Stream: implementers
Topic: AuditEvent network protocol
Kenneth Chapple (May 12 2016 at 14:45):
Hi, is there an element in the AuditEvent resource that would be appropriate to accept network protocol like wireless-g, 2G, 4G, etc?
Grahame Grieve (May 12 2016 at 15:33):
extension on AuditEvent.agent.network.type I guess
Kenneth Chapple (May 12 2016 at 17:43):
Thanks, that's what we'll do. I'm not sure how useful this information is, but the client would like to capture it. Perhaps if we see a trend in errors over a particular network?
Theo Stolker (May 12 2016 at 20:11):
Hi, we are planning to use AuditEvent to support Auditing as mandated by ISO 27799 etc. These guidelines require that Audit Events that describe a medical record for a patient being accessed or modified must clearly state the Patient. We are considering adding the Patient in these Audit Events as a Participant, but when a record is modified by a Practitioner, the Participation of the Patient is quite passive.
What would you recommend us to do? Should we indeed add the Patient as an AuditEvent.participant, or are there any other best practices?
Peter Bernhardt (May 12 2016 at 20:14):
In this case, the patient resource would be referenced as the entity of the audit event. Adding that this is IMHO.
Peter Bernhardt (May 12 2016 at 20:16):
Agent is "who", entity is "what".
Michel Rutten (May 12 2016 at 20:16):
I think @Theo Stolker is using DSTU2
Michel Rutten (May 12 2016 at 20:16):
Note that AuditEvent.participant has been renamed/replaced by AuditEvent.agent in STU3
Theo Stolker (May 12 2016 at 20:19):
Thanks Michel, I am now looking at the STU3 resource.
Theo Stolker (May 12 2016 at 20:20):
Peter, that would make sense if I the Patient resource itself is accessed or modified, but we need to als link the patient if an Observation or Medication is the entity being modified. Would you still say that Patient is also an entity then?
Michel Rutten (May 12 2016 at 20:21):
If this is mandated by an ISO standard, then I'd expect the AuditEvent resource to cater for this...
Michel Rutten (May 12 2016 at 20:21):
i.e. I'd expect you shouldn't need an extension for this
Grahame Grieve (May 12 2016 at 20:21):
no need for an extension
Grahame Grieve (May 12 2016 at 20:22):
you can list multiple entitys, and one one entity role is Patient: This object is the patient that is the subject of care related to this event. It is identifiable by patient ID or equivalent
Grahame Grieve (May 12 2016 at 20:22):
that's what you'd use
Peter Bernhardt (May 12 2016 at 20:24):
So, following on Grahame's comment, what I'd do is set the identifeir to the id of the patient and make the role "Patient". Then the other entities in the collection could reference the Observation, Medication, etc.
Theo Stolker (May 12 2016 at 20:25):
Grahame, Peter, thanks for clarifying.
Last updated: Apr 12 2022 at 19:14 UTC
