Query API: AuditEvent
Profile: EPAAuditEvent Profile
Voraussetzungen
Dem Patient Information Service MÜSSEN zur Auswertung in Operationen für jede Aktivität die folgenden Informationen bereitstehen:
- Name des Nutzers
- Nutzergruppe/Rolle ((profession-)oid)
- Kennung (Telematik-ID)
- Hinweis auf eine gültige Befugnis des aktuellen Benutzers (requestor)
HTTP Header-Parameter
Ein ePA-Client MUSS die folgenden HTTP Header bei einer Anfrage an den Patient Information Service setzen:
| Name | Anforderung | Datentyp | Beschreibung |
|---|---|---|---|
| x-insurantid | MUSS | String | Health Record Identifier |
| x-useragent | MUSS | String | User Agent Information |
| X-Request-ID | MUSS | String | UUID der Nachricht |
Wiederholungsintervalle
Die folgenden Wiederholungsintervalle werden im Falle einer Fehlerantwort definiert:
- '409' Conflict (statusMismatch)
- etwa 24 Stunden
- '500' Internal Error
- etwa 10 Minuten
Erlaubte Nutzergruppe
| professionOID |
|---|
| oid_versicherter |
| oid_ombudsstelle |
Interaktion (Query AuditEvent)
GET [base]/epa/audit/api/v1/fhir/AuditEvent
OperationId: listAuditEvents_AuditEventSvc
Anfragen an die AuditEvent-Ressource können über die RESTful API mittels HTTP GET-Anfragen durchgeführt werden. Dabei können spezifische Suchparameter genutzt werden, um die Anfragen zu verfeinern. Zum B
Bei Anfragen an die QueryAPI für die AuditEvent-Ressource wird die Antwort als ein FHIR-Bundle des Typs searchset zurückgegeben. Dieses Bundle enthält eine Sammlung von Einträgen, die jeweils eine Instanz der AuditEvent-Ressource enthalten. Die Sortierung MUSS vom Audit Event Service nach _lastUpdated erfolgen.
Suchparameter
| Parameter | Type | Definition | Beschreibung | Anforderung |
|---|---|---|---|---|
| _id | token | http://hl7.org/fhir/SearchParameter/Resource-id | Resource.id | MUSS |
| _lastUpdated | date | http://hl7.org/fhir/SearchParameter/Resource-lastUpdated | Resource.meta.lastUpdated | MUSS |
| action | token | http://hl7.org/fhir/SearchParameter/AuditEvent-action | AuditEvent.action | MUSS |
| altid | token | http://hl7.org/fhir/SearchParameter/AuditEvent-altid | AuditEvent.agent.altId | MUSS |
| date | date | http://hl7.org/fhir/SearchParameter/AuditEvent-date | AuditEvent.recorded | MUSS |
| outcome | token | http://hl7.org/fhir/SearchParameter/AuditEvent-outcome | AuditEvent.outcome | MUSS |
| entity-name | string | http://hl7.org/fhir/SearchParameter/AuditEvent-entity-name | AuditEvent.entity.name | MUSS |
Beispielantwort
{ "resourceType": "Bundle", "id": "example-searchset-audit-event", "type": "searchset", "total": 100, "link": [ { "relation": "self", "url": "/epa/audit/api/v1/fhir/AuditEvent?_offset=20&_count=10" }, { "relation": "previous", "url": "/epa/audit/api/v1/fhir/AuditEvent?_offset=10&_count=10" }, { "relation": "next", "url": "/epa/audit/api/v1/fhir/AuditEvent?_offset=30&_count=10" } ], "entry": [ { "fullUrl": "https://epa-as-0.prod.epa4all.de/vau-cid-1234/epa/AuditEvent/api/v1/fhir/AuditEvent/86604fc1-b356-57e3-8738-8ef36c8d608c", "resource": { "resourceType": "AuditEvent", "id": "86604fc1-b356-57e3-8738-8ef36c8d608c", "meta": { "versionId": "1", "lastUpdated": "2025-01-15T14:43:33.244Z", "profile": [ "https://gematik.de/fhir/epa/StructureDefinition/epa-auditevent" ] }, "source": { "observer": { "display": "Elektronische Patientenakte Fachdienst" }, "type": [ { "system": "https://gematik.de/fhir/epa/CodeSystem/epa-auditevent-sourcetype-cs", "code": "XDSSVC", "display": "XDS Document Service" } ] }, "agent": [ { "requestor": true, "type": { "coding": [ { "system": "http://terminology.hl7.org/CodeSystem/v3-RoleClass", "code": "PROV", "display": "healthcare provider" } ] }, "who": { "identifier": { "system": "https://gematik.de/fhir/sid/telematik-id", "value": "1-883110000092404" } }, "altId": "1-883110000092404", "name": "Praxis Dr. John Doe" } ], "type": { "system": "http://terminology.hl7.org/CodeSystem/audit-event-type", "code": "document" }, "action": "U", "recorded": "2025-01-15T14:52:04.928Z", "outcome": "0", "entity": [ { "name": "Arztbrief4711", "description": "operation:provide-and-register-document-set-b", "detail": [ { "type": "DocumentFormatCode", "valueString": "urn:gematik:ig:Arztbrief:r3.1" } ] } ] }, "search": { "mode": "match" } }, { "fullUrl": "https://epa-as-0.prod.epa4all.de/vau-cid-1234/epa/AuditEvent/api/v1/fhir/AuditEvent/669699b2-f131-4097-b13d-71413a58aa92", "resource": { "resourceType": "AuditEvent", "id": "669699b2-f131-4097-b13d-71413a58aa92", "meta": { "versionId": "1", "lastUpdated": "2025-01-15T14:43:33.244Z", "profile": [ "https://gematik.de/fhir/epa/StructureDefinition/epa-auditevent" ] }, "source": { "observer": { "display": "Elektronische Patientenakte Fachdienst" }, "type": [ { "system": "https://gematik.de/fhir/epa/CodeSystem/epa-auditevent-sourcetype-cs", "code": "MEDICATIONSVC", "display": "Medication Service" } ] }, "agent": [ { "requestor": true, "who": { "identifier": { "system": "https://gematik.de/fhir/sid/telematik-id", "value": "1-000000000000000" } }, "type": { "coding": [ { "system": "http://dicom.nema.org/resources/ontology/DCM", "code": "110150", "display": "Application" } ] }, "altId": "1-000000000000000", "name": "E-Rezept-Fachdienst" } ], "type": { "system": "http://terminology.hl7.org/CodeSystem/audit-event-type", "code": "rest" }, "action": "E", "recorded": "2025-01-15T14:52:04.928Z", "outcome": "0", "entity": [ { "name": "MedicationCancelDispensation", "description": "operation:cancel-dispensation-erp" } ] }, "search": { "mode": "match" } }, { "fullUrl": "https://epa-as-0.prod.epa4all.de/vau-cid-1234/epa/AuditEvent/api/v1/fhir/AuditEvent/589b9862-7935-42f5-a06b-11a6f35833ee", "resource": { "resourceType": "AuditEvent", "id": "589b9862-7935-42f5-a06b-11a6f35833ee", "meta": { "versionId": "1", "lastUpdated": "2025-07-15T14:43:33.244Z", "profile": [ "https://gematik.de/fhir/epa/StructureDefinition/epa-auditevent" ] }, "source": { "observer": { "display": "Elektronische Patientenakte Fachdienst" }, "type": [ { "system": "https://gematik.de/fhir/epa/CodeSystem/epa-auditevent-sourcetype-cs", "code": "XDSSVC", "display": "XDS Document Service" } ] }, "agent": [ { "requestor": true, "who": { "identifier": { "system": "https://gematik.de/fhir/sid/telematik-id", "value": "1-000000000000000" } }, "type": { "coding": [ { "system": "http://dicom.nema.org/resources/ontology/DCM", "code": "110150", "display": "Application" } ] }, "altId": "1-000000000000000", "name": "Portugal" }, { "requestor": true, "extension": [ { "url": "https://gematik.de/fhir/epa/StructureDefinition/epa-healthcare-facility-type-extension", "valueCoding": { "system": "urn:oid:2.16.840.1.113883.2.9.6.2.7", "code": "221", "display": "Medical Doctors" } } ], "type": { "coding": [ { "system": "http://terminology.hl7.org/CodeSystem/v3-RoleClass", "code": "PROV", "display": "healthcare provider" } ] }, "role": [ { "coding": [ { "system": "urn:oid:1.3.6.1.4.1.12559.11.10.1.3.2.2.2", "code": "Resident Physician", "display": "Resident Physician" } ] } ], "name": "Dr. Manuel Dos Santos / Clínica de Dos Santos" } ], "type": { "system": "http://terminology.hl7.org/CodeSystem/audit-event-type", "code": "rest" }, "action": "R", "recorded": "2025-07-15T14:52:04.928Z", "outcome": "0", "entity": [ { "name": "Patient Summary", "description": "operation:retrieve-document-set" } ] }, "search": { "mode": "match" } } ] }
<Bundle xmlns="http://hl7.org/fhir"> <id value="example-searchset-audit-event" /> <type value="searchset" /> <total value="100" /> <link> <relation value="self" /> <url value="/epa/audit/api/v1/fhir/AuditEvent?_offset=20&_count=10" /> </link> <link> <relation value="previous" /> <url value="/epa/audit/api/v1/fhir/AuditEvent?_offset=10&_count=10" /> </link> <link> <relation value="next" /> <url value="/epa/audit/api/v1/fhir/AuditEvent?_offset=30&_count=10" /> </link> <entry> <fullUrl value="https://epa-as-0.prod.epa4all.de/vau-cid-1234/epa/AuditEvent/api/v1/fhir/AuditEvent/86604fc1-b356-57e3-8738-8ef36c8d608c" /> <resource> <AuditEvent> <id value="86604fc1-b356-57e3-8738-8ef36c8d608c" /> <meta> <versionId value="1" /> <lastUpdated value="2025-01-15T14:43:33.244Z" /> <profile value="https://gematik.de/fhir/epa/StructureDefinition/epa-auditevent" /> </meta> <type> <system value="http://terminology.hl7.org/CodeSystem/audit-event-type" /> <code value="document" /> </type> <action value="U" /> <recorded value="2025-01-15T14:52:04.928Z" /> <outcome value="0" /> <agent> <type> <coding> <system value="http://terminology.hl7.org/CodeSystem/v3-RoleClass" /> <code value="PROV" /> <display value="healthcare provider" /> </coding> </type> <who> <identifier> <system value="https://gematik.de/fhir/sid/telematik-id" /> <value value="1-883110000092404" /> </identifier> </who> <altId value="1-883110000092404" /> <name value="Praxis Dr. John Doe" /> <requestor value="true" /> </agent> <source> <observer> <display value="Elektronische Patientenakte Fachdienst" /> </observer> <type> <system value="https://gematik.de/fhir/epa/CodeSystem/epa-auditevent-sourcetype-cs" /> <code value="XDSSVC" /> <display value="XDS Document Service" /> </type> </source> <entity> <name value="Arztbrief4711" /> <description value="operation:provide-and-register-document-set-b" /> <detail> <type value="DocumentFormatCode" /> <valueString value="urn:gematik:ig:Arztbrief:r3.1" /> </detail> </entity> </AuditEvent> </resource> <search> <mode value="match" /> </search> </entry> <entry> <fullUrl value="https://epa-as-0.prod.epa4all.de/vau-cid-1234/epa/AuditEvent/api/v1/fhir/AuditEvent/669699b2-f131-4097-b13d-71413a58aa92" /> <resource> <AuditEvent> <id value="669699b2-f131-4097-b13d-71413a58aa92" /> <meta> <versionId value="1" /> <lastUpdated value="2025-01-15T14:43:33.244Z" /> <profile value="https://gematik.de/fhir/epa/StructureDefinition/epa-auditevent" /> </meta> <type> <system value="http://terminology.hl7.org/CodeSystem/audit-event-type" /> <code value="rest" /> </type> <action value="E" /> <recorded value="2025-01-15T14:52:04.928Z" /> <outcome value="0" /> <agent> <type> <coding> <system value="http://dicom.nema.org/resources/ontology/DCM" /> <code value="110150" /> <display value="Application" /> </coding> </type> <who> <identifier> <system value="https://gematik.de/fhir/sid/telematik-id" /> <value value="1-000000000000000" /> </identifier> </who> <altId value="1-000000000000000" /> <name value="E-Rezept-Fachdienst" /> <requestor value="true" /> </agent> <source> <observer> <display value="Elektronische Patientenakte Fachdienst" /> </observer> <type> <system value="https://gematik.de/fhir/epa/CodeSystem/epa-auditevent-sourcetype-cs" /> <code value="MEDICATIONSVC" /> <display value="Medication Service" /> </type> </source> <entity> <name value="MedicationCancelDispensation" /> <description value="operation:cancel-dispensation-erp" /> </entity> </AuditEvent> </resource> <search> <mode value="match" /> </search> </entry> <entry> <fullUrl value="https://epa-as-0.prod.epa4all.de/vau-cid-1234/epa/AuditEvent/api/v1/fhir/AuditEvent/589b9862-7935-42f5-a06b-11a6f35833ee" /> <resource> <AuditEvent> <id value="589b9862-7935-42f5-a06b-11a6f35833ee" /> <meta> <versionId value="1" /> <lastUpdated value="2025-07-15T14:43:33.244Z" /> <profile value="https://gematik.de/fhir/epa/StructureDefinition/epa-auditevent" /> </meta> <type> <system value="http://terminology.hl7.org/CodeSystem/audit-event-type" /> <code value="rest" /> </type> <action value="R" /> <recorded value="2025-07-15T14:52:04.928Z" /> <outcome value="0" /> <agent> <type> <coding> <system value="http://dicom.nema.org/resources/ontology/DCM" /> <code value="110150" /> <display value="Application" /> </coding> </type> <who> <identifier> <system value="https://gematik.de/fhir/sid/telematik-id" /> <value value="1-000000000000000" /> </identifier> </who> <altId value="1-000000000000000" /> <name value="Portugal" /> <requestor value="true" /> </agent> <agent> <extension url="https://gematik.de/fhir/epa/StructureDefinition/epa-healthcare-facility-type-extension"> <valueCoding> <system value="urn:oid:2.16.840.1.113883.2.9.6.2.7" /> <code value="221" /> <display value="Medical Doctors" /> </valueCoding> </extension> <type> <coding> <system value="http://terminology.hl7.org/CodeSystem/v3-RoleClass" /> <code value="PROV" /> <display value="healthcare provider" /> </coding> </type> <role> <coding> <system value="urn:oid:1.3.6.1.4.1.12559.11.10.1.3.2.2.2" /> <code value="Resident Physician" /> <display value="Resident Physician" /> </coding> </role> <name value="Dr. Manuel Dos Santos / Clínica de Dos Santos" /> <requestor value="true" /> </agent> <source> <observer> <display value="Elektronische Patientenakte Fachdienst" /> </observer> <type> <system value="https://gematik.de/fhir/epa/CodeSystem/epa-auditevent-sourcetype-cs" /> <code value="XDSSVC" /> <display value="XDS Document Service" /> </type> </source> <entity> <name value="Patient Summary" /> <description value="operation:retrieve-document-set" /> </entity> </AuditEvent> </resource> <search> <mode value="match" /> </search> </entry> </Bundle>
Antwort-Status-Codes
| Status Code | Bedingung | Error Code | Bemerkung |
|---|---|---|---|
| 200 | Successful operation | ||
| 400 | Unknown search parameter | EPA OperationOutcome | |
| 400 | Invalid query parameter(s) | EPA OperationOutcome | |
| 400 | Invalid request | EPA OperationOutcome | |
| 404 | Unknown resource type | EPA OperationOutcome | |
| 403 | Requestor role is not in the list of allowed usergroups | invalidOid | |
| 409 | Health record is in state SUSPENDED | statusMismatch | (siehe 'Wiederholungsintervalle') |
| 500 | Any other error | internalError | (siehe 'Wiederholungsintervalle') |
Error Codes MÜSSEN mit dem entsprechenden HTTP Status Code vom Audit Event Service mit dem Media Type application/json nach folgendem Schema zurückgegeben werden:
{
"errorCode": "statusMismatch"
}
Interaktion (AuditEvent Instance API)
GET [base]/epa/audit/api/v1/fhir/AuditEvent/[id]
OperationId: getAuditEventById_AuditEventSvc
Um spezifische Details zu einer einzelnen AuditEvent mittels der RESTful API zu erhalten, kann die AuditEvent Instance API verwendet werden, sodass eine HTTP GET-Anfrage an den Endpunkt /AuditEvent/[id] gerichtet wird.
Antwort-Status-Codes
| Status Code | Bedingung | Error Code | Bemerkung |
|---|---|---|---|
| 200 | Successful operation | ||
| 400 | Unknown search parameter | EPA OperationOutcome | |
| 400 | Invalid query parameter(s) | EPA OperationOutcome | |
| 400 | Invalid request | EPA OperationOutcome | |
| 404 | Unknown resource type | EPA OperationOutcome | |
| 403 | Requestor role is not in the list of allowed usergroups | invalidOid | |
| 409 | Health record is in state SUSPENDED | statusMismatch | (siehe 'Wiederholungsintervalle') |
| 500 | Any other error | internalError | (siehe 'Wiederholungsintervalle') |
Error Codes MÜSSEN mit dem entsprechenden HTTP Status Code vom Audit Event Service mit dem Media Type application/json nach folgendem Schema zurückgegeben werden:
{
"errorCode": "statusMismatch"
}