Audit Events Implementation Guide
0.1.0 - draft

Audit Events Implementation Guide - Local Development build (v0.1.0) built by the FHIR (HL7® FHIR® Standard) Build Tools. See the Directory of published versions

Resource Profile: HiraAuditEvent - Detailed Descriptions

Draft as of 2024-07-25

Definitions for the hira-audit-event resource profile.

Guidance on how to interpret the contents of this table can be found here

0. AuditEvent
2. AuditEvent.type
Pattern Value{
  "system" : "http://terminology.hl7.org/CodeSystem/audit-event-type",
  "code" : "rest"
}
4. AuditEvent.action
Control1..?
6. AuditEvent.outcome
Control1..?
8. AuditEvent.outcomeDesc
Control1..?
10. AuditEvent.purposeOfEvent
ShortPurpose of use codes including NZ specific terminology
BindingUnless not suitable, these codes SHALL be taken from NZ purpose of use
(extensible to https://nzhts.digital.health.nz/fhir/ValueSet/nz-purpose-of-use-value-set)
12. AuditEvent.agent
SlicingThis element introduces a set of slices on AuditEvent.agent. The slices areUnordered and Open, and can be differentiated using the following discriminators:
  • value @ role
  • value @ type
  • 14. AuditEvent.agent:slf
    Slice Nameslf
    ShortThe Patient who is logged in and accessing their own records
    Control0..1
    16. AuditEvent.agent:slf.extension
    SlicingThis element introduces a set of slices on AuditEvent.agent.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
    • value @ url
    • 18. AuditEvent.agent:slf.extension:additionalAgentDetails
      Slice NameadditionalAgentDetails
      Control0..1
      TypeExtension(AuditEvent.Agent additional details) (Complex Extension)
      20. AuditEvent.agent:slf.role
      Control1..1
      Pattern Value{
        "coding" : [{
          "system" : "https://terminology.hl7.org/CodeSystem/v3-RoleClass",
          "code" : "patient"
        }]
      }
      22. AuditEvent.agent:slf.name
      Control0..0
      24. AuditEvent.agent:dlg
      Slice Namedlg
      ShortThe Patient who has provided delegated access to their own records
      Control0..1
      26. AuditEvent.agent:dlg.extension
      SlicingThis element introduces a set of slices on AuditEvent.agent.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
      • value @ url
      • 28. AuditEvent.agent:dlg.extension:additionalAgentDetails
        Slice NameadditionalAgentDetails
        Control0..1
        TypeExtension(AuditEvent.Agent additional details) (Complex Extension)
        30. AuditEvent.agent:dlg.role
        Control1..1
        Pattern Value{
          "coding" : [{
            "system" : "https://terminology.hl7.org/CodeSystem/v3-RoleCode",
            "code" : "DELEGATOR"
          }]
        }
        32. AuditEvent.agent:dlg.name
        Control0..0
        34. AuditEvent.agent:caregiver
        Slice Namecaregiver
        ShortThe Caregiver accessing a child's records
        Control0..1
        36. AuditEvent.agent:caregiver.extension
        SlicingThis element introduces a set of slices on AuditEvent.agent.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
        • value @ url
        • 38. AuditEvent.agent:caregiver.extension:additionalAgentDetails
          Slice NameadditionalAgentDetails
          Control0..1
          TypeExtension(AuditEvent.Agent additional details) (Complex Extension)
          40. AuditEvent.agent:caregiver.role
          Control1..1
          Pattern Value{
            "coding" : [{
              "system" : "http://terminology.hl7.org/CodeSystem/v3-ParticipationFunction",
              "code" : "AUCG"
            }]
          }
          42. AuditEvent.agent:caregiver.name
          Control0..0
          44. AuditEvent.agent:delegatee
          Slice Namedelegatee
          ShortA Delegate accessing a patient's records on their behalf
          Control0..1
          46. AuditEvent.agent:delegatee.extension
          SlicingThis element introduces a set of slices on AuditEvent.agent.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
          • value @ url
          • 48. AuditEvent.agent:delegatee.extension:additionalAgentDetails
            Slice NameadditionalAgentDetails
            Control0..1
            TypeExtension(AuditEvent.Agent additional details) (Complex Extension)
            50. AuditEvent.agent:delegatee.role
            Control1..1
            Pattern Value{
              "coding" : [{
                "system" : "https://terminology.hl7.org/CodeSystem/v3-RoleCode",
                "code" : "DELEGATEE"
              }]
            }
            52. AuditEvent.agent:delegatee.name
            Control0..0
            54. AuditEvent.agent:healthworkforce
            Slice Namehealthworkforce
            ShortA member of the Health Workforce accessing patient records
            Control0..1
            56. AuditEvent.agent:healthworkforce.extension
            SlicingThis element introduces a set of slices on AuditEvent.agent.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
            • value @ url
            • 58. AuditEvent.agent:healthworkforce.extension:additionalAgentDetails
              Slice NameadditionalAgentDetails
              Control0..1
              TypeExtension(AuditEvent.Agent additional details) (Complex Extension)
              60. AuditEvent.agent:healthworkforce.role
              Control1..1
              Pattern Value{
                "coding" : [{
                  "system" : "https://terminology.hl7.org/CodeSystem/v3-RoleClass",
                  "code" : "PROV"
                }]
              }
              62. AuditEvent.agent:system
              Slice Namesystem
              ShortA system accessing Patient records
              Control0..1
              64. AuditEvent.agent:system.extension
              SlicingThis element introduces a set of slices on AuditEvent.agent.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
              • value @ url
              • 66. AuditEvent.agent:system.extension:additionalAgentDetails
                Slice NameadditionalAgentDetails
                Control0..1
                TypeExtension(AuditEvent.Agent additional details) (Complex Extension)
                68. AuditEvent.agent:system.role
                Control1..1
                Pattern Value{
                  "coding" : [{
                    "system" : "http://terminology.hl7.org/CodeSystem/extra-security-role-type",
                    "code" : "dataprocessor"
                  }]
                }
                70. AuditEvent.agent:organisation
                Slice Nameorganisation
                ShortThe organisation accessing Patient records
                Control0..1
                72. AuditEvent.agent:organisation.extension
                SlicingThis element introduces a set of slices on AuditEvent.agent.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
                • value @ url
                • 74. AuditEvent.agent:organisation.extension:additionalAgentDetails
                  Slice NameadditionalAgentDetails
                  Control0..1
                  TypeExtension(AuditEvent.Agent additional details) (Complex Extension)
                  76. AuditEvent.agent:organisation.role
                  Control1..?
                  Pattern Value{
                    "coding" : [{
                      "system" : "http://terminology.hl7.org/CodeSystem/v3-RoleClass",
                      "code" : "PROV"
                    }]
                  }
                  78. AuditEvent.source
                  80. AuditEvent.source.observer
                  82. AuditEvent.source.observer.display
                  ShortThe gateway or entity which logged the event
                  Control1..?
                  84. AuditEvent.entity
                  ShortDetails of the endpoints being accessed
                  Control1..?
                  SlicingThis element introduces a set of slices on AuditEvent.entity. The slices areUnordered and Open, and can be differentiated using the following discriminators:
                  • value @ type
                  • value @ role
                  • 86. AuditEvent.entity:accessedResource
                    Slice NameaccessedResource
                    ShortThe REST or FHIR resource that is being accessed
                    Control1..1
                    88. AuditEvent.entity:accessedResource.type
                    Control1..?
                    Pattern Value{
                      "system" : "http://terminology.hl7.org/CodeSystem/audit-entity-type",
                      "code" : "2"
                    }
                    90. AuditEvent.entity:dataSubject
                    Slice NamedataSubject
                    ShortThe data subject of the accessed resource, derived from the resource itself
                    Control0..*
                    92. AuditEvent.entity:dataSubject.role
                    Control1..?
                    Pattern Value{
                      "system" : "http://terminology.hl7.org/CodeSystem/object-role",
                      "code" : "1"
                    }

                    Guidance on how to interpret the contents of this table can be found here

                    0. AuditEvent
                    Definition

                    A record of an event made for purposes of maintaining a security log. Typical uses include detection of intrusion attempts and monitoring for inappropriate usage.

                    ShortEvent record kept for security purposes
                    Comments

                    Based on IHE-ATNA.

                    Control0..*
                    Is Modifierfalse
                    Summaryfalse
                    Invariantsdom-2: If the resource is contained in another resource, it SHALL NOT contain nested Resources (contained.contained.empty())
                    dom-3: If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource (contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().as(canonical) | %resource.descendants().as(uri) | %resource.descendants().as(url))) or descendants().where(reference = '#').exists() or descendants().where(as(canonical) = '#').exists() or descendants().where(as(canonical) = '#').exists()).not()).trace('unmatched', id).empty())
                    dom-4: If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated (contained.meta.versionId.empty() and contained.meta.lastUpdated.empty())
                    dom-5: If a resource is contained in another resource, it SHALL NOT have a security label (contained.meta.security.empty())
                    dom-6: A resource should have narrative for robust management (text.`div`.exists())
                    2. AuditEvent.implicitRules
                    Definition

                    A reference to a set of rules that were followed when the resource was constructed, and which must be understood when processing the content. Often, this is a reference to an implementation guide that defines the special rules along with other profiles etc.

                    ShortA set of rules under which this content was created
                    Comments

                    Asserting this rule set restricts the content to be only understood by a limited set of trading partners. This inherently limits the usefulness of the data in the long term. However, the existing health eco-system is highly fractured, and not yet ready to define, collect, and exchange data in a generally computable sense. Wherever possible, implementers and/or specification writers should avoid using this element. Often, when used, the URL is a reference to an implementation guide that defines these special rules as part of it's narrative along with other profiles, value sets, etc.

                    Control0..1
                    Typeuri
                    Is Modifiertrue because This element is labeled as a modifier because the implicit rules may provide additional knowledge about the resource that modifies it's meaning or interpretation
                    Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                    Summarytrue
                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                    4. AuditEvent.modifierExtension
                    Definition

                    May be used to represent additional information that is not part of the basic definition of the resource and that modifies the understanding of the element that contains it and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer is allowed to define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                    Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                    ShortExtensions that cannot be ignored
                    Comments

                    There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                    Control0..*
                    TypeExtension
                    Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the resource that contains them
                    Summaryfalse
                    Requirements

                    Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                    Alternate Namesextensions, user content
                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                    ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                    6. AuditEvent.type
                    Definition

                    Identifier for a family of the event. For example, a menu item, program, rule, policy, function code, application name or URL. It identifies the performed function.

                    ShortType/identifier of event
                    Control1..1
                    BindingUnless not suitable, these codes SHALL be taken from AuditEventIDhttp://hl7.org/fhir/ValueSet/audit-event-type
                    (extensible to http://hl7.org/fhir/ValueSet/audit-event-type)

                    Type of event.

                    TypeCoding
                    Is Modifierfalse
                    Summarytrue
                    Requirements

                    This identifies the performed function. For "Execute" Event Action Code audit records, this identifies the application function performed.

                    Pattern Value{
                      "system" : "http://terminology.hl7.org/CodeSystem/audit-event-type",
                      "code" : "rest"
                    }
                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                    8. AuditEvent.action
                    Definition

                    Indicator for type of action performed during the event that generated the audit.

                    ShortType of action performed during the event
                    Control10..1
                    BindingThe codes SHALL be taken from AuditEventActionhttp://hl7.org/fhir/ValueSet/audit-event-action|4.0.1
                    (required to http://hl7.org/fhir/ValueSet/audit-event-action|4.0.1)

                    Indicator for type of action performed during the event that generated the event.

                    Typecode
                    Is Modifierfalse
                    Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                    Summarytrue
                    Requirements

                    This broadly indicates what kind of action was done on the AuditEvent.entity by the AuditEvent.agent.

                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                    10. AuditEvent.recorded
                    Definition

                    The time when the event was recorded.

                    ShortTime when the event was recorded
                    Comments

                    In a distributed system, some sort of common time base (e.g. an NTP [RFC1305] server) is a good implementation tactic.

                    Control1..1
                    Typeinstant
                    Is Modifierfalse
                    Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                    Summarytrue
                    Requirements

                    This ties an event to a specific date and time. Security audits typically require a consistent time base (e.g. UTC), to eliminate time-zone issues arising from geographical distribution.

                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                    12. AuditEvent.outcome
                    Definition

                    Indicates whether the event succeeded or failed.

                    ShortWhether the event succeeded or failed
                    Comments

                    In some cases a "success" may be partial, for example, an incomplete or interrupted transfer of a radiological study. For the purpose of establishing accountability, these distinctions are not relevant.

                    Control10..1
                    BindingThe codes SHALL be taken from AuditEventOutcomehttp://hl7.org/fhir/ValueSet/audit-event-outcome|4.0.1
                    (required to http://hl7.org/fhir/ValueSet/audit-event-outcome|4.0.1)

                    Indicates whether the event succeeded or failed.

                    Typecode
                    Is Modifierfalse
                    Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                    Summarytrue
                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                    14. AuditEvent.outcomeDesc
                    Definition

                    A free text description of the outcome of the event.

                    ShortDescription of the event outcome
                    Control10..1
                    Typestring
                    Is Modifierfalse
                    Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                    Summarytrue
                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                    16. AuditEvent.purposeOfEvent
                    Definition

                    The purposeOfUse (reason) that was used during the event being recorded.

                    ShortPurpose of use codes including NZ specific terminologyThe purposeOfUse of the event
                    Comments

                    Use AuditEvent.agent.purposeOfUse when you know that it is specific to the agent, otherwise use AuditEvent.purposeOfEvent. For example, during a machine-to-machine transfer it might not be obvious to the audit system who caused the event, but it does know why.

                    Control0..*
                    BindingUnless not suitable, these codes SHALL be taken from NZ purpose of usehttp://terminology.hl7.org/ValueSet/v3-PurposeOfUse
                    (extensible to https://nzhts.digital.health.nz/fhir/ValueSet/nz-purpose-of-use-value-set)
                    TypeCodeableConcept
                    Is Modifierfalse
                    Summarytrue
                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                    18. AuditEvent.agent
                    Definition

                    An actor taking an active role in the event or activity that is logged.

                    ShortActor involved in the event
                    Comments

                    Several agents may be associated (i.e. have some responsibility for an activity) with an event or activity.

                    For example, an activity may be initiated by one user for other users or involve more than one user. However, only one user may be the initiator/requestor for the activity.

                    Control1..*
                    TypeBackboneElement
                    Is Modifierfalse
                    Summaryfalse
                    Requirements

                    An agent can be a person, an organization, software, device, or other actors that may be ascribed responsibility.

                    Alternate NamesActiveParticipant
                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                    SlicingThis element introduces a set of slices on AuditEvent.agent. The slices areUnordered and Open, and can be differentiated using the following discriminators:
                    • value @ role
                    • value @ type
                    • 20. AuditEvent.agent.modifierExtension
                      Definition

                      May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                      Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                      ShortExtensions that cannot be ignored even if unrecognized
                      Comments

                      There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                      Control0..*
                      TypeExtension
                      Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                      Summarytrue
                      Requirements

                      Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                      Alternate Namesextensions, user content, modifiers
                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                      ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                      22. AuditEvent.agent.requestor
                      Definition

                      Indicator that the user is or is not the requestor, or initiator, for the event being audited.

                      ShortWhether user is initiator
                      Comments

                      There can only be one initiator. If the initiator is not clear, then do not choose any one agent as the initiator.

                      Control1..1
                      Typeboolean
                      Is Modifierfalse
                      Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                      Summarytrue
                      Requirements

                      This value is used to distinguish between requestor-users and recipient-users. For example, one person may initiate a report-output to be sent to another user.

                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                      24. AuditEvent.agent:slf
                      Slice Nameslf
                      Definition

                      An actor taking an active role in the event or activity that is logged.

                      ShortThe Patient who is logged in and accessing their own recordsActor involved in the event
                      Comments

                      Several agents may be associated (i.e. have some responsibility for an activity) with an event or activity.

                      For example, an activity may be initiated by one user for other users or involve more than one user. However, only one user may be the initiator/requestor for the activity.

                      Control01..1*
                      TypeBackboneElement
                      Is Modifierfalse
                      Summaryfalse
                      Requirements

                      An agent can be a person, an organization, software, device, or other actors that may be ascribed responsibility.

                      Alternate NamesActiveParticipant
                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                      26. AuditEvent.agent:slf.extension
                      Definition

                      An Extension


                      May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                      ShortExtensionAdditional content defined by implementations
                      Comments

                      There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                      Control0..*
                      TypeExtension
                      Is Modifierfalse
                      Summaryfalse
                      Alternate Namesextensions, user content
                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                      ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                      SlicingThis element introduces a set of slices on AuditEvent.agent.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
                      • value @ url
                      • 28. AuditEvent.agent:slf.extension:additionalAgentDetails
                        Slice NameadditionalAgentDetails
                        Definition

                        This extension stores detailed information about the agent

                        ShortAuditEvent.Agent additional details
                        Control0..1
                        This element is affected by the following invariants: ele-1
                        TypeExtension(AuditEvent.Agent additional details) (Complex Extension)
                        Is Modifierfalse
                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                        ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                        30. AuditEvent.agent:slf.modifierExtension
                        Definition

                        May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                        Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                        ShortExtensions that cannot be ignored even if unrecognized
                        Comments

                        There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                        Control0..*
                        TypeExtension
                        Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                        Summarytrue
                        Requirements

                        Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                        Alternate Namesextensions, user content, modifiers
                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                        ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                        32. AuditEvent.agent:slf.role
                        Definition

                        The security role that the user was acting under, that come from local codes defined by the access control security system (e.g. RBAC, ABAC) used in the local context.

                        ShortAgent role in the event
                        Comments

                        Should be roles relevant to the event. Should not be an exhaustive list of roles.

                        Control10..1*
                        BindingFor example codes, see SecurityRoleTypehttp://hl7.org/fhir/ValueSet/security-role-type
                        (example to http://hl7.org/fhir/ValueSet/security-role-type)

                        What security role enabled the agent to participate in the event.

                        TypeCodeableConcept
                        Is Modifierfalse
                        Summaryfalse
                        Requirements

                        This value ties an audited event to a user's role(s). It is an optional value that might be used to group events for analysis by user functional role categories.

                        Pattern Value{
                          "coding" : [{
                            "system" : "https://terminology.hl7.org/CodeSystem/v3-RoleClass",
                            "code" : "patient"
                          }]
                        }
                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                        34. AuditEvent.agent:slf.name
                        Definition

                        Human-meaningful name for the agent.

                        ShortHuman friendly name for the agent
                        Control0..01
                        Typestring
                        Is Modifierfalse
                        Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                        Summaryfalse
                        Requirements

                        The User ID and Authorization User ID may be internal or otherwise obscure values. This field assists the auditor in identifying the actual user.

                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                        36. AuditEvent.agent:slf.requestor
                        Definition

                        Indicator that the user is or is not the requestor, or initiator, for the event being audited.

                        ShortWhether user is initiator
                        Comments

                        There can only be one initiator. If the initiator is not clear, then do not choose any one agent as the initiator.

                        Control1..1
                        Typeboolean
                        Is Modifierfalse
                        Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                        Summarytrue
                        Requirements

                        This value is used to distinguish between requestor-users and recipient-users. For example, one person may initiate a report-output to be sent to another user.

                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                        38. AuditEvent.agent:dlg
                        Slice Namedlg
                        Definition

                        An actor taking an active role in the event or activity that is logged.

                        ShortThe Patient who has provided delegated access to their own recordsActor involved in the event
                        Comments

                        Several agents may be associated (i.e. have some responsibility for an activity) with an event or activity.

                        For example, an activity may be initiated by one user for other users or involve more than one user. However, only one user may be the initiator/requestor for the activity.

                        Control01..1*
                        TypeBackboneElement
                        Is Modifierfalse
                        Summaryfalse
                        Requirements

                        An agent can be a person, an organization, software, device, or other actors that may be ascribed responsibility.

                        Alternate NamesActiveParticipant
                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                        40. AuditEvent.agent:dlg.extension
                        Definition

                        An Extension


                        May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                        ShortExtensionAdditional content defined by implementations
                        Comments

                        There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                        Control0..*
                        TypeExtension
                        Is Modifierfalse
                        Summaryfalse
                        Alternate Namesextensions, user content
                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                        ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                        SlicingThis element introduces a set of slices on AuditEvent.agent.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
                        • value @ url
                        • 42. AuditEvent.agent:dlg.extension:additionalAgentDetails
                          Slice NameadditionalAgentDetails
                          Definition

                          This extension stores detailed information about the agent

                          ShortAuditEvent.Agent additional details
                          Control0..1
                          This element is affected by the following invariants: ele-1
                          TypeExtension(AuditEvent.Agent additional details) (Complex Extension)
                          Is Modifierfalse
                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                          ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                          44. AuditEvent.agent:dlg.modifierExtension
                          Definition

                          May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                          Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                          ShortExtensions that cannot be ignored even if unrecognized
                          Comments

                          There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                          Control0..*
                          TypeExtension
                          Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                          Summarytrue
                          Requirements

                          Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                          Alternate Namesextensions, user content, modifiers
                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                          ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                          46. AuditEvent.agent:dlg.role
                          Definition

                          The security role that the user was acting under, that come from local codes defined by the access control security system (e.g. RBAC, ABAC) used in the local context.

                          ShortAgent role in the event
                          Comments

                          Should be roles relevant to the event. Should not be an exhaustive list of roles.

                          Control10..1*
                          BindingFor example codes, see SecurityRoleTypehttp://hl7.org/fhir/ValueSet/security-role-type
                          (example to http://hl7.org/fhir/ValueSet/security-role-type)

                          What security role enabled the agent to participate in the event.

                          TypeCodeableConcept
                          Is Modifierfalse
                          Summaryfalse
                          Requirements

                          This value ties an audited event to a user's role(s). It is an optional value that might be used to group events for analysis by user functional role categories.

                          Pattern Value{
                            "coding" : [{
                              "system" : "https://terminology.hl7.org/CodeSystem/v3-RoleCode",
                              "code" : "DELEGATOR"
                            }]
                          }
                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                          48. AuditEvent.agent:dlg.name
                          Definition

                          Human-meaningful name for the agent.

                          ShortHuman friendly name for the agent
                          Control0..01
                          Typestring
                          Is Modifierfalse
                          Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                          Summaryfalse
                          Requirements

                          The User ID and Authorization User ID may be internal or otherwise obscure values. This field assists the auditor in identifying the actual user.

                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                          50. AuditEvent.agent:dlg.requestor
                          Definition

                          Indicator that the user is or is not the requestor, or initiator, for the event being audited.

                          ShortWhether user is initiator
                          Comments

                          There can only be one initiator. If the initiator is not clear, then do not choose any one agent as the initiator.

                          Control1..1
                          Typeboolean
                          Is Modifierfalse
                          Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                          Summarytrue
                          Requirements

                          This value is used to distinguish between requestor-users and recipient-users. For example, one person may initiate a report-output to be sent to another user.

                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                          52. AuditEvent.agent:caregiver
                          Slice Namecaregiver
                          Definition

                          An actor taking an active role in the event or activity that is logged.

                          ShortThe Caregiver accessing a child's recordsActor involved in the event
                          Comments

                          Several agents may be associated (i.e. have some responsibility for an activity) with an event or activity.

                          For example, an activity may be initiated by one user for other users or involve more than one user. However, only one user may be the initiator/requestor for the activity.

                          Control01..1*
                          TypeBackboneElement
                          Is Modifierfalse
                          Summaryfalse
                          Requirements

                          An agent can be a person, an organization, software, device, or other actors that may be ascribed responsibility.

                          Alternate NamesActiveParticipant
                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                          54. AuditEvent.agent:caregiver.extension
                          Definition

                          An Extension


                          May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                          ShortExtensionAdditional content defined by implementations
                          Comments

                          There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                          Control0..*
                          TypeExtension
                          Is Modifierfalse
                          Summaryfalse
                          Alternate Namesextensions, user content
                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                          ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                          SlicingThis element introduces a set of slices on AuditEvent.agent.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
                          • value @ url
                          • 56. AuditEvent.agent:caregiver.extension:additionalAgentDetails
                            Slice NameadditionalAgentDetails
                            Definition

                            This extension stores detailed information about the agent

                            ShortAuditEvent.Agent additional details
                            Control0..1
                            This element is affected by the following invariants: ele-1
                            TypeExtension(AuditEvent.Agent additional details) (Complex Extension)
                            Is Modifierfalse
                            Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                            ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                            58. AuditEvent.agent:caregiver.modifierExtension
                            Definition

                            May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                            Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                            ShortExtensions that cannot be ignored even if unrecognized
                            Comments

                            There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                            Control0..*
                            TypeExtension
                            Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                            Summarytrue
                            Requirements

                            Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                            Alternate Namesextensions, user content, modifiers
                            Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                            ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                            60. AuditEvent.agent:caregiver.role
                            Definition

                            The security role that the user was acting under, that come from local codes defined by the access control security system (e.g. RBAC, ABAC) used in the local context.

                            ShortAgent role in the event
                            Comments

                            Should be roles relevant to the event. Should not be an exhaustive list of roles.

                            Control10..1*
                            BindingFor example codes, see SecurityRoleTypehttp://hl7.org/fhir/ValueSet/security-role-type
                            (example to http://hl7.org/fhir/ValueSet/security-role-type)

                            What security role enabled the agent to participate in the event.

                            TypeCodeableConcept
                            Is Modifierfalse
                            Summaryfalse
                            Requirements

                            This value ties an audited event to a user's role(s). It is an optional value that might be used to group events for analysis by user functional role categories.

                            Pattern Value{
                              "coding" : [{
                                "system" : "http://terminology.hl7.org/CodeSystem/v3-ParticipationFunction",
                                "code" : "AUCG"
                              }]
                            }
                            Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                            62. AuditEvent.agent:caregiver.name
                            Definition

                            Human-meaningful name for the agent.

                            ShortHuman friendly name for the agent
                            Control0..01
                            Typestring
                            Is Modifierfalse
                            Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                            Summaryfalse
                            Requirements

                            The User ID and Authorization User ID may be internal or otherwise obscure values. This field assists the auditor in identifying the actual user.

                            Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                            64. AuditEvent.agent:caregiver.requestor
                            Definition

                            Indicator that the user is or is not the requestor, or initiator, for the event being audited.

                            ShortWhether user is initiator
                            Comments

                            There can only be one initiator. If the initiator is not clear, then do not choose any one agent as the initiator.

                            Control1..1
                            Typeboolean
                            Is Modifierfalse
                            Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                            Summarytrue
                            Requirements

                            This value is used to distinguish between requestor-users and recipient-users. For example, one person may initiate a report-output to be sent to another user.

                            Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                            66. AuditEvent.agent:delegatee
                            Slice Namedelegatee
                            Definition

                            An actor taking an active role in the event or activity that is logged.

                            ShortA Delegate accessing a patient's records on their behalfActor involved in the event
                            Comments

                            Several agents may be associated (i.e. have some responsibility for an activity) with an event or activity.

                            For example, an activity may be initiated by one user for other users or involve more than one user. However, only one user may be the initiator/requestor for the activity.

                            Control01..1*
                            TypeBackboneElement
                            Is Modifierfalse
                            Summaryfalse
                            Requirements

                            An agent can be a person, an organization, software, device, or other actors that may be ascribed responsibility.

                            Alternate NamesActiveParticipant
                            Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                            68. AuditEvent.agent:delegatee.extension
                            Definition

                            An Extension


                            May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                            ShortExtensionAdditional content defined by implementations
                            Comments

                            There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                            Control0..*
                            TypeExtension
                            Is Modifierfalse
                            Summaryfalse
                            Alternate Namesextensions, user content
                            Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                            ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                            SlicingThis element introduces a set of slices on AuditEvent.agent.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
                            • value @ url
                            • 70. AuditEvent.agent:delegatee.extension:additionalAgentDetails
                              Slice NameadditionalAgentDetails
                              Definition

                              This extension stores detailed information about the agent

                              ShortAuditEvent.Agent additional details
                              Control0..1
                              This element is affected by the following invariants: ele-1
                              TypeExtension(AuditEvent.Agent additional details) (Complex Extension)
                              Is Modifierfalse
                              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                              ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                              72. AuditEvent.agent:delegatee.modifierExtension
                              Definition

                              May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                              Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                              ShortExtensions that cannot be ignored even if unrecognized
                              Comments

                              There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                              Control0..*
                              TypeExtension
                              Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                              Summarytrue
                              Requirements

                              Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                              Alternate Namesextensions, user content, modifiers
                              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                              ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                              74. AuditEvent.agent:delegatee.role
                              Definition

                              The security role that the user was acting under, that come from local codes defined by the access control security system (e.g. RBAC, ABAC) used in the local context.

                              ShortAgent role in the event
                              Comments

                              Should be roles relevant to the event. Should not be an exhaustive list of roles.

                              Control10..1*
                              BindingFor example codes, see SecurityRoleTypehttp://hl7.org/fhir/ValueSet/security-role-type
                              (example to http://hl7.org/fhir/ValueSet/security-role-type)

                              What security role enabled the agent to participate in the event.

                              TypeCodeableConcept
                              Is Modifierfalse
                              Summaryfalse
                              Requirements

                              This value ties an audited event to a user's role(s). It is an optional value that might be used to group events for analysis by user functional role categories.

                              Pattern Value{
                                "coding" : [{
                                  "system" : "https://terminology.hl7.org/CodeSystem/v3-RoleCode",
                                  "code" : "DELEGATEE"
                                }]
                              }
                              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                              76. AuditEvent.agent:delegatee.name
                              Definition

                              Human-meaningful name for the agent.

                              ShortHuman friendly name for the agent
                              Control0..01
                              Typestring
                              Is Modifierfalse
                              Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                              Summaryfalse
                              Requirements

                              The User ID and Authorization User ID may be internal or otherwise obscure values. This field assists the auditor in identifying the actual user.

                              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                              78. AuditEvent.agent:delegatee.requestor
                              Definition

                              Indicator that the user is or is not the requestor, or initiator, for the event being audited.

                              ShortWhether user is initiator
                              Comments

                              There can only be one initiator. If the initiator is not clear, then do not choose any one agent as the initiator.

                              Control1..1
                              Typeboolean
                              Is Modifierfalse
                              Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                              Summarytrue
                              Requirements

                              This value is used to distinguish between requestor-users and recipient-users. For example, one person may initiate a report-output to be sent to another user.

                              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                              80. AuditEvent.agent:healthworkforce
                              Slice Namehealthworkforce
                              Definition

                              An actor taking an active role in the event or activity that is logged.

                              ShortA member of the Health Workforce accessing patient recordsActor involved in the event
                              Comments

                              Several agents may be associated (i.e. have some responsibility for an activity) with an event or activity.

                              For example, an activity may be initiated by one user for other users or involve more than one user. However, only one user may be the initiator/requestor for the activity.

                              Control01..1*
                              TypeBackboneElement
                              Is Modifierfalse
                              Summaryfalse
                              Requirements

                              An agent can be a person, an organization, software, device, or other actors that may be ascribed responsibility.

                              Alternate NamesActiveParticipant
                              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                              82. AuditEvent.agent:healthworkforce.extension
                              Definition

                              An Extension


                              May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                              ShortExtensionAdditional content defined by implementations
                              Comments

                              There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                              Control0..*
                              TypeExtension
                              Is Modifierfalse
                              Summaryfalse
                              Alternate Namesextensions, user content
                              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                              ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                              SlicingThis element introduces a set of slices on AuditEvent.agent.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
                              • value @ url
                              • 84. AuditEvent.agent:healthworkforce.extension:additionalAgentDetails
                                Slice NameadditionalAgentDetails
                                Definition

                                This extension stores detailed information about the agent

                                ShortAuditEvent.Agent additional details
                                Control0..1
                                This element is affected by the following invariants: ele-1
                                TypeExtension(AuditEvent.Agent additional details) (Complex Extension)
                                Is Modifierfalse
                                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                86. AuditEvent.agent:healthworkforce.modifierExtension
                                Definition

                                May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                ShortExtensions that cannot be ignored even if unrecognized
                                Comments

                                There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                Control0..*
                                TypeExtension
                                Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                Summarytrue
                                Requirements

                                Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                Alternate Namesextensions, user content, modifiers
                                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                88. AuditEvent.agent:healthworkforce.role
                                Definition

                                The security role that the user was acting under, that come from local codes defined by the access control security system (e.g. RBAC, ABAC) used in the local context.

                                ShortAgent role in the event
                                Comments

                                Should be roles relevant to the event. Should not be an exhaustive list of roles.

                                Control10..1*
                                BindingFor example codes, see SecurityRoleTypehttp://hl7.org/fhir/ValueSet/security-role-type
                                (example to http://hl7.org/fhir/ValueSet/security-role-type)

                                What security role enabled the agent to participate in the event.

                                TypeCodeableConcept
                                Is Modifierfalse
                                Summaryfalse
                                Requirements

                                This value ties an audited event to a user's role(s). It is an optional value that might be used to group events for analysis by user functional role categories.

                                Pattern Value{
                                  "coding" : [{
                                    "system" : "https://terminology.hl7.org/CodeSystem/v3-RoleClass",
                                    "code" : "PROV"
                                  }]
                                }
                                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                90. AuditEvent.agent:healthworkforce.requestor
                                Definition

                                Indicator that the user is or is not the requestor, or initiator, for the event being audited.

                                ShortWhether user is initiator
                                Comments

                                There can only be one initiator. If the initiator is not clear, then do not choose any one agent as the initiator.

                                Control1..1
                                Typeboolean
                                Is Modifierfalse
                                Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                Summarytrue
                                Requirements

                                This value is used to distinguish between requestor-users and recipient-users. For example, one person may initiate a report-output to be sent to another user.

                                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                92. AuditEvent.agent:system
                                Slice Namesystem
                                Definition

                                An actor taking an active role in the event or activity that is logged.

                                ShortA system accessing Patient recordsActor involved in the event
                                Comments

                                Several agents may be associated (i.e. have some responsibility for an activity) with an event or activity.

                                For example, an activity may be initiated by one user for other users or involve more than one user. However, only one user may be the initiator/requestor for the activity.

                                Control01..1*
                                TypeBackboneElement
                                Is Modifierfalse
                                Summaryfalse
                                Requirements

                                An agent can be a person, an organization, software, device, or other actors that may be ascribed responsibility.

                                Alternate NamesActiveParticipant
                                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                94. AuditEvent.agent:system.extension
                                Definition

                                An Extension


                                May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                                ShortExtensionAdditional content defined by implementations
                                Comments

                                There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                Control0..*
                                TypeExtension
                                Is Modifierfalse
                                Summaryfalse
                                Alternate Namesextensions, user content
                                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                SlicingThis element introduces a set of slices on AuditEvent.agent.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
                                • value @ url
                                • 96. AuditEvent.agent:system.extension:additionalAgentDetails
                                  Slice NameadditionalAgentDetails
                                  Definition

                                  This extension stores detailed information about the agent

                                  ShortAuditEvent.Agent additional details
                                  Control0..1
                                  This element is affected by the following invariants: ele-1
                                  TypeExtension(AuditEvent.Agent additional details) (Complex Extension)
                                  Is Modifierfalse
                                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                  ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                  98. AuditEvent.agent:system.modifierExtension
                                  Definition

                                  May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                  Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                  ShortExtensions that cannot be ignored even if unrecognized
                                  Comments

                                  There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                  Control0..*
                                  TypeExtension
                                  Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                  Summarytrue
                                  Requirements

                                  Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                  Alternate Namesextensions, user content, modifiers
                                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                  ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                  100. AuditEvent.agent:system.role
                                  Definition

                                  The security role that the user was acting under, that come from local codes defined by the access control security system (e.g. RBAC, ABAC) used in the local context.

                                  ShortAgent role in the event
                                  Comments

                                  Should be roles relevant to the event. Should not be an exhaustive list of roles.

                                  Control10..1*
                                  BindingFor example codes, see SecurityRoleTypehttp://hl7.org/fhir/ValueSet/security-role-type
                                  (example to http://hl7.org/fhir/ValueSet/security-role-type)

                                  What security role enabled the agent to participate in the event.

                                  TypeCodeableConcept
                                  Is Modifierfalse
                                  Summaryfalse
                                  Requirements

                                  This value ties an audited event to a user's role(s). It is an optional value that might be used to group events for analysis by user functional role categories.

                                  Pattern Value{
                                    "coding" : [{
                                      "system" : "http://terminology.hl7.org/CodeSystem/extra-security-role-type",
                                      "code" : "dataprocessor"
                                    }]
                                  }
                                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                  102. AuditEvent.agent:system.requestor
                                  Definition

                                  Indicator that the user is or is not the requestor, or initiator, for the event being audited.

                                  ShortWhether user is initiator
                                  Comments

                                  There can only be one initiator. If the initiator is not clear, then do not choose any one agent as the initiator.

                                  Control1..1
                                  Typeboolean
                                  Is Modifierfalse
                                  Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                  Summarytrue
                                  Requirements

                                  This value is used to distinguish between requestor-users and recipient-users. For example, one person may initiate a report-output to be sent to another user.

                                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                  104. AuditEvent.agent:organisation
                                  Slice Nameorganisation
                                  Definition

                                  An actor taking an active role in the event or activity that is logged.

                                  ShortThe organisation accessing Patient recordsActor involved in the event
                                  Comments

                                  Several agents may be associated (i.e. have some responsibility for an activity) with an event or activity.

                                  For example, an activity may be initiated by one user for other users or involve more than one user. However, only one user may be the initiator/requestor for the activity.

                                  Control01..1*
                                  TypeBackboneElement
                                  Is Modifierfalse
                                  Summaryfalse
                                  Requirements

                                  An agent can be a person, an organization, software, device, or other actors that may be ascribed responsibility.

                                  Alternate NamesActiveParticipant
                                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                  106. AuditEvent.agent:organisation.extension
                                  Definition

                                  An Extension


                                  May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                                  ShortExtensionAdditional content defined by implementations
                                  Comments

                                  There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                  Control0..*
                                  TypeExtension
                                  Is Modifierfalse
                                  Summaryfalse
                                  Alternate Namesextensions, user content
                                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                  ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                  SlicingThis element introduces a set of slices on AuditEvent.agent.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
                                  • value @ url
                                  • 108. AuditEvent.agent:organisation.extension:additionalAgentDetails
                                    Slice NameadditionalAgentDetails
                                    Definition

                                    This extension stores detailed information about the agent

                                    ShortAuditEvent.Agent additional details
                                    Control0..1
                                    This element is affected by the following invariants: ele-1
                                    TypeExtension(AuditEvent.Agent additional details) (Complex Extension)
                                    Is Modifierfalse
                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                    ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                    110. AuditEvent.agent:organisation.modifierExtension
                                    Definition

                                    May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                    Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                    ShortExtensions that cannot be ignored even if unrecognized
                                    Comments

                                    There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                    Control0..*
                                    TypeExtension
                                    Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                    Summarytrue
                                    Requirements

                                    Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                    Alternate Namesextensions, user content, modifiers
                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                    ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                    112. AuditEvent.agent:organisation.role
                                    Definition

                                    The security role that the user was acting under, that come from local codes defined by the access control security system (e.g. RBAC, ABAC) used in the local context.

                                    ShortAgent role in the event
                                    Comments

                                    Should be roles relevant to the event. Should not be an exhaustive list of roles.

                                    Control10..*
                                    BindingFor example codes, see SecurityRoleTypehttp://hl7.org/fhir/ValueSet/security-role-type
                                    (example to http://hl7.org/fhir/ValueSet/security-role-type)

                                    What security role enabled the agent to participate in the event.

                                    TypeCodeableConcept
                                    Is Modifierfalse
                                    Summaryfalse
                                    Requirements

                                    This value ties an audited event to a user's role(s). It is an optional value that might be used to group events for analysis by user functional role categories.

                                    Pattern Value{
                                      "coding" : [{
                                        "system" : "http://terminology.hl7.org/CodeSystem/v3-RoleClass",
                                        "code" : "PROV"
                                      }]
                                    }
                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                    114. AuditEvent.agent:organisation.requestor
                                    Definition

                                    Indicator that the user is or is not the requestor, or initiator, for the event being audited.

                                    ShortWhether user is initiator
                                    Comments

                                    There can only be one initiator. If the initiator is not clear, then do not choose any one agent as the initiator.

                                    Control1..1
                                    Typeboolean
                                    Is Modifierfalse
                                    Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                    Summarytrue
                                    Requirements

                                    This value is used to distinguish between requestor-users and recipient-users. For example, one person may initiate a report-output to be sent to another user.

                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                    116. AuditEvent.source
                                    Definition

                                    The system that is reporting the event.

                                    ShortAudit Event Reporter
                                    Comments

                                    Since multi-tier, distributed, or composite applications make source identification ambiguous, this collection of fields may repeat for each application or process actively involved in the event. For example, multiple value-sets can identify participating web servers, application processes, and database server threads in an n-tier distributed application. Passive event participants (e.g. low-level network transports) need not be identified.

                                    Control1..1
                                    TypeBackboneElement
                                    Is Modifierfalse
                                    Summaryfalse
                                    Requirements

                                    The event is reported by one source.

                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                    118. AuditEvent.source.modifierExtension
                                    Definition

                                    May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                    Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                    ShortExtensions that cannot be ignored even if unrecognized
                                    Comments

                                    There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                    Control0..*
                                    TypeExtension
                                    Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                    Summarytrue
                                    Requirements

                                    Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                    Alternate Namesextensions, user content, modifiers
                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                    ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                    120. AuditEvent.source.observer
                                    Definition

                                    Identifier of the source where the event was detected.

                                    ShortThe identity of source detecting the event
                                    Control1..1
                                    TypeReference(PractitionerRole, Practitioner, Organization, Device, Patient, RelatedPerson)
                                    Is Modifierfalse
                                    Summarytrue
                                    Requirements

                                    This field ties the event to a specific source system. It may be used to group events for analysis according to where the event was detected.

                                    Alternate NamesSourceId
                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                    122. AuditEvent.source.observer.display
                                    Definition

                                    Plain text narrative that identifies the resource in addition to the resource reference.

                                    ShortThe gateway or entity which logged the eventText alternative for the resource
                                    Comments

                                    This is generally not the same as the Resource.text of the referenced resource. The purpose is to identify what's being referenced, not to fully describe it.

                                    Control10..1
                                    Typestring
                                    Is Modifierfalse
                                    Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                    Summarytrue
                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                    124. AuditEvent.entity
                                    Definition

                                    Specific instances of data or objects that have been accessed.

                                    ShortDetails of the endpoints being accessedData or objects used
                                    Comments

                                    Required unless the values for event identification, agent identification, and audit source identification are sufficient to document the entire auditable event. Because events may have more than one entity, this group can be a repeating set of values.

                                    Control10..*
                                    TypeBackboneElement
                                    Is Modifierfalse
                                    Summaryfalse
                                    Requirements

                                    The event may have other entities involved.

                                    Alternate NamesParticipantObject
                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                    sev-1: Either a name or a query (NOT both) (name.empty() or query.empty())
                                    sev-1: Either a name or a query (NOT both) (name.empty() or query.empty())
                                    SlicingThis element introduces a set of slices on AuditEvent.entity. The slices areUnordered and Open, and can be differentiated using the following discriminators:
                                    • value @ type
                                    • value @ role
                                    • 126. AuditEvent.entity.modifierExtension
                                      Definition

                                      May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                      Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                      ShortExtensions that cannot be ignored even if unrecognized
                                      Comments

                                      There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                      Control0..*
                                      TypeExtension
                                      Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                      Summarytrue
                                      Requirements

                                      Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                      Alternate Namesextensions, user content, modifiers
                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                      ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                      128. AuditEvent.entity:accessedResource
                                      Slice NameaccessedResource
                                      Definition

                                      Specific instances of data or objects that have been accessed.

                                      ShortThe REST or FHIR resource that is being accessedData or objects used
                                      Comments

                                      Required unless the values for event identification, agent identification, and audit source identification are sufficient to document the entire auditable event. Because events may have more than one entity, this group can be a repeating set of values.

                                      Control10..1*
                                      TypeBackboneElement
                                      Is Modifierfalse
                                      Summaryfalse
                                      Requirements

                                      The event may have other entities involved.

                                      Alternate NamesParticipantObject
                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                      sev-1: Either a name or a query (NOT both) (name.empty() or query.empty())
                                      sev-1: Either a name or a query (NOT both) (name.empty() or query.empty())
                                      130. AuditEvent.entity:accessedResource.modifierExtension
                                      Definition

                                      May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                      Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                      ShortExtensions that cannot be ignored even if unrecognized
                                      Comments

                                      There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                      Control0..*
                                      TypeExtension
                                      Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                      Summarytrue
                                      Requirements

                                      Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                      Alternate Namesextensions, user content, modifiers
                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                      ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                      132. AuditEvent.entity:accessedResource.type
                                      Definition

                                      The type of the object that was involved in this audit event.

                                      ShortType of entity involved
                                      Comments

                                      This value is distinct from the user's role or any user relationship to the entity.

                                      Control10..1
                                      BindingUnless not suitable, these codes SHALL be taken from AuditEventEntityTypehttp://hl7.org/fhir/ValueSet/audit-entity-type
                                      (extensible to http://hl7.org/fhir/ValueSet/audit-entity-type)

                                      Code for the entity type involved in the audit event.

                                      TypeCoding
                                      Is Modifierfalse
                                      Summaryfalse
                                      Requirements

                                      To describe the object being acted upon. In addition to queries on the subject of the action in an auditable event, it is also important to be able to query on the object type for the action.

                                      Pattern Value{
                                        "system" : "http://terminology.hl7.org/CodeSystem/audit-entity-type",
                                        "code" : "2"
                                      }
                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                      134. AuditEvent.entity:dataSubject
                                      Slice NamedataSubject
                                      Definition

                                      Specific instances of data or objects that have been accessed.

                                      ShortThe data subject of the accessed resource, derived from the resource itselfData or objects used
                                      Comments

                                      Required unless the values for event identification, agent identification, and audit source identification are sufficient to document the entire auditable event. Because events may have more than one entity, this group can be a repeating set of values.

                                      Control0..*
                                      TypeBackboneElement
                                      Is Modifierfalse
                                      Summaryfalse
                                      Requirements

                                      The event may have other entities involved.

                                      Alternate NamesParticipantObject
                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                      sev-1: Either a name or a query (NOT both) (name.empty() or query.empty())
                                      sev-1: Either a name or a query (NOT both) (name.empty() or query.empty())
                                      136. AuditEvent.entity:dataSubject.modifierExtension
                                      Definition

                                      May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                      Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                      ShortExtensions that cannot be ignored even if unrecognized
                                      Comments

                                      There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                      Control0..*
                                      TypeExtension
                                      Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                      Summarytrue
                                      Requirements

                                      Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                      Alternate Namesextensions, user content, modifiers
                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                      ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                      138. AuditEvent.entity:dataSubject.role
                                      Definition

                                      Code representing the role the entity played in the event being audited.

                                      ShortWhat role the entity played
                                      Control10..1
                                      BindingUnless not suitable, these codes SHALL be taken from AuditEventEntityRolehttp://hl7.org/fhir/ValueSet/object-role
                                      (extensible to http://hl7.org/fhir/ValueSet/object-role)

                                      Code representing the role the entity played in the audit event.

                                      TypeCoding
                                      Is Modifierfalse
                                      Summaryfalse
                                      Requirements

                                      For some detailed audit analysis it may be necessary to indicate a more granular type of entity, based on the application role it serves.

                                      Pattern Value{
                                        "system" : "http://terminology.hl7.org/CodeSystem/object-role",
                                        "code" : "1"
                                      }
                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))

                                      Guidance on how to interpret the contents of this table can be found here

                                      0. AuditEvent
                                      Definition

                                      A record of an event made for purposes of maintaining a security log. Typical uses include detection of intrusion attempts and monitoring for inappropriate usage.

                                      ShortEvent record kept for security purposes
                                      Comments

                                      Based on IHE-ATNA.

                                      Control0..*
                                      Is Modifierfalse
                                      Summaryfalse
                                      Invariantsdom-2: If the resource is contained in another resource, it SHALL NOT contain nested Resources (contained.contained.empty())
                                      dom-3: If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource (contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().as(canonical) | %resource.descendants().as(uri) | %resource.descendants().as(url))) or descendants().where(reference = '#').exists() or descendants().where(as(canonical) = '#').exists() or descendants().where(as(canonical) = '#').exists()).not()).trace('unmatched', id).empty())
                                      dom-4: If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated (contained.meta.versionId.empty() and contained.meta.lastUpdated.empty())
                                      dom-5: If a resource is contained in another resource, it SHALL NOT have a security label (contained.meta.security.empty())
                                      dom-6: A resource should have narrative for robust management (text.`div`.exists())
                                      2. AuditEvent.id
                                      Definition

                                      The logical id of the resource, as used in the URL for the resource. Once assigned, this value never changes.

                                      ShortLogical id of this artifact
                                      Comments

                                      The only time that a resource does not have an id is when it is being submitted to the server using a create operation.

                                      Control0..1
                                      Typeid
                                      Is Modifierfalse
                                      Summarytrue
                                      4. AuditEvent.meta
                                      Definition

                                      The metadata about the resource. This is content that is maintained by the infrastructure. Changes to the content might not always be associated with version changes to the resource.

                                      ShortMetadata about the resource
                                      Control0..1
                                      TypeMeta
                                      Is Modifierfalse
                                      Summarytrue
                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                      6. AuditEvent.implicitRules
                                      Definition

                                      A reference to a set of rules that were followed when the resource was constructed, and which must be understood when processing the content. Often, this is a reference to an implementation guide that defines the special rules along with other profiles etc.

                                      ShortA set of rules under which this content was created
                                      Comments

                                      Asserting this rule set restricts the content to be only understood by a limited set of trading partners. This inherently limits the usefulness of the data in the long term. However, the existing health eco-system is highly fractured, and not yet ready to define, collect, and exchange data in a generally computable sense. Wherever possible, implementers and/or specification writers should avoid using this element. Often, when used, the URL is a reference to an implementation guide that defines these special rules as part of it's narrative along with other profiles, value sets, etc.

                                      Control0..1
                                      Typeuri
                                      Is Modifiertrue because This element is labeled as a modifier because the implicit rules may provide additional knowledge about the resource that modifies it's meaning or interpretation
                                      Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                      Summarytrue
                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                      8. AuditEvent.language
                                      Definition

                                      The base language in which the resource is written.

                                      ShortLanguage of the resource content
                                      Comments

                                      Language is provided to support indexing and accessibility (typically, services such as text to speech use the language tag). The html language tag in the narrative applies to the narrative. The language tag on the resource may be used to specify the language of other presentations generated from the data in the resource. Not all the content has to be in the base language. The Resource.language should not be assumed to apply to the narrative automatically. If a language is specified, it should it also be specified on the div element in the html (see rules in HTML5 for information about the relationship between xml:lang and the html lang attribute).

                                      Control0..1
                                      BindingThe codes SHOULD be taken from CommonLanguages
                                      (preferred to http://hl7.org/fhir/ValueSet/languages)

                                      A human language.

                                      Additional BindingsPurpose
                                      AllLanguagesMax Binding
                                      Typecode
                                      Is Modifierfalse
                                      Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                      Summaryfalse
                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                      10. AuditEvent.text
                                      Definition

                                      A human-readable narrative that contains a summary of the resource and can be used to represent the content of the resource to a human. The narrative need not encode all the structured data, but is required to contain sufficient detail to make it "clinically safe" for a human to just read the narrative. Resource definitions may define what content should be represented in the narrative to ensure clinical safety.

                                      ShortText summary of the resource, for human interpretation
                                      Comments

                                      Contained resources do not have narrative. Resources that are not contained SHOULD have a narrative. In some cases, a resource may only have text with little or no additional discrete data (as long as all minOccurs=1 elements are satisfied). This may be necessary for data from legacy systems where information is captured as a "text blob" or where text is additionally entered raw or narrated and encoded information is added later.

                                      Control0..1
                                      TypeNarrative
                                      Is Modifierfalse
                                      Summaryfalse
                                      Alternate Namesnarrative, html, xhtml, display
                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                      12. AuditEvent.contained
                                      Definition

                                      These resources do not have an independent existence apart from the resource that contains them - they cannot be identified independently, and nor can they have their own independent transaction scope.

                                      ShortContained, inline Resources
                                      Comments

                                      This should never be done when the content can be identified properly, as once identification is lost, it is extremely difficult (and context dependent) to restore it again. Contained resources may have profiles and tags In their meta elements, but SHALL NOT have security labels.

                                      Control0..*
                                      TypeResource
                                      Is Modifierfalse
                                      Summaryfalse
                                      Alternate Namesinline resources, anonymous resources, contained resources
                                      14. AuditEvent.extension
                                      Definition

                                      May be used to represent additional information that is not part of the basic definition of the resource. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                                      ShortAdditional content defined by implementations
                                      Comments

                                      There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                      Control0..*
                                      TypeExtension
                                      Is Modifierfalse
                                      Summaryfalse
                                      Alternate Namesextensions, user content
                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                      ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                      16. AuditEvent.modifierExtension
                                      Definition

                                      May be used to represent additional information that is not part of the basic definition of the resource and that modifies the understanding of the element that contains it and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer is allowed to define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                      Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                      ShortExtensions that cannot be ignored
                                      Comments

                                      There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                      Control0..*
                                      TypeExtension
                                      Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the resource that contains them
                                      Summaryfalse
                                      Requirements

                                      Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                      Alternate Namesextensions, user content
                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                      ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                      18. AuditEvent.type
                                      Definition

                                      Identifier for a family of the event. For example, a menu item, program, rule, policy, function code, application name or URL. It identifies the performed function.

                                      ShortType/identifier of event
                                      Control1..1
                                      BindingUnless not suitable, these codes SHALL be taken from AuditEventID
                                      (extensible to http://hl7.org/fhir/ValueSet/audit-event-type)

                                      Type of event.

                                      TypeCoding
                                      Is Modifierfalse
                                      Summarytrue
                                      Requirements

                                      This identifies the performed function. For "Execute" Event Action Code audit records, this identifies the application function performed.

                                      Pattern Value{
                                        "system" : "http://terminology.hl7.org/CodeSystem/audit-event-type",
                                        "code" : "rest"
                                      }
                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                      20. AuditEvent.subtype
                                      Definition

                                      Identifier for the category of event.

                                      ShortMore specific type/id for the event
                                      Control0..*
                                      BindingUnless not suitable, these codes SHALL be taken from AuditEventSub-Type
                                      (extensible to http://hl7.org/fhir/ValueSet/audit-event-sub-type)

                                      Sub-type of event.

                                      TypeCoding
                                      Is Modifierfalse
                                      Summarytrue
                                      Requirements

                                      This field enables queries of messages by implementation-defined event categories.

                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                      22. AuditEvent.action
                                      Definition

                                      Indicator for type of action performed during the event that generated the audit.

                                      ShortType of action performed during the event
                                      Control1..1
                                      BindingThe codes SHALL be taken from AuditEventAction
                                      (required to http://hl7.org/fhir/ValueSet/audit-event-action|4.0.1)

                                      Indicator for type of action performed during the event that generated the event.

                                      Typecode
                                      Is Modifierfalse
                                      Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                      Summarytrue
                                      Requirements

                                      This broadly indicates what kind of action was done on the AuditEvent.entity by the AuditEvent.agent.

                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                      24. AuditEvent.period
                                      Definition

                                      The period during which the activity occurred.

                                      ShortWhen the activity occurred
                                      Comments

                                      The period can be a little arbitrary; where possible, the time should correspond to human assessment of the activity time.

                                      Control0..1
                                      TypePeriod
                                      Is Modifierfalse
                                      Summaryfalse
                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                      26. AuditEvent.recorded
                                      Definition

                                      The time when the event was recorded.

                                      ShortTime when the event was recorded
                                      Comments

                                      In a distributed system, some sort of common time base (e.g. an NTP [RFC1305] server) is a good implementation tactic.

                                      Control1..1
                                      Typeinstant
                                      Is Modifierfalse
                                      Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                      Summarytrue
                                      Requirements

                                      This ties an event to a specific date and time. Security audits typically require a consistent time base (e.g. UTC), to eliminate time-zone issues arising from geographical distribution.

                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                      28. AuditEvent.outcome
                                      Definition

                                      Indicates whether the event succeeded or failed.

                                      ShortWhether the event succeeded or failed
                                      Comments

                                      In some cases a "success" may be partial, for example, an incomplete or interrupted transfer of a radiological study. For the purpose of establishing accountability, these distinctions are not relevant.

                                      Control1..1
                                      BindingThe codes SHALL be taken from AuditEventOutcome
                                      (required to http://hl7.org/fhir/ValueSet/audit-event-outcome|4.0.1)

                                      Indicates whether the event succeeded or failed.

                                      Typecode
                                      Is Modifierfalse
                                      Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                      Summarytrue
                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                      30. AuditEvent.outcomeDesc
                                      Definition

                                      A free text description of the outcome of the event.

                                      ShortDescription of the event outcome
                                      Control1..1
                                      Typestring
                                      Is Modifierfalse
                                      Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                      Summarytrue
                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                      32. AuditEvent.purposeOfEvent
                                      Definition

                                      The purposeOfUse (reason) that was used during the event being recorded.

                                      ShortPurpose of use codes including NZ specific terminology
                                      Comments

                                      Use AuditEvent.agent.purposeOfUse when you know that it is specific to the agent, otherwise use AuditEvent.purposeOfEvent. For example, during a machine-to-machine transfer it might not be obvious to the audit system who caused the event, but it does know why.

                                      Control0..*
                                      BindingUnless not suitable, these codes SHALL be taken from NZ purpose of use
                                      (extensible to https://nzhts.digital.health.nz/fhir/ValueSet/nz-purpose-of-use-value-set)
                                      TypeCodeableConcept
                                      Is Modifierfalse
                                      Summarytrue
                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                      34. AuditEvent.agent
                                      Definition

                                      An actor taking an active role in the event or activity that is logged.

                                      ShortActor involved in the event
                                      Comments

                                      Several agents may be associated (i.e. have some responsibility for an activity) with an event or activity.

                                      For example, an activity may be initiated by one user for other users or involve more than one user. However, only one user may be the initiator/requestor for the activity.

                                      Control1..*
                                      TypeBackboneElement
                                      Is Modifierfalse
                                      Summaryfalse
                                      Requirements

                                      An agent can be a person, an organization, software, device, or other actors that may be ascribed responsibility.

                                      Alternate NamesActiveParticipant
                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                      SlicingThis element introduces a set of slices on AuditEvent.agent. The slices areUnordered and Open, and can be differentiated using the following discriminators:
                                      • value @ role
                                      • value @ type
                                      • 36. AuditEvent.agent.id
                                        Definition

                                        Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                                        ShortUnique id for inter-element referencing
                                        Control0..1
                                        Typestring
                                        Is Modifierfalse
                                        XML FormatIn the XML format, this property is represented as an attribute.
                                        Summaryfalse
                                        38. AuditEvent.agent.extension
                                        Definition

                                        May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                                        ShortAdditional content defined by implementations
                                        Comments

                                        There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                        Control0..*
                                        TypeExtension
                                        Is Modifierfalse
                                        Summaryfalse
                                        Alternate Namesextensions, user content
                                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                        ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                        40. AuditEvent.agent.modifierExtension
                                        Definition

                                        May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                        Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                        ShortExtensions that cannot be ignored even if unrecognized
                                        Comments

                                        There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                        Control0..*
                                        TypeExtension
                                        Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                        Summarytrue
                                        Requirements

                                        Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                        Alternate Namesextensions, user content, modifiers
                                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                        ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                        42. AuditEvent.agent.type
                                        Definition

                                        Specification of the participation type the user plays when performing the event.

                                        ShortHow agent participated
                                        Control0..1
                                        BindingUnless not suitable, these codes SHALL be taken from ParticipationRoleType
                                        (extensible to http://hl7.org/fhir/ValueSet/participation-role-type)

                                        The Participation type of the agent to the event.

                                        TypeCodeableConcept
                                        Is Modifierfalse
                                        Summaryfalse
                                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                        44. AuditEvent.agent.role
                                        Definition

                                        The security role that the user was acting under, that come from local codes defined by the access control security system (e.g. RBAC, ABAC) used in the local context.

                                        ShortAgent role in the event
                                        Comments

                                        Should be roles relevant to the event. Should not be an exhaustive list of roles.

                                        Control0..*
                                        BindingFor example codes, see SecurityRoleType
                                        (example to http://hl7.org/fhir/ValueSet/security-role-type)

                                        What security role enabled the agent to participate in the event.

                                        TypeCodeableConcept
                                        Is Modifierfalse
                                        Summaryfalse
                                        Requirements

                                        This value ties an audited event to a user's role(s). It is an optional value that might be used to group events for analysis by user functional role categories.

                                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                        46. AuditEvent.agent.who
                                        Definition

                                        Reference to who this agent is that was involved in the event.

                                        ShortIdentifier of who
                                        Comments

                                        Where a User ID is available it will go into who.identifier.

                                        Control0..1
                                        TypeReference(PractitionerRole, Practitioner, Organization, Device, Patient, RelatedPerson)
                                        Is Modifierfalse
                                        Summarytrue
                                        Requirements

                                        This field ties an audit event to a specific resource or identifier.

                                        Alternate NamesuserId
                                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                        48. AuditEvent.agent.altId
                                        Definition

                                        Alternative agent Identifier. For a human, this should be a user identifier text string from authentication system. This identifier would be one known to a common authentication system (e.g. single sign-on), if available.

                                        ShortAlternative User identity
                                        Control0..1
                                        Typestring
                                        Is Modifierfalse
                                        Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                        Summaryfalse
                                        Requirements

                                        In some situations, a human user may authenticate with one identity but, to access a specific application system, may use a synonymous identify. For example, some "single sign on" implementations will do this. The alternative identifier would then be the original identify used for authentication, and the User ID is the one known to and used by the application.

                                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                        50. AuditEvent.agent.name
                                        Definition

                                        Human-meaningful name for the agent.

                                        ShortHuman friendly name for the agent
                                        Control0..1
                                        Typestring
                                        Is Modifierfalse
                                        Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                        Summaryfalse
                                        Requirements

                                        The User ID and Authorization User ID may be internal or otherwise obscure values. This field assists the auditor in identifying the actual user.

                                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                        52. AuditEvent.agent.requestor
                                        Definition

                                        Indicator that the user is or is not the requestor, or initiator, for the event being audited.

                                        ShortWhether user is initiator
                                        Comments

                                        There can only be one initiator. If the initiator is not clear, then do not choose any one agent as the initiator.

                                        Control1..1
                                        Typeboolean
                                        Is Modifierfalse
                                        Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                        Summarytrue
                                        Requirements

                                        This value is used to distinguish between requestor-users and recipient-users. For example, one person may initiate a report-output to be sent to another user.

                                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                        54. AuditEvent.agent.location
                                        Definition

                                        Where the event occurred.

                                        ShortWhere
                                        Control0..1
                                        TypeReference(Location)
                                        Is Modifierfalse
                                        Summaryfalse
                                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                        56. AuditEvent.agent.policy
                                        Definition

                                        The policy or plan that authorized the activity being recorded. Typically, a single activity may have multiple applicable policies, such as patient consent, guarantor funding, etc. The policy would also indicate the security token used.

                                        ShortPolicy that authorized event
                                        Comments

                                        For example: Where an OAuth token authorizes, the unique identifier from the OAuth token is placed into the policy element Where a policy engine (e.g. XACML) holds policy logic, the unique policy identifier is placed into the policy element.

                                        Control0..*
                                        Typeuri
                                        Is Modifierfalse
                                        Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                        Summaryfalse
                                        Requirements

                                        This value is used retrospectively to determine the authorization policies.

                                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                        58. AuditEvent.agent.media
                                        Definition

                                        Type of media involved. Used when the event is about exporting/importing onto media.

                                        ShortType of media
                                        Control0..1
                                        BindingUnless not suitable, these codes SHALL be taken from MediaTypeCode
                                        (extensible to http://hl7.org/fhir/ValueSet/dicm-405-mediatype)

                                        Used when the event is about exporting/importing onto media.

                                        TypeCoding
                                        Is Modifierfalse
                                        Summaryfalse
                                        Requirements

                                        Usually, this is used instead of specifying a network address. This field is not used for Media Id (i.e. the serial number of a CD).

                                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                        60. AuditEvent.agent.network
                                        Definition

                                        Logical network location for application activity, if the activity has a network location.

                                        ShortLogical network location for application activity
                                        Control0..1
                                        TypeBackboneElement
                                        Is Modifierfalse
                                        Summaryfalse
                                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                        62. AuditEvent.agent.network.id
                                        Definition

                                        Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                                        ShortUnique id for inter-element referencing
                                        Control0..1
                                        Typestring
                                        Is Modifierfalse
                                        XML FormatIn the XML format, this property is represented as an attribute.
                                        Summaryfalse
                                        64. AuditEvent.agent.network.extension
                                        Definition

                                        May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                                        ShortAdditional content defined by implementations
                                        Comments

                                        There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                        Control0..*
                                        TypeExtension
                                        Is Modifierfalse
                                        Summaryfalse
                                        Alternate Namesextensions, user content
                                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                        ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                        66. AuditEvent.agent.network.modifierExtension
                                        Definition

                                        May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                        Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                        ShortExtensions that cannot be ignored even if unrecognized
                                        Comments

                                        There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                        Control0..*
                                        TypeExtension
                                        Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                        Summarytrue
                                        Requirements

                                        Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                        Alternate Namesextensions, user content, modifiers
                                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                        ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                        68. AuditEvent.agent.network.address
                                        Definition

                                        An identifier for the network access point of the user device for the audit event.

                                        ShortIdentifier for the network access point of the user device
                                        Comments

                                        This could be a device id, IP address or some other identifier associated with a device.

                                        Control0..1
                                        Typestring
                                        Is Modifierfalse
                                        Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                        Summaryfalse
                                        Requirements

                                        This datum identifies the user's network access point, which may be distinct from the server that performed the action. It is an optional value that may be used to group events recorded on separate servers for analysis of a specific network access point's data access across all servers.

                                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                        70. AuditEvent.agent.network.type
                                        Definition

                                        An identifier for the type of network access point that originated the audit event.

                                        ShortThe type of network access point
                                        Control0..1
                                        BindingThe codes SHALL be taken from AuditEventAgentNetworkType
                                        (required to http://hl7.org/fhir/ValueSet/network-type|4.0.1)

                                        The type of network access point of this agent in the audit event.

                                        Typecode
                                        Is Modifierfalse
                                        Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                        Summaryfalse
                                        Requirements

                                        This datum identifies the type of network access point identifier of the user device for the audit event. It is an optional value that may be used to group events recorded on separate servers for analysis of access according to a network access point's type.

                                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                        72. AuditEvent.agent.purposeOfUse
                                        Definition

                                        The reason (purpose of use), specific to this agent, that was used during the event being recorded.

                                        ShortReason given for this user
                                        Comments

                                        Use AuditEvent.agent.purposeOfUse when you know that is specific to the agent, otherwise use AuditEvent.purposeOfEvent. For example, during a machine-to-machine transfer it might not be obvious to the audit system who caused the event, but it does know why.

                                        Control0..*
                                        BindingUnless not suitable, these codes SHALL be taken from PurposeOfUse
                                        (extensible to http://terminology.hl7.org/ValueSet/v3-PurposeOfUse)

                                        The reason the activity took place.

                                        TypeCodeableConcept
                                        Is Modifierfalse
                                        Summaryfalse
                                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                        74. AuditEvent.agent:slf
                                        Slice Nameslf
                                        Definition

                                        An actor taking an active role in the event or activity that is logged.

                                        ShortThe Patient who is logged in and accessing their own records
                                        Comments

                                        Several agents may be associated (i.e. have some responsibility for an activity) with an event or activity.

                                        For example, an activity may be initiated by one user for other users or involve more than one user. However, only one user may be the initiator/requestor for the activity.

                                        Control0..1
                                        TypeBackboneElement
                                        Is Modifierfalse
                                        Summaryfalse
                                        Requirements

                                        An agent can be a person, an organization, software, device, or other actors that may be ascribed responsibility.

                                        Alternate NamesActiveParticipant
                                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                        76. AuditEvent.agent:slf.id
                                        Definition

                                        Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                                        ShortUnique id for inter-element referencing
                                        Control0..1
                                        Typestring
                                        Is Modifierfalse
                                        XML FormatIn the XML format, this property is represented as an attribute.
                                        Summaryfalse
                                        78. AuditEvent.agent:slf.extension
                                        Definition

                                        An Extension

                                        ShortExtension
                                        Control0..*
                                        TypeExtension
                                        Is Modifierfalse
                                        Summaryfalse
                                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                        ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                        SlicingThis element introduces a set of slices on AuditEvent.agent.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
                                        • value @ url
                                        • 80. AuditEvent.agent:slf.extension:additionalAgentDetails
                                          Slice NameadditionalAgentDetails
                                          Definition

                                          This extension stores detailed information about the agent

                                          ShortAuditEvent.Agent additional details
                                          Control0..1
                                          This element is affected by the following invariants: ele-1
                                          TypeExtension(AuditEvent.Agent additional details) (Complex Extension)
                                          Is Modifierfalse
                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                          ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                          82. AuditEvent.agent:slf.modifierExtension
                                          Definition

                                          May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                          Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                          ShortExtensions that cannot be ignored even if unrecognized
                                          Comments

                                          There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                          Control0..*
                                          TypeExtension
                                          Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                          Summarytrue
                                          Requirements

                                          Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                          Alternate Namesextensions, user content, modifiers
                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                          ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                          84. AuditEvent.agent:slf.type
                                          Definition

                                          Specification of the participation type the user plays when performing the event.

                                          ShortHow agent participated
                                          Control0..1
                                          BindingUnless not suitable, these codes SHALL be taken from ParticipationRoleType
                                          (extensible to http://hl7.org/fhir/ValueSet/participation-role-type)

                                          The Participation type of the agent to the event.

                                          TypeCodeableConcept
                                          Is Modifierfalse
                                          Summaryfalse
                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                          86. AuditEvent.agent:slf.role
                                          Definition

                                          The security role that the user was acting under, that come from local codes defined by the access control security system (e.g. RBAC, ABAC) used in the local context.

                                          ShortAgent role in the event
                                          Comments

                                          Should be roles relevant to the event. Should not be an exhaustive list of roles.

                                          Control1..1
                                          BindingFor example codes, see SecurityRoleType
                                          (example to http://hl7.org/fhir/ValueSet/security-role-type)

                                          What security role enabled the agent to participate in the event.

                                          TypeCodeableConcept
                                          Is Modifierfalse
                                          Summaryfalse
                                          Requirements

                                          This value ties an audited event to a user's role(s). It is an optional value that might be used to group events for analysis by user functional role categories.

                                          Pattern Value{
                                            "coding" : [{
                                              "system" : "https://terminology.hl7.org/CodeSystem/v3-RoleClass",
                                              "code" : "patient"
                                            }]
                                          }
                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                          88. AuditEvent.agent:slf.who
                                          Definition

                                          Reference to who this agent is that was involved in the event.

                                          ShortIdentifier of who
                                          Comments

                                          Where a User ID is available it will go into who.identifier.

                                          Control0..1
                                          TypeReference(PractitionerRole, Practitioner, Organization, Device, Patient, RelatedPerson)
                                          Is Modifierfalse
                                          Summarytrue
                                          Requirements

                                          This field ties an audit event to a specific resource or identifier.

                                          Alternate NamesuserId
                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                          90. AuditEvent.agent:slf.altId
                                          Definition

                                          Alternative agent Identifier. For a human, this should be a user identifier text string from authentication system. This identifier would be one known to a common authentication system (e.g. single sign-on), if available.

                                          ShortAlternative User identity
                                          Control0..1
                                          Typestring
                                          Is Modifierfalse
                                          Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                          Summaryfalse
                                          Requirements

                                          In some situations, a human user may authenticate with one identity but, to access a specific application system, may use a synonymous identify. For example, some "single sign on" implementations will do this. The alternative identifier would then be the original identify used for authentication, and the User ID is the one known to and used by the application.

                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                          92. AuditEvent.agent:slf.name
                                          Definition

                                          Human-meaningful name for the agent.

                                          ShortHuman friendly name for the agent
                                          Control0..0
                                          Typestring
                                          Is Modifierfalse
                                          Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                          Summaryfalse
                                          Requirements

                                          The User ID and Authorization User ID may be internal or otherwise obscure values. This field assists the auditor in identifying the actual user.

                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                          94. AuditEvent.agent:slf.requestor
                                          Definition

                                          Indicator that the user is or is not the requestor, or initiator, for the event being audited.

                                          ShortWhether user is initiator
                                          Comments

                                          There can only be one initiator. If the initiator is not clear, then do not choose any one agent as the initiator.

                                          Control1..1
                                          Typeboolean
                                          Is Modifierfalse
                                          Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                          Summarytrue
                                          Requirements

                                          This value is used to distinguish between requestor-users and recipient-users. For example, one person may initiate a report-output to be sent to another user.

                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                          96. AuditEvent.agent:slf.location
                                          Definition

                                          Where the event occurred.

                                          ShortWhere
                                          Control0..1
                                          TypeReference(Location)
                                          Is Modifierfalse
                                          Summaryfalse
                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                          98. AuditEvent.agent:slf.policy
                                          Definition

                                          The policy or plan that authorized the activity being recorded. Typically, a single activity may have multiple applicable policies, such as patient consent, guarantor funding, etc. The policy would also indicate the security token used.

                                          ShortPolicy that authorized event
                                          Comments

                                          For example: Where an OAuth token authorizes, the unique identifier from the OAuth token is placed into the policy element Where a policy engine (e.g. XACML) holds policy logic, the unique policy identifier is placed into the policy element.

                                          Control0..*
                                          Typeuri
                                          Is Modifierfalse
                                          Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                          Summaryfalse
                                          Requirements

                                          This value is used retrospectively to determine the authorization policies.

                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                          100. AuditEvent.agent:slf.media
                                          Definition

                                          Type of media involved. Used when the event is about exporting/importing onto media.

                                          ShortType of media
                                          Control0..1
                                          BindingUnless not suitable, these codes SHALL be taken from MediaTypeCode
                                          (extensible to http://hl7.org/fhir/ValueSet/dicm-405-mediatype)

                                          Used when the event is about exporting/importing onto media.

                                          TypeCoding
                                          Is Modifierfalse
                                          Summaryfalse
                                          Requirements

                                          Usually, this is used instead of specifying a network address. This field is not used for Media Id (i.e. the serial number of a CD).

                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                          102. AuditEvent.agent:slf.network
                                          Definition

                                          Logical network location for application activity, if the activity has a network location.

                                          ShortLogical network location for application activity
                                          Control0..1
                                          TypeBackboneElement
                                          Is Modifierfalse
                                          Summaryfalse
                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                          104. AuditEvent.agent:slf.network.id
                                          Definition

                                          Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                                          ShortUnique id for inter-element referencing
                                          Control0..1
                                          Typestring
                                          Is Modifierfalse
                                          XML FormatIn the XML format, this property is represented as an attribute.
                                          Summaryfalse
                                          106. AuditEvent.agent:slf.network.extension
                                          Definition

                                          May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                                          ShortAdditional content defined by implementations
                                          Comments

                                          There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                          Control0..*
                                          TypeExtension
                                          Is Modifierfalse
                                          Summaryfalse
                                          Alternate Namesextensions, user content
                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                          ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                          108. AuditEvent.agent:slf.network.modifierExtension
                                          Definition

                                          May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                          Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                          ShortExtensions that cannot be ignored even if unrecognized
                                          Comments

                                          There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                          Control0..*
                                          TypeExtension
                                          Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                          Summarytrue
                                          Requirements

                                          Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                          Alternate Namesextensions, user content, modifiers
                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                          ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                          110. AuditEvent.agent:slf.network.address
                                          Definition

                                          An identifier for the network access point of the user device for the audit event.

                                          ShortIdentifier for the network access point of the user device
                                          Comments

                                          This could be a device id, IP address or some other identifier associated with a device.

                                          Control0..1
                                          Typestring
                                          Is Modifierfalse
                                          Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                          Summaryfalse
                                          Requirements

                                          This datum identifies the user's network access point, which may be distinct from the server that performed the action. It is an optional value that may be used to group events recorded on separate servers for analysis of a specific network access point's data access across all servers.

                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                          112. AuditEvent.agent:slf.network.type
                                          Definition

                                          An identifier for the type of network access point that originated the audit event.

                                          ShortThe type of network access point
                                          Control0..1
                                          BindingThe codes SHALL be taken from AuditEventAgentNetworkType
                                          (required to http://hl7.org/fhir/ValueSet/network-type|4.0.1)

                                          The type of network access point of this agent in the audit event.

                                          Typecode
                                          Is Modifierfalse
                                          Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                          Summaryfalse
                                          Requirements

                                          This datum identifies the type of network access point identifier of the user device for the audit event. It is an optional value that may be used to group events recorded on separate servers for analysis of access according to a network access point's type.

                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                          114. AuditEvent.agent:slf.purposeOfUse
                                          Definition

                                          The reason (purpose of use), specific to this agent, that was used during the event being recorded.

                                          ShortReason given for this user
                                          Comments

                                          Use AuditEvent.agent.purposeOfUse when you know that is specific to the agent, otherwise use AuditEvent.purposeOfEvent. For example, during a machine-to-machine transfer it might not be obvious to the audit system who caused the event, but it does know why.

                                          Control0..*
                                          BindingUnless not suitable, these codes SHALL be taken from PurposeOfUse
                                          (extensible to http://terminology.hl7.org/ValueSet/v3-PurposeOfUse)

                                          The reason the activity took place.

                                          TypeCodeableConcept
                                          Is Modifierfalse
                                          Summaryfalse
                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                          116. AuditEvent.agent:dlg
                                          Slice Namedlg
                                          Definition

                                          An actor taking an active role in the event or activity that is logged.

                                          ShortThe Patient who has provided delegated access to their own records
                                          Comments

                                          Several agents may be associated (i.e. have some responsibility for an activity) with an event or activity.

                                          For example, an activity may be initiated by one user for other users or involve more than one user. However, only one user may be the initiator/requestor for the activity.

                                          Control0..1
                                          TypeBackboneElement
                                          Is Modifierfalse
                                          Summaryfalse
                                          Requirements

                                          An agent can be a person, an organization, software, device, or other actors that may be ascribed responsibility.

                                          Alternate NamesActiveParticipant
                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                          118. AuditEvent.agent:dlg.id
                                          Definition

                                          Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                                          ShortUnique id for inter-element referencing
                                          Control0..1
                                          Typestring
                                          Is Modifierfalse
                                          XML FormatIn the XML format, this property is represented as an attribute.
                                          Summaryfalse
                                          120. AuditEvent.agent:dlg.extension
                                          Definition

                                          An Extension

                                          ShortExtension
                                          Control0..*
                                          TypeExtension
                                          Is Modifierfalse
                                          Summaryfalse
                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                          ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                          SlicingThis element introduces a set of slices on AuditEvent.agent.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
                                          • value @ url
                                          • 122. AuditEvent.agent:dlg.extension:additionalAgentDetails
                                            Slice NameadditionalAgentDetails
                                            Definition

                                            This extension stores detailed information about the agent

                                            ShortAuditEvent.Agent additional details
                                            Control0..1
                                            This element is affected by the following invariants: ele-1
                                            TypeExtension(AuditEvent.Agent additional details) (Complex Extension)
                                            Is Modifierfalse
                                            Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                            ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                            124. AuditEvent.agent:dlg.modifierExtension
                                            Definition

                                            May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                            Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                            ShortExtensions that cannot be ignored even if unrecognized
                                            Comments

                                            There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                            Control0..*
                                            TypeExtension
                                            Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                            Summarytrue
                                            Requirements

                                            Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                            Alternate Namesextensions, user content, modifiers
                                            Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                            ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                            126. AuditEvent.agent:dlg.type
                                            Definition

                                            Specification of the participation type the user plays when performing the event.

                                            ShortHow agent participated
                                            Control0..1
                                            BindingUnless not suitable, these codes SHALL be taken from ParticipationRoleType
                                            (extensible to http://hl7.org/fhir/ValueSet/participation-role-type)

                                            The Participation type of the agent to the event.

                                            TypeCodeableConcept
                                            Is Modifierfalse
                                            Summaryfalse
                                            Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                            128. AuditEvent.agent:dlg.role
                                            Definition

                                            The security role that the user was acting under, that come from local codes defined by the access control security system (e.g. RBAC, ABAC) used in the local context.

                                            ShortAgent role in the event
                                            Comments

                                            Should be roles relevant to the event. Should not be an exhaustive list of roles.

                                            Control1..1
                                            BindingFor example codes, see SecurityRoleType
                                            (example to http://hl7.org/fhir/ValueSet/security-role-type)

                                            What security role enabled the agent to participate in the event.

                                            TypeCodeableConcept
                                            Is Modifierfalse
                                            Summaryfalse
                                            Requirements

                                            This value ties an audited event to a user's role(s). It is an optional value that might be used to group events for analysis by user functional role categories.

                                            Pattern Value{
                                              "coding" : [{
                                                "system" : "https://terminology.hl7.org/CodeSystem/v3-RoleCode",
                                                "code" : "DELEGATOR"
                                              }]
                                            }
                                            Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                            130. AuditEvent.agent:dlg.who
                                            Definition

                                            Reference to who this agent is that was involved in the event.

                                            ShortIdentifier of who
                                            Comments

                                            Where a User ID is available it will go into who.identifier.

                                            Control0..1
                                            TypeReference(PractitionerRole, Practitioner, Organization, Device, Patient, RelatedPerson)
                                            Is Modifierfalse
                                            Summarytrue
                                            Requirements

                                            This field ties an audit event to a specific resource or identifier.

                                            Alternate NamesuserId
                                            Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                            132. AuditEvent.agent:dlg.altId
                                            Definition

                                            Alternative agent Identifier. For a human, this should be a user identifier text string from authentication system. This identifier would be one known to a common authentication system (e.g. single sign-on), if available.

                                            ShortAlternative User identity
                                            Control0..1
                                            Typestring
                                            Is Modifierfalse
                                            Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                            Summaryfalse
                                            Requirements

                                            In some situations, a human user may authenticate with one identity but, to access a specific application system, may use a synonymous identify. For example, some "single sign on" implementations will do this. The alternative identifier would then be the original identify used for authentication, and the User ID is the one known to and used by the application.

                                            Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                            134. AuditEvent.agent:dlg.name
                                            Definition

                                            Human-meaningful name for the agent.

                                            ShortHuman friendly name for the agent
                                            Control0..0
                                            Typestring
                                            Is Modifierfalse
                                            Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                            Summaryfalse
                                            Requirements

                                            The User ID and Authorization User ID may be internal or otherwise obscure values. This field assists the auditor in identifying the actual user.

                                            Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                            136. AuditEvent.agent:dlg.requestor
                                            Definition

                                            Indicator that the user is or is not the requestor, or initiator, for the event being audited.

                                            ShortWhether user is initiator
                                            Comments

                                            There can only be one initiator. If the initiator is not clear, then do not choose any one agent as the initiator.

                                            Control1..1
                                            Typeboolean
                                            Is Modifierfalse
                                            Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                            Summarytrue
                                            Requirements

                                            This value is used to distinguish between requestor-users and recipient-users. For example, one person may initiate a report-output to be sent to another user.

                                            Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                            138. AuditEvent.agent:dlg.location
                                            Definition

                                            Where the event occurred.

                                            ShortWhere
                                            Control0..1
                                            TypeReference(Location)
                                            Is Modifierfalse
                                            Summaryfalse
                                            Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                            140. AuditEvent.agent:dlg.policy
                                            Definition

                                            The policy or plan that authorized the activity being recorded. Typically, a single activity may have multiple applicable policies, such as patient consent, guarantor funding, etc. The policy would also indicate the security token used.

                                            ShortPolicy that authorized event
                                            Comments

                                            For example: Where an OAuth token authorizes, the unique identifier from the OAuth token is placed into the policy element Where a policy engine (e.g. XACML) holds policy logic, the unique policy identifier is placed into the policy element.

                                            Control0..*
                                            Typeuri
                                            Is Modifierfalse
                                            Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                            Summaryfalse
                                            Requirements

                                            This value is used retrospectively to determine the authorization policies.

                                            Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                            142. AuditEvent.agent:dlg.media
                                            Definition

                                            Type of media involved. Used when the event is about exporting/importing onto media.

                                            ShortType of media
                                            Control0..1
                                            BindingUnless not suitable, these codes SHALL be taken from MediaTypeCode
                                            (extensible to http://hl7.org/fhir/ValueSet/dicm-405-mediatype)

                                            Used when the event is about exporting/importing onto media.

                                            TypeCoding
                                            Is Modifierfalse
                                            Summaryfalse
                                            Requirements

                                            Usually, this is used instead of specifying a network address. This field is not used for Media Id (i.e. the serial number of a CD).

                                            Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                            144. AuditEvent.agent:dlg.network
                                            Definition

                                            Logical network location for application activity, if the activity has a network location.

                                            ShortLogical network location for application activity
                                            Control0..1
                                            TypeBackboneElement
                                            Is Modifierfalse
                                            Summaryfalse
                                            Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                            146. AuditEvent.agent:dlg.network.id
                                            Definition

                                            Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                                            ShortUnique id for inter-element referencing
                                            Control0..1
                                            Typestring
                                            Is Modifierfalse
                                            XML FormatIn the XML format, this property is represented as an attribute.
                                            Summaryfalse
                                            148. AuditEvent.agent:dlg.network.extension
                                            Definition

                                            May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                                            ShortAdditional content defined by implementations
                                            Comments

                                            There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                            Control0..*
                                            TypeExtension
                                            Is Modifierfalse
                                            Summaryfalse
                                            Alternate Namesextensions, user content
                                            Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                            ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                            150. AuditEvent.agent:dlg.network.modifierExtension
                                            Definition

                                            May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                            Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                            ShortExtensions that cannot be ignored even if unrecognized
                                            Comments

                                            There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                            Control0..*
                                            TypeExtension
                                            Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                            Summarytrue
                                            Requirements

                                            Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                            Alternate Namesextensions, user content, modifiers
                                            Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                            ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                            152. AuditEvent.agent:dlg.network.address
                                            Definition

                                            An identifier for the network access point of the user device for the audit event.

                                            ShortIdentifier for the network access point of the user device
                                            Comments

                                            This could be a device id, IP address or some other identifier associated with a device.

                                            Control0..1
                                            Typestring
                                            Is Modifierfalse
                                            Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                            Summaryfalse
                                            Requirements

                                            This datum identifies the user's network access point, which may be distinct from the server that performed the action. It is an optional value that may be used to group events recorded on separate servers for analysis of a specific network access point's data access across all servers.

                                            Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                            154. AuditEvent.agent:dlg.network.type
                                            Definition

                                            An identifier for the type of network access point that originated the audit event.

                                            ShortThe type of network access point
                                            Control0..1
                                            BindingThe codes SHALL be taken from AuditEventAgentNetworkType
                                            (required to http://hl7.org/fhir/ValueSet/network-type|4.0.1)

                                            The type of network access point of this agent in the audit event.

                                            Typecode
                                            Is Modifierfalse
                                            Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                            Summaryfalse
                                            Requirements

                                            This datum identifies the type of network access point identifier of the user device for the audit event. It is an optional value that may be used to group events recorded on separate servers for analysis of access according to a network access point's type.

                                            Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                            156. AuditEvent.agent:dlg.purposeOfUse
                                            Definition

                                            The reason (purpose of use), specific to this agent, that was used during the event being recorded.

                                            ShortReason given for this user
                                            Comments

                                            Use AuditEvent.agent.purposeOfUse when you know that is specific to the agent, otherwise use AuditEvent.purposeOfEvent. For example, during a machine-to-machine transfer it might not be obvious to the audit system who caused the event, but it does know why.

                                            Control0..*
                                            BindingUnless not suitable, these codes SHALL be taken from PurposeOfUse
                                            (extensible to http://terminology.hl7.org/ValueSet/v3-PurposeOfUse)

                                            The reason the activity took place.

                                            TypeCodeableConcept
                                            Is Modifierfalse
                                            Summaryfalse
                                            Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                            158. AuditEvent.agent:caregiver
                                            Slice Namecaregiver
                                            Definition

                                            An actor taking an active role in the event or activity that is logged.

                                            ShortThe Caregiver accessing a child's records
                                            Comments

                                            Several agents may be associated (i.e. have some responsibility for an activity) with an event or activity.

                                            For example, an activity may be initiated by one user for other users or involve more than one user. However, only one user may be the initiator/requestor for the activity.

                                            Control0..1
                                            TypeBackboneElement
                                            Is Modifierfalse
                                            Summaryfalse
                                            Requirements

                                            An agent can be a person, an organization, software, device, or other actors that may be ascribed responsibility.

                                            Alternate NamesActiveParticipant
                                            Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                            160. AuditEvent.agent:caregiver.id
                                            Definition

                                            Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                                            ShortUnique id for inter-element referencing
                                            Control0..1
                                            Typestring
                                            Is Modifierfalse
                                            XML FormatIn the XML format, this property is represented as an attribute.
                                            Summaryfalse
                                            162. AuditEvent.agent:caregiver.extension
                                            Definition

                                            An Extension

                                            ShortExtension
                                            Control0..*
                                            TypeExtension
                                            Is Modifierfalse
                                            Summaryfalse
                                            Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                            ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                            SlicingThis element introduces a set of slices on AuditEvent.agent.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
                                            • value @ url
                                            • 164. AuditEvent.agent:caregiver.extension:additionalAgentDetails
                                              Slice NameadditionalAgentDetails
                                              Definition

                                              This extension stores detailed information about the agent

                                              ShortAuditEvent.Agent additional details
                                              Control0..1
                                              This element is affected by the following invariants: ele-1
                                              TypeExtension(AuditEvent.Agent additional details) (Complex Extension)
                                              Is Modifierfalse
                                              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                              ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                              166. AuditEvent.agent:caregiver.modifierExtension
                                              Definition

                                              May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                              Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                              ShortExtensions that cannot be ignored even if unrecognized
                                              Comments

                                              There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                              Control0..*
                                              TypeExtension
                                              Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                              Summarytrue
                                              Requirements

                                              Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                              Alternate Namesextensions, user content, modifiers
                                              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                              ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                              168. AuditEvent.agent:caregiver.type
                                              Definition

                                              Specification of the participation type the user plays when performing the event.

                                              ShortHow agent participated
                                              Control0..1
                                              BindingUnless not suitable, these codes SHALL be taken from ParticipationRoleType
                                              (extensible to http://hl7.org/fhir/ValueSet/participation-role-type)

                                              The Participation type of the agent to the event.

                                              TypeCodeableConcept
                                              Is Modifierfalse
                                              Summaryfalse
                                              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                              170. AuditEvent.agent:caregiver.role
                                              Definition

                                              The security role that the user was acting under, that come from local codes defined by the access control security system (e.g. RBAC, ABAC) used in the local context.

                                              ShortAgent role in the event
                                              Comments

                                              Should be roles relevant to the event. Should not be an exhaustive list of roles.

                                              Control1..1
                                              BindingFor example codes, see SecurityRoleType
                                              (example to http://hl7.org/fhir/ValueSet/security-role-type)

                                              What security role enabled the agent to participate in the event.

                                              TypeCodeableConcept
                                              Is Modifierfalse
                                              Summaryfalse
                                              Requirements

                                              This value ties an audited event to a user's role(s). It is an optional value that might be used to group events for analysis by user functional role categories.

                                              Pattern Value{
                                                "coding" : [{
                                                  "system" : "http://terminology.hl7.org/CodeSystem/v3-ParticipationFunction",
                                                  "code" : "AUCG"
                                                }]
                                              }
                                              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                              172. AuditEvent.agent:caregiver.who
                                              Definition

                                              Reference to who this agent is that was involved in the event.

                                              ShortIdentifier of who
                                              Comments

                                              Where a User ID is available it will go into who.identifier.

                                              Control0..1
                                              TypeReference(PractitionerRole, Practitioner, Organization, Device, Patient, RelatedPerson)
                                              Is Modifierfalse
                                              Summarytrue
                                              Requirements

                                              This field ties an audit event to a specific resource or identifier.

                                              Alternate NamesuserId
                                              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                              174. AuditEvent.agent:caregiver.altId
                                              Definition

                                              Alternative agent Identifier. For a human, this should be a user identifier text string from authentication system. This identifier would be one known to a common authentication system (e.g. single sign-on), if available.

                                              ShortAlternative User identity
                                              Control0..1
                                              Typestring
                                              Is Modifierfalse
                                              Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                              Summaryfalse
                                              Requirements

                                              In some situations, a human user may authenticate with one identity but, to access a specific application system, may use a synonymous identify. For example, some "single sign on" implementations will do this. The alternative identifier would then be the original identify used for authentication, and the User ID is the one known to and used by the application.

                                              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                              176. AuditEvent.agent:caregiver.name
                                              Definition

                                              Human-meaningful name for the agent.

                                              ShortHuman friendly name for the agent
                                              Control0..0
                                              Typestring
                                              Is Modifierfalse
                                              Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                              Summaryfalse
                                              Requirements

                                              The User ID and Authorization User ID may be internal or otherwise obscure values. This field assists the auditor in identifying the actual user.

                                              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                              178. AuditEvent.agent:caregiver.requestor
                                              Definition

                                              Indicator that the user is or is not the requestor, or initiator, for the event being audited.

                                              ShortWhether user is initiator
                                              Comments

                                              There can only be one initiator. If the initiator is not clear, then do not choose any one agent as the initiator.

                                              Control1..1
                                              Typeboolean
                                              Is Modifierfalse
                                              Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                              Summarytrue
                                              Requirements

                                              This value is used to distinguish between requestor-users and recipient-users. For example, one person may initiate a report-output to be sent to another user.

                                              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                              180. AuditEvent.agent:caregiver.location
                                              Definition

                                              Where the event occurred.

                                              ShortWhere
                                              Control0..1
                                              TypeReference(Location)
                                              Is Modifierfalse
                                              Summaryfalse
                                              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                              182. AuditEvent.agent:caregiver.policy
                                              Definition

                                              The policy or plan that authorized the activity being recorded. Typically, a single activity may have multiple applicable policies, such as patient consent, guarantor funding, etc. The policy would also indicate the security token used.

                                              ShortPolicy that authorized event
                                              Comments

                                              For example: Where an OAuth token authorizes, the unique identifier from the OAuth token is placed into the policy element Where a policy engine (e.g. XACML) holds policy logic, the unique policy identifier is placed into the policy element.

                                              Control0..*
                                              Typeuri
                                              Is Modifierfalse
                                              Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                              Summaryfalse
                                              Requirements

                                              This value is used retrospectively to determine the authorization policies.

                                              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                              184. AuditEvent.agent:caregiver.media
                                              Definition

                                              Type of media involved. Used when the event is about exporting/importing onto media.

                                              ShortType of media
                                              Control0..1
                                              BindingUnless not suitable, these codes SHALL be taken from MediaTypeCode
                                              (extensible to http://hl7.org/fhir/ValueSet/dicm-405-mediatype)

                                              Used when the event is about exporting/importing onto media.

                                              TypeCoding
                                              Is Modifierfalse
                                              Summaryfalse
                                              Requirements

                                              Usually, this is used instead of specifying a network address. This field is not used for Media Id (i.e. the serial number of a CD).

                                              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                              186. AuditEvent.agent:caregiver.network
                                              Definition

                                              Logical network location for application activity, if the activity has a network location.

                                              ShortLogical network location for application activity
                                              Control0..1
                                              TypeBackboneElement
                                              Is Modifierfalse
                                              Summaryfalse
                                              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                              188. AuditEvent.agent:caregiver.network.id
                                              Definition

                                              Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                                              ShortUnique id for inter-element referencing
                                              Control0..1
                                              Typestring
                                              Is Modifierfalse
                                              XML FormatIn the XML format, this property is represented as an attribute.
                                              Summaryfalse
                                              190. AuditEvent.agent:caregiver.network.extension
                                              Definition

                                              May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                                              ShortAdditional content defined by implementations
                                              Comments

                                              There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                              Control0..*
                                              TypeExtension
                                              Is Modifierfalse
                                              Summaryfalse
                                              Alternate Namesextensions, user content
                                              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                              ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                              192. AuditEvent.agent:caregiver.network.modifierExtension
                                              Definition

                                              May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                              Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                              ShortExtensions that cannot be ignored even if unrecognized
                                              Comments

                                              There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                              Control0..*
                                              TypeExtension
                                              Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                              Summarytrue
                                              Requirements

                                              Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                              Alternate Namesextensions, user content, modifiers
                                              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                              ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                              194. AuditEvent.agent:caregiver.network.address
                                              Definition

                                              An identifier for the network access point of the user device for the audit event.

                                              ShortIdentifier for the network access point of the user device
                                              Comments

                                              This could be a device id, IP address or some other identifier associated with a device.

                                              Control0..1
                                              Typestring
                                              Is Modifierfalse
                                              Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                              Summaryfalse
                                              Requirements

                                              This datum identifies the user's network access point, which may be distinct from the server that performed the action. It is an optional value that may be used to group events recorded on separate servers for analysis of a specific network access point's data access across all servers.

                                              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                              196. AuditEvent.agent:caregiver.network.type
                                              Definition

                                              An identifier for the type of network access point that originated the audit event.

                                              ShortThe type of network access point
                                              Control0..1
                                              BindingThe codes SHALL be taken from AuditEventAgentNetworkType
                                              (required to http://hl7.org/fhir/ValueSet/network-type|4.0.1)

                                              The type of network access point of this agent in the audit event.

                                              Typecode
                                              Is Modifierfalse
                                              Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                              Summaryfalse
                                              Requirements

                                              This datum identifies the type of network access point identifier of the user device for the audit event. It is an optional value that may be used to group events recorded on separate servers for analysis of access according to a network access point's type.

                                              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                              198. AuditEvent.agent:caregiver.purposeOfUse
                                              Definition

                                              The reason (purpose of use), specific to this agent, that was used during the event being recorded.

                                              ShortReason given for this user
                                              Comments

                                              Use AuditEvent.agent.purposeOfUse when you know that is specific to the agent, otherwise use AuditEvent.purposeOfEvent. For example, during a machine-to-machine transfer it might not be obvious to the audit system who caused the event, but it does know why.

                                              Control0..*
                                              BindingUnless not suitable, these codes SHALL be taken from PurposeOfUse
                                              (extensible to http://terminology.hl7.org/ValueSet/v3-PurposeOfUse)

                                              The reason the activity took place.

                                              TypeCodeableConcept
                                              Is Modifierfalse
                                              Summaryfalse
                                              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                              200. AuditEvent.agent:delegatee
                                              Slice Namedelegatee
                                              Definition

                                              An actor taking an active role in the event or activity that is logged.

                                              ShortA Delegate accessing a patient's records on their behalf
                                              Comments

                                              Several agents may be associated (i.e. have some responsibility for an activity) with an event or activity.

                                              For example, an activity may be initiated by one user for other users or involve more than one user. However, only one user may be the initiator/requestor for the activity.

                                              Control0..1
                                              TypeBackboneElement
                                              Is Modifierfalse
                                              Summaryfalse
                                              Requirements

                                              An agent can be a person, an organization, software, device, or other actors that may be ascribed responsibility.

                                              Alternate NamesActiveParticipant
                                              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                              202. AuditEvent.agent:delegatee.id
                                              Definition

                                              Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                                              ShortUnique id for inter-element referencing
                                              Control0..1
                                              Typestring
                                              Is Modifierfalse
                                              XML FormatIn the XML format, this property is represented as an attribute.
                                              Summaryfalse
                                              204. AuditEvent.agent:delegatee.extension
                                              Definition

                                              An Extension

                                              ShortExtension
                                              Control0..*
                                              TypeExtension
                                              Is Modifierfalse
                                              Summaryfalse
                                              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                              ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                              SlicingThis element introduces a set of slices on AuditEvent.agent.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
                                              • value @ url
                                              • 206. AuditEvent.agent:delegatee.extension:additionalAgentDetails
                                                Slice NameadditionalAgentDetails
                                                Definition

                                                This extension stores detailed information about the agent

                                                ShortAuditEvent.Agent additional details
                                                Control0..1
                                                This element is affected by the following invariants: ele-1
                                                TypeExtension(AuditEvent.Agent additional details) (Complex Extension)
                                                Is Modifierfalse
                                                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                208. AuditEvent.agent:delegatee.modifierExtension
                                                Definition

                                                May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                                Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                                ShortExtensions that cannot be ignored even if unrecognized
                                                Comments

                                                There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                Control0..*
                                                TypeExtension
                                                Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                                Summarytrue
                                                Requirements

                                                Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                                Alternate Namesextensions, user content, modifiers
                                                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                210. AuditEvent.agent:delegatee.type
                                                Definition

                                                Specification of the participation type the user plays when performing the event.

                                                ShortHow agent participated
                                                Control0..1
                                                BindingUnless not suitable, these codes SHALL be taken from ParticipationRoleType
                                                (extensible to http://hl7.org/fhir/ValueSet/participation-role-type)

                                                The Participation type of the agent to the event.

                                                TypeCodeableConcept
                                                Is Modifierfalse
                                                Summaryfalse
                                                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                212. AuditEvent.agent:delegatee.role
                                                Definition

                                                The security role that the user was acting under, that come from local codes defined by the access control security system (e.g. RBAC, ABAC) used in the local context.

                                                ShortAgent role in the event
                                                Comments

                                                Should be roles relevant to the event. Should not be an exhaustive list of roles.

                                                Control1..1
                                                BindingFor example codes, see SecurityRoleType
                                                (example to http://hl7.org/fhir/ValueSet/security-role-type)

                                                What security role enabled the agent to participate in the event.

                                                TypeCodeableConcept
                                                Is Modifierfalse
                                                Summaryfalse
                                                Requirements

                                                This value ties an audited event to a user's role(s). It is an optional value that might be used to group events for analysis by user functional role categories.

                                                Pattern Value{
                                                  "coding" : [{
                                                    "system" : "https://terminology.hl7.org/CodeSystem/v3-RoleCode",
                                                    "code" : "DELEGATEE"
                                                  }]
                                                }
                                                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                214. AuditEvent.agent:delegatee.who
                                                Definition

                                                Reference to who this agent is that was involved in the event.

                                                ShortIdentifier of who
                                                Comments

                                                Where a User ID is available it will go into who.identifier.

                                                Control0..1
                                                TypeReference(PractitionerRole, Practitioner, Organization, Device, Patient, RelatedPerson)
                                                Is Modifierfalse
                                                Summarytrue
                                                Requirements

                                                This field ties an audit event to a specific resource or identifier.

                                                Alternate NamesuserId
                                                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                216. AuditEvent.agent:delegatee.altId
                                                Definition

                                                Alternative agent Identifier. For a human, this should be a user identifier text string from authentication system. This identifier would be one known to a common authentication system (e.g. single sign-on), if available.

                                                ShortAlternative User identity
                                                Control0..1
                                                Typestring
                                                Is Modifierfalse
                                                Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                Summaryfalse
                                                Requirements

                                                In some situations, a human user may authenticate with one identity but, to access a specific application system, may use a synonymous identify. For example, some "single sign on" implementations will do this. The alternative identifier would then be the original identify used for authentication, and the User ID is the one known to and used by the application.

                                                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                218. AuditEvent.agent:delegatee.name
                                                Definition

                                                Human-meaningful name for the agent.

                                                ShortHuman friendly name for the agent
                                                Control0..0
                                                Typestring
                                                Is Modifierfalse
                                                Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                Summaryfalse
                                                Requirements

                                                The User ID and Authorization User ID may be internal or otherwise obscure values. This field assists the auditor in identifying the actual user.

                                                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                220. AuditEvent.agent:delegatee.requestor
                                                Definition

                                                Indicator that the user is or is not the requestor, or initiator, for the event being audited.

                                                ShortWhether user is initiator
                                                Comments

                                                There can only be one initiator. If the initiator is not clear, then do not choose any one agent as the initiator.

                                                Control1..1
                                                Typeboolean
                                                Is Modifierfalse
                                                Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                Summarytrue
                                                Requirements

                                                This value is used to distinguish between requestor-users and recipient-users. For example, one person may initiate a report-output to be sent to another user.

                                                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                222. AuditEvent.agent:delegatee.location
                                                Definition

                                                Where the event occurred.

                                                ShortWhere
                                                Control0..1
                                                TypeReference(Location)
                                                Is Modifierfalse
                                                Summaryfalse
                                                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                224. AuditEvent.agent:delegatee.policy
                                                Definition

                                                The policy or plan that authorized the activity being recorded. Typically, a single activity may have multiple applicable policies, such as patient consent, guarantor funding, etc. The policy would also indicate the security token used.

                                                ShortPolicy that authorized event
                                                Comments

                                                For example: Where an OAuth token authorizes, the unique identifier from the OAuth token is placed into the policy element Where a policy engine (e.g. XACML) holds policy logic, the unique policy identifier is placed into the policy element.

                                                Control0..*
                                                Typeuri
                                                Is Modifierfalse
                                                Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                Summaryfalse
                                                Requirements

                                                This value is used retrospectively to determine the authorization policies.

                                                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                226. AuditEvent.agent:delegatee.media
                                                Definition

                                                Type of media involved. Used when the event is about exporting/importing onto media.

                                                ShortType of media
                                                Control0..1
                                                BindingUnless not suitable, these codes SHALL be taken from MediaTypeCode
                                                (extensible to http://hl7.org/fhir/ValueSet/dicm-405-mediatype)

                                                Used when the event is about exporting/importing onto media.

                                                TypeCoding
                                                Is Modifierfalse
                                                Summaryfalse
                                                Requirements

                                                Usually, this is used instead of specifying a network address. This field is not used for Media Id (i.e. the serial number of a CD).

                                                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                228. AuditEvent.agent:delegatee.network
                                                Definition

                                                Logical network location for application activity, if the activity has a network location.

                                                ShortLogical network location for application activity
                                                Control0..1
                                                TypeBackboneElement
                                                Is Modifierfalse
                                                Summaryfalse
                                                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                230. AuditEvent.agent:delegatee.network.id
                                                Definition

                                                Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                                                ShortUnique id for inter-element referencing
                                                Control0..1
                                                Typestring
                                                Is Modifierfalse
                                                XML FormatIn the XML format, this property is represented as an attribute.
                                                Summaryfalse
                                                232. AuditEvent.agent:delegatee.network.extension
                                                Definition

                                                May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                                                ShortAdditional content defined by implementations
                                                Comments

                                                There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                Control0..*
                                                TypeExtension
                                                Is Modifierfalse
                                                Summaryfalse
                                                Alternate Namesextensions, user content
                                                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                234. AuditEvent.agent:delegatee.network.modifierExtension
                                                Definition

                                                May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                                Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                                ShortExtensions that cannot be ignored even if unrecognized
                                                Comments

                                                There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                Control0..*
                                                TypeExtension
                                                Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                                Summarytrue
                                                Requirements

                                                Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                                Alternate Namesextensions, user content, modifiers
                                                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                236. AuditEvent.agent:delegatee.network.address
                                                Definition

                                                An identifier for the network access point of the user device for the audit event.

                                                ShortIdentifier for the network access point of the user device
                                                Comments

                                                This could be a device id, IP address or some other identifier associated with a device.

                                                Control0..1
                                                Typestring
                                                Is Modifierfalse
                                                Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                Summaryfalse
                                                Requirements

                                                This datum identifies the user's network access point, which may be distinct from the server that performed the action. It is an optional value that may be used to group events recorded on separate servers for analysis of a specific network access point's data access across all servers.

                                                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                238. AuditEvent.agent:delegatee.network.type
                                                Definition

                                                An identifier for the type of network access point that originated the audit event.

                                                ShortThe type of network access point
                                                Control0..1
                                                BindingThe codes SHALL be taken from AuditEventAgentNetworkType
                                                (required to http://hl7.org/fhir/ValueSet/network-type|4.0.1)

                                                The type of network access point of this agent in the audit event.

                                                Typecode
                                                Is Modifierfalse
                                                Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                Summaryfalse
                                                Requirements

                                                This datum identifies the type of network access point identifier of the user device for the audit event. It is an optional value that may be used to group events recorded on separate servers for analysis of access according to a network access point's type.

                                                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                240. AuditEvent.agent:delegatee.purposeOfUse
                                                Definition

                                                The reason (purpose of use), specific to this agent, that was used during the event being recorded.

                                                ShortReason given for this user
                                                Comments

                                                Use AuditEvent.agent.purposeOfUse when you know that is specific to the agent, otherwise use AuditEvent.purposeOfEvent. For example, during a machine-to-machine transfer it might not be obvious to the audit system who caused the event, but it does know why.

                                                Control0..*
                                                BindingUnless not suitable, these codes SHALL be taken from PurposeOfUse
                                                (extensible to http://terminology.hl7.org/ValueSet/v3-PurposeOfUse)

                                                The reason the activity took place.

                                                TypeCodeableConcept
                                                Is Modifierfalse
                                                Summaryfalse
                                                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                242. AuditEvent.agent:healthworkforce
                                                Slice Namehealthworkforce
                                                Definition

                                                An actor taking an active role in the event or activity that is logged.

                                                ShortA member of the Health Workforce accessing patient records
                                                Comments

                                                Several agents may be associated (i.e. have some responsibility for an activity) with an event or activity.

                                                For example, an activity may be initiated by one user for other users or involve more than one user. However, only one user may be the initiator/requestor for the activity.

                                                Control0..1
                                                TypeBackboneElement
                                                Is Modifierfalse
                                                Summaryfalse
                                                Requirements

                                                An agent can be a person, an organization, software, device, or other actors that may be ascribed responsibility.

                                                Alternate NamesActiveParticipant
                                                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                244. AuditEvent.agent:healthworkforce.id
                                                Definition

                                                Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                                                ShortUnique id for inter-element referencing
                                                Control0..1
                                                Typestring
                                                Is Modifierfalse
                                                XML FormatIn the XML format, this property is represented as an attribute.
                                                Summaryfalse
                                                246. AuditEvent.agent:healthworkforce.extension
                                                Definition

                                                An Extension

                                                ShortExtension
                                                Control0..*
                                                TypeExtension
                                                Is Modifierfalse
                                                Summaryfalse
                                                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                SlicingThis element introduces a set of slices on AuditEvent.agent.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
                                                • value @ url
                                                • 248. AuditEvent.agent:healthworkforce.extension:additionalAgentDetails
                                                  Slice NameadditionalAgentDetails
                                                  Definition

                                                  This extension stores detailed information about the agent

                                                  ShortAuditEvent.Agent additional details
                                                  Control0..1
                                                  This element is affected by the following invariants: ele-1
                                                  TypeExtension(AuditEvent.Agent additional details) (Complex Extension)
                                                  Is Modifierfalse
                                                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                  ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                  250. AuditEvent.agent:healthworkforce.modifierExtension
                                                  Definition

                                                  May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                                  Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                                  ShortExtensions that cannot be ignored even if unrecognized
                                                  Comments

                                                  There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                  Control0..*
                                                  TypeExtension
                                                  Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                                  Summarytrue
                                                  Requirements

                                                  Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                                  Alternate Namesextensions, user content, modifiers
                                                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                  ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                  252. AuditEvent.agent:healthworkforce.type
                                                  Definition

                                                  Specification of the participation type the user plays when performing the event.

                                                  ShortHow agent participated
                                                  Control0..1
                                                  BindingUnless not suitable, these codes SHALL be taken from ParticipationRoleType
                                                  (extensible to http://hl7.org/fhir/ValueSet/participation-role-type)

                                                  The Participation type of the agent to the event.

                                                  TypeCodeableConcept
                                                  Is Modifierfalse
                                                  Summaryfalse
                                                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                  254. AuditEvent.agent:healthworkforce.role
                                                  Definition

                                                  The security role that the user was acting under, that come from local codes defined by the access control security system (e.g. RBAC, ABAC) used in the local context.

                                                  ShortAgent role in the event
                                                  Comments

                                                  Should be roles relevant to the event. Should not be an exhaustive list of roles.

                                                  Control1..1
                                                  BindingFor example codes, see SecurityRoleType
                                                  (example to http://hl7.org/fhir/ValueSet/security-role-type)

                                                  What security role enabled the agent to participate in the event.

                                                  TypeCodeableConcept
                                                  Is Modifierfalse
                                                  Summaryfalse
                                                  Requirements

                                                  This value ties an audited event to a user's role(s). It is an optional value that might be used to group events for analysis by user functional role categories.

                                                  Pattern Value{
                                                    "coding" : [{
                                                      "system" : "https://terminology.hl7.org/CodeSystem/v3-RoleClass",
                                                      "code" : "PROV"
                                                    }]
                                                  }
                                                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                  256. AuditEvent.agent:healthworkforce.who
                                                  Definition

                                                  Reference to who this agent is that was involved in the event.

                                                  ShortIdentifier of who
                                                  Comments

                                                  Where a User ID is available it will go into who.identifier.

                                                  Control0..1
                                                  TypeReference(PractitionerRole, Practitioner, Organization, Device, Patient, RelatedPerson)
                                                  Is Modifierfalse
                                                  Summarytrue
                                                  Requirements

                                                  This field ties an audit event to a specific resource or identifier.

                                                  Alternate NamesuserId
                                                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                  258. AuditEvent.agent:healthworkforce.altId
                                                  Definition

                                                  Alternative agent Identifier. For a human, this should be a user identifier text string from authentication system. This identifier would be one known to a common authentication system (e.g. single sign-on), if available.

                                                  ShortAlternative User identity
                                                  Control0..1
                                                  Typestring
                                                  Is Modifierfalse
                                                  Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                  Summaryfalse
                                                  Requirements

                                                  In some situations, a human user may authenticate with one identity but, to access a specific application system, may use a synonymous identify. For example, some "single sign on" implementations will do this. The alternative identifier would then be the original identify used for authentication, and the User ID is the one known to and used by the application.

                                                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                  260. AuditEvent.agent:healthworkforce.name
                                                  Definition

                                                  Human-meaningful name for the agent.

                                                  ShortHuman friendly name for the agent
                                                  Control0..1
                                                  Typestring
                                                  Is Modifierfalse
                                                  Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                  Summaryfalse
                                                  Requirements

                                                  The User ID and Authorization User ID may be internal or otherwise obscure values. This field assists the auditor in identifying the actual user.

                                                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                  262. AuditEvent.agent:healthworkforce.requestor
                                                  Definition

                                                  Indicator that the user is or is not the requestor, or initiator, for the event being audited.

                                                  ShortWhether user is initiator
                                                  Comments

                                                  There can only be one initiator. If the initiator is not clear, then do not choose any one agent as the initiator.

                                                  Control1..1
                                                  Typeboolean
                                                  Is Modifierfalse
                                                  Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                  Summarytrue
                                                  Requirements

                                                  This value is used to distinguish between requestor-users and recipient-users. For example, one person may initiate a report-output to be sent to another user.

                                                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                  264. AuditEvent.agent:healthworkforce.location
                                                  Definition

                                                  Where the event occurred.

                                                  ShortWhere
                                                  Control0..1
                                                  TypeReference(Location)
                                                  Is Modifierfalse
                                                  Summaryfalse
                                                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                  266. AuditEvent.agent:healthworkforce.policy
                                                  Definition

                                                  The policy or plan that authorized the activity being recorded. Typically, a single activity may have multiple applicable policies, such as patient consent, guarantor funding, etc. The policy would also indicate the security token used.

                                                  ShortPolicy that authorized event
                                                  Comments

                                                  For example: Where an OAuth token authorizes, the unique identifier from the OAuth token is placed into the policy element Where a policy engine (e.g. XACML) holds policy logic, the unique policy identifier is placed into the policy element.

                                                  Control0..*
                                                  Typeuri
                                                  Is Modifierfalse
                                                  Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                  Summaryfalse
                                                  Requirements

                                                  This value is used retrospectively to determine the authorization policies.

                                                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                  268. AuditEvent.agent:healthworkforce.media
                                                  Definition

                                                  Type of media involved. Used when the event is about exporting/importing onto media.

                                                  ShortType of media
                                                  Control0..1
                                                  BindingUnless not suitable, these codes SHALL be taken from MediaTypeCode
                                                  (extensible to http://hl7.org/fhir/ValueSet/dicm-405-mediatype)

                                                  Used when the event is about exporting/importing onto media.

                                                  TypeCoding
                                                  Is Modifierfalse
                                                  Summaryfalse
                                                  Requirements

                                                  Usually, this is used instead of specifying a network address. This field is not used for Media Id (i.e. the serial number of a CD).

                                                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                  270. AuditEvent.agent:healthworkforce.network
                                                  Definition

                                                  Logical network location for application activity, if the activity has a network location.

                                                  ShortLogical network location for application activity
                                                  Control0..1
                                                  TypeBackboneElement
                                                  Is Modifierfalse
                                                  Summaryfalse
                                                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                  272. AuditEvent.agent:healthworkforce.network.id
                                                  Definition

                                                  Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                                                  ShortUnique id for inter-element referencing
                                                  Control0..1
                                                  Typestring
                                                  Is Modifierfalse
                                                  XML FormatIn the XML format, this property is represented as an attribute.
                                                  Summaryfalse
                                                  274. AuditEvent.agent:healthworkforce.network.extension
                                                  Definition

                                                  May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                                                  ShortAdditional content defined by implementations
                                                  Comments

                                                  There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                  Control0..*
                                                  TypeExtension
                                                  Is Modifierfalse
                                                  Summaryfalse
                                                  Alternate Namesextensions, user content
                                                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                  ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                  276. AuditEvent.agent:healthworkforce.network.modifierExtension
                                                  Definition

                                                  May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                                  Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                                  ShortExtensions that cannot be ignored even if unrecognized
                                                  Comments

                                                  There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                  Control0..*
                                                  TypeExtension
                                                  Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                                  Summarytrue
                                                  Requirements

                                                  Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                                  Alternate Namesextensions, user content, modifiers
                                                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                  ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                  278. AuditEvent.agent:healthworkforce.network.address
                                                  Definition

                                                  An identifier for the network access point of the user device for the audit event.

                                                  ShortIdentifier for the network access point of the user device
                                                  Comments

                                                  This could be a device id, IP address or some other identifier associated with a device.

                                                  Control0..1
                                                  Typestring
                                                  Is Modifierfalse
                                                  Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                  Summaryfalse
                                                  Requirements

                                                  This datum identifies the user's network access point, which may be distinct from the server that performed the action. It is an optional value that may be used to group events recorded on separate servers for analysis of a specific network access point's data access across all servers.

                                                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                  280. AuditEvent.agent:healthworkforce.network.type
                                                  Definition

                                                  An identifier for the type of network access point that originated the audit event.

                                                  ShortThe type of network access point
                                                  Control0..1
                                                  BindingThe codes SHALL be taken from AuditEventAgentNetworkType
                                                  (required to http://hl7.org/fhir/ValueSet/network-type|4.0.1)

                                                  The type of network access point of this agent in the audit event.

                                                  Typecode
                                                  Is Modifierfalse
                                                  Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                  Summaryfalse
                                                  Requirements

                                                  This datum identifies the type of network access point identifier of the user device for the audit event. It is an optional value that may be used to group events recorded on separate servers for analysis of access according to a network access point's type.

                                                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                  282. AuditEvent.agent:healthworkforce.purposeOfUse
                                                  Definition

                                                  The reason (purpose of use), specific to this agent, that was used during the event being recorded.

                                                  ShortReason given for this user
                                                  Comments

                                                  Use AuditEvent.agent.purposeOfUse when you know that is specific to the agent, otherwise use AuditEvent.purposeOfEvent. For example, during a machine-to-machine transfer it might not be obvious to the audit system who caused the event, but it does know why.

                                                  Control0..*
                                                  BindingUnless not suitable, these codes SHALL be taken from PurposeOfUse
                                                  (extensible to http://terminology.hl7.org/ValueSet/v3-PurposeOfUse)

                                                  The reason the activity took place.

                                                  TypeCodeableConcept
                                                  Is Modifierfalse
                                                  Summaryfalse
                                                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                  284. AuditEvent.agent:system
                                                  Slice Namesystem
                                                  Definition

                                                  An actor taking an active role in the event or activity that is logged.

                                                  ShortA system accessing Patient records
                                                  Comments

                                                  Several agents may be associated (i.e. have some responsibility for an activity) with an event or activity.

                                                  For example, an activity may be initiated by one user for other users or involve more than one user. However, only one user may be the initiator/requestor for the activity.

                                                  Control0..1
                                                  TypeBackboneElement
                                                  Is Modifierfalse
                                                  Summaryfalse
                                                  Requirements

                                                  An agent can be a person, an organization, software, device, or other actors that may be ascribed responsibility.

                                                  Alternate NamesActiveParticipant
                                                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                  286. AuditEvent.agent:system.id
                                                  Definition

                                                  Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                                                  ShortUnique id for inter-element referencing
                                                  Control0..1
                                                  Typestring
                                                  Is Modifierfalse
                                                  XML FormatIn the XML format, this property is represented as an attribute.
                                                  Summaryfalse
                                                  288. AuditEvent.agent:system.extension
                                                  Definition

                                                  An Extension

                                                  ShortExtension
                                                  Control0..*
                                                  TypeExtension
                                                  Is Modifierfalse
                                                  Summaryfalse
                                                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                  ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                  SlicingThis element introduces a set of slices on AuditEvent.agent.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
                                                  • value @ url
                                                  • 290. AuditEvent.agent:system.extension:additionalAgentDetails
                                                    Slice NameadditionalAgentDetails
                                                    Definition

                                                    This extension stores detailed information about the agent

                                                    ShortAuditEvent.Agent additional details
                                                    Control0..1
                                                    This element is affected by the following invariants: ele-1
                                                    TypeExtension(AuditEvent.Agent additional details) (Complex Extension)
                                                    Is Modifierfalse
                                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                    ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                    292. AuditEvent.agent:system.modifierExtension
                                                    Definition

                                                    May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                                    Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                                    ShortExtensions that cannot be ignored even if unrecognized
                                                    Comments

                                                    There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                    Control0..*
                                                    TypeExtension
                                                    Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                                    Summarytrue
                                                    Requirements

                                                    Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                                    Alternate Namesextensions, user content, modifiers
                                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                    ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                    294. AuditEvent.agent:system.type
                                                    Definition

                                                    Specification of the participation type the user plays when performing the event.

                                                    ShortHow agent participated
                                                    Control0..1
                                                    BindingUnless not suitable, these codes SHALL be taken from ParticipationRoleType
                                                    (extensible to http://hl7.org/fhir/ValueSet/participation-role-type)

                                                    The Participation type of the agent to the event.

                                                    TypeCodeableConcept
                                                    Is Modifierfalse
                                                    Summaryfalse
                                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                    296. AuditEvent.agent:system.role
                                                    Definition

                                                    The security role that the user was acting under, that come from local codes defined by the access control security system (e.g. RBAC, ABAC) used in the local context.

                                                    ShortAgent role in the event
                                                    Comments

                                                    Should be roles relevant to the event. Should not be an exhaustive list of roles.

                                                    Control1..1
                                                    BindingFor example codes, see SecurityRoleType
                                                    (example to http://hl7.org/fhir/ValueSet/security-role-type)

                                                    What security role enabled the agent to participate in the event.

                                                    TypeCodeableConcept
                                                    Is Modifierfalse
                                                    Summaryfalse
                                                    Requirements

                                                    This value ties an audited event to a user's role(s). It is an optional value that might be used to group events for analysis by user functional role categories.

                                                    Pattern Value{
                                                      "coding" : [{
                                                        "system" : "http://terminology.hl7.org/CodeSystem/extra-security-role-type",
                                                        "code" : "dataprocessor"
                                                      }]
                                                    }
                                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                    298. AuditEvent.agent:system.who
                                                    Definition

                                                    Reference to who this agent is that was involved in the event.

                                                    ShortIdentifier of who
                                                    Comments

                                                    Where a User ID is available it will go into who.identifier.

                                                    Control0..1
                                                    TypeReference(PractitionerRole, Practitioner, Organization, Device, Patient, RelatedPerson)
                                                    Is Modifierfalse
                                                    Summarytrue
                                                    Requirements

                                                    This field ties an audit event to a specific resource or identifier.

                                                    Alternate NamesuserId
                                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                    300. AuditEvent.agent:system.altId
                                                    Definition

                                                    Alternative agent Identifier. For a human, this should be a user identifier text string from authentication system. This identifier would be one known to a common authentication system (e.g. single sign-on), if available.

                                                    ShortAlternative User identity
                                                    Control0..1
                                                    Typestring
                                                    Is Modifierfalse
                                                    Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                    Summaryfalse
                                                    Requirements

                                                    In some situations, a human user may authenticate with one identity but, to access a specific application system, may use a synonymous identify. For example, some "single sign on" implementations will do this. The alternative identifier would then be the original identify used for authentication, and the User ID is the one known to and used by the application.

                                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                    302. AuditEvent.agent:system.name
                                                    Definition

                                                    Human-meaningful name for the agent.

                                                    ShortHuman friendly name for the agent
                                                    Control0..1
                                                    Typestring
                                                    Is Modifierfalse
                                                    Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                    Summaryfalse
                                                    Requirements

                                                    The User ID and Authorization User ID may be internal or otherwise obscure values. This field assists the auditor in identifying the actual user.

                                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                    304. AuditEvent.agent:system.requestor
                                                    Definition

                                                    Indicator that the user is or is not the requestor, or initiator, for the event being audited.

                                                    ShortWhether user is initiator
                                                    Comments

                                                    There can only be one initiator. If the initiator is not clear, then do not choose any one agent as the initiator.

                                                    Control1..1
                                                    Typeboolean
                                                    Is Modifierfalse
                                                    Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                    Summarytrue
                                                    Requirements

                                                    This value is used to distinguish between requestor-users and recipient-users. For example, one person may initiate a report-output to be sent to another user.

                                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                    306. AuditEvent.agent:system.location
                                                    Definition

                                                    Where the event occurred.

                                                    ShortWhere
                                                    Control0..1
                                                    TypeReference(Location)
                                                    Is Modifierfalse
                                                    Summaryfalse
                                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                    308. AuditEvent.agent:system.policy
                                                    Definition

                                                    The policy or plan that authorized the activity being recorded. Typically, a single activity may have multiple applicable policies, such as patient consent, guarantor funding, etc. The policy would also indicate the security token used.

                                                    ShortPolicy that authorized event
                                                    Comments

                                                    For example: Where an OAuth token authorizes, the unique identifier from the OAuth token is placed into the policy element Where a policy engine (e.g. XACML) holds policy logic, the unique policy identifier is placed into the policy element.

                                                    Control0..*
                                                    Typeuri
                                                    Is Modifierfalse
                                                    Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                    Summaryfalse
                                                    Requirements

                                                    This value is used retrospectively to determine the authorization policies.

                                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                    310. AuditEvent.agent:system.media
                                                    Definition

                                                    Type of media involved. Used when the event is about exporting/importing onto media.

                                                    ShortType of media
                                                    Control0..1
                                                    BindingUnless not suitable, these codes SHALL be taken from MediaTypeCode
                                                    (extensible to http://hl7.org/fhir/ValueSet/dicm-405-mediatype)

                                                    Used when the event is about exporting/importing onto media.

                                                    TypeCoding
                                                    Is Modifierfalse
                                                    Summaryfalse
                                                    Requirements

                                                    Usually, this is used instead of specifying a network address. This field is not used for Media Id (i.e. the serial number of a CD).

                                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                    312. AuditEvent.agent:system.network
                                                    Definition

                                                    Logical network location for application activity, if the activity has a network location.

                                                    ShortLogical network location for application activity
                                                    Control0..1
                                                    TypeBackboneElement
                                                    Is Modifierfalse
                                                    Summaryfalse
                                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                    314. AuditEvent.agent:system.network.id
                                                    Definition

                                                    Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                                                    ShortUnique id for inter-element referencing
                                                    Control0..1
                                                    Typestring
                                                    Is Modifierfalse
                                                    XML FormatIn the XML format, this property is represented as an attribute.
                                                    Summaryfalse
                                                    316. AuditEvent.agent:system.network.extension
                                                    Definition

                                                    May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                                                    ShortAdditional content defined by implementations
                                                    Comments

                                                    There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                    Control0..*
                                                    TypeExtension
                                                    Is Modifierfalse
                                                    Summaryfalse
                                                    Alternate Namesextensions, user content
                                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                    ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                    318. AuditEvent.agent:system.network.modifierExtension
                                                    Definition

                                                    May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                                    Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                                    ShortExtensions that cannot be ignored even if unrecognized
                                                    Comments

                                                    There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                    Control0..*
                                                    TypeExtension
                                                    Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                                    Summarytrue
                                                    Requirements

                                                    Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                                    Alternate Namesextensions, user content, modifiers
                                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                    ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                    320. AuditEvent.agent:system.network.address
                                                    Definition

                                                    An identifier for the network access point of the user device for the audit event.

                                                    ShortIdentifier for the network access point of the user device
                                                    Comments

                                                    This could be a device id, IP address or some other identifier associated with a device.

                                                    Control0..1
                                                    Typestring
                                                    Is Modifierfalse
                                                    Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                    Summaryfalse
                                                    Requirements

                                                    This datum identifies the user's network access point, which may be distinct from the server that performed the action. It is an optional value that may be used to group events recorded on separate servers for analysis of a specific network access point's data access across all servers.

                                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                    322. AuditEvent.agent:system.network.type
                                                    Definition

                                                    An identifier for the type of network access point that originated the audit event.

                                                    ShortThe type of network access point
                                                    Control0..1
                                                    BindingThe codes SHALL be taken from AuditEventAgentNetworkType
                                                    (required to http://hl7.org/fhir/ValueSet/network-type|4.0.1)

                                                    The type of network access point of this agent in the audit event.

                                                    Typecode
                                                    Is Modifierfalse
                                                    Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                    Summaryfalse
                                                    Requirements

                                                    This datum identifies the type of network access point identifier of the user device for the audit event. It is an optional value that may be used to group events recorded on separate servers for analysis of access according to a network access point's type.

                                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                    324. AuditEvent.agent:system.purposeOfUse
                                                    Definition

                                                    The reason (purpose of use), specific to this agent, that was used during the event being recorded.

                                                    ShortReason given for this user
                                                    Comments

                                                    Use AuditEvent.agent.purposeOfUse when you know that is specific to the agent, otherwise use AuditEvent.purposeOfEvent. For example, during a machine-to-machine transfer it might not be obvious to the audit system who caused the event, but it does know why.

                                                    Control0..*
                                                    BindingUnless not suitable, these codes SHALL be taken from PurposeOfUse
                                                    (extensible to http://terminology.hl7.org/ValueSet/v3-PurposeOfUse)

                                                    The reason the activity took place.

                                                    TypeCodeableConcept
                                                    Is Modifierfalse
                                                    Summaryfalse
                                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                    326. AuditEvent.agent:organisation
                                                    Slice Nameorganisation
                                                    Definition

                                                    An actor taking an active role in the event or activity that is logged.

                                                    ShortThe organisation accessing Patient records
                                                    Comments

                                                    Several agents may be associated (i.e. have some responsibility for an activity) with an event or activity.

                                                    For example, an activity may be initiated by one user for other users or involve more than one user. However, only one user may be the initiator/requestor for the activity.

                                                    Control0..1
                                                    TypeBackboneElement
                                                    Is Modifierfalse
                                                    Summaryfalse
                                                    Requirements

                                                    An agent can be a person, an organization, software, device, or other actors that may be ascribed responsibility.

                                                    Alternate NamesActiveParticipant
                                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                    328. AuditEvent.agent:organisation.id
                                                    Definition

                                                    Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                                                    ShortUnique id for inter-element referencing
                                                    Control0..1
                                                    Typestring
                                                    Is Modifierfalse
                                                    XML FormatIn the XML format, this property is represented as an attribute.
                                                    Summaryfalse
                                                    330. AuditEvent.agent:organisation.extension
                                                    Definition

                                                    An Extension

                                                    ShortExtension
                                                    Control0..*
                                                    TypeExtension
                                                    Is Modifierfalse
                                                    Summaryfalse
                                                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                    ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                    SlicingThis element introduces a set of slices on AuditEvent.agent.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
                                                    • value @ url
                                                    • 332. AuditEvent.agent:organisation.extension:additionalAgentDetails
                                                      Slice NameadditionalAgentDetails
                                                      Definition

                                                      This extension stores detailed information about the agent

                                                      ShortAuditEvent.Agent additional details
                                                      Control0..1
                                                      This element is affected by the following invariants: ele-1
                                                      TypeExtension(AuditEvent.Agent additional details) (Complex Extension)
                                                      Is Modifierfalse
                                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                      ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                      334. AuditEvent.agent:organisation.modifierExtension
                                                      Definition

                                                      May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                                      Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                                      ShortExtensions that cannot be ignored even if unrecognized
                                                      Comments

                                                      There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                      Control0..*
                                                      TypeExtension
                                                      Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                                      Summarytrue
                                                      Requirements

                                                      Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                                      Alternate Namesextensions, user content, modifiers
                                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                      ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                      336. AuditEvent.agent:organisation.type
                                                      Definition

                                                      Specification of the participation type the user plays when performing the event.

                                                      ShortHow agent participated
                                                      Control0..1
                                                      BindingUnless not suitable, these codes SHALL be taken from ParticipationRoleType
                                                      (extensible to http://hl7.org/fhir/ValueSet/participation-role-type)

                                                      The Participation type of the agent to the event.

                                                      TypeCodeableConcept
                                                      Is Modifierfalse
                                                      Summaryfalse
                                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                      338. AuditEvent.agent:organisation.role
                                                      Definition

                                                      The security role that the user was acting under, that come from local codes defined by the access control security system (e.g. RBAC, ABAC) used in the local context.

                                                      ShortAgent role in the event
                                                      Comments

                                                      Should be roles relevant to the event. Should not be an exhaustive list of roles.

                                                      Control1..*
                                                      BindingFor example codes, see SecurityRoleType
                                                      (example to http://hl7.org/fhir/ValueSet/security-role-type)

                                                      What security role enabled the agent to participate in the event.

                                                      TypeCodeableConcept
                                                      Is Modifierfalse
                                                      Summaryfalse
                                                      Requirements

                                                      This value ties an audited event to a user's role(s). It is an optional value that might be used to group events for analysis by user functional role categories.

                                                      Pattern Value{
                                                        "coding" : [{
                                                          "system" : "http://terminology.hl7.org/CodeSystem/v3-RoleClass",
                                                          "code" : "PROV"
                                                        }]
                                                      }
                                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                      340. AuditEvent.agent:organisation.who
                                                      Definition

                                                      Reference to who this agent is that was involved in the event.

                                                      ShortIdentifier of who
                                                      Comments

                                                      Where a User ID is available it will go into who.identifier.

                                                      Control0..1
                                                      TypeReference(PractitionerRole, Practitioner, Organization, Device, Patient, RelatedPerson)
                                                      Is Modifierfalse
                                                      Summarytrue
                                                      Requirements

                                                      This field ties an audit event to a specific resource or identifier.

                                                      Alternate NamesuserId
                                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                      342. AuditEvent.agent:organisation.altId
                                                      Definition

                                                      Alternative agent Identifier. For a human, this should be a user identifier text string from authentication system. This identifier would be one known to a common authentication system (e.g. single sign-on), if available.

                                                      ShortAlternative User identity
                                                      Control0..1
                                                      Typestring
                                                      Is Modifierfalse
                                                      Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                      Summaryfalse
                                                      Requirements

                                                      In some situations, a human user may authenticate with one identity but, to access a specific application system, may use a synonymous identify. For example, some "single sign on" implementations will do this. The alternative identifier would then be the original identify used for authentication, and the User ID is the one known to and used by the application.

                                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                      344. AuditEvent.agent:organisation.name
                                                      Definition

                                                      Human-meaningful name for the agent.

                                                      ShortHuman friendly name for the agent
                                                      Control0..1
                                                      Typestring
                                                      Is Modifierfalse
                                                      Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                      Summaryfalse
                                                      Requirements

                                                      The User ID and Authorization User ID may be internal or otherwise obscure values. This field assists the auditor in identifying the actual user.

                                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                      346. AuditEvent.agent:organisation.requestor
                                                      Definition

                                                      Indicator that the user is or is not the requestor, or initiator, for the event being audited.

                                                      ShortWhether user is initiator
                                                      Comments

                                                      There can only be one initiator. If the initiator is not clear, then do not choose any one agent as the initiator.

                                                      Control1..1
                                                      Typeboolean
                                                      Is Modifierfalse
                                                      Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                      Summarytrue
                                                      Requirements

                                                      This value is used to distinguish between requestor-users and recipient-users. For example, one person may initiate a report-output to be sent to another user.

                                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                      348. AuditEvent.agent:organisation.location
                                                      Definition

                                                      Where the event occurred.

                                                      ShortWhere
                                                      Control0..1
                                                      TypeReference(Location)
                                                      Is Modifierfalse
                                                      Summaryfalse
                                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                      350. AuditEvent.agent:organisation.policy
                                                      Definition

                                                      The policy or plan that authorized the activity being recorded. Typically, a single activity may have multiple applicable policies, such as patient consent, guarantor funding, etc. The policy would also indicate the security token used.

                                                      ShortPolicy that authorized event
                                                      Comments

                                                      For example: Where an OAuth token authorizes, the unique identifier from the OAuth token is placed into the policy element Where a policy engine (e.g. XACML) holds policy logic, the unique policy identifier is placed into the policy element.

                                                      Control0..*
                                                      Typeuri
                                                      Is Modifierfalse
                                                      Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                      Summaryfalse
                                                      Requirements

                                                      This value is used retrospectively to determine the authorization policies.

                                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                      352. AuditEvent.agent:organisation.media
                                                      Definition

                                                      Type of media involved. Used when the event is about exporting/importing onto media.

                                                      ShortType of media
                                                      Control0..1
                                                      BindingUnless not suitable, these codes SHALL be taken from MediaTypeCode
                                                      (extensible to http://hl7.org/fhir/ValueSet/dicm-405-mediatype)

                                                      Used when the event is about exporting/importing onto media.

                                                      TypeCoding
                                                      Is Modifierfalse
                                                      Summaryfalse
                                                      Requirements

                                                      Usually, this is used instead of specifying a network address. This field is not used for Media Id (i.e. the serial number of a CD).

                                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                      354. AuditEvent.agent:organisation.network
                                                      Definition

                                                      Logical network location for application activity, if the activity has a network location.

                                                      ShortLogical network location for application activity
                                                      Control0..1
                                                      TypeBackboneElement
                                                      Is Modifierfalse
                                                      Summaryfalse
                                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                      356. AuditEvent.agent:organisation.network.id
                                                      Definition

                                                      Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                                                      ShortUnique id for inter-element referencing
                                                      Control0..1
                                                      Typestring
                                                      Is Modifierfalse
                                                      XML FormatIn the XML format, this property is represented as an attribute.
                                                      Summaryfalse
                                                      358. AuditEvent.agent:organisation.network.extension
                                                      Definition

                                                      May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                                                      ShortAdditional content defined by implementations
                                                      Comments

                                                      There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                      Control0..*
                                                      TypeExtension
                                                      Is Modifierfalse
                                                      Summaryfalse
                                                      Alternate Namesextensions, user content
                                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                      ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                      360. AuditEvent.agent:organisation.network.modifierExtension
                                                      Definition

                                                      May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                                      Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                                      ShortExtensions that cannot be ignored even if unrecognized
                                                      Comments

                                                      There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                      Control0..*
                                                      TypeExtension
                                                      Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                                      Summarytrue
                                                      Requirements

                                                      Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                                      Alternate Namesextensions, user content, modifiers
                                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                      ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                      362. AuditEvent.agent:organisation.network.address
                                                      Definition

                                                      An identifier for the network access point of the user device for the audit event.

                                                      ShortIdentifier for the network access point of the user device
                                                      Comments

                                                      This could be a device id, IP address or some other identifier associated with a device.

                                                      Control0..1
                                                      Typestring
                                                      Is Modifierfalse
                                                      Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                      Summaryfalse
                                                      Requirements

                                                      This datum identifies the user's network access point, which may be distinct from the server that performed the action. It is an optional value that may be used to group events recorded on separate servers for analysis of a specific network access point's data access across all servers.

                                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                      364. AuditEvent.agent:organisation.network.type
                                                      Definition

                                                      An identifier for the type of network access point that originated the audit event.

                                                      ShortThe type of network access point
                                                      Control0..1
                                                      BindingThe codes SHALL be taken from AuditEventAgentNetworkType
                                                      (required to http://hl7.org/fhir/ValueSet/network-type|4.0.1)

                                                      The type of network access point of this agent in the audit event.

                                                      Typecode
                                                      Is Modifierfalse
                                                      Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                      Summaryfalse
                                                      Requirements

                                                      This datum identifies the type of network access point identifier of the user device for the audit event. It is an optional value that may be used to group events recorded on separate servers for analysis of access according to a network access point's type.

                                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                      366. AuditEvent.agent:organisation.purposeOfUse
                                                      Definition

                                                      The reason (purpose of use), specific to this agent, that was used during the event being recorded.

                                                      ShortReason given for this user
                                                      Comments

                                                      Use AuditEvent.agent.purposeOfUse when you know that is specific to the agent, otherwise use AuditEvent.purposeOfEvent. For example, during a machine-to-machine transfer it might not be obvious to the audit system who caused the event, but it does know why.

                                                      Control0..*
                                                      BindingUnless not suitable, these codes SHALL be taken from PurposeOfUse
                                                      (extensible to http://terminology.hl7.org/ValueSet/v3-PurposeOfUse)

                                                      The reason the activity took place.

                                                      TypeCodeableConcept
                                                      Is Modifierfalse
                                                      Summaryfalse
                                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                      368. AuditEvent.source
                                                      Definition

                                                      The system that is reporting the event.

                                                      ShortAudit Event Reporter
                                                      Comments

                                                      Since multi-tier, distributed, or composite applications make source identification ambiguous, this collection of fields may repeat for each application or process actively involved in the event. For example, multiple value-sets can identify participating web servers, application processes, and database server threads in an n-tier distributed application. Passive event participants (e.g. low-level network transports) need not be identified.

                                                      Control1..1
                                                      TypeBackboneElement
                                                      Is Modifierfalse
                                                      Summaryfalse
                                                      Requirements

                                                      The event is reported by one source.

                                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                      370. AuditEvent.source.id
                                                      Definition

                                                      Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                                                      ShortUnique id for inter-element referencing
                                                      Control0..1
                                                      Typestring
                                                      Is Modifierfalse
                                                      XML FormatIn the XML format, this property is represented as an attribute.
                                                      Summaryfalse
                                                      372. AuditEvent.source.extension
                                                      Definition

                                                      May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                                                      ShortAdditional content defined by implementations
                                                      Comments

                                                      There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                      Control0..*
                                                      TypeExtension
                                                      Is Modifierfalse
                                                      Summaryfalse
                                                      Alternate Namesextensions, user content
                                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                      ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                      374. AuditEvent.source.modifierExtension
                                                      Definition

                                                      May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                                      Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                                      ShortExtensions that cannot be ignored even if unrecognized
                                                      Comments

                                                      There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                      Control0..*
                                                      TypeExtension
                                                      Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                                      Summarytrue
                                                      Requirements

                                                      Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                                      Alternate Namesextensions, user content, modifiers
                                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                      ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                      376. AuditEvent.source.site
                                                      Definition

                                                      Logical source location within the healthcare enterprise network. For example, a hospital or other provider location within a multi-entity provider group.

                                                      ShortLogical source location within the enterprise
                                                      Control0..1
                                                      Typestring
                                                      Is Modifierfalse
                                                      Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                      Summaryfalse
                                                      Requirements

                                                      This value differentiates among the sites in a multi-site enterprise health information system.

                                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                      378. AuditEvent.source.observer
                                                      Definition

                                                      Identifier of the source where the event was detected.

                                                      ShortThe identity of source detecting the event
                                                      Control1..1
                                                      TypeReference(PractitionerRole, Practitioner, Organization, Device, Patient, RelatedPerson)
                                                      Is Modifierfalse
                                                      Summarytrue
                                                      Requirements

                                                      This field ties the event to a specific source system. It may be used to group events for analysis according to where the event was detected.

                                                      Alternate NamesSourceId
                                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                      380. AuditEvent.source.observer.id
                                                      Definition

                                                      Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                                                      ShortUnique id for inter-element referencing
                                                      Control0..1
                                                      Typestring
                                                      Is Modifierfalse
                                                      XML FormatIn the XML format, this property is represented as an attribute.
                                                      Summaryfalse
                                                      382. AuditEvent.source.observer.extension
                                                      Definition

                                                      May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                                                      ShortAdditional content defined by implementations
                                                      Comments

                                                      There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                      Control0..*
                                                      TypeExtension
                                                      Is Modifierfalse
                                                      Summaryfalse
                                                      Alternate Namesextensions, user content
                                                      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                      ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                      SlicingThis element introduces a set of slices on AuditEvent.source.observer.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
                                                      • value @ url
                                                      • 384. AuditEvent.source.observer.reference
                                                        Definition

                                                        A reference to a location at which the other resource is found. The reference may be a relative reference, in which case it is relative to the service base URL, or an absolute URL that resolves to the location where the resource is found. The reference may be version specific or not. If the reference is not to a FHIR RESTful server, then it should be assumed to be version specific. Internal fragment references (start with '#') refer to contained resources.

                                                        ShortLiteral reference, Relative, internal or absolute URL
                                                        Comments

                                                        Using absolute URLs provides a stable scalable approach suitable for a cloud/web context, while using relative/logical references provides a flexible approach suitable for use when trading across closed eco-system boundaries. Absolute URLs do not need to point to a FHIR RESTful server, though this is the preferred approach. If the URL conforms to the structure "/[type]/[id]" then it should be assumed that the reference is to a FHIR RESTful server.

                                                        Control0..1
                                                        This element is affected by the following invariants: ref-1
                                                        Typestring
                                                        Is Modifierfalse
                                                        Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                        Summarytrue
                                                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                        386. AuditEvent.source.observer.type
                                                        Definition

                                                        The expected type of the target of the reference. If both Reference.type and Reference.reference are populated and Reference.reference is a FHIR URL, both SHALL be consistent.

                                                        The type is the Canonical URL of Resource Definition that is the type this reference refers to. References are URLs that are relative to http://hl7.org/fhir/StructureDefinition/ e.g. "Patient" is a reference to http://hl7.org/fhir/StructureDefinition/Patient. Absolute URLs are only allowed for logical models (and can only be used in references in logical models, not resources).

                                                        ShortType the reference refers to (e.g. "Patient")
                                                        Comments

                                                        This element is used to indicate the type of the target of the reference. This may be used which ever of the other elements are populated (or not). In some cases, the type of the target may be determined by inspection of the reference (e.g. a RESTful URL) or by resolving the target of the reference; if both the type and a reference is provided, the reference SHALL resolve to a resource of the same type as that specified.

                                                        Control0..1
                                                        BindingUnless not suitable, these codes SHALL be taken from ResourceType
                                                        (extensible to http://hl7.org/fhir/ValueSet/resource-types)

                                                        Aa resource (or, for logical models, the URI of the logical model).

                                                        Typeuri
                                                        Is Modifierfalse
                                                        Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                        Summarytrue
                                                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                        388. AuditEvent.source.observer.identifier
                                                        Definition

                                                        An identifier for the target resource. This is used when there is no way to reference the other resource directly, either because the entity it represents is not available through a FHIR server, or because there is no way for the author of the resource to convert a known identifier to an actual location. There is no requirement that a Reference.identifier point to something that is actually exposed as a FHIR instance, but it SHALL point to a business concept that would be expected to be exposed as a FHIR instance, and that instance would need to be of a FHIR resource type allowed by the reference.

                                                        ShortLogical reference, when literal reference is not known
                                                        Comments

                                                        When an identifier is provided in place of a reference, any system processing the reference will only be able to resolve the identifier to a reference if it understands the business context in which the identifier is used. Sometimes this is global (e.g. a national identifier) but often it is not. For this reason, none of the useful mechanisms described for working with references (e.g. chaining, includes) are possible, nor should servers be expected to be able resolve the reference. Servers may accept an identifier based reference untouched, resolve it, and/or reject it - see CapabilityStatement.rest.resource.referencePolicy.

                                                        When both an identifier and a literal reference are provided, the literal reference is preferred. Applications processing the resource are allowed - but not required - to check that the identifier matches the literal reference

                                                        Applications converting a logical reference to a literal reference may choose to leave the logical reference present, or remove it.

                                                        Reference is intended to point to a structure that can potentially be expressed as a FHIR resource, though there is no need for it to exist as an actual FHIR resource instance - except in as much as an application wishes to actual find the target of the reference. The content referred to be the identifier must meet the logical constraints implied by any limitations on what resource types are permitted for the reference. For example, it would not be legitimate to send the identifier for a drug prescription if the type were Reference(Observation|DiagnosticReport). One of the use-cases for Reference.identifier is the situation where no FHIR representation exists (where the type is Reference (Any).

                                                        NoteThis is a business identifier, not a resource identifier (see discussion)
                                                        Control0..1
                                                        TypeIdentifier
                                                        Is Modifierfalse
                                                        Summarytrue
                                                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                        390. AuditEvent.source.observer.display
                                                        Definition

                                                        Plain text narrative that identifies the resource in addition to the resource reference.

                                                        ShortThe gateway or entity which logged the event
                                                        Comments

                                                        This is generally not the same as the Resource.text of the referenced resource. The purpose is to identify what's being referenced, not to fully describe it.

                                                        Control1..1
                                                        Typestring
                                                        Is Modifierfalse
                                                        Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                        Summarytrue
                                                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                        392. AuditEvent.source.type
                                                        Definition

                                                        Code specifying the type of source where event originated.

                                                        ShortThe type of source where event originated
                                                        Control0..*
                                                        BindingUnless not suitable, these codes SHALL be taken from AuditEventSourceType
                                                        (extensible to http://hl7.org/fhir/ValueSet/audit-source-type)

                                                        Code specifying the type of system that detected and recorded the event.

                                                        TypeCoding
                                                        Is Modifierfalse
                                                        Summaryfalse
                                                        Requirements

                                                        This field indicates which type of source is identified by the Audit Source ID. It is an optional value that may be used to group events for analysis according to the type of source where the event occurred.

                                                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                        394. AuditEvent.entity
                                                        Definition

                                                        Specific instances of data or objects that have been accessed.

                                                        ShortDetails of the endpoints being accessed
                                                        Comments

                                                        Required unless the values for event identification, agent identification, and audit source identification are sufficient to document the entire auditable event. Because events may have more than one entity, this group can be a repeating set of values.

                                                        Control1..*
                                                        TypeBackboneElement
                                                        Is Modifierfalse
                                                        Summaryfalse
                                                        Requirements

                                                        The event may have other entities involved.

                                                        Alternate NamesParticipantObject
                                                        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                        sev-1: Either a name or a query (NOT both) (name.empty() or query.empty())
                                                        SlicingThis element introduces a set of slices on AuditEvent.entity. The slices areUnordered and Open, and can be differentiated using the following discriminators:
                                                        • value @ type
                                                        • value @ role
                                                        • 396. AuditEvent.entity.id
                                                          Definition

                                                          Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                                                          ShortUnique id for inter-element referencing
                                                          Control0..1
                                                          Typestring
                                                          Is Modifierfalse
                                                          XML FormatIn the XML format, this property is represented as an attribute.
                                                          Summaryfalse
                                                          398. AuditEvent.entity.extension
                                                          Definition

                                                          May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                                                          ShortAdditional content defined by implementations
                                                          Comments

                                                          There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                          Control0..*
                                                          TypeExtension
                                                          Is Modifierfalse
                                                          Summaryfalse
                                                          Alternate Namesextensions, user content
                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                          400. AuditEvent.entity.modifierExtension
                                                          Definition

                                                          May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                                          Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                                          ShortExtensions that cannot be ignored even if unrecognized
                                                          Comments

                                                          There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                          Control0..*
                                                          TypeExtension
                                                          Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                                          Summarytrue
                                                          Requirements

                                                          Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                                          Alternate Namesextensions, user content, modifiers
                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                          402. AuditEvent.entity.what
                                                          Definition

                                                          Identifies a specific instance of the entity. The reference should be version specific.

                                                          ShortSpecific instance of resource
                                                          Control0..1
                                                          TypeReference(Resource)
                                                          Is Modifierfalse
                                                          Summarytrue
                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          404. AuditEvent.entity.type
                                                          Definition

                                                          The type of the object that was involved in this audit event.

                                                          ShortType of entity involved
                                                          Comments

                                                          This value is distinct from the user's role or any user relationship to the entity.

                                                          Control0..1
                                                          BindingUnless not suitable, these codes SHALL be taken from AuditEventEntityType
                                                          (extensible to http://hl7.org/fhir/ValueSet/audit-entity-type)

                                                          Code for the entity type involved in the audit event.

                                                          TypeCoding
                                                          Is Modifierfalse
                                                          Summaryfalse
                                                          Requirements

                                                          To describe the object being acted upon. In addition to queries on the subject of the action in an auditable event, it is also important to be able to query on the object type for the action.

                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          406. AuditEvent.entity.role
                                                          Definition

                                                          Code representing the role the entity played in the event being audited.

                                                          ShortWhat role the entity played
                                                          Control0..1
                                                          BindingUnless not suitable, these codes SHALL be taken from AuditEventEntityRole
                                                          (extensible to http://hl7.org/fhir/ValueSet/object-role)

                                                          Code representing the role the entity played in the audit event.

                                                          TypeCoding
                                                          Is Modifierfalse
                                                          Summaryfalse
                                                          Requirements

                                                          For some detailed audit analysis it may be necessary to indicate a more granular type of entity, based on the application role it serves.

                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          408. AuditEvent.entity.lifecycle
                                                          Definition

                                                          Identifier for the data life-cycle stage for the entity.

                                                          ShortLife-cycle stage for the entity
                                                          Comments

                                                          This can be used to provide an audit trail for data, over time, as it passes through the system.

                                                          Control0..1
                                                          BindingUnless not suitable, these codes SHALL be taken from ObjectLifecycleEvents
                                                          (extensible to http://hl7.org/fhir/ValueSet/object-lifecycle-events)

                                                          Identifier for the data life-cycle stage for the entity.

                                                          TypeCoding
                                                          Is Modifierfalse
                                                          Summaryfalse
                                                          Requirements

                                                          Institutional policies for privacy and security may optionally fall under different accountability rules based on data life cycle. This provides a differentiating value for those cases.

                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          410. AuditEvent.entity.securityLabel
                                                          Definition

                                                          Security labels for the identified entity.

                                                          ShortSecurity labels on the entity
                                                          Comments

                                                          Copied from entity meta security tags.

                                                          Control0..*
                                                          BindingUnless not suitable, these codes SHALL be taken from All Security Labels
                                                          (extensible to http://hl7.org/fhir/ValueSet/security-labels)

                                                          Security Labels from the Healthcare Privacy and Security Classification System.

                                                          TypeCoding
                                                          Is Modifierfalse
                                                          Summaryfalse
                                                          Requirements

                                                          This field identifies the security labels for a specific instance of an object, such as a patient, to detect/track privacy and security issues.

                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          412. AuditEvent.entity.name
                                                          Definition

                                                          A name of the entity in the audit event.

                                                          ShortDescriptor for entity
                                                          Comments

                                                          This field may be used in a query/report to identify audit events for a specific person. For example, where multiple synonymous entity identifiers (patient number, medical record number, encounter number, etc.) have been used.

                                                          Control0..1
                                                          This element is affected by the following invariants: sev-1
                                                          Typestring
                                                          Is Modifierfalse
                                                          Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                          Summarytrue
                                                          Requirements

                                                          Use only where entity can't be identified with an identifier.

                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          414. AuditEvent.entity.description
                                                          Definition

                                                          Text that describes the entity in more detail.

                                                          ShortDescriptive text
                                                          Control0..1
                                                          Typestring
                                                          Is Modifierfalse
                                                          Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                          Summaryfalse
                                                          Requirements

                                                          Use only where entity can't be identified with an identifier.

                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          416. AuditEvent.entity.query
                                                          Definition

                                                          The query parameters for a query-type entities.

                                                          ShortQuery parameters
                                                          Comments

                                                          The meaning and secondary-encoding of the content of base64 encoded blob is specific to the AuditEvent.type, AuditEvent.subtype, AuditEvent.entity.type, and AuditEvent.entity.role. The base64 is a general-use and safe container for event specific data blobs regardless of the encoding used by the transaction being recorded. An AuditEvent consuming application must understand the event it is consuming and the formats used by the event. For example, if auditing an Oracle network database access, the Oracle formats must be understood as they will be simply encoded in the base64binary blob.

                                                          Control0..1
                                                          This element is affected by the following invariants: sev-1
                                                          Typebase64Binary
                                                          Is Modifierfalse
                                                          Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                          Summarytrue
                                                          Requirements

                                                          For query events, it may be necessary to capture the actual query input to the query process in order to identify the specific event. Because of differences among query implementations and data encoding for them, this is a base 64 encoded data blob. It may be subsequently decoded or interpreted by downstream audit analysis processing.

                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          418. AuditEvent.entity.detail
                                                          Definition

                                                          Tagged value pairs for conveying additional information about the entity.

                                                          ShortAdditional Information about the entity
                                                          Control0..*
                                                          TypeBackboneElement
                                                          Is Modifierfalse
                                                          Summaryfalse
                                                          Requirements

                                                          Implementation-defined data about specific details of the object accessed or used.

                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          420. AuditEvent.entity.detail.id
                                                          Definition

                                                          Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                                                          ShortUnique id for inter-element referencing
                                                          Control0..1
                                                          Typestring
                                                          Is Modifierfalse
                                                          XML FormatIn the XML format, this property is represented as an attribute.
                                                          Summaryfalse
                                                          422. AuditEvent.entity.detail.extension
                                                          Definition

                                                          May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                                                          ShortAdditional content defined by implementations
                                                          Comments

                                                          There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                          Control0..*
                                                          TypeExtension
                                                          Is Modifierfalse
                                                          Summaryfalse
                                                          Alternate Namesextensions, user content
                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                          424. AuditEvent.entity.detail.modifierExtension
                                                          Definition

                                                          May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                                          Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                                          ShortExtensions that cannot be ignored even if unrecognized
                                                          Comments

                                                          There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                          Control0..*
                                                          TypeExtension
                                                          Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                                          Summarytrue
                                                          Requirements

                                                          Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                                          Alternate Namesextensions, user content, modifiers
                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                          426. AuditEvent.entity.detail.type
                                                          Definition

                                                          The type of extra detail provided in the value.

                                                          ShortName of the property
                                                          Control1..1
                                                          Typestring
                                                          Is Modifierfalse
                                                          Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                          Summaryfalse
                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          428. AuditEvent.entity.detail.value[x]
                                                          Definition

                                                          The value of the extra detail.

                                                          ShortProperty value
                                                          Comments

                                                          The value can be string when known to be a string, else base64 encoding should be used to protect binary or undefined content. The meaning and secondary-encoding of the content of base64 encoded blob is specific to the AuditEvent.type, AuditEvent.subtype, AuditEvent.entity.type, and AuditEvent.entity.role. The base64 is a general-use and safe container for event specific data blobs regardless of the encoding used by the transaction being recorded. An AuditEvent consuming application must understand the event it is consuming and the formats used by the event. For example if auditing an Oracle network database access, the Oracle formats must be understood as they will be simply encoded in the base64binary blob.

                                                          Control1..1
                                                          TypeChoice of: string, base64Binary
                                                          [x] NoteSeeChoice of Data Typesfor further information about how to use [x]
                                                          Is Modifierfalse
                                                          Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                          Summaryfalse
                                                          Requirements

                                                          Should not duplicate the entity value unless absolutely necessary.

                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          430. AuditEvent.entity:accessedResource
                                                          Slice NameaccessedResource
                                                          Definition

                                                          Specific instances of data or objects that have been accessed.

                                                          ShortThe REST or FHIR resource that is being accessed
                                                          Comments

                                                          Required unless the values for event identification, agent identification, and audit source identification are sufficient to document the entire auditable event. Because events may have more than one entity, this group can be a repeating set of values.

                                                          Control1..1
                                                          TypeBackboneElement
                                                          Is Modifierfalse
                                                          Summaryfalse
                                                          Requirements

                                                          The event may have other entities involved.

                                                          Alternate NamesParticipantObject
                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          sev-1: Either a name or a query (NOT both) (name.empty() or query.empty())
                                                          432. AuditEvent.entity:accessedResource.id
                                                          Definition

                                                          Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                                                          ShortUnique id for inter-element referencing
                                                          Control0..1
                                                          Typestring
                                                          Is Modifierfalse
                                                          XML FormatIn the XML format, this property is represented as an attribute.
                                                          Summaryfalse
                                                          434. AuditEvent.entity:accessedResource.extension
                                                          Definition

                                                          May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                                                          ShortAdditional content defined by implementations
                                                          Comments

                                                          There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                          Control0..*
                                                          TypeExtension
                                                          Is Modifierfalse
                                                          Summaryfalse
                                                          Alternate Namesextensions, user content
                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                          436. AuditEvent.entity:accessedResource.modifierExtension
                                                          Definition

                                                          May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                                          Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                                          ShortExtensions that cannot be ignored even if unrecognized
                                                          Comments

                                                          There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                          Control0..*
                                                          TypeExtension
                                                          Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                                          Summarytrue
                                                          Requirements

                                                          Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                                          Alternate Namesextensions, user content, modifiers
                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                          438. AuditEvent.entity:accessedResource.what
                                                          Definition

                                                          Identifies a specific instance of the entity. The reference should be version specific.

                                                          ShortSpecific instance of resource
                                                          Control0..1
                                                          TypeReference(Resource)
                                                          Is Modifierfalse
                                                          Summarytrue
                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          440. AuditEvent.entity:accessedResource.type
                                                          Definition

                                                          The type of the object that was involved in this audit event.

                                                          ShortType of entity involved
                                                          Comments

                                                          This value is distinct from the user's role or any user relationship to the entity.

                                                          Control1..1
                                                          BindingUnless not suitable, these codes SHALL be taken from AuditEventEntityType
                                                          (extensible to http://hl7.org/fhir/ValueSet/audit-entity-type)

                                                          Code for the entity type involved in the audit event.

                                                          TypeCoding
                                                          Is Modifierfalse
                                                          Summaryfalse
                                                          Requirements

                                                          To describe the object being acted upon. In addition to queries on the subject of the action in an auditable event, it is also important to be able to query on the object type for the action.

                                                          Pattern Value{
                                                            "system" : "http://terminology.hl7.org/CodeSystem/audit-entity-type",
                                                            "code" : "2"
                                                          }
                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          442. AuditEvent.entity:accessedResource.role
                                                          Definition

                                                          Code representing the role the entity played in the event being audited.

                                                          ShortWhat role the entity played
                                                          Control0..1
                                                          BindingUnless not suitable, these codes SHALL be taken from AuditEventEntityRole
                                                          (extensible to http://hl7.org/fhir/ValueSet/object-role)

                                                          Code representing the role the entity played in the audit event.

                                                          TypeCoding
                                                          Is Modifierfalse
                                                          Summaryfalse
                                                          Requirements

                                                          For some detailed audit analysis it may be necessary to indicate a more granular type of entity, based on the application role it serves.

                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          444. AuditEvent.entity:accessedResource.lifecycle
                                                          Definition

                                                          Identifier for the data life-cycle stage for the entity.

                                                          ShortLife-cycle stage for the entity
                                                          Comments

                                                          This can be used to provide an audit trail for data, over time, as it passes through the system.

                                                          Control0..1
                                                          BindingUnless not suitable, these codes SHALL be taken from ObjectLifecycleEvents
                                                          (extensible to http://hl7.org/fhir/ValueSet/object-lifecycle-events)

                                                          Identifier for the data life-cycle stage for the entity.

                                                          TypeCoding
                                                          Is Modifierfalse
                                                          Summaryfalse
                                                          Requirements

                                                          Institutional policies for privacy and security may optionally fall under different accountability rules based on data life cycle. This provides a differentiating value for those cases.

                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          446. AuditEvent.entity:accessedResource.securityLabel
                                                          Definition

                                                          Security labels for the identified entity.

                                                          ShortSecurity labels on the entity
                                                          Comments

                                                          Copied from entity meta security tags.

                                                          Control0..*
                                                          BindingUnless not suitable, these codes SHALL be taken from All Security Labels
                                                          (extensible to http://hl7.org/fhir/ValueSet/security-labels)

                                                          Security Labels from the Healthcare Privacy and Security Classification System.

                                                          TypeCoding
                                                          Is Modifierfalse
                                                          Summaryfalse
                                                          Requirements

                                                          This field identifies the security labels for a specific instance of an object, such as a patient, to detect/track privacy and security issues.

                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          448. AuditEvent.entity:accessedResource.name
                                                          Definition

                                                          A name of the entity in the audit event.

                                                          ShortDescriptor for entity
                                                          Comments

                                                          This field may be used in a query/report to identify audit events for a specific person. For example, where multiple synonymous entity identifiers (patient number, medical record number, encounter number, etc.) have been used.

                                                          Control0..1
                                                          This element is affected by the following invariants: sev-1
                                                          Typestring
                                                          Is Modifierfalse
                                                          Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                          Summarytrue
                                                          Requirements

                                                          Use only where entity can't be identified with an identifier.

                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          450. AuditEvent.entity:accessedResource.description
                                                          Definition

                                                          Text that describes the entity in more detail.

                                                          ShortDescriptive text
                                                          Control0..1
                                                          Typestring
                                                          Is Modifierfalse
                                                          Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                          Summaryfalse
                                                          Requirements

                                                          Use only where entity can't be identified with an identifier.

                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          452. AuditEvent.entity:accessedResource.query
                                                          Definition

                                                          The query parameters for a query-type entities.

                                                          ShortQuery parameters
                                                          Comments

                                                          The meaning and secondary-encoding of the content of base64 encoded blob is specific to the AuditEvent.type, AuditEvent.subtype, AuditEvent.entity.type, and AuditEvent.entity.role. The base64 is a general-use and safe container for event specific data blobs regardless of the encoding used by the transaction being recorded. An AuditEvent consuming application must understand the event it is consuming and the formats used by the event. For example, if auditing an Oracle network database access, the Oracle formats must be understood as they will be simply encoded in the base64binary blob.

                                                          Control0..1
                                                          This element is affected by the following invariants: sev-1
                                                          Typebase64Binary
                                                          Is Modifierfalse
                                                          Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                          Summarytrue
                                                          Requirements

                                                          For query events, it may be necessary to capture the actual query input to the query process in order to identify the specific event. Because of differences among query implementations and data encoding for them, this is a base 64 encoded data blob. It may be subsequently decoded or interpreted by downstream audit analysis processing.

                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          454. AuditEvent.entity:accessedResource.detail
                                                          Definition

                                                          Tagged value pairs for conveying additional information about the entity.

                                                          ShortAdditional Information about the entity
                                                          Control0..*
                                                          TypeBackboneElement
                                                          Is Modifierfalse
                                                          Summaryfalse
                                                          Requirements

                                                          Implementation-defined data about specific details of the object accessed or used.

                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          456. AuditEvent.entity:accessedResource.detail.id
                                                          Definition

                                                          Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                                                          ShortUnique id for inter-element referencing
                                                          Control0..1
                                                          Typestring
                                                          Is Modifierfalse
                                                          XML FormatIn the XML format, this property is represented as an attribute.
                                                          Summaryfalse
                                                          458. AuditEvent.entity:accessedResource.detail.extension
                                                          Definition

                                                          May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                                                          ShortAdditional content defined by implementations
                                                          Comments

                                                          There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                          Control0..*
                                                          TypeExtension
                                                          Is Modifierfalse
                                                          Summaryfalse
                                                          Alternate Namesextensions, user content
                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                          460. AuditEvent.entity:accessedResource.detail.modifierExtension
                                                          Definition

                                                          May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                                          Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                                          ShortExtensions that cannot be ignored even if unrecognized
                                                          Comments

                                                          There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                          Control0..*
                                                          TypeExtension
                                                          Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                                          Summarytrue
                                                          Requirements

                                                          Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                                          Alternate Namesextensions, user content, modifiers
                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                          462. AuditEvent.entity:accessedResource.detail.type
                                                          Definition

                                                          The type of extra detail provided in the value.

                                                          ShortName of the property
                                                          Control1..1
                                                          Typestring
                                                          Is Modifierfalse
                                                          Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                          Summaryfalse
                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          464. AuditEvent.entity:accessedResource.detail.value[x]
                                                          Definition

                                                          The value of the extra detail.

                                                          ShortProperty value
                                                          Comments

                                                          The value can be string when known to be a string, else base64 encoding should be used to protect binary or undefined content. The meaning and secondary-encoding of the content of base64 encoded blob is specific to the AuditEvent.type, AuditEvent.subtype, AuditEvent.entity.type, and AuditEvent.entity.role. The base64 is a general-use and safe container for event specific data blobs regardless of the encoding used by the transaction being recorded. An AuditEvent consuming application must understand the event it is consuming and the formats used by the event. For example if auditing an Oracle network database access, the Oracle formats must be understood as they will be simply encoded in the base64binary blob.

                                                          Control1..1
                                                          TypeChoice of: string, base64Binary
                                                          [x] NoteSeeChoice of Data Typesfor further information about how to use [x]
                                                          Is Modifierfalse
                                                          Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                          Summaryfalse
                                                          Requirements

                                                          Should not duplicate the entity value unless absolutely necessary.

                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          466. AuditEvent.entity:dataSubject
                                                          Slice NamedataSubject
                                                          Definition

                                                          Specific instances of data or objects that have been accessed.

                                                          ShortThe data subject of the accessed resource, derived from the resource itself
                                                          Comments

                                                          Required unless the values for event identification, agent identification, and audit source identification are sufficient to document the entire auditable event. Because events may have more than one entity, this group can be a repeating set of values.

                                                          Control0..*
                                                          TypeBackboneElement
                                                          Is Modifierfalse
                                                          Summaryfalse
                                                          Requirements

                                                          The event may have other entities involved.

                                                          Alternate NamesParticipantObject
                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          sev-1: Either a name or a query (NOT both) (name.empty() or query.empty())
                                                          468. AuditEvent.entity:dataSubject.id
                                                          Definition

                                                          Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                                                          ShortUnique id for inter-element referencing
                                                          Control0..1
                                                          Typestring
                                                          Is Modifierfalse
                                                          XML FormatIn the XML format, this property is represented as an attribute.
                                                          Summaryfalse
                                                          470. AuditEvent.entity:dataSubject.extension
                                                          Definition

                                                          May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                                                          ShortAdditional content defined by implementations
                                                          Comments

                                                          There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                          Control0..*
                                                          TypeExtension
                                                          Is Modifierfalse
                                                          Summaryfalse
                                                          Alternate Namesextensions, user content
                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                          472. AuditEvent.entity:dataSubject.modifierExtension
                                                          Definition

                                                          May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                                          Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                                          ShortExtensions that cannot be ignored even if unrecognized
                                                          Comments

                                                          There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                          Control0..*
                                                          TypeExtension
                                                          Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                                          Summarytrue
                                                          Requirements

                                                          Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                                          Alternate Namesextensions, user content, modifiers
                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                          474. AuditEvent.entity:dataSubject.what
                                                          Definition

                                                          Identifies a specific instance of the entity. The reference should be version specific.

                                                          ShortSpecific instance of resource
                                                          Control0..1
                                                          TypeReference(Resource)
                                                          Is Modifierfalse
                                                          Summarytrue
                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          476. AuditEvent.entity:dataSubject.type
                                                          Definition

                                                          The type of the object that was involved in this audit event.

                                                          ShortType of entity involved
                                                          Comments

                                                          This value is distinct from the user's role or any user relationship to the entity.

                                                          Control0..1
                                                          BindingUnless not suitable, these codes SHALL be taken from AuditEventEntityType
                                                          (extensible to http://hl7.org/fhir/ValueSet/audit-entity-type)

                                                          Code for the entity type involved in the audit event.

                                                          TypeCoding
                                                          Is Modifierfalse
                                                          Summaryfalse
                                                          Requirements

                                                          To describe the object being acted upon. In addition to queries on the subject of the action in an auditable event, it is also important to be able to query on the object type for the action.

                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          478. AuditEvent.entity:dataSubject.role
                                                          Definition

                                                          Code representing the role the entity played in the event being audited.

                                                          ShortWhat role the entity played
                                                          Control1..1
                                                          BindingUnless not suitable, these codes SHALL be taken from AuditEventEntityRole
                                                          (extensible to http://hl7.org/fhir/ValueSet/object-role)

                                                          Code representing the role the entity played in the audit event.

                                                          TypeCoding
                                                          Is Modifierfalse
                                                          Summaryfalse
                                                          Requirements

                                                          For some detailed audit analysis it may be necessary to indicate a more granular type of entity, based on the application role it serves.

                                                          Pattern Value{
                                                            "system" : "http://terminology.hl7.org/CodeSystem/object-role",
                                                            "code" : "1"
                                                          }
                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          480. AuditEvent.entity:dataSubject.lifecycle
                                                          Definition

                                                          Identifier for the data life-cycle stage for the entity.

                                                          ShortLife-cycle stage for the entity
                                                          Comments

                                                          This can be used to provide an audit trail for data, over time, as it passes through the system.

                                                          Control0..1
                                                          BindingUnless not suitable, these codes SHALL be taken from ObjectLifecycleEvents
                                                          (extensible to http://hl7.org/fhir/ValueSet/object-lifecycle-events)

                                                          Identifier for the data life-cycle stage for the entity.

                                                          TypeCoding
                                                          Is Modifierfalse
                                                          Summaryfalse
                                                          Requirements

                                                          Institutional policies for privacy and security may optionally fall under different accountability rules based on data life cycle. This provides a differentiating value for those cases.

                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          482. AuditEvent.entity:dataSubject.securityLabel
                                                          Definition

                                                          Security labels for the identified entity.

                                                          ShortSecurity labels on the entity
                                                          Comments

                                                          Copied from entity meta security tags.

                                                          Control0..*
                                                          BindingUnless not suitable, these codes SHALL be taken from All Security Labels
                                                          (extensible to http://hl7.org/fhir/ValueSet/security-labels)

                                                          Security Labels from the Healthcare Privacy and Security Classification System.

                                                          TypeCoding
                                                          Is Modifierfalse
                                                          Summaryfalse
                                                          Requirements

                                                          This field identifies the security labels for a specific instance of an object, such as a patient, to detect/track privacy and security issues.

                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          484. AuditEvent.entity:dataSubject.name
                                                          Definition

                                                          A name of the entity in the audit event.

                                                          ShortDescriptor for entity
                                                          Comments

                                                          This field may be used in a query/report to identify audit events for a specific person. For example, where multiple synonymous entity identifiers (patient number, medical record number, encounter number, etc.) have been used.

                                                          Control0..1
                                                          This element is affected by the following invariants: sev-1
                                                          Typestring
                                                          Is Modifierfalse
                                                          Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                          Summarytrue
                                                          Requirements

                                                          Use only where entity can't be identified with an identifier.

                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          486. AuditEvent.entity:dataSubject.description
                                                          Definition

                                                          Text that describes the entity in more detail.

                                                          ShortDescriptive text
                                                          Control0..1
                                                          Typestring
                                                          Is Modifierfalse
                                                          Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                          Summaryfalse
                                                          Requirements

                                                          Use only where entity can't be identified with an identifier.

                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          488. AuditEvent.entity:dataSubject.query
                                                          Definition

                                                          The query parameters for a query-type entities.

                                                          ShortQuery parameters
                                                          Comments

                                                          The meaning and secondary-encoding of the content of base64 encoded blob is specific to the AuditEvent.type, AuditEvent.subtype, AuditEvent.entity.type, and AuditEvent.entity.role. The base64 is a general-use and safe container for event specific data blobs regardless of the encoding used by the transaction being recorded. An AuditEvent consuming application must understand the event it is consuming and the formats used by the event. For example, if auditing an Oracle network database access, the Oracle formats must be understood as they will be simply encoded in the base64binary blob.

                                                          Control0..1
                                                          This element is affected by the following invariants: sev-1
                                                          Typebase64Binary
                                                          Is Modifierfalse
                                                          Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                          Summarytrue
                                                          Requirements

                                                          For query events, it may be necessary to capture the actual query input to the query process in order to identify the specific event. Because of differences among query implementations and data encoding for them, this is a base 64 encoded data blob. It may be subsequently decoded or interpreted by downstream audit analysis processing.

                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          490. AuditEvent.entity:dataSubject.detail
                                                          Definition

                                                          Tagged value pairs for conveying additional information about the entity.

                                                          ShortAdditional Information about the entity
                                                          Control0..*
                                                          TypeBackboneElement
                                                          Is Modifierfalse
                                                          Summaryfalse
                                                          Requirements

                                                          Implementation-defined data about specific details of the object accessed or used.

                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          492. AuditEvent.entity:dataSubject.detail.id
                                                          Definition

                                                          Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                                                          ShortUnique id for inter-element referencing
                                                          Control0..1
                                                          Typestring
                                                          Is Modifierfalse
                                                          XML FormatIn the XML format, this property is represented as an attribute.
                                                          Summaryfalse
                                                          494. AuditEvent.entity:dataSubject.detail.extension
                                                          Definition

                                                          May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                                                          ShortAdditional content defined by implementations
                                                          Comments

                                                          There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                          Control0..*
                                                          TypeExtension
                                                          Is Modifierfalse
                                                          Summaryfalse
                                                          Alternate Namesextensions, user content
                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                          496. AuditEvent.entity:dataSubject.detail.modifierExtension
                                                          Definition

                                                          May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                                                          Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                                                          ShortExtensions that cannot be ignored even if unrecognized
                                                          Comments

                                                          There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                                                          Control0..*
                                                          TypeExtension
                                                          Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                                                          Summarytrue
                                                          Requirements

                                                          Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                                                          Alternate Namesextensions, user content, modifiers
                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                                                          498. AuditEvent.entity:dataSubject.detail.type
                                                          Definition

                                                          The type of extra detail provided in the value.

                                                          ShortName of the property
                                                          Control1..1
                                                          Typestring
                                                          Is Modifierfalse
                                                          Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                          Summaryfalse
                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                                                          500. AuditEvent.entity:dataSubject.detail.value[x]
                                                          Definition

                                                          The value of the extra detail.

                                                          ShortProperty value
                                                          Comments

                                                          The value can be string when known to be a string, else base64 encoding should be used to protect binary or undefined content. The meaning and secondary-encoding of the content of base64 encoded blob is specific to the AuditEvent.type, AuditEvent.subtype, AuditEvent.entity.type, and AuditEvent.entity.role. The base64 is a general-use and safe container for event specific data blobs regardless of the encoding used by the transaction being recorded. An AuditEvent consuming application must understand the event it is consuming and the formats used by the event. For example if auditing an Oracle network database access, the Oracle formats must be understood as they will be simply encoded in the base64binary blob.

                                                          Control1..1
                                                          TypeChoice of: string, base64Binary
                                                          [x] NoteSeeChoice of Data Typesfor further information about how to use [x]
                                                          Is Modifierfalse
                                                          Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                                                          Summaryfalse
                                                          Requirements

                                                          Should not duplicate the entity value unless absolutely necessary.

                                                          Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))