Release
4B
5
Security
and
Privacy
This
page
is
part
of
the
FHIR
Specification
(v4.3.0:
R4B
(v5.0.0:
R5
-
STU
).
The
This
is
the
current
published
version
which
supercedes
in
it's
permanent
home
(it
will
always
be
available
at
this
version
is
5.0.0
.
URL).
For
a
full
list
of
available
versions,
see
the
Directory
of
published
versions
.
Page
versions:
R5
R4B
R5
R4B
R4
R3
R2
| Security Work Group | Maturity Level : N/A | Standards Status : Informative | Compartments : Device , Patient , Practitioner |
Raw JSON ( canonical form + also see JSON Format Specification )
Accounting of a Disclosure
{
"resourceType": "AuditEvent",
"id": "example-disclosure",
"text": {
"status": "generated",
"div": "<div xmlns=\"http://www.w3.org/1999/xhtml\">Disclosure by some idiot, for marketing reasons, to places unknown, of a Poor Sap, data about Everthing important.</div>"
"resourceType" : "AuditEvent",
"id" : "example-disclosure",
"text" : {
"status" : "generated",
"div" : "<div xmlns=\"http://www.w3.org/1999/xhtml\"><p><b>Generated Narrative: AuditEvent</b><a name=\"example-disclosure\"> </a></p><div style=\"display: inline-block; background-color: #d9e0e7; padding: 6px; margin: 4px; border: 1px solid #8da1b4; border-radius: 5px; line-height: 60%\"><p style=\"margin-bottom: 0px\">Resource AuditEvent "example-disclosure" </p></div><p><b>category</b>: Export <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://dicom.nema.org/resources/ontology/DCM\">DICOM</a>#110106)</span></p><p><b>code</b>: HIPAA disclosure <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> ([not stated]#Disclosure)</span></p><p><b>action</b>: R</p><p><b>severity</b>: notice</p><p><b>recorded</b>: 22 Sept 2013, 10:08:00 am</p><h3>Outcomes</h3><table class=\"grid\"><tr><td>-</td><td><b>Code</b></td><td><b>Detail</b></td></tr><tr><td>*</td><td>Success (Details: http://terminology.hl7.org/CodeSystem/audit-event-outcome code 0 = 'Success', stated as 'Success')</td><td>Successful Disclosure <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> ()</span></td></tr></table><p><b>authorization</b>: healthcare marketing <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActReason.html\">ActReason</a>#HMARKT)</span></p><p><b>patient</b>: <span title=\" patient whos data got disclosed \"><a href=\"patient-example.html\">Patient/example</a> "Peter CHALMERS"</span></p><blockquote><p><b>agent</b></p><p><b>type</b>: <span title=\" who disclosed the data \">Source Role ID <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://dicom.nema.org/resources/ontology/DCM\">DICOM</a>#110153)</span></span></p><p><b>who</b>: <span>: That guy everyone wishes would be caught</span></p><p><b>requestor</b>: true</p><p><b>location</b>: <a href=\"location-example.html\">Location/1</a> "South Wing, second floor"</p><p><b>policy</b>: <a href=\"http://consent.com/yes\">http://consent.com/yes</a></p><p><b>network</b>: custodian.net</p></blockquote><blockquote><p><b>agent</b></p><p><b>type</b>: <span title=\" who received the data \">Destination Role ID <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://dicom.nema.org/resources/ontology/DCM\">DICOM</a>#110152)</span></span></p><p><b>who</b>: <a href=\"practitioner-example.html\">Practitioner/example: Where</a> "Adam CAREFUL"</p><p><b>requestor</b>: false</p><p><b>network</b>: marketing.land</p><p><b>authorization</b>: healthcare marketing <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActReason.html\">ActReason</a>#HMARKT)</span></p></blockquote><h3>Sources</h3><table class=\"grid\"><tr><td>-</td><td><b>Observer</b></td><td><b>Type</b></td></tr><tr><td>*</td><td><span title=\" what system detected this disclosure \"><span>: Watchers Accounting of Disclosures Application</span></span></td><td>Application Server <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-security-source-type.html\">Audit Event Source Type</a>#4)</span></td></tr></table><h3>Entities</h3><table class=\"grid\"><tr><td>-</td><td><b>What</b></td><td><b>Role</b></td><td><b>SecurityLabel</b></td></tr><tr><td>*</td><td><span title=\" data that got disclosed \"><a href=\"patient-example.html\">Patient/example/_history/1: data about Everthing important</a> "Peter CHALMERS"</span></td><td>Domain Resource <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-object-role.html\">AuditEventEntityRole</a>#4)</span></td><td>very restricted <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-Confidentiality.html\">Confidentiality</a>#V)</span>, sexually transmitted disease information sensitivity <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html\">ActCode</a>#STD)</span>, delete after use <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html\">ActCode</a>#DELAU)</span></td></tr></table></div>"
},
"type": {
"system": "http://dicom.nema.org/resources/ontology/DCM",
"code": "110106",
"display": "Export"
"category" : [{
"coding" : [{
"system" : "http://dicom.nema.org/resources/ontology/DCM",
"code" : "110106",
"display" : "Export"
}]
}],
"code" : {
"coding" : [{
"code" : "Disclosure",
"display" : "HIPAA disclosure"
}]
},
"subtype": [
{
"code": "Disclosure",
"display": "HIPAA disclosure"
}
],
"action": "R",
"recorded": "2013-09-22T00:08:00Z",
"outcome": "0",
"outcomeDesc": "Successful Disclosure",
"purposeOfEvent": [
{
"coding": [
{
"system": "http://terminology.hl7.org/CodeSystem/v3-ActReason",
"code": "HMARKT",
"display": "healthcare marketing"
}
]
}
],
"agent": [
{
"type": {
"coding": [
{
"system": "http://dicom.nema.org/resources/ontology/DCM",
"code": "110153",
"display": "Source Role ID"
}
]
},
"who": {
"identifier": {
"value": "SomeIdiot@nowhere"
}
},
"altId": "notMe",
"name": "That guy everyone wishes would be caught",
"requestor": true,
"location": {
"reference": "Location/1"
},
"policy": [
"http://consent.com/yes"
],
"network": {
"address": "custodian.net",
"type": "1"
}
"action" : "R",
"severity" : "notice",
"recorded" : "2013-09-22T00:08:00Z",
"outcome" : {
"code" : {
"system" : "http://terminology.hl7.org/CodeSystem/audit-event-outcome",
"code" : "0",
"display" : "Success"
},
{
"type": {
"coding": [
{
"system": "http://dicom.nema.org/resources/ontology/DCM",
"code": "110152",
"display": "Destination Role ID"
}
]
},
"who": {
"reference": "Practitioner/example",
"display": "Where"
},
"requestor": false,
"network": {
"address": "marketing.land",
"type": "1"
"detail" : [{
"text" : "Successful Disclosure"
}]
},
"authorization" : [{
"coding" : [{
"system" : "http://terminology.hl7.org/CodeSystem/v3-ActReason",
"code" : "HMARKT",
"display" : "healthcare marketing"
}]
}],
"patient" : {
"reference" : "Patient/example"
},
"agent" : [{
"type" : {
"coding" : [{
"system" : "http://dicom.nema.org/resources/ontology/DCM",
"code" : "110153",
"display" : "Source Role ID"
}]
},
"who" : {
"identifier" : {
"value" : "SomeIdiot@nowhere"
},
"purposeOfUse": [
{
"coding": [
{
"system": "http://terminology.hl7.org/CodeSystem/v3-ActReason",
"code": "HMARKT",
"display": "healthcare marketing"
}
]
}
]
}
],
"source": {
"site": "Watcher",
"observer": {
"display": "Watchers Accounting of Disclosures Application"
"display" : "That guy everyone wishes would be caught"
},
"type": [
{
"system": "http://terminology.hl7.org/CodeSystem/security-source-type",
"code": "4",
"display": "Application Server"
}
]
"requestor" : true,
"location" : {
"reference" : "Location/1"
},
"policy" : ["http://consent.com/yes"],
"networkString" : "custodian.net"
},
"entity": [
{
"what": {
"reference": "Patient/example"
},
"type": {
"system": "http://terminology.hl7.org/CodeSystem/audit-entity-type",
"code": "1",
"display": "Person"
{
"type" : {
"coding" : [{
"system" : "http://dicom.nema.org/resources/ontology/DCM",
"code" : "110152",
"display" : "Destination Role ID"
}]
},
"who" : {
"reference" : "Practitioner/example",
"display" : "Where"
},
"requestor" : false,
"networkString" : "marketing.land",
"authorization" : [{
"coding" : [{
"system" : "http://terminology.hl7.org/CodeSystem/v3-ActReason",
"code" : "HMARKT",
"display" : "healthcare marketing"
}]
}]
}],
"source" : {
"observer" : {
"display" : "Watchers Accounting of Disclosures Application"
},
"type" : [{
"coding" : [{
"system" : "http://terminology.hl7.org/CodeSystem/security-source-type",
"code" : "4",
"display" : "Application Server"
}]
}]
},
"entity" : [{
"what" : {
"reference" : "Patient/example/_history/1",
"identifier" : {
"value" : "What.id"
},
"role": {
"system": "http://terminology.hl7.org/CodeSystem/object-role",
"code": "1",
"display": "Patient"
}
"display" : "data about Everthing important"
},
"role" : {
"coding" : [{
"system" : "http://terminology.hl7.org/CodeSystem/object-role",
"code" : "4",
"display" : "Domain Resource"
}]
},
"securityLabel" : [{
"coding" : [{
"system" : "http://terminology.hl7.org/CodeSystem/v3-Confidentiality",
"code" : "V",
"display" : "very restricted"
}]
},
{
"what": {
"reference": "Patient/example/_history/1",
"identifier": {
"value": "What.id"
}
},
"type": {
"system": "http://terminology.hl7.org/CodeSystem/audit-entity-type",
"code": "2",
"display": "System Object"
},
"role": {
"system": "http://terminology.hl7.org/CodeSystem/object-role",
"code": "4",
"display": "Domain Resource"
},
"lifecycle": {
"system": "http://terminology.hl7.org/CodeSystem/dicom-audit-lifecycle",
"code": "11",
"display": "Disclosure"
},
"securityLabel": [
{
"system": "http://terminology.hl7.org/CodeSystem/v3-Confidentiality",
"code": "V",
"display": "very restricted"
},
{
"system": "http://terminology.hl7.org/CodeSystem/v3-ActCode",
"code": "STD",
"display": "sexually transmitted disease information sensitivity"
},
{
"system": "http://terminology.hl7.org/CodeSystem/v3-ActCode",
"code": "DELAU",
"display": "delete after use"
}
],
"name": "Namne of What",
"description": "data about Everthing important"
}
]
"coding" : [{
"system" : "http://terminology.hl7.org/CodeSystem/v3-ActCode",
"code" : "STD",
"display" : "sexually transmitted disease information sensitivity"
}]
},
{
"coding" : [{
"system" : "http://terminology.hl7.org/CodeSystem/v3-ActCode",
"code" : "DELAU",
"display" : "delete after use"
}]
}]
}]
}
Usage note: every effort has been made to ensure that the examples are correct and useful, but they are not a normative part of the specification.
FHIR
®©
HL7.org
2011+.
FHIR
Release
4B
(v4.3.0)
hl7.fhir.r4b.core#4.3.0
R5
hl7.fhir.core#5.0.0
generated
on
Sat,
May
28,
2022
12:53+1000.
Sun,
Mar
26,
2023
15:24+1100.
Links:
Search
|
Version
History
|
Table
of
Contents
|
Glossary
|
QA
Page
|
Compare
to
R4
|
Compare
to
R4B
|
|
Propose
a
change