Virence AuditEvent Profile
This AuditEvent profile is part of the set of resource profiles supported by the API Server used with the CPS 12.3 and CEMR 9.12 products. It further describes read, search, and create capabilities of these products. Note: The update operation is NOT supported for this resource.
Overview
A record of an event made for purposes of maintaining a security log. Typical uses include detection of intrusion attempts and monitoring for inappropriate usage.
Scope and Usage
This profile is used to define the content that will be returned by the API Server in response to requests to access AuditEvent resources. All elements listed in the differential profile view are Supported, which means that the API Server is capable of supplying these fields from the product database when they have been populated via the product or its APIs.
The profile also defines the content that must be supplied to the API Server in response to requests to populate AuditEvent resources. Fields which are marked as Mandatory in this profile are those that must be supplied to the API Server in content used to populate a resource.
Source
The AuditEvent resource is derived from the AUDIT_EVENT tables in CPS and CEMR. Specific detail can be found in the Mappings section in the profile detail page.
Supported Operations
The operations supported by this resource are listed below.
Read Operation
Read operations are executed as specified in the HL7 FHIR RESTful API implementation definition. To read a AuditEvent, an application shall perform an HTTP GET, specifying the identifier of the resources being retrieved.
GET [base]/fhir/AuditEvent/[id]{?_format=[json|xml]&_summary=[true|data]}
Read Operation Parameters
| Parameter | Description |
|---|---|
| [base] | Specifies the base URL of the FHIR Server, e.g., https://cpsapisandbox.virenceaz.com:9443/demoAPIServer |
| [id] | Specifies the identifier of the AuditEvent resource to retrieve |
| [_format] | Specifies the format of the output and may be xml or json. When present, the _format value overrides the value of the Accept header in the request. |
| [_summary] | Filters the output to include only summary elements (_summary=true) or to omit the generated narrative (_summary=data). Note: If the generated html narrative for the resource is not going to be used by the call, using _summary=data provides slightly improved API response times. |
Read Operation HTTP Response Codes
| Response Code | Description |
|---|---|
| 200 OK | The requested resource was found and is contained within the body of the HTTP response. |
| 401 Unauthorized | Authorization is required for this request, and either the Authorization header is missing or the supplied user credentials in the Authorization header are not valid or have expired. The body of the HTTP response will contain an OperationOutcome resource that indicates that Authorization is required. |
| 404 Not Found | The requested resource does not exist. The body of the HTTP response will contain an OperationOutcome resource that indicates that the resource could not be found. |
| 500 Server Error | The server may return other error codes to indicate other error conditions. The body of the HTTP response will contain an OperationOutcome resource that indicates the nature of the error. |
Search Operation
Search operations are executed as specified in the HL7 FHIR RESTful API implementation definition. To search for AuditEvent resources, an application shall perform an HTTP GET, specifying the query parameters associated with the resource.
GET [base]/fhir/AuditEvent?{search-parameters}{&_count=[max-results]&_format=[json|xml]&_summary=[true|text|data]}
Search Operation Parameters
| Parameter | Description |
|---|---|
| [base] | Specifies the base URL of the FHIR Server, e.g., https://cpsapisandbox.virenceaz.com:9443/demoAPIServer |
| [_count] | Specifies the maximum number of search results to return in a single query. Note: The count of results does not limit the number of additional resources returned via the _include parameter. No more than max-results AuditEvent resources which match the search criteria will be returned. The API Server has default and maximum limits for the value that can be specified for this parameter. These limits may vary depending upon the client application vendors participation level in the Virence Partner program. Note: The API Server support the HL7 FHIR Paging capability. |
| [_format] | Specifies the format of the output and may be xml or json. When present, the _format value overrides the value of the Accept header in the request. |
| [_summary] | Filters the output to include only narrative elements (_summary=text), summary elements (_summary=true) or to omit the generated narrative (_summary=data). Note: If the generated html narrative for the resource is not going to be used by the call, using _summary=data provides improved API response times, especially when returning larger result sets. |
| _id (token ) | The ID of the resource |
| _lastUpdated (date ) | |
| _lastUpdated-fromnow (quantity ) | Like _lastUpdated except expressed as a positive or negative offset from the current time in units of time , e.g. _lastUpdated-fromnow=ge7||d for more than seven days in the future or =le-2||mo for less than two months in the past. The unit must be specified. |
| _security (token ) | |
| action (token ) | Type of action performed during the event |
| date (date ) | Time when the event occurred on source |
| date-fromnow (quantity ) | Like date except expressed as a positive or negative offset from the current time in units of time , e.g. date-fromnow=ge7||d for more than seven days in the future or =le-2||mo for less than two months in the past. The unit must be specified. |
| name (string ) | Human-meaningful name for the user |
| reference (reference ) | Specific instance of resource (e.g. versioned) |
| type (token ) | Type/identifier of event |
| user (token ) | Unique identifier for the user |
Search Operation HTTP Response Codes
| Response Code | Description |
|---|---|
| 200 OK | The query was performed and any results found are contained within the body of the HTTP response. Note: The search API will return 200 OK when the query itself is successful, regardless of whether or not any matching results were found. |
| 401 Unauthorized | Authorization is required for this request, and either the Authorization header is missing or the supplied user credentials in the Authorization header are not valid or have expired. The body of the HTTP response will contain an OperationOutcome resource that indicates that Authorization is required. |
| 500 Server Error | The server may return other error codes to indicate other error conditions. The body of the HTTP response will contain an OperationOutcome resource that indicates the nature of the error. |
Profile Content
The official URL for this profile is:
http://hl7.org/fhir/StructureDefinition/auditevent-profile
Event record kept for security purposes
| Name | Flags | Card. | Type | Description & Constraints | |
|---|---|---|---|---|---|
  AuditEvent | 0..* | AuditEvent | Event record kept for security purposes | ||
 meta | ∑ | 0..1 | Meta | Metadata about the resource | |
 implicitRules | ?! ∑ | 0..1 | uri | A set of rules under which this content was created | |
| language | 0..1 | code | Language of the resource content Binding: IETF BCP-47  (required ) | ||
| text | I | 0..1 | Narrative | Text summary of the resource, for human interpretation | |
| contained | 0..* | Resource | Contained, inline Resources | ||
 extension | 0..* | Extension | Additional Content defined by implementations | ||
| modifierExtension | ?! | 0..* | Extension | Extensions that cannot be ignored | |
| event | 1..1 | BackboneElement | What was done | ||
 extension | 0..* | Extension | Additional Content defined by implementations | ||
| modifierExtension | ?! | 0..* | Extension | Extensions that cannot be ignored | |
 type | ∑ | 1..1 | Coding | Type/identifier of event Binding: Audit Event ID (extensible ) | |
| subtype | ∑ | 0..* | Coding | More specific type/id for the event Binding: Audit Event Sub-Type (extensible ) | |
| action | ∑ | 0..1 | code | Type of action performed during the event Binding: AuditEventAction (required ) | |
| dateTime | ∑ | 1..1 | instant | Time when the event occurred on source | |
| outcome | ∑ | 0..1 | code | Whether the event succeeded or failed Binding: AuditEventOutcome (required ) | |
| outcomeDesc | ∑ | 0..1 | string | Description of the event outcome | |
 purposeOfEvent | ∑ | 0..* | Coding | The purposeOfUse of the event Binding: PurposeOfUse (extensible ) | |
| participant | 1..* | BackboneElement | A person, a hardware device or software process | ||
| extension | 0..* | Extension | Additional Content defined by implementations | ||
| modifierExtension | ?! | 0..* | Extension | Extensions that cannot be ignored | |
| role | 0..* | CodeableConcept | User roles (e.g. local RBAC codes) Binding: Audit Active Participant Role ID Code (extensible ) | ||
 reference | ∑ | 0..1 | Reference (Practitioner | Organization | Device | Patient | RelatedPerson ) | Direct reference to resource | |
| userId | ∑ | 0..1 | Identifier | Unique identifier for the user | |
| altId | 0..1 | string | Alternative User id e.g. authentication | ||
| name | 0..1 | string | Human-meaningful name for the user | ||
| requestor | 1..1 | boolean | Whether user is initiator | ||
| location | 0..1 | Reference (Location ) | Where | ||
| policy | 0..* | uri | Policy that authorized event | ||
| media | 0..1 | Coding | Type of media Binding: Media Type Code (extensible ) | ||
| network | 0..1 | BackboneElement | Logical network location for application activity | ||
| extension | 0..* | Extension | Additional Content defined by implementations | ||
| modifierExtension | ?! | 0..* | Extension | Extensions that cannot be ignored | |
| address | 0..1 | string | Identifier for the network access point of the user device | ||
| type | 0..1 | code | The type of network access point Binding: AuditEventParticipantNetworkType (required ) | ||
| purposeOfUse | 0..* | Coding | Reason given for this user Binding: PurposeOfUse (extensible ) | ||
| source | 1..1 | BackboneElement | Application systems and processes | ||
| extension | 0..* | Extension | Additional Content defined by implementations | ||
| modifierExtension | ?! | 0..* | Extension | Extensions that cannot be ignored | |
| site | 0..1 | string | Logical source location within the enterprise | ||
| identifier | ∑ | 1..1 | Identifier | The identity of source detecting the event | |
| type | 0..* | Coding | The type of source where event originated Binding: Audit Event Source Type (extensible ) | ||
 object | I | BackboneElement | Specific instances of data or objects that have been accessed Slice: Unordered, Closed, by type use sev-1: Either a name or a query (NOT both) | ||
| object | I | 0..2 | BackboneElement | Specific instances of data or objects that have been accessed sev-1: Either a name or a query (NOT both) | |
| extension | 0..* | Extension | Additional Content defined by implementations | ||
| modifierExtension | ?! | 0..* | Extension | Extensions that cannot be ignored | |
| identifier | ∑ | 0..1 | Identifier | Specific instance of object (e.g. versioned) | |
| reference | ∑ | 0..1 | Reference (Resource ) | Specific instance of resource (e.g. versioned) | |
| type | 0..1 | Coding | Type of object involved Binding: AuditEventObjectType (extensible ) | ||
| role | 0..1 | Coding | What role the Object played Binding: AuditEventObjectRole (extensible ) | ||
| lifecycle | 0..1 | Coding | Life-cycle stage for the object Binding: AuditEventObjectLifecycle (extensible ) | ||
| securityLabel | 0..* | Coding | Security labels applied to the object Binding: All Security Labels (extensible ) | ||
| name | ∑ I | 0..1 | string | Instance-specific descriptor for Object | |
| description | 0..1 | string | Descriptive text | ||
| query | ∑ I | 0..1 | base64Binary | Actual query for object | |
| detail | 0..* | BackboneElement | Additional Information about the Object | ||
 extension | 0..* | Extension | Additional Content defined by implementations | ||
| modifierExtension | ?! | 0..* | Extension | Extensions that cannot be ignored | |
| type | 1..1 | string | Name of the property | ||
| value | 1..1 | base64Binary | Property value | ||
| object | I | 0..1 | BackboneElement | Specific instances of data or objects that have been accessed sev-1: Either a name or a query (NOT both) | |
| extension | 0..* | Extension | Additional Content defined by implementations | ||
| modifierExtension | ?! | 0..* | Extension | Extensions that cannot be ignored | |
| identifier | ∑ | 0..1 | Identifier | Specific instance of object (e.g. versioned) | |
| reference | ∑ | 0..1 | Reference (Resource ) | Specific instance of resource (e.g. versioned) | |
| type | 0..1 | Coding | Type of object involved Binding: AuditEventObjectType (extensible ) | ||
| role | 0..1 | Coding | What role the Object played Binding: AuditEventObjectRole (extensible ) | ||
| lifecycle | 0..1 | Coding | Life-cycle stage for the object Binding: AuditEventObjectLifecycle (extensible ) | ||
| securityLabel | 0..* | Coding | Security labels applied to the object Binding: All Security Labels (extensible ) | ||
| name | ∑ I | 0..1 | string | Instance-specific descriptor for Object | |
| description | 0..1 | string | Descriptive text | ||
| query | ∑ I | 0..1 | base64Binary | Actual query for object | |
| detail | 0..* | BackboneElement | Additional Information about the Object | ||
| extension | 0..* | Extension | Additional Content defined by implementations | ||
| modifierExtension | ?! | 0..* | Extension | Extensions that cannot be ignored | |
| type | 1..1 | string | Name of the property | ||
| value | 1..1 | base64Binary | Property value | ||
| object | I | 0..1 | BackboneElement | Specific instances of data or objects that have been accessed sev-1: Either a name or a query (NOT both) | |
| extension | 0..* | Extension | Additional Content defined by implementations | ||
| modifierExtension | ?! | 0..* | Extension | Extensions that cannot be ignored | |
| identifier | ∑ | 0..1 | Identifier | Specific instance of object (e.g. versioned) | |
| reference | ∑ | 0..1 | Reference (Resource ) | Specific instance of resource (e.g. versioned) | |
| type | 0..1 | Coding | Type of object involved Binding: AuditEventObjectType (extensible ) | ||
| role | 0..1 | Coding | What role the Object played Binding: AuditEventObjectRole (extensible ) | ||
| lifecycle | 0..1 | Coding | Life-cycle stage for the object Binding: AuditEventObjectLifecycle (extensible ) | ||
| securityLabel | 0..* | Coding | Security labels applied to the object Binding: All Security Labels (extensible ) | ||
| name | ∑ I | 0..1 | string | Instance-specific descriptor for Object | |
| description | 0..1 | string | Descriptive text | ||
| query | ∑ I | 0..1 | base64Binary | Actual query for object | |
| detail | 0..* | BackboneElement | Additional Information about the Object | ||
| extension | 0..* | Extension | Additional Content defined by implementations | ||
| modifierExtension | ?! | 0..* | Extension | Extensions that cannot be ignored | |
| type | 1..1 | string | Name of the property | ||
| value | 1..1 | base64Binary | Property value | ||
CPS Mapping
The mappings in this section represent the how data stored within CPS is served through the product's APIs.
CPS and CEMR share a common schema for patient clinical data and only one is shown when these are
the same. Use of this information is subject to the API Server
Terms and Conditions .
| Virence AuditEvent Profile | ||
| AuditEvent | AuditEvent-Profile | FHIR_AUDITEVENTVIEW |
| ├ id | EVENT_ID | MakeId(%EVENT_ID%) |
| │ ├ type | MakeCoding(%EVENT_TYPE_ID%,null,%EVENT_TYPE_DESCRIPTION%) | |
| │ ├ action | MapCode(%ACTIONTYPE%,"EVENTACTION") | |
| │ ├ dateTime | %EVENT_TIMESTAMP% | |
| │ ├ outcome | MapCode(%OUTCOME%,"EVENTOUTCOME") | |
| │ ├ outcomeDesc | %OUTCOME_DISCRIPTION% | |
| │ ├ userId | MakeIdentifier("PRN",getSiteIdSystem("DOCTORFACILITYID"),%PVID%) | |
| │ ├ name | %LOGINNAME% | |
| │ └ location | MakeReference("LOCREG",%LOCID%,"Location") | |
| ├ object | Event Objects | |
| ├ object | Patient Object | |
| │ └ reference | MakeReference("PATIENTPROFILE",%PID%,"Patient") | |
| └ object | Document Object | |
| └ reference | MakeReference("DOCUMENTREFERENCE",%SDID%,"DocumentReference") | |
CEMR Mapping
The mappings in this section represent the how data stored within CEMR is served through the product's APIs.
Use of this information is subject to the API Server
Terms and Conditions .
| Virence AuditEvent Profile | ||
| AuditEvent | AuditEvent-Profile | FHIR_AUDITEVENTVIEW |
| ├ id | EVENT_ID | MakeId(%EVENT_ID%) |
| │ ├ type | MakeCoding(%EVENT_TYPE_ID%,null,%EVENT_TYPE_DESCRIPTION%) | |
| │ ├ action | MapCode(%ACTIONTYPE%,"EVENTACTION") | |
| │ ├ dateTime | %EVENT_TIMESTAMP% | |
| │ ├ outcome | MapCode(%OUTCOME%,"EVENTOUTCOME") | |
| │ ├ outcomeDesc | %OUTCOME_DISCRIPTION% | |
| │ ├ userId | MakeIdentifier("PRN",getSiteIdSystem("DOCTORFACILITYID"),%PVID%) | |
| │ ├ name | %LOGINNAME% | |
| │ └ location | MakeReference("LOCREG",%LOCID%,"Location") | |
| ├ object | Event Objects | |
| ├ object | Patient Object | |
| │ └ reference | MakeReference("PERSON",%PID%,"Patient") | |
| └ object | Document Object | |
| └ reference | MakeReference("DOCUMENTREFERENCE",%SDID%,"DocumentReference") | |