Overview

A record of an event made for purposes of maintaining a security log. Typical uses include detection of intrusion attempts and monitoring for inappropriate usage.

Scope and Usage

This profile is used to define the content that will be returned by the API Server in response to requests to access AuditEvent resources. All elements listed in the differential profile view are Supported, which means that the API Server is capable of supplying these fields from the product database when they have been populated via the product or its APIs.

The profile also defines the content that must be supplied to the API Server in response to requests to populate AuditEvent resources. Fields which are marked as Mandatory in this profile are those that must be supplied to the API Server in content used to populate a resource.

Source

The AuditEvent resource is derived from the AUDIT_EVENT and related tables in athenaPractice and athenaFlow. Specific detail can be found in the Mappings tab in the profile detail page.

This structure is derived from AuditEvent

Name	Flags	Card.	Type	Description & Constraints
AuditEvent		0..*	AuditEvent	Event record kept for security purposes
id		0..1	id	Logical id of this artifact
meta		0..1	Meta	Metadata about the resource
versionId		0..1	id	Version specific identifier
lastUpdated	S	1..1	instant	When the resource version last changed
Slices for profile	S	2..*	canonical()	Profiles this resource claims to conform to Slice: Unordered, Open by value:uri
profile:athena-argonautrequirements	S	1..1	canonical()	Profiles this resource claims to conform to Fixed Value: https://docs.mydata.athenahealth.com/fhir-r4/StructureDefinition/athena-auditevent
profile:athena-auditevent-profile	S	1..1	canonical()	Profiles this resource claims to conform to Fixed Value: https://docs.mydata.athenahealth.com/fhir-r4/StructureDefinition/athena-auditevent-profile
Slices for security		0..1	Coding	Security Labels applied to this resource Slice: Unordered, Open by value:coding
security:SENSITIVE-CHART		0..1	Coding	Security Labels applied to this resource
type	S	1..1	Coding	Type/identifier of event
subtype		0..*	Coding	More specific type/id for the event
action		0..1	code	Type of action performed during the event
period	S	1..1	Period	When the activity occurred
recorded	S	1..1	instant	Time when the event was recorded
outcome		0..1	code	Whether the event succeeded or failed
outcomeDesc		0..1	string	Description of the event outcome
purposeOfEvent		0..*	CodeableConcept	The purposeOfUse of the event
agent	S	1..*	BackboneElement	Actor involved in the event
who		0..1	Reference(Practitioner | Organization | Device | Patient | RelatedPerson)	Identifier of who
name		0..1	string	Human friendly name for the agent
requestor	S	1..1	boolean	Whether user is initiator
location		0..1	Reference(Location)	Where
policy		0..*	uri	Policy that authorized event
media		0..1	Coding	Type of media
network		0..1	BackboneElement	Logical network location for application activity
address		0..1	string	Identifier for the network access point of the user device
type		0..1	code	The type of network access point
purposeOfUse		0..*	CodeableConcept	Reason given for this user
entity		0..*	BackboneElement	Data or objects used
what		0..1	Reference(Resource)	Specific instance of resource
type		0..1	Coding	Type of entity involved
role		0..1	Coding	What role the entity played
lifecycle		0..1	Coding	Life-cycle stage for the entity
securityLabel		0..*	Coding	Security labels on the entity
name		0..1	string	Descriptor for entity
description		0..1	string	Descriptive text
query		0..1	base64Binary	Query parameters
Documentation for this format

This structure is derived from AuditEvent

Differential View

This structure is derived from AuditEvent

Name	Flags	Card.	Type	Description & Constraints
AuditEvent		0..*	AuditEvent	Event record kept for security purposes
id		0..1	id	Logical id of this artifact
meta		0..1	Meta	Metadata about the resource
versionId		0..1	id	Version specific identifier
lastUpdated	S	1..1	instant	When the resource version last changed
Slices for profile	S	2..*	canonical()	Profiles this resource claims to conform to Slice: Unordered, Open by value:uri
profile:athena-argonautrequirements	S	1..1	canonical()	Profiles this resource claims to conform to Fixed Value: https://docs.mydata.athenahealth.com/fhir-r4/StructureDefinition/athena-auditevent
profile:athena-auditevent-profile	S	1..1	canonical()	Profiles this resource claims to conform to Fixed Value: https://docs.mydata.athenahealth.com/fhir-r4/StructureDefinition/athena-auditevent-profile
Slices for security		0..1	Coding	Security Labels applied to this resource Slice: Unordered, Open by value:coding
security:SENSITIVE-CHART		0..1	Coding	Security Labels applied to this resource
type	S	1..1	Coding	Type/identifier of event
subtype		0..*	Coding	More specific type/id for the event
action		0..1	code	Type of action performed during the event
period	S	1..1	Period	When the activity occurred
recorded	S	1..1	instant	Time when the event was recorded
outcome		0..1	code	Whether the event succeeded or failed
outcomeDesc		0..1	string	Description of the event outcome
purposeOfEvent		0..*	CodeableConcept	The purposeOfUse of the event
agent	S	1..*	BackboneElement	Actor involved in the event
who		0..1	Reference(Practitioner | Organization | Device | Patient | RelatedPerson)	Identifier of who
name		0..1	string	Human friendly name for the agent
requestor	S	1..1	boolean	Whether user is initiator
location		0..1	Reference(Location)	Where
policy		0..*	uri	Policy that authorized event
media		0..1	Coding	Type of media
network		0..1	BackboneElement	Logical network location for application activity
address		0..1	string	Identifier for the network access point of the user device
type		0..1	code	The type of network access point
purposeOfUse		0..*	CodeableConcept	Reason given for this user
entity		0..*	BackboneElement	Data or objects used
what		0..1	Reference(Resource)	Specific instance of resource
type		0..1	Coding	Type of entity involved
role		0..1	Coding	What role the entity played
lifecycle		0..1	Coding	Life-cycle stage for the entity
securityLabel		0..*	Coding	Security labels on the entity
name		0..1	string	Descriptor for entity
description		0..1	string	Descriptive text
query		0..1	base64Binary	Query parameters
Documentation for this format

Key Elements View

Name	Flags	Card.	Type	Description & Constraints
AuditEvent		0..*	AuditEvent	Event record kept for security purposes
id	Σ	0..1	id	Logical id of this artifact
meta	Σ	0..1	Meta	Metadata about the resource
versionId	Σ	0..1	id	Version specific identifier
lastUpdated	SΣ	1..1	instant	When the resource version last changed
Slices for profile	SΣ	2..*	canonical()	Profiles this resource claims to conform to Slice: Unordered, Open by value:uri
profile:athena-argonautrequirements	SΣ	1..1	canonical()	Profiles this resource claims to conform to Fixed Value: https://docs.mydata.athenahealth.com/fhir-r4/StructureDefinition/athena-auditevent
profile:athena-auditevent-profile	SΣ	1..1	canonical()	Profiles this resource claims to conform to Fixed Value: https://docs.mydata.athenahealth.com/fhir-r4/StructureDefinition/athena-auditevent-profile
Slices for security	Σ	0..1	Coding	Security Labels applied to this resource Slice: Unordered, Open by value:coding Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.
security:SENSITIVE-CHART	Σ	0..1	Coding	Security Labels applied to this resource Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
type	SΣ	1..1	Coding	Type/identifier of event Binding: AuditEventID (extensible): Type of event.
subtype	Σ	0..*	Coding	More specific type/id for the event Binding: AuditEventSub-Type (extensible): Sub-type of event.
action	Σ	0..1	code	Type of action performed during the event Binding: AuditEventAction (required): Indicator for type of action performed during the event that generated the event.
period	S	1..1	Period	When the activity occurred
recorded	SΣ	1..1	instant	Time when the event was recorded
outcome	Σ	0..1	code	Whether the event succeeded or failed Binding: AuditEventOutcome (required): Indicates whether the event succeeded or failed.
outcomeDesc	Σ	0..1	string	Description of the event outcome
purposeOfEvent	Σ	0..*	CodeableConcept	The purposeOfUse of the event Binding: PurposeOfUse (extensible): The reason the activity took place.
agent	S	1..*	BackboneElement	Actor involved in the event
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
who	Σ	0..1	Reference(Practitioner | Organization | Device | Patient | RelatedPerson)	Identifier of who
name		0..1	string	Human friendly name for the agent
requestor	SΣ	1..1	boolean	Whether user is initiator
location		0..1	Reference(Location)	Where
policy		0..*	uri	Policy that authorized event
media		0..1	Coding	Type of media Binding: MediaTypeCode (extensible): Used when the event is about exporting/importing onto media.
network		0..1	BackboneElement	Logical network location for application activity
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
address		0..1	string	Identifier for the network access point of the user device
type		0..1	code	The type of network access point Binding: AuditEventAgentNetworkType (required): The type of network access point of this agent in the audit event.
purposeOfUse		0..*	CodeableConcept	Reason given for this user Binding: PurposeOfUse (extensible): The reason the activity took place.
source		1..1	BackboneElement	Audit Event Reporter
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
observer	Σ	1..1	Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)	The identity of source detecting the event
entity	C	0..*	BackboneElement	Data or objects used sev-1: Either a name or a query (NOT both)
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
what	Σ	0..1	Reference(Resource)	Specific instance of resource
type		0..1	Coding	Type of entity involved Binding: AuditEventEntityType (extensible): Code for the entity type involved in the audit event.
role		0..1	Coding	What role the entity played Binding: AuditEventEntityRole (extensible): Code representing the role the entity played in the audit event.
lifecycle		0..1	Coding	Life-cycle stage for the entity Binding: ObjectLifecycleEvents (extensible): Identifier for the data life-cycle stage for the entity.
securityLabel		0..*	Coding	Security labels on the entity Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.
name	ΣC	0..1	string	Descriptor for entity
description		0..1	string	Descriptive text
query	ΣC	0..1	base64Binary	Query parameters
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet	URI
AuditEvent.meta.security	extensible	All Security Labels http://hl7.org/fhir/ValueSet/security-labels from the FHIR Standard
AuditEvent.meta.security:SENSITIVE-CHART	extensible	All Security Labels http://hl7.org/fhir/ValueSet/security-labels from the FHIR Standard
AuditEvent.type	extensible	AuditEventID http://hl7.org/fhir/ValueSet/audit-event-type from the FHIR Standard
AuditEvent.subtype	extensible	AuditEventSub-Type http://hl7.org/fhir/ValueSet/audit-event-sub-type from the FHIR Standard
AuditEvent.action	required	AuditEventAction http://hl7.org/fhir/ValueSet/audit-event-action|4.0.1 from the FHIR Standard
AuditEvent.outcome	required	AuditEventOutcome http://hl7.org/fhir/ValueSet/audit-event-outcome|4.0.1 from the FHIR Standard
AuditEvent.purposeOfEvent	extensible	PurposeOfUse http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
AuditEvent.agent.media	extensible	MediaTypeCode http://hl7.org/fhir/ValueSet/dicm-405-mediatype from the FHIR Standard
AuditEvent.agent.network.type	required	AuditEventAgentNetworkType http://hl7.org/fhir/ValueSet/network-type|4.0.1 from the FHIR Standard
AuditEvent.agent.purposeOfUse	extensible	PurposeOfUse http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
AuditEvent.entity.type	extensible	AuditEventEntityType http://hl7.org/fhir/ValueSet/audit-entity-type from the FHIR Standard
AuditEvent.entity.role	extensible	AuditEventEntityRole http://hl7.org/fhir/ValueSet/object-role from the FHIR Standard
AuditEvent.entity.lifecycle	extensible	ObjectLifecycleEvents http://hl7.org/fhir/ValueSet/object-lifecycle-events
AuditEvent.entity.securityLabel	extensible	All Security Labels http://hl7.org/fhir/ValueSet/security-labels from the FHIR Standard

Snapshot View

Name	Flags	Card.	Type	Description & Constraints
AuditEvent		0..*	AuditEvent	Event record kept for security purposes
id	Σ	0..1	id	Logical id of this artifact
meta	Σ	0..1	Meta	Metadata about the resource
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url
versionId	Σ	0..1	id	Version specific identifier
lastUpdated	SΣ	1..1	instant	When the resource version last changed
source	Σ	0..1	uri	Identifies where the resource comes from
Slices for profile	SΣ	2..*	canonical()	Profiles this resource claims to conform to Slice: Unordered, Open by value:uri
profile:athena-argonautrequirements	SΣ	1..1	canonical()	Profiles this resource claims to conform to Fixed Value: https://docs.mydata.athenahealth.com/fhir-r4/StructureDefinition/athena-auditevent
profile:athena-auditevent-profile	SΣ	1..1	canonical()	Profiles this resource claims to conform to Fixed Value: https://docs.mydata.athenahealth.com/fhir-r4/StructureDefinition/athena-auditevent-profile
Slices for security	Σ	0..1	Coding	Security Labels applied to this resource Slice: Unordered, Open by value:coding Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.
security:SENSITIVE-CHART	Σ	0..1	Coding	Security Labels applied to this resource Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.
tag	Σ	0..*	Coding	Tags applied to this resource Binding: CommonTags (example): Codes that represent various types of tags, commonly workflow-related; e.g. "Needs review by Dr. Jones".
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
language		0..1	code	Language of the resource content Binding: CommonLanguages (preferred): A human language. Additional Bindings Purpose AllLanguages Max Binding
text		0..1	Narrative	Text summary of the resource, for human interpretation
contained		0..*	Resource	Contained, inline Resources
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
type	SΣ	1..1	Coding	Type/identifier of event Binding: AuditEventID (extensible): Type of event.
subtype	Σ	0..*	Coding	More specific type/id for the event Binding: AuditEventSub-Type (extensible): Sub-type of event.
action	Σ	0..1	code	Type of action performed during the event Binding: AuditEventAction (required): Indicator for type of action performed during the event that generated the event.
period	S	1..1	Period	When the activity occurred
recorded	SΣ	1..1	instant	Time when the event was recorded
outcome	Σ	0..1	code	Whether the event succeeded or failed Binding: AuditEventOutcome (required): Indicates whether the event succeeded or failed.
outcomeDesc	Σ	0..1	string	Description of the event outcome
purposeOfEvent	Σ	0..*	CodeableConcept	The purposeOfUse of the event Binding: PurposeOfUse (extensible): The reason the activity took place.
agent	S	1..*	BackboneElement	Actor involved in the event
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type		0..1	CodeableConcept	How agent participated Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event.
role		0..*	CodeableConcept	Agent role in the event Binding: SecurityRoleType (example): What security role enabled the agent to participate in the event.
who	Σ	0..1	Reference(Practitioner | Organization | Device | Patient | RelatedPerson)	Identifier of who
altId		0..1	string	Alternative User identity
name		0..1	string	Human friendly name for the agent
requestor	SΣ	1..1	boolean	Whether user is initiator
location		0..1	Reference(Location)	Where
policy		0..*	uri	Policy that authorized event
media		0..1	Coding	Type of media Binding: MediaTypeCode (extensible): Used when the event is about exporting/importing onto media.
network		0..1	BackboneElement	Logical network location for application activity
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
address		0..1	string	Identifier for the network access point of the user device
type		0..1	code	The type of network access point Binding: AuditEventAgentNetworkType (required): The type of network access point of this agent in the audit event.
purposeOfUse		0..*	CodeableConcept	Reason given for this user Binding: PurposeOfUse (extensible): The reason the activity took place.
source		1..1	BackboneElement	Audit Event Reporter
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
site		0..1	string	Logical source location within the enterprise
observer	Σ	1..1	Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)	The identity of source detecting the event
type		0..*	Coding	The type of source where event originated Binding: AuditEventSourceType (extensible): Code specifying the type of system that detected and recorded the event.
entity	C	0..*	BackboneElement	Data or objects used sev-1: Either a name or a query (NOT both)
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
what	Σ	0..1	Reference(Resource)	Specific instance of resource
type		0..1	Coding	Type of entity involved Binding: AuditEventEntityType (extensible): Code for the entity type involved in the audit event.
role		0..1	Coding	What role the entity played Binding: AuditEventEntityRole (extensible): Code representing the role the entity played in the audit event.
lifecycle		0..1	Coding	Life-cycle stage for the entity Binding: ObjectLifecycleEvents (extensible): Identifier for the data life-cycle stage for the entity.
securityLabel		0..*	Coding	Security labels on the entity Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.
name	ΣC	0..1	string	Descriptor for entity
description		0..1	string	Descriptive text
query	ΣC	0..1	base64Binary	Query parameters
detail		0..*	BackboneElement	Additional Information about the entity
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type		1..1	string	Name of the property
value[x]		1..1		Property value
valueString			string
valueBase64Binary			base64Binary
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet	URI
AuditEvent.meta.security	extensible	All Security Labels http://hl7.org/fhir/ValueSet/security-labels from the FHIR Standard
AuditEvent.meta.security:SENSITIVE-CHART	extensible	All Security Labels http://hl7.org/fhir/ValueSet/security-labels from the FHIR Standard
AuditEvent.meta.tag	example	CommonTags http://hl7.org/fhir/ValueSet/common-tags from the FHIR Standard
AuditEvent.language	preferred	CommonLanguages Additional Bindings Purpose AllLanguages Max Binding http://hl7.org/fhir/ValueSet/languages from the FHIR Standard
AuditEvent.type	extensible	AuditEventID http://hl7.org/fhir/ValueSet/audit-event-type from the FHIR Standard
AuditEvent.subtype	extensible	AuditEventSub-Type http://hl7.org/fhir/ValueSet/audit-event-sub-type from the FHIR Standard
AuditEvent.action	required	AuditEventAction http://hl7.org/fhir/ValueSet/audit-event-action|4.0.1 from the FHIR Standard
AuditEvent.outcome	required	AuditEventOutcome http://hl7.org/fhir/ValueSet/audit-event-outcome|4.0.1 from the FHIR Standard
AuditEvent.purposeOfEvent	extensible	PurposeOfUse http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
AuditEvent.agent.type	extensible	ParticipationRoleType http://hl7.org/fhir/ValueSet/participation-role-type from the FHIR Standard
AuditEvent.agent.role	example	SecurityRoleType http://hl7.org/fhir/ValueSet/security-role-type from the FHIR Standard
AuditEvent.agent.media	extensible	MediaTypeCode http://hl7.org/fhir/ValueSet/dicm-405-mediatype from the FHIR Standard
AuditEvent.agent.network.type	required	AuditEventAgentNetworkType http://hl7.org/fhir/ValueSet/network-type|4.0.1 from the FHIR Standard
AuditEvent.agent.purposeOfUse	extensible	PurposeOfUse http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
AuditEvent.source.type	extensible	AuditEventSourceType http://hl7.org/fhir/ValueSet/audit-source-type from the FHIR Standard
AuditEvent.entity.type	extensible	AuditEventEntityType http://hl7.org/fhir/ValueSet/audit-entity-type from the FHIR Standard
AuditEvent.entity.role	extensible	AuditEventEntityRole http://hl7.org/fhir/ValueSet/object-role from the FHIR Standard
AuditEvent.entity.lifecycle	extensible	ObjectLifecycleEvents http://hl7.org/fhir/ValueSet/object-lifecycle-events
AuditEvent.entity.securityLabel	extensible	All Security Labels http://hl7.org/fhir/ValueSet/security-labels from the FHIR Standard

This structure is derived from AuditEvent

HTTP Response Codes

The following HTTP response codes are returned by this API call: