DSTU2 STU 3 Candidate
This page is part of the FHIR Specification (v1.0.2: DSTU 2). The current version which supercedes this version is

This page is part of the FHIR Specification (v1.4.0: STU 3 Ballot 3). The current version which supercedes this version is 5.0.0 . For a full list of available versions, see the Directory of published versions . For a full list of available versions, see the Directory of published versions . Page versions: . Page versions: R5 R4B R4 R3 R2

6.4 6.5 Resource Provenance - Content Resource Provenance - Content

Provenance of a resource is a record that describes entities and processes involved in producing and delivering or otherwise influencing that resource. Provenance provides a critical foundation for assessing authenticity, enabling trust, and allowing reproducibility. Provenance assertions are a form of contextual metadata and can themselves become important records with their own provenance. Provenance statement indicates clinical significance in terms of confidence in authenticity, reliability, and trustworthiness, integrity, and stage in lifecycle (e.g. Document Completion - has the artifact been legally authenticated), all of which may impact security, privacy, and trust policies.
Security Security Work Group Work Group Maturity Level : 1 Maturity Level : 1 Compartments : : Device , , Patient , , Practitioner , , RelatedPerson

Provenance of a resource is a record that describes entities and processes involved in producing and delivering or otherwise influencing that resource. Provenance provides a critical foundation for assessing authenticity, enabling trust, and allowing reproducibility. Provenance assertions are a form of contextual metadata and can themselves become important records with their own provenance. Provenance statement indicates clinical significance in terms of confidence in authenticity, reliability, and trustworthiness, integrity, and stage in lifecycle (e.g. Document Completion - has the artifact been legally authenticated), all of which may impact security, privacy, and trust policies.

6.4.1 Scope and Usage 6.5.1 Scope and Usage The Provenance resource tracks information about the activity that created a version of a resource, including the entities, and agents involved in producing a resource. This information can be used to form assessments about its quality, reliability or trustworthiness, or to provide pointers for where to go to further investigate the origins of the resource and the information in it. Provenance resources are a record-keeping assertion that gathers information about the context in which the information in a resource was obtained. Provenance resources are prepared by the application that initiates the create/update etc. of the resource. An AuditEvent resource contains overlapping information, but is created as events occur, to track and audit the events.

The Provenance resource tracks information about the activity that created a version of a resource, including the entities, and agents involved in producing a resource. This information can be used to form assessments about its quality, reliability or trustworthiness, or to provide pointers for where to go to further investigate the origins of the resource and the information in it.

Provenance resources are a record-keeping assertion that gathers information about the context in which the information in a resource was obtained. Provenance resources are prepared by the application that initiates the create/update etc. of the resource. An AuditEvent resources are often (though not exclusively) created by the application responding to the read/query/create/update, etc., event. resource contains overlapping information, but is created as events occur, to track and audit the events. AuditEvent resources are often (though not exclusively) created by the application responding to the read/query/create/update, etc., event.

6.4.2 Boundaries and Relationships 6.5.2 Boundaries and Relationships Many other FHIR resources contain some elements that represent information about how the resource was obtained, and therefore they overlap with the functionality of the Provenance resource. These properties in other resources should always be used in preference to the Provenance resource, and the Provenance resource should be used where additional information is required, though overlap can occur.

Many other FHIR resources contain some elements that represent information about how the resource was obtained, and therefore they overlap with the functionality of the Provenance resource. These properties in other resources should always be used in preference to the Provenance resource, and the Provenance resource should be used where additional information is required, though overlap can occur.

The relationship between a resource and it's provenance is established by a reference from the provenance resource to it's target. In this way, provenance may be provided about any resource or version, including past versions. There may be multiple provenance records for a given resource or version of a resource.

6.4.3 Background and Context 6.5.3 Background and Context The Provenance resource is based on the W3C Provenance specification

The Provenance resource is based on the W3C Provenance specification , and mappings are provided. The Provenance resource is tailored to fit the FHIR use-cases for provenance more directly. In terms of W3C Provenance , and mappings are provided. The Provenance resource is tailored to fit the FHIR use-cases for provenance more directly. In terms of W3C Provenance the FHIR Provenance resources covers "Generation" of "Entity" with respect to FHIR defined resources for creation or updating; whereas the FHIR Provenance resources covers "Generation" of "Entity" with respect to FHIR defined resources for creation or updating; whereas AuditEvent covers "Usage" of "Entity" and all other "Activity" as defined in W3C Provenance. The W3C Provenance Specification has the following fundamental model: Where: Target - An entity that is a FHIR resource instance that is created, updated or deleted. Entity - An entity is a physical, digital, conceptual or other kind of thing with some fixed aspects; entities may be real or imaginary. Agent - An agent is something that bears some form of responsibility for an activity taking place, for the existence of an entity, or for another agent's activity. Activity - An activity is something that occurs over a period of time and acts upon or with entities; it may include consuming, processing, transforming, modifying, relocating, using, or generating entities. The Provenance resource actually corresponds to a single activity that identifies a set of resources ( covers "Usage" of "Entity" and all other "Activity" as defined in W3C Provenance.

The W3C Provenance Specification has the following fundamental model:

Key concepts

Where:

  • Target - An entity that is a FHIR resource instance that is created, updated or deleted.
  • Entity - An entity is a physical, digital, conceptual or other kind of thing with some fixed aspects; entities may be real or imaginary.
  • Agent - An agent is something that bears some form of responsibility for an activity taking place, for the existence of an entity, or for another agent's activity.
  • Activity - An activity is something that occurs over a period of time and acts upon or with entities; it may include consuming, processing, transforming, modifying, relocating, using, or generating entities.

The Provenance resource actually corresponds to a single activity that identifies a set of resources ( target ) generated by the activity. The activity also references other entities ( ) generated by the activity. The activity also references other entities ( entity ) that were used and the agents ( ) that were used and the agents ( agent ) that were associated with the activity. ) that were associated with the activity. To record multiple activities that resulted in one ( target ), record each ( activity ) in independent Provenance records all pointing at that ( target ).

The Provenance resource depends upon having References to all of the resources, entities, and agents involved in the activity. These References need not be resolvable. The references must provide a unique and ambiguous identification. If a resource, entity, or agent can have different versions that must be identified, then the Reference must have versioning information included.

Versioning and unique identification are not mandated for all systems that provide Resources, entities, and agents. But, inclusion of Provenance requirements may introduce requirements for versioning and unique identification on those systems

6.4.3.1 Open Issues and Request for Comments 6.5.3.1 Open Issues and Request for Comments At this juncture, Provenance has several areas of concern for the Security WG. The first concern is whether the current HL7 ProvenanceEvent value set is sufficient for conveying the states to which a trigger event can cause an activity to transition the FHIR Resource target of the Provenance Resource from a previous state. The current value set was will be updated post DSTU2. While the intended FHIR ProvenanceEvent value set has sub-value sets from multiple sources such as W3C and HL7, there are some duplicate and colliding definitions, the upside is that there are more provenance event related actions than in the HL7 ProvenanceEvent value set. The Security, Community Based Collaborative Care, and the EHR Work Groups are in the process of refining and de-duplicating this value set in hopes of replacing the current one in DSTU 2.1 if the Provenance Resource is permitted to be re-published. In any case, feedback from business and implementer communities would be very much appreciated. Another area of concern is whether the Provenance.entity.role element is necessary at all if there is a sufficient activity value set, and if it is useful, whether W3C codes indicating that the entity is the target of provenance, e.g., derivation or revision, make sense where the entity is an input into a target resource which may be a revision or derivation of that entity. Note that the binding of the ProvenanceEvent and Purpose of Use value sets are currently set to extensible rather than example. Concerns have been raised about constraining vocabulary choices during DSTU especially for other jurisdictions. For example, outside of the US, ISO 13606 Purpose of Use codes are more likely used. Security WG would also appreciate feedback on whether these bindings should be example or extensible.

At this juncture, Provenance has several areas of concern for the Security WG. The first concern is whether the current HL7 ProvenanceEvent value set is sufficient for conveying the states to which a trigger event can cause an activity to transition the FHIR Resource target of the Provenance Resource from a previous state. The current value set was will be updated post DSTU2.

While the intended FHIR ProvenanceEvent value set has sub-value sets from multiple sources such as W3C and HL7, there are some duplicate and colliding definitions, the upside is that there are more provenance event related actions than in the HL7 ProvenanceEvent value set. The Security, Community Based Collaborative Care, and the EHR Work Groups are in the process of refining and de-duplicating this value set in hopes of replacing the current one in DSTU 2.1 if the Provenance Resource is permitted to be re-published. In any case, feedback from business and implementer communities would be very much appreciated.

Another area of concern is whether the Provenance.entity.role element is necessary at all if there is a sufficient activity value set, and if it is useful, whether W3C codes indicating that the entity is the target of provenance, e.g., derivation or revision, make sense where the entity is an input into a target resource which may be a revision or derivation of that entity.

Note that the binding of the ProvenanceEvent and Purpose of Use value sets are currently set to extensible rather than example. Concerns have been raised about constraining vocabulary choices during DSTU especially for other jurisdictions. For example, outside of the US, ISO 13606 Purpose of Use codes are more likely used. Security WG would also appreciate feedback on whether these bindings should be example or extensible.

6.4.4 Resource Content 6.5.4 Resource Content

Structure

Name Flags Card. Type Description & Constraints Description & Constraints doco
. . Provenance Σ DomainResource Who, What, When for a set of resources Who, What, When for a set of resources
. . . target Σ 1..* Reference ( Any ) Target Reference(s) (usually version specific) Target Reference(s) (usually version specific)
. . . period Σ 0..1 Period When the activity occurred When the activity occurred
. . . recorded Σ 1..1 instant When the activity was recorded / updated When the activity was recorded / updated
. . . reason Σ 0..* CodeableConcept Coding Reason the activity is occurring Reason the activity is occurring
PurposeOfUse ( ( Extensible )
. . . activity Σ 0..1 CodeableConcept Coding Activity that occurred Activity that occurred
ProvenanceEventCurrentState ( ( Extensible )
. . . location Σ 0..1 Reference ( Location ) Where the activity occurred, if relevant Where the activity occurred, if relevant
. . . policy Σ 0..* uri Policy or plan the activity was defined by Policy or plan the activity was defined by
. . . agent Σ 0..* 1..* BackboneElement Agents involved in creating resource Actor involved
. . . . role Σ 1..1 Coding What the agents involvement was What the agents involvement was
ProvenanceParticipantRole ( ( Extensible )
. . . . actor Σ 0..1 Reference ( Practitioner | | RelatedPerson | | Patient | | Device | | Organization ) Individual, device or organization playing role Individual, device or organization playing role
. . . . userId Σ 0..1 Identifier Authorization-system identifier for the agent Authorization-system identifier for the agent
. . . . relatedAgent Σ 0..* BackboneElement Track delegation between agents Track delegation between agents
. . . . . type Σ 1..1 CodeableConcept Type of relationship between agents Type of relationship between agents
v3 Code System RoleLinkType ( v3 Code System RoleLinkType ( Example )
. . . . . target Σ 1..1 uri Reference to other agent in this resource by identifier Reference to other agent in this resource by identifier
. . . entity Σ 0..* BackboneElement An entity used in this activity An entity used in this activity
. . . . role Σ 1..1 code derivation | revision | quotation | source derivation | revision | quotation | source | removal
ProvenanceEntityRole ( ( Required )
. . . . type Σ 1..1 Coding The type of resource in this entity The type of resource in this entity
ResourceType ( ( Extensible )
. . . . reference Σ 1..1 uri Identity of entity Identity of entity
. . . . display Σ 0..1 string Human description of entity Human description of entity
. . . . agent Σ 0..1 see see agent Entity is attributed to this agent Entity is attributed to this agent
. . . signature Σ 0..* Signature Signature on target Signature on target

Documentation for this format doco Documentation for this format

UML Diagram UML Diagram

Provenance ( ( DomainResource ) The Reference(s) that were generated or updated by the activity described in this resource. A provenance can point to more than one target if multiple resources were created/updated by the same activity The Reference(s) that were generated or updated by the activity described in this resource. A provenance can point to more than one target if multiple resources were created/updated by the same activity target : : Reference [1..*] « [1..*] « Any » » The period during which the activity occurred The period during which the activity occurred period : : Period [0..1] [0..1] The instant of time at which the activity was recorded The instant of time at which the activity was recorded recorded : : instant [1..1] [1..1] The reason that the activity was taking place The reason that the activity was taking place reason : CodeableConcept [0..*] « : Coding [0..*] « The reason the activity took place. (Strength=Extensible) The reason the activity took place. (Strength=Extensible) PurposeOfUse + » + » An activity is something that occurs over a period of time and acts upon or with entities; it may include consuming, processing, transforming, modifying, relocating, using, or generating entities An activity is something that occurs over a period of time and acts upon or with entities; it may include consuming, processing, transforming, modifying, relocating, using, or generating entities activity : CodeableConcept [0..1] « : Coding [0..1] « The activity that took place. (Strength=Extensible) The activity that took place. (Strength=Extensible) ProvenanceEventCurrentState + » + » Where the activity occurred, if relevant Where the activity occurred, if relevant location : : Reference [0..1] « [0..1] « Location » » Policy or plan the activity was defined by. Typically, a single activity may have multiple applicable policy documents, such as patient consent, guarantor funding, etc Policy or plan the activity was defined by. Typically, a single activity may have multiple applicable policy documents, such as patient consent, guarantor funding, etc policy : : uri [0..*] [0..*] A digital signature on the target Reference(s). The signer should match a Provenance.agent. The purpose of the signature is indicated A digital signature on the target Reference(s). The signer should match a Provenance.agent. The purpose of the signature is indicated signature : : Signature [0..*] [0..*] Agent The function of the agent with respect to the activity The function of the agent with respect to the activity role : : Coding [1..1] « [1..1] « The role that a provenance agent played with respect to the activity. (Strength=Extensible) The role that a provenance agent played with respect to the activity. (Strength=Extensible) ProvenanceParticipantRole + » + » The individual, device or organization that participated in the event The individual, device or organization that participated in the event actor : : Reference [0..1] « [0..1] « Practitioner | RelatedPerson | Patient | Device | Organization » » The identity of the agent as known by the authorization system The identity of the agent as known by the authorization system userId : : Identifier [0..1] [0..1] RelatedAgent The type of relationship between agents The type of relationship between agents type : : CodeableConcept [1..1] « [1..1] « Type of relationship between two provenance agents. (Strength=Example) Type of relationship between two provenance agents. (Strength=Example) v3 Code System RoleLinkType v3 Code System RoleLinkType ?? » ?? » An internal reference to another agent listed in this provenance by its identifier An internal reference to another agent listed in this provenance by its identifier target : : uri [1..1] [1..1] Entity How the entity was used during the activity How the entity was used during the activity role : : code [1..1] « [1..1] « How an entity was used in an activity. (Strength=Required) How an entity was used in an activity. (Strength=Required) ProvenanceEntityRole ! » ! » The type of the entity. If the entity is a resource, then this is a resource type The type of the entity. If the entity is a resource, then this is a resource type type : : Coding [1..1] « [1..1] « The type of an entity used in an activity. (Strength=Extensible) The type of an entity used in an activity. (Strength=Extensible) ResourceType + » + » Identity of the Entity used. May be a logical or physical uri and maybe absolute or relative Identity of the Entity used. May be a logical or physical uri and maybe absolute or relative reference : : uri [1..1] [1..1] Human-readable description of the entity Human-readable description of the entity display : : string [0..1] [0..1] A relationship between two the agents referenced in this resource. This is defined to allow for explicit description of the delegation between agents. For example, this human author used this device, or one person acted on another's behest A relationship between two the agents referenced in this resource. This is defined to allow for explicit description of the delegation between agents. For example, this human author used this device, or one person acted on another's behest relatedAgent [0..*] An agent takes a role in an activity such that the agent can be assigned some degree of responsibility for the activity taking place. An agent can be a person, an organization, software, or other entities that may be ascribed responsibility An actor taking a role in an activity for which it can be assigned some degree of responsibility for the activity taking place agent [0..*] [1..*] The entity is attributed to an agent to express the agent's responsibility for that entity, possibly along with other agents. This description can be understood as shorthand for saying that the agent was responsible for the activity which generated the entity The entity is attributed to an agent to express the agent's responsibility for that entity, possibly along with other agents. This description can be understood as shorthand for saying that the agent was responsible for the activity which generated the entity agent [0..1] An entity used in this activity An entity used in this activity entity [0..*]

XML Template XML Template 

<Provenance xmlns="http://hl7.org/fhir"> doco
 <!-- from Resource: id, meta, implicitRules, and language -->
 <!-- from DomainResource: text, contained, extension, and modifierExtension -->
 <target><!-- 1..* Reference(Any) Target Reference(s) (usually version specific) --></target>
 <period><!-- 0..1 Period When the activity occurred --></period>
 <recorded value="[instant]"/><!-- 1..1 When the activity was recorded / updated -->
 <</reason>
 <</activity>

 <reason><!-- 0..* Coding Reason the activity is occurring --></reason>
 <activity><!-- 0..1 Coding Activity that occurred --></activity>

 <location><!-- 0..1 Reference(Location) Where the activity occurred, if relevant --></location>
 <policy value="[uri]"/><!-- 0..* Policy or plan the activity was defined by -->
 <

 <agent>  <!-- 1..* Actor involved -->

  <role><!-- 1..1 Coding What the agents involvement was --></role>
  <actor><!-- 0..1 Reference(Practitioner|RelatedPerson|Patient|Device|
    Organization) Individual, device or organization playing role --></actor>
  <userId><!-- 0..1 Identifier Authorization-system identifier for the agent --></userId>
  <relatedAgent>  <!-- 0..* Track delegation between agents -->
   <</type>

   <type><!-- 1..1 CodeableConcept Type of relationship between agents --></type>

   <target value="[uri]"/><!-- 1..1 Reference to other agent in this resource by identifier -->
  </relatedAgent>
 </agent>
 <entity>  <!-- 0..* An entity used in this activity -->
  <

  <role value="[code]"/><!-- 1..1 derivation | revision | quotation | source | removal -->

  <type><!-- 1..1 Coding The type of resource in this entity --></type>
  <reference value="[uri]"/><!-- 1..1 Identity of entity -->
  <display value="[string]"/><!-- 0..1 Human description of entity -->
  <agent><!-- 0..1 Content as for Provenance.agent Entity is attributed to this agent --></agent>
 </entity>
 <signature><!-- 0..* Signature Signature on target --></signature>
</Provenance>

JSON Template JSON Template 

{doco
  "resourceType" : "Provenance",
  // from Resource: id, meta, implicitRules, and language
  // from DomainResource: text, contained, extension, and modifierExtension
  "target" : [{ Reference(Any) }], // R!  Target Reference(s) (usually version specific)
  "period" : { Period }, // When the activity occurred
  "recorded" : "<instant>", // R!  When the activity was recorded / updated
  "
  "

  "reason" : [{ Coding }], // Reason the activity is occurring
  "activity" : { Coding }, // Activity that occurred

  "location" : { Reference(Location) }, // Where the activity occurred, if relevant
  "policy" : ["<uri>"], // Policy or plan the activity was defined by
  "

  "agent" : [{ // R!  Actor involved

    "role" : { Coding }, // R!  What the agents involvement was
    "actor" : { Reference(Practitioner|RelatedPerson|Patient|Device|
    Organization) }, // Individual, device or organization playing role
    "userId" : { Identifier }, // Authorization-system identifier for the agent
    "relatedAgent" : [{ // Track delegation between agents
      "

      "type" : { CodeableConcept }, // R!  Type of relationship between agents

      "target" : "<uri>" // R!  Reference to other agent in this resource by identifier
    }]
  }],
  "entity" : [{ // An entity used in this activity
    "

    "role" : "<code>", // R!  derivation | revision | quotation | source | removal

    "type" : { Coding }, // R!  The type of resource in this entity
    "reference" : "<uri>", // R!  Identity of entity
    "display" : "<string>", // Human description of entity
    "agent" : { Content as for Provenance.agent } // Entity is attributed to this agent
  }],
  "signature" : [{ Signature }] // Signature on target
}

Structure

Name Flags Card. Type Description & Constraints Description & Constraints doco
. . Provenance Σ DomainResource Who, What, When for a set of resources Who, What, When for a set of resources
. . . target Σ 1..* Reference ( Any ) Target Reference(s) (usually version specific) Target Reference(s) (usually version specific)
. . . period Σ 0..1 Period When the activity occurred When the activity occurred
. . . recorded Σ 1..1 instant When the activity was recorded / updated When the activity was recorded / updated
. . . reason Σ 0..* CodeableConcept Coding Reason the activity is occurring Reason the activity is occurring
PurposeOfUse ( ( Extensible )
. . . activity Σ 0..1 CodeableConcept Coding Activity that occurred Activity that occurred
ProvenanceEventCurrentState ( ( Extensible )
. . . location Σ 0..1 Reference ( Location ) Where the activity occurred, if relevant Where the activity occurred, if relevant
. . . policy Σ 0..* uri Policy or plan the activity was defined by Policy or plan the activity was defined by
. . . agent Σ 0..* 1..* BackboneElement Agents involved in creating resource Actor involved
. . . . role Σ 1..1 Coding What the agents involvement was What the agents involvement was
ProvenanceParticipantRole ( ( Extensible )
. . . . actor Σ 0..1 Reference ( Practitioner | | RelatedPerson | | Patient | | Device | | Organization ) Individual, device or organization playing role Individual, device or organization playing role
. . . . userId Σ 0..1 Identifier Authorization-system identifier for the agent Authorization-system identifier for the agent
. . . . relatedAgent Σ 0..* BackboneElement Track delegation between agents Track delegation between agents
. . . . . type Σ 1..1 CodeableConcept Type of relationship between agents Type of relationship between agents
v3 Code System RoleLinkType ( v3 Code System RoleLinkType ( Example )
. . . . . target Σ 1..1 uri Reference to other agent in this resource by identifier Reference to other agent in this resource by identifier
. . . entity Σ 0..* BackboneElement An entity used in this activity An entity used in this activity
. . . . role Σ 1..1 code derivation | revision | quotation | source derivation | revision | quotation | source | removal
ProvenanceEntityRole ( ( Required )
. . . . type Σ 1..1 Coding The type of resource in this entity The type of resource in this entity
ResourceType ( ( Extensible )
. . . . reference Σ 1..1 uri Identity of entity Identity of entity
. . . . display Σ 0..1 string Human description of entity Human description of entity
. . . . agent Σ 0..1 see see agent Entity is attributed to this agent Entity is attributed to this agent
. . . signature Σ 0..* Signature Signature on target Signature on target

Documentation for this format doco Documentation for this format

UML Diagram UML Diagram

Provenance ( ( DomainResource ) The Reference(s) that were generated or updated by the activity described in this resource. A provenance can point to more than one target if multiple resources were created/updated by the same activity The Reference(s) that were generated or updated by the activity described in this resource. A provenance can point to more than one target if multiple resources were created/updated by the same activity target : : Reference [1..*] « [1..*] « Any » » The period during which the activity occurred The period during which the activity occurred period : : Period [0..1] [0..1] The instant of time at which the activity was recorded The instant of time at which the activity was recorded recorded : : instant [1..1] [1..1] The reason that the activity was taking place The reason that the activity was taking place reason : CodeableConcept [0..*] « : Coding [0..*] « The reason the activity took place. (Strength=Extensible) The reason the activity took place. (Strength=Extensible) PurposeOfUse + » + » An activity is something that occurs over a period of time and acts upon or with entities; it may include consuming, processing, transforming, modifying, relocating, using, or generating entities An activity is something that occurs over a period of time and acts upon or with entities; it may include consuming, processing, transforming, modifying, relocating, using, or generating entities activity : CodeableConcept [0..1] « : Coding [0..1] « The activity that took place. (Strength=Extensible) The activity that took place. (Strength=Extensible) ProvenanceEventCurrentState + » + » Where the activity occurred, if relevant Where the activity occurred, if relevant location : : Reference [0..1] « [0..1] « Location » » Policy or plan the activity was defined by. Typically, a single activity may have multiple applicable policy documents, such as patient consent, guarantor funding, etc Policy or plan the activity was defined by. Typically, a single activity may have multiple applicable policy documents, such as patient consent, guarantor funding, etc policy : : uri [0..*] [0..*] A digital signature on the target Reference(s). The signer should match a Provenance.agent. The purpose of the signature is indicated A digital signature on the target Reference(s). The signer should match a Provenance.agent. The purpose of the signature is indicated signature : : Signature [0..*] [0..*] Agent The function of the agent with respect to the activity The function of the agent with respect to the activity role : : Coding [1..1] « [1..1] « The role that a provenance agent played with respect to the activity. (Strength=Extensible) The role that a provenance agent played with respect to the activity. (Strength=Extensible) ProvenanceParticipantRole + » + » The individual, device or organization that participated in the event The individual, device or organization that participated in the event actor : : Reference [0..1] « [0..1] « Practitioner | RelatedPerson | Patient | Device | Organization » » The identity of the agent as known by the authorization system The identity of the agent as known by the authorization system userId : : Identifier [0..1] [0..1] RelatedAgent The type of relationship between agents The type of relationship between agents type : : CodeableConcept [1..1] « [1..1] « Type of relationship between two provenance agents. (Strength=Example) Type of relationship between two provenance agents. (Strength=Example) v3 Code System RoleLinkType v3 Code System RoleLinkType ?? » ?? » An internal reference to another agent listed in this provenance by its identifier An internal reference to another agent listed in this provenance by its identifier target : : uri [1..1] [1..1] Entity How the entity was used during the activity How the entity was used during the activity role : : code [1..1] « [1..1] « How an entity was used in an activity. (Strength=Required) How an entity was used in an activity. (Strength=Required) ProvenanceEntityRole ! » ! » The type of the entity. If the entity is a resource, then this is a resource type The type of the entity. If the entity is a resource, then this is a resource type type : : Coding [1..1] « [1..1] « The type of an entity used in an activity. (Strength=Extensible) The type of an entity used in an activity. (Strength=Extensible) ResourceType + » + » Identity of the Entity used. May be a logical or physical uri and maybe absolute or relative Identity of the Entity used. May be a logical or physical uri and maybe absolute or relative reference : : uri [1..1] [1..1] Human-readable description of the entity Human-readable description of the entity display : : string [0..1] [0..1] A relationship between two the agents referenced in this resource. This is defined to allow for explicit description of the delegation between agents. For example, this human author used this device, or one person acted on another's behest A relationship between two the agents referenced in this resource. This is defined to allow for explicit description of the delegation between agents. For example, this human author used this device, or one person acted on another's behest relatedAgent [0..*] An agent takes a role in an activity such that the agent can be assigned some degree of responsibility for the activity taking place. An agent can be a person, an organization, software, or other entities that may be ascribed responsibility An actor taking a role in an activity for which it can be assigned some degree of responsibility for the activity taking place agent [0..*] [1..*] The entity is attributed to an agent to express the agent's responsibility for that entity, possibly along with other agents. This description can be understood as shorthand for saying that the agent was responsible for the activity which generated the entity The entity is attributed to an agent to express the agent's responsibility for that entity, possibly along with other agents. This description can be understood as shorthand for saying that the agent was responsible for the activity which generated the entity agent [0..1] An entity used in this activity An entity used in this activity entity [0..*]

XML Template XML Template 

<Provenance xmlns="http://hl7.org/fhir"> doco
 <!-- from Resource: id, meta, implicitRules, and language -->
 <!-- from DomainResource: text, contained, extension, and modifierExtension -->
 <target><!-- 1..* Reference(Any) Target Reference(s) (usually version specific) --></target>
 <period><!-- 0..1 Period When the activity occurred --></period>
 <recorded value="[instant]"/><!-- 1..1 When the activity was recorded / updated -->
 <</reason>
 <</activity>

 <reason><!-- 0..* Coding Reason the activity is occurring --></reason>
 <activity><!-- 0..1 Coding Activity that occurred --></activity>

 <location><!-- 0..1 Reference(Location) Where the activity occurred, if relevant --></location>
 <policy value="[uri]"/><!-- 0..* Policy or plan the activity was defined by -->
 <

 <agent>  <!-- 1..* Actor involved -->

  <role><!-- 1..1 Coding What the agents involvement was --></role>
  <actor><!-- 0..1 Reference(Practitioner|RelatedPerson|Patient|Device|
    Organization) Individual, device or organization playing role --></actor>
  <userId><!-- 0..1 Identifier Authorization-system identifier for the agent --></userId>
  <relatedAgent>  <!-- 0..* Track delegation between agents -->
   <</type>

   <type><!-- 1..1 CodeableConcept Type of relationship between agents --></type>

   <target value="[uri]"/><!-- 1..1 Reference to other agent in this resource by identifier -->
  </relatedAgent>
 </agent>
 <entity>  <!-- 0..* An entity used in this activity -->
  <

  <role value="[code]"/><!-- 1..1 derivation | revision | quotation | source | removal -->

  <type><!-- 1..1 Coding The type of resource in this entity --></type>
  <reference value="[uri]"/><!-- 1..1 Identity of entity -->
  <display value="[string]"/><!-- 0..1 Human description of entity -->
  <agent><!-- 0..1 Content as for Provenance.agent Entity is attributed to this agent --></agent>
 </entity>
 <signature><!-- 0..* Signature Signature on target --></signature>
</Provenance>

JSON Template JSON Template 

{doco
  "resourceType" : "Provenance",
  // from Resource: id, meta, implicitRules, and language
  // from DomainResource: text, contained, extension, and modifierExtension
  "target" : [{ Reference(Any) }], // R!  Target Reference(s) (usually version specific)
  "period" : { Period }, // When the activity occurred
  "recorded" : "<instant>", // R!  When the activity was recorded / updated
  "
  "

  "reason" : [{ Coding }], // Reason the activity is occurring
  "activity" : { Coding }, // Activity that occurred

  "location" : { Reference(Location) }, // Where the activity occurred, if relevant
  "policy" : ["<uri>"], // Policy or plan the activity was defined by
  "

  "agent" : [{ // R!  Actor involved

    "role" : { Coding }, // R!  What the agents involvement was
    "actor" : { Reference(Practitioner|RelatedPerson|Patient|Device|
    Organization) }, // Individual, device or organization playing role
    "userId" : { Identifier }, // Authorization-system identifier for the agent
    "relatedAgent" : [{ // Track delegation between agents
      "

      "type" : { CodeableConcept }, // R!  Type of relationship between agents

      "target" : "<uri>" // R!  Reference to other agent in this resource by identifier
    }]
  }],
  "entity" : [{ // An entity used in this activity
    "

    "role" : "<code>", // R!  derivation | revision | quotation | source | removal

    "type" : { Coding }, // R!  The type of resource in this entity
    "reference" : "<uri>", // R!  Identity of entity
    "display" : "<string>", // Human description of entity
    "agent" : { Content as for Provenance.agent } // Entity is attributed to this agent
  }],
  "signature" : [{ Signature }] // Signature on target
}

  Alternate definitions:

Alternate definitions: Schema / Schematron , Resource Profile ( , Resource Profile ( XML , , JSON ), ), Questionnaire

6.4.4.1 Terminology Bindings 6.5.4.1 Terminology Bindings

Path Definition Type Reference
Provenance.reason Provenance.reason The reason the activity took place. The reason the activity took place. Extensible PurposeOfUse
Provenance.activity Provenance.activity The activity that took place. The activity that took place. Extensible ProvenanceEventCurrentState
Provenance.agent.role Provenance.agent.role The role that a provenance agent played with respect to the activity. The role that a provenance agent played with respect to the activity. Extensible ProvenanceParticipantRole
Provenance.agent.relatedAgent.type Provenance.agent.relatedAgent.type Type of relationship between two provenance agents. Type of relationship between two provenance agents. Example v3 Code System RoleLinkType v3 Code System RoleLinkType
Provenance.entity.role Provenance.entity.role How an entity was used in an activity. How an entity was used in an activity. Required ProvenanceEntityRole
Provenance.entity.type Provenance.entity.type The type of an entity used in an activity. The type of an entity used in an activity. Extensible ResourceType

6.4.4.2 6.5.4.2 Using the Provenance Resource Using the Provenance Resource The Provenance resource identifies information about another resource (the

The Provenance resource identifies information about another resource (the reference element). The Provenance resource may be used in several different ways: As part of a document bundle where it identifies the provenance of part or all of the document On a RESTful system where it keeps track of provenance information relating to resources When used in a document bundle, the element). The Provenance resource may be used in several different ways:

  • As part of a document bundle where it identifies the provenance of part or all of the document
  • On a RESTful system where it keeps track of provenance information relating to resources

When used in a document bundle, the references are often not explicitly versioned, but they always implicitly pertain to the version of the resource found in the document. On a RESTful system, the target resource reference should be version specific, but this requires special care: For new resources that need to have a corresponding Provenance resource, the version-specific reference is often not knowable until after the target resource has been updated. This can create an integrity problem for the system - what if the Provenance resource cannot be created after the target resource has been updated? To avoid any such integrity problems, the target resource and the Provenance resources should be submitted as a pair using a are often not explicitly versioned, but they always implicitly pertain to the version of the resource found in the document. On a RESTful system, the target resource reference should be version specific, but this requires special care: For new resources that need to have a corresponding Provenance resource, the version-specific reference is often not knowable until after the target resource has been updated. This can create an integrity problem for the system - what if the Provenance resource cannot be created after the target resource has been updated? To avoid any such integrity problems, the target resource and the Provenance resources should be submitted as a pair using a transaction . .

6.4.4.3 6.5.4.3 Digital Signatures Digital Signatures The Provenance resource includes a

The Provenance resource includes a signature element (digital signature) which can be used for standards based integrity verification and non-repudiation purposes. The element (digital signature) which can be used for standards based integrity verification and non-repudiation purposes. The Signature datatype provides details on use of the signature element. The Signature.type coded value of "Source" should be used when the datatype provides details on use of the signature is for simply proving that the resource content is the same as it was when the resource was updated or created. element. The Signature.type coded value of "Source" should be used when the signature is for simply proving that the resource content is the same as it was when the resource was updated or created.

6.4.4.4 6.5.4.4 Party References Party References Because the Provenance resource often refers to parties that are not represented as FHIR resources,

Because the Provenance resource often refers to parties that are not represented as FHIR resources, agent and and entity references are allowed to be either references to other resources, or they can refer to other entities that are not FHIR resources. For Provenance.agent, the references are allowed to be either references to other resources, or they can refer to other entities that are not FHIR resources.

For Provenance.agent, the actor element is used to reference an existing resource. To reference an entity that is not a FHIR resource, the element is used to reference an existing resource. To reference an entity that is not a FHIR resource, the userId element is used. A version specific reference to a FHIR resource on the same server: element is used.

A version specific reference to a FHIR resource on the same server: 

  <agent>
    <actor>
      <reference value="Patient/34/_history/3"/>
    </actor>
  </agent>
A
reference
to
a
user
(a
person)
not
represented
by
a
FHIR
resource:

A reference to a user (a person) not represented by a FHIR resource: 

  <agent>
    <userId>
      <value value="http://acme.com/users/34"/>
    </userId>  
  </agent>
For
Provenance.entity,
the
code
in
the
.type
element
is
used
to
differentiate
between
the
two
cases:
if
the
code
is
in
the
system
"http://hl7.org/fhir/resource-types",
then
the
reference
is
to
a
resource,
and
the
element
reference
functions
exactly
the
same
as
in
a
resource
reference
.
A
version
specific

For Provenance.entity, the code in the .type element is used to differentiate between the two cases: if the code is in the system "http://hl7.org/fhir/resource-types", then the reference is to a resource, and the element reference to a FHIR resource on the same server: functions exactly the same as in a resource reference .

A version specific reference to a FHIR resource on the same server: 

  <entity>
    <type>
      <system value="http://hl7.org/fhir/resource-types"/>
      <code value="Patient"/>
    </type>
    <reference value="Patient/34/_history/3"/>
  </entity>
In
effect,
this
is
the
same
pattern
as
a
standard
resource
reference,
but
the
type
becomes
extensible
to
allow
referencing
other
kinds
of
resources.
A
reference
to
a
entity
(a
person)
not
represented
by
a
FHIR
resource:

In effect, this is the same pattern as a standard resource reference, but the type becomes extensible to allow referencing other kinds of resources.

A reference to a entity (a person) not represented by a FHIR resource: 

  <entity>
    <type>
      <system value="http://hl7.org/fhir/provenance-participant-type"/>  
      <code value="person"/>
    </type>  
    <reference value="http://acme.com/users/34"/>
  </entity>
One
subtle
issue
with
the
use
of
the
Provenance
resource
is
to
differentiate
between
whether
the
reference
is
to
the
resource
itself,
or
whether
the
the
reference
is
to
the
real
world
thing
that
the
resource
represents,
e.g.
was
it
the
person
involved
in
the
activity,
or
the
record
of
the
person.
For
agents,
it
should
be
understood
that
the
reference
is
to
the
real
world
thing
that
the
resource
represents.

One subtle issue with the use of the Provenance resource is to differentiate between whether the reference is to the resource itself, or whether the the reference is to the real world thing that the resource represents, e.g. was it the person involved in the activity, or the record of the person. For agents, it should be understood that the reference is to the real world thing that the resource represents.

6.4.5 Search Parameters 6.5.4.5 Provenance of Removal Search parameters for this resource. The common parameters

A Provenance record can be recorded to indicate who Deleted a Resource. If versioning is supported, the version that was deleted is referenced in Provenance.target; if versioning is not supported then Provenance.target contains the non-version reference. Provenance.entity is not used unless there is a business requirement to do so.

6.5.5 Search Parameters also apply. See

Search parameters for this resource. The common parameters also apply. See Searching for more information about searching in REST, messaging, and services. for more information about searching in REST, messaging, and services.

© HL7.org 2011+. FHIR DSTU2 (v1.0.2-7202) generated on Sat, Oct 24, 2015 07:44+1100. Links: Search
Name Type Description Paths
agent reference Individual, device or organization playing role Individual, device or organization playing role Provenance.agent.actor
( Device , , Organization , , Patient , , Practitioner , , RelatedPerson )
end date End time with inclusive boundary, if not ongoing End time with inclusive boundary, if not ongoing Provenance.period.end
entity uri Identity of entity Identity of entity Provenance.entity.reference
entitytype entity-type token The type of resource in this entity The type of resource in this entity Provenance.entity.type
location reference Where the activity occurred, if relevant Where the activity occurred, if relevant Provenance.location
( Location )
patient reference Target Reference(s) (usually version specific) Target Reference(s) (usually version specific) Provenance.target
( Patient )
sigtype sig token Indication of the reason the entity signed the object(s) Indication of the reason the entity signed the object(s) Provenance.signature.type
start date Starting time with inclusive boundary Starting time with inclusive boundary Provenance.period.start
target reference Target Reference(s) (usually version specific) Target Reference(s) (usually version specific) Provenance.target
(Any)
userid token Authorization-system identifier for the agent Authorization-system identifier for the agent Provenance.agent.userId