Updated May 4th, 2022 -- Trial Implementation released. The Implementation Guide is now named Basic Audit Log Patterns (BALP) Version 1.1.0.
The Basic Audit Log Pattern (BasicAudit) Content Profile defines some basic and reusable AuditEvent patterns. Defining formally an Audit Creator and an Audit Consumer actors (similar to how IHE has Content Creator and Content Consumer in the Document space).
The Audit Log Patterns defined here rely on the ATNA Profile for transport of the AuditEvent and query/retrieval of AuditEvents previously recorded. The patterns defined here may be used as they are, or further refined to specific use-cases. Where a more specific audit event is defined, it should be derived off of these basic patterns. Thus a more specific AuditEvent would be compliant with one or more of the AuditEvent patterns defined here.
This implementation guide is intended to be fully compliant with the HL7 FHIR specification, providing only use-case driven constraints to aid with interoperability, deterministic results, and compatibility with ATNA and other IHE Profiles.
This Implementation Guide is not about the "ANY request/response", this is about what should be put into an AuditEvent record that "auditable event" happened.
Specifically, there are a set of patterns (profiles) defined for the AuditEvent content that should be recorded when any of the following happens:
- RESTful activities
- Create
- Read
- Update
- Delete
- Search/Query
- SAML Security Token used
- OAuth Security Token used
- Consent Authorized Decision Audit Message
- Privacy Disclosure Audit Message
FIRELY FHIR Server implements BALP
ReplyDeletehttps://docs.fire.ly/projects/Firely-Server/en/latest/security/auditing.html