CH ATC (R4)
3.3.0 - draft
This page is part of the CH ATC (R4) (v3.3.0: Draft Draft) based on FHIR (HL7® FHIR® Standard) R4. This is the current published version. For a full list of available versions, see the Directory of published versions
There are four different categories of Audit Events in the context of the EPR:
Each category is described as a content profile. These content profiles are based on the AuditEvent Resource, http://hl7.org/fhir/R4/auditevent.html.
The AuditEvent Resource has mapping rules to the DICOM audit message format, which allows to map to ATNA.
The following Audit Trail Consumption Event Types are defined and shall be supported, see EprAuditTrailConsumptionEventTypes from Codesystem 2.16.756.5.30.1.127.3.10.7.
Type | Description | Profile Ref | Opt Community |
---|---|---|---|
ATC_DOC_CREATE | Document upload | Document Audit Event Content Profile | R |
ATC_DOC_READ | Document retrieval | Document Audit Event Content Profile | R |
ATC_DOC_UPDATE | Document or Document Metadata update | Document Audit Event Content Profile | R |
ATC_DOC_DELETE | Document removal | Document Audit Event Content Profile | R |
ATC_DOC_SEARCH | Document search | Document Audit Event Content Profile | R |
ATC_POL_CREATE_AUT_PART_AL | Authorize participants to access level/date | Policy Audit Event Content Profile | R, (NP if not reference community) |
ATC_POL_UPDATE_AUT_PART_AL | Update access level/date of authorized participants | Policy Audit Event Content Profile | R, (NP: if not reference community) |
ATC_POL_REMOVE_AUT_PART_AL | Remove authorization for participants | Policy Audit Event Content Profile | R, (NP: if not reference community) |
ATC_POL_DEF_CONFLEVEL | Set or update default Confidentiality Level | Policy Audit Event Content Profile | R, (NP: if not reference community) |
ATC_POL_DIS_EMER_USE | Disabling Emergency Access | Policy Audit Event Content Profile | R, (NP: if not reference community) |
ATC_POL_ENA_EMER_USE | Enabling Emergency Access | Policy Audit Event Content Profile | R, (NP: if not reference community) |
ATC_POL_INCL_BLACKLIST | Assign Healthcare Professional to Blacklist | Policy Audit Event Content Profile | R, (NP: if not reference community) |
ATC_POL_EXL_BLACKLIST | Exclude Healthcare Professional from Blacklist | Policy Audit Event Content Profile | R, (NP: if not reference community) |
ATC_LOG_READ | Accessing Patient Audit Record Repository | Access Audit Trail Content Profile | R |
ATC_HPD_GROUP_ENTRY_NOTIFY | Entry of healthcare professionals into a group | HPD Group Entry Audit Event Content Profile | R, (NP: if not reference community) |
Table 4: Audit Trail Consumption Event Types
This content profile describes Audit Event related to Document Management. The following Data Elements shall be provided:
Data Element |
Description |
Property/Value |
Event Type |
Document upload |
|
Event Date and Time |
|
UTC |
Participants |
|
|
Initiator |
Patient |
Name |
Representative of patient |
Name |
|
Authorized Healthcare Professional |
Name |
|
Assistant of a Healthcare Professional |
Name |
|
Technical User |
Name |
|
Document Administrator |
Name |
|
Responsible[5.1] |
Patient |
Name |
Healthcare Professional |
Name |
|
Groups where Healthcare Professional is member |
|
Name of Group |
Purpose of Use |
|
NORM, EMER, AUTO, DICOM_AUTO |
Patient |
Involved patient |
EPR-SPID |
Document[5.2] |
type of document |
typeCode[5.3] (SNOMED CT code) |
reference to document |
||
title of document |
[5.1] If different from Initiator (Representative of patient acting on behalf of a patient then patient is responsible).
[5.2] Required for Document upload, Document retrieval, Document or Document Metadata update and Document removal but not for Document search.
[5.3] Annex 3 EPRO-FDHA, chapter 2.6 type of document (2.16.756.5.30.1.127.3.10.1.27).
Table 5: Document Audit Event Data Elements
This profile defines the content of the document audit events which a community has to provide for a patient's audit trail. This profile builds on AuditEvent (http://hl7.org/fhir/R4/auditevent.html).
The mapping from the Document Audit Event Resource to the Data Elements is as follows:
Event | Upload |
Resource title of Document | Austrittsbericht von Julia Helfe-Gern |
Resource: type of Document | Sonstige Dokumentation (SNOMED CT: 419891008) |
Resource: reference to Document | uniqueID |
Event Date and Time | 10.10.2020 18:29 |
Participant, Initiator | Julia Helfe-Gern |
Participant, Responsible | representing Jakob Wieder-Gesund |
Table 6: Uploading a Record Artifact by a patient representative (atc-doc-create-rep-pat)
Event | Search for documents |
Event Date and Time | 10.10.2020 18:49 |
Participant, Initiator | David Mustermann |
Participant, Responsible | representing Dr. med. Sabine Musterfrau |
Participant, Group | Kardiologie Universitätsspital Musterstadt |
Purpose of event | Emergency Access |
Table 7: Example of a Document Audit Event: Document search
This content profile describes Audit Events related to Policy Management. The following Data Elements shall be provided:
Data Element |
Description |
Property/Value |
Event Type |
Authorize participants to access level/date |
|
Update access level/date of authorized participants |
||
Remove authorization for participants to access level/date |
||
Set or update the default Confidentiality Level for new documents |
||
Disabling Emergency Access |
||
Enabling Emergency Access |
||
Exclude a Healthcare Professional from accessing the EPR |
||
Revoke the exclusion of a Healthcare Professional from accessing the EPR |
||
Event Date Time |
UTC |
|
Participants |
||
Initiator |
Patient |
Name |
Representative of patient |
Name |
|
Authorized Healthcare Professional[8.1] |
Name |
|
Assistant of a Healthcare Professional |
Name |
|
Policy Administrator |
Name |
|
Responsible |
Patient |
Name |
Healthcare Professional |
Name |
|
Patient |
Involved patient |
EPR-SPID |
Resource |
Resource Role |
HCP, GRP or REP |
Healthcare Professional |
Name |
|
Group of Healthcare Professional |
Name of Group |
|
Representative of patient |
Name |
|
AccessLevel[8.2] |
one of urn:e-health-suisse:2015:policies:access-level: |
|
AccessLimitedToDate[8.2] |
Date |
|
ProvideLevel[8.3] |
one of urn:e-health-suisse:2015:policies:provide-level: |
[8.1] Healthcare Professional or Assistant of Healthcare Professional can only be a participant for the first Event Type (Authorize participants to access level).
[8.2] Access Level and the date if the access is limited (AccessLimitedToDate) are required for the first two Event Types (Authorize, update Authorization participants to access level/date), for the other Event Types these parameters do not need to be specified.
[8.3] Provide Level is only relevant for the Event Type Default Confidentiality Level for new Documents.
Table 8: Policy Audit Event Data Elements
This content profile defines the document audit events which a community has to provide for a patients audit trail. This profile builds on AuditEvent (http://hl7.org/fhir/R4/auditevent.html).
The mapping from the Document Audit Event Resource to the Data Elements is as follows:
Event | Create |
Resource: HCP | EPR-Access Level "delegation-and-restricted" till 31.12.2020 08:00 to Dr. med. Hans Allzeitbereit |
Event Date and Time | 22.09.2020 09:47 |
Participant Initiator | Jakob Wieder-Gesund |
Table 9: Example Create Delegation and Restricted access for a healthcare professional (atc-pol-create-acc-right)
Event | Create |
Resource: Representative | Julia Helfe-Gern |
Event Date and Time | 22.09.2020 09:48 |
Participant Initiator | Jakob Wieder-Gesund |
Table 10: Example Create for a representative (atc-pol-create-rep)
This content profile describes Audit Event related to Accessing the Audit Trail of a Patient from a Patient Audit Record Repository. The following Data Elements shall be provided:
Data Element |
Description |
Property/Value |
Event Type |
|
Access Audit Trail |
Event Date and Time |
|
UTC |
Participants |
|
|
Initiator |
Patient |
Name |
Representative of patient |
Name |
|
Responsible |
Patient |
Name |
Patient |
Involved patient |
EPR-SPID |
Table 11: Access Audit Trail Data Elements
This content profile defines the access audit trail event, which a community has to provide for a patient’s audit trail. This profile builds on AuditEvent (http://hl7.org/fhir/R4/auditevent.html).
The mapping from the Access Audit Trail Event Resource to the Data Elements is as follows:
Event | Access Audit Trail |
Patient | Jakob Wieder-Gesund |
Timestamp | 22.09.2020 10:47 |
Participant | Jakob Wieder-Gesund |
Table 12: Example Log Access (atc-log-read)
This content profile describe the Audit Event related to the entry of a healthcare professional into a HPD group for which the patient is notified. The following Data Elements shall be provided:
Data Element |
Description |
Property/Value |
Event Type |
Patient notified of Healthcare Professionals added to a group |
|
Event Date and Time |
|
UTC |
Notification Service |
|
Name |
Patient |
Notified patient |
EPR-SPID |
Healthcare Professionals |
Healthcare professionals |
Name |
Group |
Group where Healthcare Professionals are added as members |
Name of Group |
Table 13: HPD Group Entry Audit Event Elements
This profile defines the content of the HPD group entry audit event. This profile builds on AuditEvent (http://hl7.org/fhir/R4/auditevent.html).
The mapping from the HPD Group Entry Audit Event Resource to the Data Elements is as follows:
Event | Group entry of healthcare professional: |
Healthcare professionals | Dr. med. Sabine Musterfrau |
Timestamp | 10.10.2020 10:05 |
Participant, Group | Kardiologie Universitätsspital Musterstadt |
Patient | Jakob Wieder-Gesund |
Table 14: Example group entry of healthcare professionals