Release
4
5
Security
and
Privacy
This
page
is
part
of
the
FHIR
Specification
(v4.0.1:
R4
(v5.0.0:
R5
-
Mixed
Normative
and
STU
)
).
This
is
the
current
published
version
in
it's
permanent
home
(it
will
always
be
available
at
this
URL).
The
current
version
which
supercedes
this
version
is
5.0.0
.
For
a
full
list
of
available
versions,
see
the
Directory
of
published
versions
.
Page
versions:
R5
R4B
R4
R3
| Security Work Group | Maturity Level : N/A | Standards Status : Informative | Compartments : Device , Patient , Practitioner |
Raw Turtle (+ also see Turtle/RDF Format Specification )
Accounting of a Disclosure
@prefix fhir: <http://hl7.org/fhir/> . @prefix owl: <http://www.w3.org/2002/07/owl#> . @prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> . @prefix xsd: <http://www.w3.org/2001/XMLSchema#> . # - resource -------------------------------------------------------------------<http://hl7.org/fhir/AuditEvent/example-disclosure> a fhir:AuditEvent; fhir:nodeRole fhir:treeRoot; fhir:Resource.id [ fhir:value "example-disclosure"]; fhir:DomainResource.text [ fhir:Narrative.status [ fhir:value "generated" ]; fhir:Narrative.div "<div xmlns=\"http://www.w3.org/1999/xhtml\">Disclosure by some idiot, for marketing reasons, to places unknown, of a Poor Sap, data about Everthing important.</div>" ]; fhir:AuditEvent.type [ fhir:Coding.system [ fhir:value "http://dicom.nema.org/resources/ontology/DCM" ]; fhir:Coding.code [ fhir:value "110106" ]; fhir:Coding.display [ fhir:value "Export" ] ]; fhir:AuditEvent.subtype [ fhir:index 0; fhir:Coding.code [ fhir:value "Disclosure" ]; fhir:Coding.display [ fhir:value "HIPAA disclosure" ] ]; fhir:AuditEvent.action [ fhir:value "R"]; fhir:AuditEvent.recorded [ fhir:value "2013-09-22T00:08:00Z"^^xsd:dateTime]; fhir:AuditEvent.outcome [ fhir:value "0"]; fhir:AuditEvent.outcomeDesc [ fhir:value "Successful Disclosure"]; fhir:AuditEvent.purposeOfEvent [ fhir:index 0; fhir:CodeableConcept.coding [ fhir:index 0; fhir:Coding.system [ fhir:value "http://terminology.hl7.org/CodeSystem/v3-ActReason" ]; fhir:Coding.code [ fhir:value "HMARKT" ]; fhir:Coding.display [ fhir:value "healthcare marketing" ] ] ]; fhir:AuditEvent.agent [ fhir:index 0; fhir:AuditEvent.agent.type [ fhir:CodeableConcept.coding [ fhir:index 0; fhir:Coding.system [ fhir:value "http://dicom.nema.org/resources/ontology/DCM" ]; fhir:Coding.code [ fhir:value "110153" ]; fhir:Coding.display [ fhir:value "Source Role ID" ] ] ]; fhir:AuditEvent.agent.who [ fhir:Reference.identifier [ fhir:Identifier.value [ fhir:value "SomeIdiot@nowhere" ] ] ]; fhir:AuditEvent.agent.altId [ fhir:value "notMe" ]; fhir:AuditEvent.agent.name [ fhir:value "That guy everyone wishes would be caught" ]; fhir:AuditEvent.agent.requestor [ fhir:value "true"^^xsd:boolean ]; fhir:AuditEvent.agent.location [ fhir:link <http://hl7.org/fhir/Location/1>; fhir:Reference.reference [ fhir:value "Location/1" ] ]; fhir:AuditEvent.agent.policy [ fhir:value "http://consent.com/yes"; fhir:index 0 ]; fhir:AuditEvent.agent.network [ fhir:AuditEvent.agent.network.address [ fhir:value "custodian.net" ]; fhir:AuditEvent.agent.network.type [ fhir:value "1" ] ] ], [ fhir:index 1; fhir:AuditEvent.agent.type [ fhir:CodeableConcept.coding [ fhir:index 0; fhir:Coding.system [ fhir:value "http://dicom.nema.org/resources/ontology/DCM" ]; fhir:Coding.code [ fhir:value "110152" ]; fhir:Coding.display [ fhir:value "Destination Role ID" ] ] ]; fhir:AuditEvent.agent.who [ fhir:link <http://hl7.org/fhir/Practitioner/example>; fhir:Reference.reference [ fhir:value "Practitioner/example" ]; fhir:Reference.display [ fhir:value "Where" ] ]; fhir:AuditEvent.agent.requestor [ fhir:value "false"^^xsd:boolean ]; fhir:AuditEvent.agent.network [ fhir:AuditEvent.agent.network.address [ fhir:value "marketing.land" ]; fhir:AuditEvent.agent.network.type [ fhir:value "1" ] ]; fhir:AuditEvent.agent.purposeOfUse [ fhir:index 0; fhir:CodeableConcept.coding [ fhir:index 0; fhir:Coding.system [ fhir:value "http://terminology.hl7.org/CodeSystem/v3-ActReason" ]; fhir:Coding.code [ fhir:value "HMARKT" ]; fhir:Coding.display [ fhir:value "healthcare marketing" ] ] ] ]; fhir:AuditEvent.source [ fhir:AuditEvent.source.site [ fhir:value "Watcher" ]; fhir:AuditEvent.source.observer [ fhir:Reference.display [ fhir:value "Watchers Accounting of Disclosures Application" ] ]; fhir:AuditEvent.source.type [ fhir:index 0; fhir:Coding.system [ fhir:value "http://terminology.hl7.org/CodeSystem/security-source-type" ]; fhir:Coding.code [ fhir:value "4" ]; fhir:Coding.display [ fhir:value "Application Server" ] ] ]; fhir:AuditEvent.entity [ fhir:index 0; fhir:AuditEvent.entity.what [ fhir:link <http://hl7.org/fhir/Patient/example>; fhir:Reference.reference [ fhir:value "Patient/example" ] ]; fhir:AuditEvent.entity.type [ fhir:Coding.system [ fhir:value "http://terminology.hl7.org/CodeSystem/audit-entity-type" ]; fhir:Coding.code [ fhir:value "1" ]; fhir:Coding.display [ fhir:value "Person" ] ]; fhir:AuditEvent.entity.role [ fhir:Coding.system [ fhir:value "http://terminology.hl7.org/CodeSystem/object-role" ]; fhir:Coding.code [ fhir:value "1" ]; fhir:Coding.display [ fhir:value "Patient" ] ] ], [ fhir:index 1; fhir:AuditEvent.entity.what [ fhir:link <http://hl7.org/fhir/Patient/example/_history/1>; fhir:Reference.reference [ fhir:value "Patient/example/_history/1" ]; fhir:Reference.identifier [ fhir:Identifier.value [ fhir:value "What.id" ] ] ]; fhir:AuditEvent.entity.type [ fhir:Coding.system [ fhir:value "http://terminology.hl7.org/CodeSystem/audit-entity-type" ]; fhir:Coding.code [ fhir:value "2" ]; fhir:Coding.display [ fhir:value "System Object" ] ]; fhir:AuditEvent.entity.role [ fhir:Coding.system [ fhir:value "http://terminology.hl7.org/CodeSystem/object-role" ]; fhir:Coding.code [ fhir:value "4" ]; fhir:Coding.display [ fhir:value "Domain Resource" ] ]; fhir:AuditEvent.entity.lifecycle [ fhir:Coding.system [ fhir:value "http://terminology.hl7.org/CodeSystem/dicom-audit-lifecycle" ]; fhir:Coding.code [ fhir:value "11" ]; fhir:Coding.display [ fhir:value "Disclosure" ] ]; fhir:AuditEvent.entity.securityLabel [ fhir:index 0; fhir:Coding.system [ fhir:value "http://terminology.hl7.org/CodeSystem/v3-Confidentiality" ]; fhir:Coding.code [ fhir:value "V" ]; fhir:Coding.display [ fhir:value "very restricted" ] ], [ fhir:index 1; fhir:Coding.system [ fhir:value "http://terminology.hl7.org/CodeSystem/v3-ActCode" ]; fhir:Coding.code [ fhir:value "STD" ]; fhir:Coding.display [ fhir:value "sexually transmitted disease information sensitivity" ] ], [ fhir:index 2; fhir:Coding.system [ fhir:value "http://terminology.hl7.org/CodeSystem/v3-ActCode" ]; fhir:Coding.code [ fhir:value "DELAU" ]; fhir:Coding.display [ fhir:value "delete after use" ] ]; fhir:AuditEvent.entity.name [ fhir:value "Namne of What" ]; fhir:AuditEvent.entity.description [ fhir:value "data about Everthing important" ] ] . <http://hl7.org/fhir/Location/1> a fhir:Location . <http://hl7.org/fhir/Practitioner/example> a fhir:Practitioner . <http://hl7.org/fhir/Patient/example> a fhir:Patient . <http://hl7.org/fhir/Patient/example/_history/1> a fhir:Patient . # - ontology header ------------------------------------------------------------ <http://hl7.org/fhir/AuditEvent/example-disclosure.ttl> a owl:Ontology; owl:imports fhir:fhir.ttl; owl:versionIRI <http://build.fhir.org/AuditEvent/example-disclosure.ttl> .[a fhir:AuditEvent ; fhir:nodeRole fhir:treeRoot ; fhir:id [ fhir:v "example-disclosure"] ; # fhir:text [ fhir:status [ fhir:v "generated" ] ; fhir:div "<div xmlns=\"http://www.w3.org/1999/xhtml\"><p><b>Generated Narrative: AuditEvent</b><a name=\"example-disclosure\"> </a></p><div style=\"display: inline-block; background-color: #d9e0e7; padding: 6px; margin: 4px; border: 1px solid #8da1b4; border-radius: 5px; line-height: 60%\"><p style=\"margin-bottom: 0px\">Resource AuditEvent "example-disclosure" </p></div><p><b>category</b>: Export <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://dicom.nema.org/resources/ontology/DCM\">DICOM</a>#110106)</span></p><p><b>code</b>: HIPAA disclosure <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> ([not stated]#Disclosure)</span></p><p><b>action</b>: R</p><p><b>severity</b>: notice</p><p><b>recorded</b>: 22 Sept 2013, 10:08:00 am</p><h3>Outcomes</h3><table class=\"grid\"><tr><td>-</td><td><b>Code</b></td><td><b>Detail</b></td></tr><tr><td>*</td><td>Success (Details: http://terminology.hl7.org/CodeSystem/audit-event-outcome code 0 = 'Success', stated as 'Success')</td><td>Successful Disclosure <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> ()</span></td></tr></table><p><b>authorization</b>: healthcare marketing <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActReason.html\">ActReason</a>#HMARKT)</span></p><p><b>patient</b>: <span title=\" patient whos data got disclosed \"><a href=\"patient-example.html\">Patient/example</a> "Peter CHALMERS"</span></p><blockquote><p><b>agent</b></p><p><b>type</b>: <span title=\" who disclosed the data \">Source Role ID <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://dicom.nema.org/resources/ontology/DCM\">DICOM</a>#110153)</span></span></p><p><b>who</b>: <span>: That guy everyone wishes would be caught</span></p><p><b>requestor</b>: true</p><p><b>location</b>: <a href=\"location-example.html\">Location/1</a> "South Wing, second floor"</p><p><b>policy</b>: <a href=\"http://consent.com/yes\">http://consent.com/yes</a></p><p><b>network</b>: custodian.net</p></blockquote><blockquote><p><b>agent</b></p><p><b>type</b>: <span title=\" who received the data \">Destination Role ID <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://dicom.nema.org/resources/ontology/DCM\">DICOM</a>#110152)</span></span></p><p><b>who</b>: <a href=\"practitioner-example.html\">Practitioner/example: Where</a> "Adam CAREFUL"</p><p><b>requestor</b>: false</p><p><b>network</b>: marketing.land</p><p><b>authorization</b>: healthcare marketing <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActReason.html\">ActReason</a>#HMARKT)</span></p></blockquote><h3>Sources</h3><table class=\"grid\"><tr><td>-</td><td><b>Observer</b></td><td><b>Type</b></td></tr><tr><td>*</td><td><span title=\" what system detected this disclosure \"><span>: Watchers Accounting of Disclosures Application</span></span></td><td>Application Server <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-security-source-type.html\">Audit Event Source Type</a>#4)</span></td></tr></table><h3>Entities</h3><table class=\"grid\"><tr><td>-</td><td><b>What</b></td><td><b>Role</b></td><td><b>SecurityLabel</b></td></tr><tr><td>*</td><td><span title=\" data that got disclosed \"><a href=\"patient-example.html\">Patient/example/_history/1: data about Everthing important</a> "Peter CHALMERS"</span></td><td>Domain Resource <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-object-role.html\">AuditEventEntityRole</a>#4)</span></td><td>very restricted <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-Confidentiality.html\">Confidentiality</a>#V)</span>, sexually transmitted disease information sensitivity <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html\">ActCode</a>#STD)</span>, delete after use <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html\">ActCode</a>#DELAU)</span></td></tr></table></div>" ] ; # fhir:category ( [ fhir:coding ( [ fhir:system [ fhir:v "http://dicom.nema.org/resources/ontology/DCM"^^xsd:anyURI ] ; fhir:code [ fhir:v "110106" ] ; fhir:display [ fhir:v "Export" ] ] ) ] ) ; # fhir:code [ fhir:coding ( [ fhir:code [ fhir:v "Disclosure" ] ; fhir:display [ fhir:v "HIPAA disclosure" ] ] ) ] ; # fhir:action [ fhir:v "R"] ; # fhir:severity [ fhir:v "notice"] ; # fhir:recorded [ fhir:v "2013-09-22T00:08:00Z"^^xsd:dateTime] ; # fhir:outcome [ fhir:code [ fhir:system [ fhir:v "http://terminology.hl7.org/CodeSystem/audit-event-outcome"^^xsd:anyURI ] ; fhir:code [ fhir:v "0" ] ; fhir:display [ fhir:v "Success" ] ] ; fhir:detail ( [ fhir:text [ fhir:v "Successful Disclosure" ] ] ) ] ; # fhir:authorization ( [ fhir:coding ( [ fhir:system [ fhir:v "http://terminology.hl7.org/CodeSystem/v3-ActReason"^^xsd:anyURI ] ; fhir:code [ fhir:v "HMARKT" ] ; fhir:display [ fhir:v "healthcare marketing" ] ] ) ] ) ; # fhir:patient [ fhir:reference [ fhir:v "Patient/example" ] ] ; # patient whos data got disclosed fhir:agent ( [ fhir:type [ fhir:coding ( [ fhir:system [ fhir:v "http://dicom.nema.org/resources/ontology/DCM"^^xsd:anyURI ] ; fhir:code [ fhir:v "110153" ] ; fhir:display [ fhir:v "Source Role ID" ] ] ) ] ; # who disclosed the data fhir:who [ fhir:identifier [ fhir:value [ fhir:v "SomeIdiot@nowhere" ] ] ; fhir:display [ fhir:v "That guy everyone wishes would be caught" ] ] ; fhir:requestor [ fhir:v "true"^^xsd:boolean ] ; fhir:location [ fhir:reference [ fhir:v "Location/1" ] ] ; fhir:policy ( [ fhir:v "http://consent.com/yes"^^xsd:anyURI ] ) ; fhir:network [ fhir:v "custodian.net" ] ] [ fhir:type [ fhir:coding ( [ fhir:system [ fhir:v "http://dicom.nema.org/resources/ontology/DCM"^^xsd:anyURI ] ; fhir:code [ fhir:v "110152" ] ; fhir:display [ fhir:v "Destination Role ID" ] ] ) ] ; # who received the data fhir:who [ fhir:reference [ fhir:v "Practitioner/example" ] ; fhir:display [ fhir:v "Where" ] ] ; fhir:requestor [ fhir:v "false"^^xsd:boolean ] ; fhir:network [ fhir:v "marketing.land" ] ; fhir:authorization ( [ fhir:coding ( [ fhir:system [ fhir:v "http://terminology.hl7.org/CodeSystem/v3-ActReason"^^xsd:anyURI ] ; fhir:code [ fhir:v "HMARKT" ] ; fhir:display [ fhir:v "healthcare marketing" ] ] ) ] ) ] ) ; # fhir:source [ fhir:observer [ fhir:display [ fhir:v "Watchers Accounting of Disclosures Application" ] ] ; # what system detected this disclosure fhir:type ( [ fhir:coding ( [ fhir:system [ fhir:v "http://terminology.hl7.org/CodeSystem/security-source-type"^^xsd:anyURI ] ; fhir:code [ fhir:v "4" ] ; fhir:display [ fhir:v "Application Server" ] ] ) ] ) ] ; # fhir:entity ( [ fhir:what [ fhir:reference [ fhir:v "Patient/example/_history/1" ] ; fhir:identifier [ fhir:value [ fhir:v "What.id" ] ] ; fhir:display [ fhir:v "data about Everthing important" ] ] ; # data that got disclosed fhir:role [ fhir:coding ( [ fhir:system [ fhir:v "http://terminology.hl7.org/CodeSystem/object-role"^^xsd:anyURI ] ; fhir:code [ fhir:v "4" ] ; fhir:display [ fhir:v "Domain Resource" ] ] ) ] ; fhir:securityLabel ( [ fhir:coding ( [ fhir:system [ fhir:v "http://terminology.hl7.org/CodeSystem/v3-Confidentiality"^^xsd:anyURI ] ; fhir:code [ fhir:v "V" ] ; fhir:display [ fhir:v "very restricted" ] ] ) ] [ fhir:coding ( [ fhir:system [ fhir:v "http://terminology.hl7.org/CodeSystem/v3-ActCode"^^xsd:anyURI ] ; fhir:code [ fhir:v "STD" ] ; fhir:display [ fhir:v "sexually transmitted disease information sensitivity" ] ] ) ] [ fhir:coding ( [ fhir:system [ fhir:v "http://terminology.hl7.org/CodeSystem/v3-ActCode"^^xsd:anyURI ] ; fhir:code [ fhir:v "DELAU" ] ; fhir:display [ fhir:v "delete after use" ] ] ) ] ) ] )] . # # -------------------------------------------------------------------------------------
Usage note: every effort has been made to ensure that the examples are correct and useful, but they are not a normative part of the specification.
FHIR
®©
HL7.org
2011+.
FHIR
Release
4
(Technical
Correction
#1)
(v4.0.1)
R5
hl7.fhir.core#5.0.0
generated
on
Fri,
Nov
1,
2019
09:34+1100.
QA
Page
Sun,
Mar
26,
2023
15:24+1100.
Links:
Search
|
Version
History
|
Table
of
Contents
|
Credits
Glossary
|
QA
|
Compare
to
R3
R4
|
Compare
to
R4B
|
|
Propose
a
change