Thursday, March 3, 2022

IHE Basic Audit Implementation Guide

Updated May 4th, 2022 -- Trial Implementation released. The Implementation Guide is now named Basic Audit Log Patterns (BALP) Version 1.1.0.

Supporting Privacy Principles to give transparency to how a Patients data are used is one of the goals of a new Implementation Guide from IHE. The AuditEvent profiles in this guide can also be used for Security purposes.

The Basic Audit Log Pattern (BasicAudit) Content Profile defines some basic and reusable AuditEvent patterns. Defining formally an Audit Creator and an Audit Consumer actors (similar to how IHE has Content Creator and Content Consumer in the Document space).



The Audit Log Patterns defined here rely on the ATNA Profile for transport of the AuditEvent and query/retrieval of AuditEvents previously recorded. The patterns defined here may be used as they are, or further refined to specific use-cases. Where a more specific audit event is defined, it should be derived off of these basic patterns. Thus a more specific AuditEvent would be compliant with one or more of the AuditEvent patterns defined here.

This implementation guide is intended to be fully compliant with the HL7
FHIR specification, providing only use-case driven constraints to aid with interoperability, deterministic results, and compatibility with ATNA and other IHE Profiles.

This Implementation Guide is not about the "ANY request/response", this is about what should be put into an AuditEvent record that "auditable event" happened.

Specifically, there are a set of patterns (profiles) defined for the AuditEvent content that should be recorded when any of the following happens:

1 comment:

  1. FIRELY FHIR Server implements BALP
    https://docs.fire.ly/projects/Firely-Server/en/latest/security/auditing.html

    ReplyDelete