from an HL7 CDA document and creates FHIR resources, etc. The Provenance in these cases is recording the activity of the middleware.

The middleware in this case would, in addition to creating the target resources, create a Provenance resource that indicates all the target resources (using Provenance.target). Provenance.target ). The middleware is identified as one of the Provenance.agent elements, with the Provenance.agent.role Provenance.agent.type of assembler. assembler .

The middleware may MAY record the source as another Provenance.agent element.

The original content is optionally saved. This might be as a DocumentReference, or Binary. The Provenance.entity would then point at this original content.

The original source might include some form of 'provenance' to cover the history of the original content prior to the import transformation. This original source 'provenance' should SHOULD be converted into FHIR Provenance records as appropriate.

Examples of this activity with Provenance profile can be found in the IHE icon Implementation Guides for

  • Query for Existing Data for Mobile - QEDm icon
  • Reconciliation of Clinical Content and Care Providers - RECON icon

6.3.5.7 Multiple Patients Affected

Where a provenance activity impacts more than one Patient/Subject; multiple Provenance resources SHOULD be recorded, one for each Patient/Subject. This best enables segmentation of the Provenance details so as to limit the Privacy impact. The use of multiple Provenance is a best-practice and SHOULD be driven by a Policy. There will be cases where the use of multiple Provenance resources is not necessary, such as public health reporting.

6.3.5.8 Relevant History Provenance

Some Event pattern or Request pattern resources will have a relevantHistory element. These elements would point to a subset of all Provenance about that resource that are considered relevant. For further guidance on relevantHistory see Event history pattern or Request history pattern.

6.3.5 6.3.6 Search Parameters

Search parameters for this resource. See also the full list of search parameters for this resource , and check the Extensions registry for search parameters on extensions related to this resource. The common parameters also apply. See Searching for more information about searching in REST, messaging, and services.

Name Type Description Expression In Common
activity token Activity that occurred Provenance.activity
agent reference Who participated Provenance.agent.who
( Practitioner , Group , Organization , CareTeam , Device , Patient , HealthcareService , PractitionerRole , RelatedPerson )
agent-role token What the agents role was Provenance.agent.role
agent-type token How the agent participated Provenance.agent.type
based-on reference Reference to the service request. Provenance.basedOn
(Any)
encounter reference Encounter related to the Provenance Provenance.encounter
( Encounter ) 		27 Resources
entity reference Identity of entity Provenance.entity.what
(Any)
location reference Where the activity occurred, if relevant Provenance.location
( Location )
patient reference Target Reference(s) (usually version specific) Where the activity involved patient data Provenance.target.where(resolve() is Patient) Provenance.patient
( Patient ) 		61 Resources
recorded date When the activity was recorded / updated Provenance.recorded
signature-type token Indication of the reason the entity signed the object(s) Provenance.signature.type
target reference Target Reference(s) (usually version specific) Provenance.target
(Any)
when date When the activity occurred (Provenance.occurred as dateTime) (Provenance.occurred.ofType(dateTime))