URL
GET [base]/AuditEvent
Query Parameters
The below query parameters will be supported. It will be possible to use them in combination with each other, for example to specify any audit events since a specific date for a specific patient, and to get a specific number of results per page.
Any query parameters which are not mentioned below will not be supported at this time. They could potentially be supported in the future if needed.
Note: System Patient results (patient ID -1) should never be returned.
|
Field |
Logic |
Default if not specified |
Example |
|---|---|---|---|
|
_lastUpdated |
Format: Supported prefixes/operators:
You can combine them to filter by a range. See example. Additional information about searching in FHIR by date: https://www.hl7.org/fhir/search.html#date Note: If you fill in only the date without the time, the time will be assumed to be 00:00:00. This is not according to the FHIR standards (there it would filter by the whole day instead of according to midnight), but due to a lack of time is not supported correctly at the moment. This can be enhanced in the future. |
No filtration according to lastUpdated. |
Get the all audit event resources which has a recorded field with a time later or equal to 2019-12-12 08:00:00:
Get all the audit event resources which were last updated with a time between and including: 01.10.2019 10:00-01.01.2020 00:00
|
|
entity:Patient.identifier |
Limit results to the specified MR Number. The search parameter needs to specify the entity type as Patient, and then specify that we are looking for a matching identifier (as opposed to unique ID.) Format:
|
No filtration by MR number / hospital number. |
Get all the audit event resources with a recorded Patient-type entity with an identifier of 4947634.
|
|
_count |
An integer which is 1 or greater should be specified. (Although 0 is supported by FHIR, it will not be implemented at this time.) The supported range will be from 1 to 2000 If count is specified, then the number of results will be limited per page, and “next” and “last” page links will be added to the page to allow browsing to the following or last page. A total number will also be displayed in the total field. Please see Supporting Paging in FHIR Audit Event for more information on how the bundle is changed as a result of this search parameter. Format:
|
Specifying a count is not mandatory, but if the count is not specified, a default of “2000” will be entered. |
|
Body Parameters
N/A
Response Parameters
All of the values of the responses will be made based on results in both the archive and production database. (Duplicate results will not be returned.)
The default sort order will be from oldest entries to newest. (Ascending according to “recorded” date.)
The response will be presented as a part of a bundle.
Legend:
FHIR Field/Path = the path and field name in FHIR
Min = minimum amount of times that the field must appear (1 means that it is mandatory to fill whenever the field appears. For example, performer is optional, but if performer is returned, then performer.actor must be filled.)
Max = maximum amount of times the field must appear. (* means it can appear as many times as needed.)
Fixed value = hardcoded value
Mapped to = Name of API and which field to take from it
Short FHIR description = Short description copied from FHIR, just provided for convenience and context. Feel free to ignore this field.
Comments = Special notes about this field. Please pay attention, there may be some important information here.
|
FHIR Field/Path |
Min |
Max |
Type in FHIR |
Fixed Value |
Short FHIR Description |
Comments |
|---|---|---|---|---|---|---|
|
AuditEvent |
0 |
Event record kept for security purposes |
||||
|
AuditEvent.contained |
0 |
Resource |
Contained, inline Resources |
For the generic profile, there will not be any contained resources. |
||
|
AuditEvent.type |
1 |
1 |
Coding |
Type/identifier of event |
If Source of Access = emergency access, then the type should be treated as emergency access. Otherwise, it should be treated as a normal patient record access. If it's not emergency access then hardcoded values:
If it is emergency access then hardcoded values:
|
|
|
AuditEvent.type.system |
0 |
1 |
uri |
Identity of the terminology system |
||
|
AuditEvent.type.code |
0 |
1 |
code |
Symbol in syntax defined by the system |
||
|
AuditEvent.type.display |
0 |
1 |
string |
Representation defined by the system |
||
|
AuditEvent.subtype |
0 |
Coding |
More specific type/id for the event |
If Source of Access = emergency access, then the subtype should be treated as emergency access. Otherwise, there should be no subtype. If it is emergencyAccess then hardcoded values: Otherwise, nothing. |
||
|
AuditEvent.subtype.system |
0 |
1 |
uri |
Identity of the terminology system |
||
|
AuditEvent.subtype.code |
0 |
1 |
code |
Symbol in syntax defined by the system |
||
|
AuditEvent.subtype.display |
0 |
1 |
string |
Representation defined by the system |
||
|
AuditEvent.action |
0 |
1 |
code |
Type of action performed during the event |
When the access is conducted by a user the value shall always be empty. When the access is conducted by an interface this value will be whatever the interface specified and saved. (It should be either C, R, U, or D according to the CRUD coding system.) Taken from UsersPatientsLog from the APIMethod column. The database value is the HTTP verb, and must be converted according to the following guidelines to determine the CRUD value:
|
|
|
AuditEvent.recorded |
1 |
1 |
instant |
Time when the event was recorded |
Taken from UsersPatientsLog from the “FromTime” column. |
|
|
AuditEvent.purposeOfEvent |
0 |
CodeableConcept |
The purposeOfUse of the event |
If Source of Access = emergency access, then the type should be treated as emergency access. Otherwise, it should be treated as a normal patient record access. In case of emergency access then hardcoded values:
otherwise, hardcoded values:
|
||
|
AuditEvent.purposeOfEvent.coding |
0 |
1 |
Coding |
Code defined by a terminology system |
||
|
AuditEvent.purposeOfEvent.coding.system |
0 |
1 |
uri |
Identity of the terminology system |
||
|
AuditEvent.purposeOfEvent.coding.code |
0 |
1 |
code |
Symbol in syntax defined by the system |
||
|
AuditEvent.purposeOfEvent.coding.display |
0 |
1 |
string |
Representation defined by the system |
||
|
AuditEvent.agent |
1 |
BackboneElement |
Actor involved in the event |
|||
|
AuditEvent.agent.who |
0 |
1 |
Reference |
Identifier of who |
Logical reference to user |
|
|
AuditEvent.agent.who.reference |
0 |
1 |
string |
Literal reference, Relative, internal or absolute URL |
|
|
|
AuditEvent.agent.who.type |
0 |
1 |
uri |
Type the reference refers to (e.g. "Patient") |
|
|
|
AuditEvent.agent.who.identifier |
0 |
1 |
Identifier |
Logical reference, when literal reference is not known |
||
|
AuditEvent.agent.who.identifier.system |
0 |
1 |
uri |
The namespace for the identifier value |
||
|
AuditEvent.agent.who.identifier.value |
0 |
1 |
string |
The value that is unique |
||
|
AuditEvent.agent.who.display |
0 |
1 |
string |
Text alternative for the resource |
||
|
AuditEvent.agent.requestor |
1 |
1 |
boolean |
Whether user is initiator |
"True" when conducted by a normal user, "False" if conducted by a service user. Note: this is a checkbox in the user customization, but the value is the opposite of the checkbox. (If service user = true, then requestor should be false, and vice versa in the opposite case.) |
|
|
AuditEvent.agent.purposeOfUse |
0 |
CodeableConcept |
Reason given for this user |
If Source of Access = emergency access, treat it as emergency access. Otherwise, treat it as patient record access. If emergency access then (generic) hardcoded values:
otherwise (generic) hardcoded values:
|
||
|
AuditEvent.agent.purposeOfUse.coding |
0 |
Coding |
Code defined by a terminology system |
|||
|
AuditEvent.agent.purposeOfUse.coding.system |
0 |
1 |
uri |
Identity of the terminology system |
||
|
AuditEvent.agent.purposeOfUse.coding.code |
0 |
1 |
code |
Symbol in syntax defined by the system |
||
|
AuditEvent.agent.purposeOfUse.coding.display |
0 |
1 |
string |
Representation defined by the system |
||
|
AuditEvent.source |
1 |
1 |
BackboneElement |
Audit Event Reporter |
||
|
AuditEvent.source.site |
0 |
1 |
string |
Logical source location within the enterprise |
Will not appear in the general profile |
|
|
AuditEvent.source.observer |
1 |
1 |
Reference |
The identity of source detecting the event |
||
|
AuditEvent.source.observer.identifier |
0 |
1 |
Identifier |
Logical reference, when literal reference is not known |
||
|
AuditEvent.source.observer.identifier.system |
0 |
1 |
uri |
The namespace for the identifier value |
Taken from config from the key name DepartmentsExternalCode. See Configuring AuditEvent Coding System (without attributes) |
|
|
AuditEvent.source.observer.identifier.value |
0 |
1 |
string |
The value that is unique |
Taken from patient’s department’s external code at the time of the audit log entry. |
|
|
AuditEvent.source.observer.display |
0 |
1 |
string |
Text alternative for the resource |
Department name, taken from the patient’s department’s name at the time of the audit log entry. If the patient doesn’t yet have a department (according to the patient ownership table), then we will take the first department that we find instead. (Note: this is a scenario that shouldn’t really happen in real life, because you can’t admit patients with an admission date in the future, only current time or past, but it could happen if there is a difference in time between the server and the workstation.) |
|
|
AuditEvent.source.type |
0 |
Coding |
The type of source where event originated |
|||
|
AuditEvent.source.type.system |
0 |
1 |
uri |
Identity of the terminology system |
Hardcoded value (generic). |
|
|
AuditEvent.source.type.code |
0 |
1 |
code |
Symbol in syntax defined by the system |
Hardcoded values depend on if the user is a Service User or not. If it is a service user:
If not:
|
|
|
AuditEvent.source.type.display |
0 |
1 |
string |
Representation defined by the system |
Hardcoded values (generic) depend on if the user is a Service User or not. If it is a service user:
If not:
|
|
|
AuditEvent.entity |
0 |
BackboneElement |
Data or objects used |
|||
|
AuditEvent.entity.what |
0 |
1 |
Reference |
Specific instance of resource |
||
|
AuditEvent.entity.what.type |
0 |
1 |
uri |
Patient |
Type the reference refers to (e.g. "Patient") |
Hardcoded to “Patient” (generic) |
|
AuditEvent.entity.what.identifier |
0 |
1 |
Identifier |
Logical reference, when literal reference is not known |
||
|
AuditEvent.entity.what.identifier.system |
0 |
1 |
uri |
The namespace for the identifier value |
Taken from config from the key name MRNumber. See Configuring AuditEvent Coding System (without attributes) |
|
|
AuditEvent.entity.what.identifier.value |
0 |
1 |
string |
The value that is unique |
Patient’s MR #. |
|
|
AuditEvent.entity.type |
0 |
1 |
Coding |
Type of entity involved |
If there is no FHIR Type, then: If there is a FHIR Type, then: This is a new value which does not exist before 6.15. Taken from UsersPatientsLog from the column ApiPath. |
|
|
AuditEvent.entity.type.system |
0 |
1 |
uri |
Identity of the terminology system |
||
|
AuditEvent.entity.type.code |
0 |
1 |
code |
Symbol in syntax defined by the system |
||
|
AuditEvent.entity.type.display |
0 |
1 |
string |
Representation defined by the system |
||
|
AuditEvent.entity.query |
0 |
1 |
base64Binary |
Query parameters |
Take the “Query” field (if any is specified). This is a new value which does not exist before 6.15. |
|
|
AuditEvent.entity.detail |
0 |
BackboneElement |
Additional Information about the entity |
In case the request was made via an interface, the interface can place a custom message in the log which is returned in this field. If there is a value for “detail”, and it is known that the access was made by an interface, then type should return the hardcoded value “Interface details”. Detail is a new value which does not exist before 6.15. |
||
|
AuditEvent.entity.detail.type |
1 |
1 |
string |
Name of the property |
||
|
AuditEvent.entity.detail.valueString |
1 |
1 |
string |
Property value |
Examples
Note: these entities should appear inside a bundle in the response
Normal Access, accessed by user in MV
{
"resourceType": "AuditEvent",
"id": " AuditEvent01",
"meta": {
"profile": {
"value": "http://www.hl7.org/FHIR/auditevent"
}
},
"type": {
"system": {
"value": "http://dicom.nema.org/resources/ontology/DCM"
},
"code": {
"value": "110110"
},
"display": {
"value": "Patient Record"
}
},
"recorded": {
"value": "2019-07-20T22:41:23Z"
},
"purposeOfEvent": {
"system": "http://terminology.hl7.org/CodeSystem/v3-ActReason",
"code": "TREAT",
"display": "treatment"
},
"agent": [
{
"who": {
"type": "Practitioner",
"identifier": {
"system": "http://www.imd-soft.com/CodingSystem/Users/Login",
"value": "anneri"
},
"display": "Anne Eriksdottir"
}
"requestor": {
"value": "true"
},
"purposeOfUse": {
"system": "http://terminology.hl7.org/CodeSystem/v3-ActReason",
"code": "TREAT",
"display": "treatment"
}
}
],
"source": {
"observer": {
"identifier": {
"system": "http://www.imd-soft.com/CodingSystem/Departments/ExternalCode",
"value": "12931273916"
},
"display": "ICU"
},
"type": {
"system": "http://terminology.hl7.org/CodeSystem/security-source-type",
"code": "5",
"display": "Database Server"
}
},
"entity": {
"what": {
"type": "Patient",
"identifier":
{
"system": "http://www.imd-soft.com/CodingSystem/Patients/MRNumber",
"value": "1211512343"
},
"display": "Ola Normann"
},
"type": {
"system": "http://terminology.hl7.org/CodeSystem/audit-entity-type",
"code": "2",
"display": "System Object"
}
}
}
Emergency Access, accessed by user in MV
Note that all the treatment codes are now related to break the glass or emergency treatment, and the user role, user, and organization are contained.
{
"resourceType": "AuditEvent",
"meta": {
"profile": {
"value": "http://www.hl7.org/FHIR/auditevent"
}
},
"type": { //Note that now type is relating to emergency access
"system": {
"value": "http://dicom.nema.org/resources/ontology/DCM"
},
"code": {
"value": "110113"
},
"display": {
"value": "Security Alert"
}
},
"subtype": { //Note that now subtype is returned because it is emergency access
"system": {
"value": "http://dicom.nema.org/resources/ontology/DCM"
},
"code": {
"value": "110127"
},
"display": {
"value": "Emergency Override Started"
}
},
"recorded": {
"value": "2019-07-20T22:41:23Z"
},
"purposeOfEvent": { //The purpose also relates to emergency access now
"system": "http://terminology.hl7.org/CodeSystem/v3-ActReason",
"code": "ETREAT",
"display": "Emergency Treatment"
},
"agent": [
{
"who": {
"type": "Practitioner",
"identifier": {
"system": "http://www.imd-soft.com/CodingSystem/Users/Login",
"value": "anneri"
},
"display": "Anne Eriksdottir"
}
"requestor": {
"value": "true"
},
"purposeOfUse": {
"system": "http://terminology.hl7.org/CodeSystem/v3-ActReason",
"code": "TREAT",
"display": "treatment"
}
}
],
"source": {
"observer": {
"identifier": {
"system": "http://www.imd-soft.com/CodingSystem/Departments/ExternalCode",
"value": "12931273916"
},
"display": "ICU"
},
"type": {
"system": "http://terminology.hl7.org/CodeSystem/security-source-type",
"code": "5",
"display": "Database Server"
}
},
"entity": {
"what": {
"type": "Patient",
"identifier":
{
"system": "http://www.imd-soft.com/CodingSystem/Patients/MRNumber",
"value": "1211512343"
},
"display": "Ola Normann"
},
"type": {
"system": "http://terminology.hl7.org/CodeSystem/audit-entity-type",
"code": "2",
"display": "System Object"
}
}
}
FHIR API Non-emergency access logged with API service user
Note that the details relating to service user and API information are filled now.
{
"resourceType": "AuditEvent",
"id": " AuditEvent01",
"meta": {
"profile": {
"value": "http://www.hl7.org/FHIR/auditevent"
}
},
"type": {
"system": {
"value": "http://dicom.nema.org/resources/ontology/DCM"
},
"code": {
"value": "110110"
},
"display": {
"value": "Patient Record"
}
},
"action": {
"value": "R" //We can now return an action since it is via an API and not via MV
},
"recorded": {
"value": "2019-07-20T22:41:23Z"
},
"purposeOfEvent": {
"system": "http://terminology.hl7.org/CodeSystem/v3-ActReason",
"code": "TREAT",
"display": "treatment"
},
"agent": [
{
"who": {
"type": "Practitioner",
"identifier": {
"system": "http://www.imd-soft.com/CodingSystem/Users/Login",
"value": "anneri"
},
"display": "Anne Eriksdottir"
}
"requestor": {
"value": "false" //this is false because it is a service user
},
"purposeOfUse": {
"system": "http://terminology.hl7.org/CodeSystem/v3-ActReason",
"code": "TREAT",
"display": "treatment"
}
}
],
"source": {
"observer": {
"identifier": {
"system": "http://www.imd-soft.com/CodingSystem/Departments/ExternalCode",
"value": "12931273916"
},
"display": "ICU"
},
"type": {
"system": "http://terminology.hl7.org/CodeSystem/security-source-type",
"code": "4", //We return 4 because it is a service user not MV user
"display": "Application Server" //We return this because it is a service user not MV user
}
},
"entity": {
"what": {
"type": "Patient",
"identifier":
{
"system": "http://www.imd-soft.com/CodingSystem/Patients/MRNumber",
"value": "1211512343"
},
"display": "Ola Normann"
},
"type": {
"system": "http://hl7.org/fhir/resource-types", //The system changes to reflect a FHIR api
"code": "MedicationDispense", //We return the FHIR API name
"display": "MedicationDispense" //We return the FHIR API name
},
"query": "identifier=EF88B4AB-7A2A-49CB-A22C-66C07416A12D", //We can return the query if it is logged
"detail": {
"type": "Interface details", //If there is detail we should return this string
"valueString": "SSBsb3ZlIEZISVI=" //We can return any extra detail in base64 if it is logged
}
}
}