<shortvalue="Event record kept for security purposes"/>
<formalvalue="A record of an event made for purposes of maintaining a security log. Typical uses include detection of intrusion attempts and monitoring for inappropriate usage."/>
<commentsvalue="Based on ATNA (RFC 3881)."/>
<minvalue="1"/>
<maxvalue="1"/>
<type>
<codevalue="Resource"/>
</type>
<isModifiervalue="false"/>
<mapping>
<identityvalue="rim"/>
<mapvalue="ControlAct[moodCode=EVN]"/>
</mapping>
<mapping>
<identityvalue="dicom"/>
<mapvalue="Message"/>
</mapping>
</definition>
</element>
<element>
<pathvalue="SecurityEvent.event"/>
<definition>
<shortvalue="What was done"/>
<formalvalue="Identifies the name, action type, time, and disposition of the audited event."/>
<minvalue="1"/>
<maxvalue="1"/>
<isModifiervalue="false"/>
<mapping>
<identityvalue="rim"/>
<mapvalue="N/A (no nesting in v3)"/>
</mapping>
<mapping>
<identityvalue="dicom"/>
<mapvalue="EventIdentification"/>
</mapping>
</definition>
</element>
<element>
<pathvalue="SecurityEvent.event.type"/>
<definition>
<shortvalue="Type/identifier of event"/>
<formalvalue="Identifier for a family of the event."/>
<commentsvalue="e.g., a menu item, program, rule, policy, function code, application name or URL. It identifies the performed function."/>
<mapvalue=".code (type, subtype and action are pre-coordinated or sent as translations)"/>
</mapping>
<mapping>
<identityvalue="dicom"/>
<mapvalue="@EventId"/>
</mapping>
</definition>
</element>
<element>
<pathvalue="SecurityEvent.event.type.coding"/>
<definition>
<shortvalue="Code defined by a terminology system"/>
<formalvalue="A reference to a code defined by a terminology system."/>
<commentsvalue="Codes may be defined very casually in enumerations, or code lists, up to very formal definitions such as SNOMED CT - see the V3 Core Principles for more information. Ordering of codings is undefined and SHALL not be used to infer meaning."/>
<shortvalue="Identity of the terminology system"/>
<formalvalue="The identification of the code system that defines the meaning of the symbol in the code."/>
<commentsvalue="The URI may be an OID (urn:oid:...) or a UUID (urn:uuid:...). OIDs and UUIDs SHALL be references to the HL7 OID registry. Otherwise, the URI should come from HL7's list of FHIR defined special URIs or it should de-reference to some definition that establish the system clearly and unambiguously."/>
<shortvalue="Symbol in syntax defined by the system"/>
<formalvalue="A symbol in syntax defined by the system. The symbol may be a predefined code or an expression in a syntax defined by the coding system (e.g. post-coordination)."/>
<minvalue="1"/>
<maxvalue="1"/>
<type>
<codevalue="code"/>
</type>
<isModifiervalue="false"/>
<mapping>
<identityvalue="rim"/>
<mapvalue="./code"/>
</mapping>
<mapping>
<identityvalue="v2"/>
<mapvalue="C*E.1"/>
</mapping>
</definition>
</element>
<element>
<pathvalue="SecurityEvent.event.subtype"/>
<definition>
<shortvalue="More specific type/id for the event"/>
<formalvalue="Identifier for the category of event."/>
<mapvalue=".code (type, subtype and action are pre-coordinated or sent as translations)"/>
</mapping>
<mapping>
<identityvalue="dicom"/>
<mapvalue="@EventTypeCode"/>
</mapping>
</definition>
</element>
<element>
<pathvalue="SecurityEvent.event.subtype.coding"/>
<definition>
<shortvalue="Code defined by a terminology system"/>
<formalvalue="A reference to a code defined by a terminology system."/>
<commentsvalue="Codes may be defined very casually in enumerations, or code lists, up to very formal definitions such as SNOMED CT - see the V3 Core Principles for more information. Ordering of codings is undefined and SHALL not be used to infer meaning."/>
<shortvalue="Identity of the terminology system"/>
<formalvalue="The identification of the code system that defines the meaning of the symbol in the code."/>
<commentsvalue="The URI may be an OID (urn:oid:...) or a UUID (urn:uuid:...). OIDs and UUIDs SHALL be references to the HL7 OID registry. Otherwise, the URI should come from HL7's list of FHIR defined special URIs or it should de-reference to some definition that establish the system clearly and unambiguously."/>
<shortvalue="A person, a hardware device or software process"/>
<formalvalue="A person, a hardware device or software process."/>
<commentsvalue="There may be more than one user per event, for example, in cases of actions initiated by one user for other users, or in events that involve more than one user, hardware device, or system process. However, only one user may be the initiator/requestor for the event."/>
<minvalue="1"/>
<maxvalue="*"/>
<constraint>
<keyvalue="3"/>
<namevalue="Participant Identification"/>
<severityvalue="error"/>
<humanvalue="Either a userId or a reference, but not both"/>
<shortvalue="User roles (e.g. local RBAC codes)"/>
<formalvalue="Specification of the role(s) the user plays when performing the event. Usually the codes used in this element are local codes defined by the role-based access control security system used in the local context."/>
<shortvalue="Code defined by a terminology system"/>
<formalvalue="A reference to a code defined by a terminology system."/>
<commentsvalue="Codes may be defined very casually in enumerations, or code lists, up to very formal definitions such as SNOMED CT - see the V3 Core Principles for more information. Ordering of codings is undefined and SHALL not be used to infer meaning."/>
<shortvalue="Identity of the terminology system"/>
<formalvalue="The identification of the code system that defines the meaning of the symbol in the code."/>
<commentsvalue="The URI may be an OID (urn:oid:...) or a UUID (urn:uuid:...). OIDs and UUIDs SHALL be references to the HL7 OID registry. Otherwise, the URI should come from HL7's list of FHIR defined special URIs or it should de-reference to some definition that establish the system clearly and unambiguously."/>
<formalvalue="Application systems and processes."/>
<commentsvalue="Since multi-tier, distributed, or composite applications make source identification ambiguous, this collection of fields may repeat for each application or process actively involved in the event. For example, multiple value-sets can identify participating web servers, application processes, and database server threads in an n-tier distributed application. Passive event participants, e.g., low-level network transports, need not be identified."/>
<shortvalue="Specific instances of data or objects that have been accessed"/>
<formalvalue="Specific instances of data or objects that have been accessed."/>
<commentsvalue="required unless the values for Event Identification, Active Participant Identification, and Audit Source Identification are sufficient to document the entire auditable event. Because events may have more than one participant object, this group can be a repeating set of values."/>
<minvalue="0"/>
<maxvalue="*"/>
<constraint>
<keyvalue="2"/>
<namevalue="Object Identification"/>
<severityvalue="error"/>
<humanvalue="Either an identifier or a reference, but not both"/>
<shortvalue="usual | official | temp | secondary (If known)"/>
<formalvalue="The purpose of this identifier."/>
<commentsvalue="This is labeled as "Is Modifier" because applications should not mistake a temporary id for a permanent one. Applications can assume that an identifier is permanent unless it explicitly says that it is temporary."/>
<mapvalue="[self::Act].code or role.player.code"/>
</mapping>
<mapping>
<identityvalue="dicom"/>
<mapvalue="@ParticipantObjectTypeCode"/>
</mapping>
</definition>
</element>
<element>
<pathvalue="SecurityEvent.object.sensitivity"/>
<definition>
<shortvalue="Policy-defined sensitivity for the object"/>
<formalvalue="Denotes policy-defined sensitivity for the Participant Object ID such as VIP, HIV status, mental health status or similar topics."/>
<commentsvalue="Values from ATNA are institution- and implementation-defined text strings (in sensitivity.text). HL7 defines confidentiality codes for records, documents etc. that can also be used here."/>
<shortvalue="Code defined by a terminology system"/>
<formalvalue="A reference to a code defined by a terminology system."/>
<commentsvalue="Codes may be defined very casually in enumerations, or code lists, up to very formal definitions such as SNOMED CT - see the V3 Core Principles for more information. Ordering of codings is undefined and SHALL not be used to infer meaning."/>
<shortvalue="Identity of the terminology system"/>
<formalvalue="The identification of the code system that defines the meaning of the symbol in the code."/>
<commentsvalue="The URI may be an OID (urn:oid:...) or a UUID (urn:uuid:...). OIDs and UUIDs SHALL be references to the HL7 OID registry. Otherwise, the URI should come from HL7's list of FHIR defined special URIs or it should de-reference to some definition that establish the system clearly and unambiguously."/>
<shortvalue="Instance-specific descriptor for Object"/>
<formalvalue="An instance-specific descriptor of the Participant Object ID audited, such as a person's name."/>
<commentsvalue="This field may be used in a query/report to identify audit events for a specific person, e.g., where multiple synonymous Participant Object IDs (patient number, medical record number, encounter number, etc.) have been used."/>
<minvalue="1"/>
<maxvalue="1"/>
<type>
<codevalue="string"/>
</type>
<isModifiervalue="false"/>
<mapping>
<identityvalue="rim"/>
<mapvalue=".title"/>
</mapping>
<mapping>
<identityvalue="dicom"/>
<mapvalue="ParticipantObjectName"/>
</mapping>
</definition>
</element>
<element>
<pathvalue="SecurityEvent.extension"/>
<slicing>
<discriminatorvalue="url"/>
<orderedvalue="true"/>
<rulesvalue="openAtEnd"/>
</slicing>
</element>
<element>
<pathvalue="SecurityEvent.extension"/>
<namevalue="aeExtension"/>
<definition>
<minvalue="1"/>
<maxvalue="1"/>
<type>
<codevalue="Extension"/>
<profilevalue="#aeExtension"/>
</type>
</definition>
</element>
</structure>
<extensionDefn>
<codevalue="aeExtension"/>
<displayvalue="aeExtension"/>
<definition>
<minvalue="1"/>
<maxvalue="1"/>
</definition>
</extensionDefn>
<extensionDefn>
<codevalue="aeExtension.patientID"/>
<contextTypevalue="extension"/>
<contextvalue="#aeExtension"/>
<definition>
<shortvalue="Unique identifier for patient"/>
<minvalue="1"/>
<maxvalue="1"/>
<type>
<codevalue="string"/>
</type>
<maxLengthvalue="10"/>
</definition>
</extensionDefn>
<extensionDefn>
<codevalue="aeExtension.buildRelease"/>
<contextTypevalue="extension"/>
<contextvalue="#aeExtension"/>
<definition>
<minvalue="0"/>
<maxvalue="1"/>
<type>
<codevalue="string"/>
</type>
</definition>
</extensionDefn>
<extensionDefn>
<codevalue="aeExtension.eventType"/>
<contextTypevalue="extension"/>
<contextvalue="#aeExtension"/>
<definition>
<shortvalue="Audit|Exception"/>
<minvalue="1"/>
<maxvalue="1"/>
<type>
<codevalue="string"/>
</type>
</definition>
</extensionDefn>
<extensionDefn>
<codevalue="aeExtension.eventUnique"/>
<contextTypevalue="extension"/>
<contextvalue="#aeExtension"/>
<definition>
<shortvalue="Unique identifier for this audit record"/>
<minvalue="1"/>
<maxvalue="1"/>
<type>
<codevalue="uuid"/>
</type>
</definition>
</extensionDefn>
<extensionDefn>
<codevalue="aeExtension.eventGroupUnique"/>
<contextTypevalue="extension"/>
<contextvalue="#aeExtension"/>
<definition>
<shortvalue="Unique identifier for DMS RLUS/FHIR transaction for a consumer"/>
James Agnew