Release
4
5
Snapshot
#1
Security
and
Privacy
This
page
is
part
of
the
FHIR
Specification
(v4.0.1:
R4
-
Mixed
Normative
and
STU
)
in
it's
permanent
home
(it
will
always
be
available
at
this
URL).
(v5.0.0-snapshot1:
Release
5
Snapshot
#1).
The
current
version
which
supercedes
this
version
is
5.0.0
.
For
a
full
list
of
available
versions,
see
the
Directory
of
published
versions
.
Page
versions:
R5
R4B
R4
R3
R2
| Security Work Group | Maturity Level : N/A | Standards Status : Informative | Compartments : Device , Patient , Practitioner |
Raw XML ( canonical form + also see XML Format Specification )
Accounting of a Disclosure (id = "example-disclosure")
<?xml version="1.0" encoding="UTF-8"?><AuditEvent xmlns="http://hl7.org/fhir"> <id value="example-disclosure"/> <text> <status value="generated"/>Disclosure by some idiot, for marketing reasons, to places unknown, of a Poor Sap, data about Everthing important.<div xmlns="http://www.w3.org/1999/xhtml"> <p> Disclosure by some idiot, for marketing reasons, to places unknown, of a Poor Sap, data about Everthing important.</p> <p> <b> category:</b> Export</p> <p> <b> code:</b> HIPAA Disclosure</p> <p> <b> action:</b> Read</p> <p> <b> severity:</b> Notice: normal but signficant condition</p> <p> <b> recorded:</b> September 22, 2013</p> <p> <b> PurposeOfEvent:</b> Healthcare Marketing</p> <p> <b> source agent:</b> user ID</p> <p> <b> source agent location:</b> Location 1</p> <p> <b> source agent network id:</b> custodian.net</p> <p> <b> recipient agent:</b> practitioner ID</p> <p> <b> recipient agent network id:</b> marketing.land</p> <p> <b> patient:</b> patient identity</p> <p> <b> data exposed:</b> list of data</p> </div> </text> <category> <coding> <system value="http://dicom.nema.org/resources/ontology/DCM"/> <code value="110106"/> <display value="Export"/> </coding> </category> <code> <coding> <code value="Disclosure"/> <display value="HIPAA disclosure"/> </coding> </code> <action value="R"/> <severity value="notice"/> <recorded value="2013-09-22T00:08:00Z"/><outcome> <code> <system value="http://terminology.hl7.org/CodeSystem/audit-event-outcome"/> <code value="success"/> <display value="Success"/> </code> <detail> <text value="Successful Disclosure"/> </detail> </outcome> <authorization> <coding> <system value="http://terminology.hl7.org/CodeSystem/v3-ActReason"/> <code value="HMARKT"/> <display value="healthcare marketing"/></coding> </authorization> <agent> <!-- who disclosed the data --> <type> <coding> <system value="http://dicom.nema.org/resources/ontology/DCM"/> <code value="110153"/> <display value="Source Role ID"/> </coding> </type> <who><identifier> <value value="SomeIdiot@nowhere"/></identifier> <display value="That guy everyone wishes would be caught"/> </who><requestor value="true"/> <location><reference value="Location/1"/> </location> <policy value="http://consent.com/yes"/><networkString value="custodian.net"/> </agent> <agent> <!-- who received the data --> <type> <coding> <system value="http://dicom.nema.org/resources/ontology/DCM"/> <code value="110152"/> <display value="Destination Role ID"/> </coding> </type> <who><reference value="Practitioner/example"/> <display value="Where"/> </who> <requestor value="false"/><networkString value="marketing.land"/> <authorization> <coding> <system value="http://terminology.hl7.org/CodeSystem/v3-ActReason"/> <code value="HMARKT"/> <display value="healthcare marketing"/></coding> </authorization> </agent> <source> <!-- what system detected this disclosure --><observer><display value="Watchers Accounting of Disclosures Application"/> </observer> <type><coding> <system value="http://terminology.hl7.org/CodeSystem/security-source-type"/> <code value="4"/> <display value="Application Server"/> </coding> </type> </source> <entity> <!-- patient whos data got disclosed --> <what><reference value="Patient/example"/> </what><role><coding> <system value="http://terminology.hl7.org/CodeSystem/object-role"/> <code value="1"/> <display value="Patient"/> </coding> </role> </entity> <entity> <!-- data that got disclosed --> <what><reference value="Patient/example/_history/1"/> <identifier> <value value="What.id"/></identifier> <display value="data about Everthing important"/> </what><role><coding> <system value="http://terminology.hl7.org/CodeSystem/object-role"/> <code value="4"/> <display value="Domain Resource"/> </coding> </role><securityLabel><coding> <system value="http://terminology.hl7.org/CodeSystem/v3-Confidentiality"/> <code value="V"/> <display value="very restricted"/> </coding> </securityLabel> <securityLabel><coding> <system value="http://terminology.hl7.org/CodeSystem/v3-ActCode"/> <code value="STD"/> <display value="sexually transmitted disease information sensitivity"/> </coding> </securityLabel> <securityLabel><coding> <system value="http://terminology.hl7.org/CodeSystem/v3-ActCode"/> <code value="DELAU"/> <display value="delete after use"/> </coding> </securityLabel></entity> </ AuditEvent >
Usage note: every effort has been made to ensure that the examples are correct and useful, but they are not a normative part of the specification.
FHIR
®©
HL7.org
2011+.
FHIR
Release
4
(Technical
Correction
#1)
(v4.0.1)
R5
Draft
Ballot
hl7.fhir.core#5.0.0-snapshot1
generated
on
Fri,
Nov
1,
2019
09:34+1100.
QA
Page
Sun,
Dec
19,
2021
08:19+1100.
Links:
Search
|
Version
History
|
Table
of
Contents
|
Credits
QA
Page
|
Compare
to
R3
R4
|
|
Propose
a
change