6.7 SecurityEvent リソース

logo fhir

HomeInfrastructureSecurityEvent [securityevent]

Resource SecurityEvent - Content6.7

A record of an event made for purposes of maintaining a security log. Typical uses include detection of intrusion attempts and monitoring for inappropriate usage.

The resource name as it appears in a RESTful URL is [root]/securityevent/

The security event is based on the ATNA Audit record definitions, originally from RFC 3881, and now managed by DICOM (see DICOM Part 15 Annex A5). This resource is managed collaboratively between HL7, DICOM, and IHE for the MHD/mHealth initiatives.

Servers that provide support for Security Event resources should not generally accept update or delete operations on the resources, as this would compromise the integrity of the audit record.

Security Events are created as events occur, to track and audit the events. Security Event resources are often (though not exclusively) created by the application responding to the read/query/create/update etc. event. A Provenance resource contains overlapping information, but is a record-keeping assertion that gathers information about the context in which the information in a resource was obtained. Provenance resources are prepared by the application that initiates the create/update etc. of the resource.

Resource Content 6.7.1

<SecurityEvent xmlns="http://hl7.org/fhir"> <!-- from Resource: extension, narrative, and contained --> <event> <!-- 1..1 What was done --> <type><!-- 1..1 CodeableConcept Type of event --></type> <subtype><!-- 0..* CodeableConcept Sub-type of event --></subtype> <action value="[code]"/><!-- 0..1 Type of action performed during the event --> <dateTime value="[instant]"/><!-- 1..1 Time when the event occurred on source --> <outcome value="[code]"/><!-- 0..1 Whether the event succeeded or failed --> <outcomeDesc value="[string]"/><!-- 0..1 Description of the event outcome --> </event> <participant> <!-- 1..* A person, a hardware device or software process --> <role><!-- 0..* CodeableConcept User roles (e.g. local RBAC codes) --></role> <reference><!-- 0..1 Resource(Practitioner|Patient|Device) Direct reference to resource --></reference> <userId value="[string]"/><!-- 0..1 Unique identifier for the user --> <authId value="[string]"/><!-- 0..1 User id used by authentication system --> <name value="[string]"/><!-- 0..1 Human-meaningful name for the user --> <requestor value="[boolean]"/><!-- 1..1 Whether user is initiator --> <media><!-- 0..1 Coding Type of media --></media> <network> <!-- 0..1 Logical network location for application activity --> <identifier value="[string]"/><!-- 0..1 Identifier for the network access point of the user device --> <type value="[code]"/><!-- 0..1 The type of network access point --> </network> </participant> <source> <!-- 1..1 Application systems and processes --> <site value="[string]"/><!-- 0..1 Logical source location within the enterprise --> <identifier value="[string]"/><!-- 1..1 The id of source where event originated --> <type><!-- 0..* Coding The type of source where event originated --></type> </source> <object> <!-- 0..* Specific instances of data or objects that have been accessed --> <identifier><!-- 0..1 Identifier Specific instance of object (e.g. versioned) --></identifier> <reference><!-- 0..1 Resource(Any) Specific instance of resource (e.g. versioned) --></reference> <type value="[code]"/><!-- 0..1 Object type being audited --> <role value="[code]"/><!-- 0..1 Functional application role of Object --> <lifecycle value="[code]"/><!-- 0..1 Life-cycle stage for the object --> <sensitivity><!-- 0..1 CodeableConcept Policy-defined sensitivity for the object --></sensitivity> <name value="[string]"/><!-- 0..1 Instance-specific descriptor for Object --> <query value="[base64Binary]"/><!-- 0..1 Actual query for object --> <detail> <!-- 0..* Additional Information about the Object --> <type value="[string]"/><!-- 1..1 Name of the property --> <value value="[base64Binary]"/><!-- 1..1 Property value --> </detail> </object> </SecurityEvent>

Alternate definitions: Schema/Schematron, Resource Profile

Terminology Bindings 6.7.1.1

Constraints6.7.1.2

  • Inv-3: On SecurityEvent.participant: Either an userId or a reference, but not both (xpath on f:SecurityEvent/f:participant:exists(f:userId) != exists(f:reference))
  • Inv-1: On SecurityEvent.object: Either a name or a query (or both) (xpath on f:SecurityEvent/f:object: not(exists(f:name)) or not(exists(f:query)))
  • Inv-2: On SecurityEvent.object: Either an identifier or a reference, but not both (xpath on f:SecurityEvent/f:object:exists(f:identifier) != exists(f:reference))

Using Coded Values6.7.1.3

The security event resource and the ATNA Audit record are used in many contexts through healthcare. The coded values defined in the "extensible" bindings above are those widely used and/or defined by DICOM, IHE or ISO, who all defined these codes to meet very specific use cases. These codes should be used when the are suitable, or other codes can be defined.

The set of codes defined for this resource are expected to grow over time, and additional codes may be proposed / requested using the community input link above.

Event codes for Common Scenarios6.7.1.4

This table summarises common event scenarios, and the codes that should be used for each case.

Security Event Actions for RESTful operations:

Search Parameters 6.7.2

Search Parameters for RESTful searches. The standard parameters also apply. See Searching for more information.