Extra software/transaction details in FHIR AuditEvent / ATNA Audit Message

Recently I had some discussions where I asked how you could add more information to an ATNA audit message (also known as FHIR AuditEvent). This additional information is not the type of information that should be addressed in the “extension” because the audit message framework supports support for what needs to be registered. But there are things to be prepared.

Here are usage cases.
In a service-focused transaction, there is a transaction ID for this transaction. If all audit events are logged on your transaction ID, you can view all audit events resulting from a single transaction. The transaction ID can be found in the SOAP header, in the HTTP header, or elsewhere. For purposes of this article, it does not matter if it came from, and several different audit log events can register a transaction ID to link multiple different log entries audit.
In a multi-layered software environment, many software applications (also referred to as services) may be involved in an event. It is recommended that you register all these applications so that the log audit can view the share. For example, during the audit log, you can call the call stack to see all the levels involved.

First, consider whether this additional information is appropriate. This is an important step, since the first idea is sometimes to write audit log data. It should keep the data from the audit trail and trust the metadata as a data link that is formally managed in a database. In use cases mentioned here both metadata and not data. They explain what it is and so “dead”.

Note that each of the use cases is related to similar facts. If you look at the audit logs, it helps to understand how the event is ahead. Practically the same may be required. This means that any software that holds the agreement can register to participate in this transaction, which leads to many audit events and can be very powerful. Software engineering may be understood to only record an event in all details. Most likely, this is a combination of all that.
Selecting IHE for message checking is the minimum of focused transaction
It usually requires an IHE verification message who, what, where, when and why it was recorded (W5). Specifications such as IHE explain possible details in a particular transaction. The unfortunate truth is that IHE is limited in the interoperability layer of software design, so they can only mention the things that IHE does.

An example of this type if the XCPD request for this event on the server is registered: (Use the IHE / DICOM monitoring message rules, mapping like Fhir Audit Event).
Event Description: Select this type of event
ActiveParticipant: The home gateway is described in an IP address. The amount of ReplyTo is likely to be used when using concurrent web services.
ActiveParticipant: The gateway where the IP address and the SOAP endpoint URI respond. The ID process may be registered to be associated with logs of the local system.
AuditSource: The identity of the audit event registration system
Participant of the object: The identity of the patient (provenance), if known
ParticipantObject: query parameter
The closest in this article is that the answer interface can keep the local computer ID process so that events can be attributed to local audit records (in a format other than IHE).

You should also consider that these statements are just “actors” (ie the start gate and the response gate) are mentioned. IHE can not determine the structure of a program and therefore does not know the program structure. The programmer expects to add these details.
Specifying layers
I would like to point out that IHE expands the expectations of the test message due to the “inclusion” of the classes. If the previous XCPD server for example, received xưa insistence that the previous check message was extended by an additional ActiveParticipant with a user name component composed of the identity part of the SAML assertion is expected.

Leave a Reply

Your email address will not be published. Required fields are marked *