Release
4B
5
Ballot
Security
and
Privacy
This
page
is
part
of
the
FHIR
Specification
(v4.3.0:
R4B
(v5.0.0-ballot:
R5
Ballot
-
STU
see
ballot
notes
).
The
current
version
which
supercedes
this
version
is
5.0.0
.
For
a
full
list
of
available
versions,
see
the
Directory
of
published
versions
.
Page
versions:
R5
R4B
R4
R3
R2
| Security Work Group | Maturity Level : N/A | Standards Status : Informative | Compartments : Device , Patient , Practitioner |
Raw JSON ( canonical form + also see JSON Format Specification )
Accounting of a Disclosure
{
"resourceType": "AuditEvent",
"id": "example-disclosure",
"text": {
"status": "generated",
"div": "<div xmlns=\"http://www.w3.org/1999/xhtml\">Disclosure by some idiot, for marketing reasons, to places unknown, of a Poor Sap, data about Everthing important.</div>"
},
"type": {
"system": "http://dicom.nema.org/resources/ontology/DCM",
"code": "110106",
"display": "Export"
"div": "<div xmlns=\"http://www.w3.org/1999/xhtml\"><p><b>Generated Narrative: AuditEvent</b><a name=\"example-disclosure\"> </a></p><div style=\"display: inline-block; background-color: #d9e0e7; padding: 6px; margin: 4px; border: 1px solid #8da1b4; border-radius: 5px; line-height: 60%\"><p style=\"margin-bottom: 0px\">Resource AuditEvent "example-disclosure" </p></div><p><b>category</b>: Export <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://dicom.nema.org/resources/ontology/DCM\">DICOM</a>#110106)</span></p><p><b>code</b>: HIPAA disclosure <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> ([not stated]#Disclosure)</span></p><p><b>action</b>: R</p><p><b>severity</b>: notice</p><p><b>recorded</b>: 22/09/2013 10:08:00 AM</p><h3>Outcomes</h3><table class=\"grid\"><tr><td>-</td><td><b>Code</b></td><td><b>Detail</b></td></tr><tr><td>*</td><td>Success (Details: http://terminology.hl7.org/CodeSystem/audit-event-outcome code success = 'Success', stated as 'Success')</td><td>Successful Disclosure <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> ()</span></td></tr></table><p><b>authorization</b>: healthcare marketing <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/3.1.0/CodeSystem-v3-ActReason.html\">ActReason</a>#HMARKT)</span></p><p><b>patient</b>: <span title=\" patient whos data got disclosed \"><a href=\"patient-example.html\">Patient/example</a> "Peter CHALMERS"</span></p><blockquote><p><b>agent</b></p><p><b>type</b>: <span title=\" who disclosed the data \">Source Role ID <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://dicom.nema.org/resources/ontology/DCM\">DICOM</a>#110153)</span></span></p><p><b>who</b>: <span>: That guy everyone wishes would be caught</span></p><p><b>requestor</b>: true</p><p><b>location</b>: <a href=\"location-example.html\">Location/1</a> "South Wing, second floor"</p><p><b>policy</b>: <a href=\"http://consent.com/yes\">http://consent.com/yes</a></p><p><b>network</b>: custodian.net</p></blockquote><blockquote><p><b>agent</b></p><p><b>type</b>: <span title=\" who received the data \">Destination Role ID <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://dicom.nema.org/resources/ontology/DCM\">DICOM</a>#110152)</span></span></p><p><b>who</b>: <a href=\"practitioner-example.html\">Practitioner/example: Where</a> "Adam CAREFUL"</p><p><b>requestor</b>: false</p><p><b>network</b>: marketing.land</p><p><b>authorization</b>: healthcare marketing <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/3.1.0/CodeSystem-v3-ActReason.html\">ActReason</a>#HMARKT)</span></p></blockquote><h3>Sources</h3><table class=\"grid\"><tr><td>-</td><td><b>Observer</b></td><td><b>Type</b></td></tr><tr><td>*</td><td><span title=\" what system detected this disclosure \"><span>: Watchers Accounting of Disclosures Application</span></span></td><td>Application Server <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/3.1.0/CodeSystem-security-source-type.html\">Audit Event Source Type</a>#4)</span></td></tr></table><h3>Entities</h3><table class=\"grid\"><tr><td>-</td><td><b>What</b></td><td><b>Role</b></td><td><b>SecurityLabel</b></td></tr><tr><td>*</td><td><span title=\" data that got disclosed \"><a href=\"patient-example.html\">Patient/example/_history/1: data about Everthing important</a> "Peter CHALMERS"</span></td><td>Domain Resource <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"codesystem-object-role.html\">AuditEventEntityRole</a>#4)</span></td><td>very restricted <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/3.1.0/CodeSystem-v3-Confidentiality.html\">Confidentiality</a>#V)</span>, sexually transmitted disease information sensitivity <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/3.1.0/CodeSystem-v3-ActCode.html\">ActCode</a>#STD)</span>, delete after use <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/3.1.0/CodeSystem-v3-ActCode.html\">ActCode</a>#DELAU)</span></td></tr></table></div>"
},
"subtype": [
"category": [
{
"code": "Disclosure",
"display": "HIPAA disclosure"
"coding": [
{
"system": "http://dicom.nema.org/resources/ontology/DCM",
"code": "110106",
"display": "Export"
}
]
}
],
"code": {
"coding": [
{
"code": "Disclosure",
"display": "HIPAA disclosure"
}
]
},
"action": "R",
"severity": "notice",
"recorded": "2013-09-22T00:08:00Z",
"outcome": "0",
"outcomeDesc": "Successful Disclosure",
"purposeOfEvent": [
"outcome": {
"code": {
"system": "http://terminology.hl7.org/CodeSystem/audit-event-outcome",
"code": "success",
"display": "Success"
},
"detail": [
{
"text": "Successful Disclosure"
}
]
},
"authorization": [
{
"coding": [
{
"system": "http://terminology.hl7.org/CodeSystem/v3-ActReason",
"code": "HMARKT",
"display": "healthcare marketing"
}
]
}
],
"patient": {
"reference": "Patient/example"
},
"agent": [
{
"type": {
"coding": [
{
"system": "http://dicom.nema.org/resources/ontology/DCM",
"code": "110153",
"display": "Source Role ID"
}
]
},
"who": {
"identifier": {
"value": "SomeIdiot@nowhere"
}
},
"display": "That guy everyone wishes would be caught"
},
"altId": "notMe",
"name": "That guy everyone wishes would be caught",
"requestor": true,
"location": {
"reference": "Location/1"
},
"policy": [
"http://consent.com/yes"
],
"network": {
"address": "custodian.net",
"type": "1"
}
"networkString": "custodian.net"
},
{
"type": {
"coding": [
{
"system": "http://dicom.nema.org/resources/ontology/DCM",
"code": "110152",
"display": "Destination Role ID"
}
]
},
"who": {
"reference": "Practitioner/example",
"display": "Where"
},
"requestor": false,
"network": {
"address": "marketing.land",
"type": "1"
},
"purposeOfUse": [
"networkString": "marketing.land",
"authorization": [
{
"coding": [
{
"system": "http://terminology.hl7.org/CodeSystem/v3-ActReason",
"code": "HMARKT",
"display": "healthcare marketing"
}
]
}
]
}
],
"source": {
"site": "Watcher",
"observer": {
"display": "Watchers Accounting of Disclosures Application"
},
"type": [
{
"system": "http://terminology.hl7.org/CodeSystem/security-source-type",
"code": "4",
"display": "Application Server"
"coding": [
{
"system": "http://terminology.hl7.org/CodeSystem/security-source-type",
"code": "4",
"display": "Application Server"
}
]
}
]
},
"entity": [
{
"what": {
"reference": "Patient/example"
},
"type": {
"system": "http://terminology.hl7.org/CodeSystem/audit-entity-type",
"code": "1",
"display": "Person"
},
"role": {
"system": "http://terminology.hl7.org/CodeSystem/object-role",
"code": "1",
"display": "Patient"
}
},
{
"what": {
"reference": "Patient/example/_history/1",
"identifier": {
"value": "What.id"
}
},
"type": {
"system": "http://terminology.hl7.org/CodeSystem/audit-entity-type",
"code": "2",
"display": "System Object"
},
"display": "data about Everthing important"
},
"role": {
"system": "http://terminology.hl7.org/CodeSystem/object-role",
"code": "4",
"display": "Domain Resource"
},
"lifecycle": {
"system": "http://terminology.hl7.org/CodeSystem/dicom-audit-lifecycle",
"code": "11",
"display": "Disclosure"
"coding": [
{
"system": "http://terminology.hl7.org/CodeSystem/object-role",
"code": "4",
"display": "Domain Resource"
}
]
},
"securityLabel": [
{
"system": "http://terminology.hl7.org/CodeSystem/v3-Confidentiality",
"code": "V",
"display": "very restricted"
"coding": [
{
"system": "http://terminology.hl7.org/CodeSystem/v3-Confidentiality",
"code": "V",
"display": "very restricted"
}
]
},
{
"system": "http://terminology.hl7.org/CodeSystem/v3-ActCode",
"code": "STD",
"display": "sexually transmitted disease information sensitivity"
"coding": [
{
"system": "http://terminology.hl7.org/CodeSystem/v3-ActCode",
"code": "STD",
"display": "sexually transmitted disease information sensitivity"
}
]
},
{
"system": "http://terminology.hl7.org/CodeSystem/v3-ActCode",
"code": "DELAU",
"display": "delete after use"
"coding": [
{
"system": "http://terminology.hl7.org/CodeSystem/v3-ActCode",
"code": "DELAU",
"display": "delete after use"
}
]
}
],
"name": "Namne of What",
"description": "data about Everthing important"
]
}
]
}
Usage note: every effort has been made to ensure that the examples are correct and useful, but they are not a normative part of the specification.
FHIR
®©
HL7.org
2011+.
FHIR
Release
4B
(v4.3.0)
hl7.fhir.r4b.core#4.3.0
R5
Ballot
hl7.fhir.core#5.0.0-ballot
generated
on
Sat,
May
28,
Sep
10,
2022
12:53+1000.
05:01+1000.
Links:
Search
|
Version
History
|
Table
of
Contents
|
Glossary
|
QA
Page
|
Compare
to
R4
R4B
|
Compare
to
R5
Draft
|
|
Propose
a
change