Audit Examples together with IUA and and adapted to EPR requirements

[oliveregger]

Need to define Audit Examples/Profiles together with IUA and and adapted to EPR requirements

[qligier]

In the Amendment 1 to Annex 5, §1.5.1:

1. The OID of the audit source shall be specified (@AuditEnterpriseSiteID in DICOM).
2. When an XDS document is described in the audit log, its confidentiality code shall be specified (if known) (@ParticipantObjectSensitivity in DICOM).
3. When a code from a Swiss value set is represented, its name shall be the code system OID (@codeSystemName in DICOM).

§1.6.4.3.5.1:

1. The first ActiveParticipant is the IHE XUA requirement.
2. The second element describes the main user (the subject of the XUA assertion)
   • ID of the user: GLN for a HCP, EPR-SPID for the patient, or the ID of the representative.
   • Real-world name of the user
   • Role of the user
3. The third element is required, if some other person acted on behalf of the main user
   • ID of the assistant or technical user
   • Real-world name of the assistant or technical user
   • Role of the assistant or technical user

BALP has defined a mapping from DICOM.

• @AuditEnterpriseSiteID is mapped to source.site
• the document is not mapped to an entity, a new slice should be added for that. entity.securityLabel is a good candidate.
• No equivalent to @codeSystemName in Coding, but we could use the extension https://hl7.org/fhir/R4/extension-valueset-reference.html with an OID as URN.

• No need to map it (?)
• Can be mapped to agent:user
  • agent.altId
  • agent.name or agent.who.display
  • agent.role
• Can be mapped to a new agent
  • agent.altId
  • agent.name or agent.who.display
  • agent.role

[oliveregger]

When a code from a Swiss value set is represented, its name shall be the value set OID (@codeSystemName in DICOM).

propose to use the the extension to the ValueSet url (not oid)
need to check to which this applies (entity.securityLabel, agent.role)
needs further discussion if the value set url needs to be really provided

[oliveregger]

No need to map it (?)

leave it out (not defined in IUA: need to be cross-checked)

[qligier]

QL: need to provide an example

[oliveregger]

should we take https://profiles.ihe.net/ITI/BALP/content.html#35753-oauth---comprehensive-auditevent-record into consideration for defining what information should be audited out of the IUA (ch) token?

[qligier]

Example of Swiss extended JWT access token, commented with the mapping recommended in https://profiles.ihe.net/ITI/BALP/content.html#35753-oauth---comprehensive-auditevent-record (for further discussion)

{
  "iss": "http://issuerAdress.ch", // agent[user].who.identifier.system
  "sub": "UserId-bfe8a208-b9d0-4012-b2f5-168b949fc3cb", // agent[user].who.identifier.value
  "aud": "http://mhdResourceServerURL.ch",
  "exp": 1587294580000,
  "nbf": 1587294460000,
  "iat": 1587294460000,
  "jti": "c5436729-3f26-4dbf-abd3-2790dc7771a", // agent[user].policy
  "extensions" : {  
    "ihe_iua" : {  
      "subject_name": "Martina Musterarzt", // agent[user].who.display
      "home_community_id": "urn:oid:1.2.3.4", // entity[consent].what.identifier.assigner.identifier.value
      "person_id": "761337610411353650^^^&2.16.756.5.30.1.127.3.10.3&ISO", // agent[user].extension[otherId][provider-id].identifier.value
      "subject_role": { // agent[user].role
          "system": "urn:oid:2.16.756.5.30.1.127.3.10.6",
          "code": "HCP"
      },
      "purpose_of_use": { // agent[user].purposeOfUse
          "system": "urn:uuid:2.16.756.5.30.1.127.3.10.5",
          "code": "NORM",
      }
    }, 
    "ch_epr": {
      "user_id": "2000000090092", 
      "user_id_qualifier": "urn:gs1:gln" 
    }, 
    "ch_group" : [
      {
        "name": "Name of group with id urn:oid:2.2.2.1", // agent[userorg].who.display
        "id": "urn:oid:2.2.2.1" // agent[userorg].who.identifier.value
      }, 
      {
        "name": "Name of group with id urn:oid:2.2.2.2",
        "id": "urn:oid:2.2.2.2"
      },
      {
        "name": "Name of group with id urn:oid:2.2.2.2",
        "id": "urn:oid:2.2.2.3"
      }
    ]
  }
}

[qligier]

Example of audit log of an ITI-67 transaction on the client side, with the same JWT sample, with the Swiss requirements but not the BALP JWT mapping:

{
  "resourceType" : "AuditEvent",
  "text" : {
    "status" : "generated",
    "div" : "<div xmlns=\"http://www.w3.org/1999/xhtml\">Narrative</div>"
  },
  "type" : {
    "system" : "http://terminology.hl7.org/CodeSystem/audit-event-type",
    "code" : "rest",
    "display" : "Restful Operation"
  },
  "subtype" : [
    {
      "system" : "urn:ihe:event-type-code",
      "code" : "ITI-67",
      "display" : "Find Document References"
    },
    {
      "system" : "http://hl7.org/fhir/restful-interaction",
      "code" : "search",
      "display" : "search"
    }
  ],
  "action" : "E",
  "recorded" : "2024-09-10T14:17:32Z",
  "outcome" : "0",
  "agent" : [
    { // agent:client
      "type" : {
        "coding" : [
          {
            "system" : "http://dicom.nema.org/resources/ontology/DCM",
            "code" : "110153",
            "display" : "Source Role ID"
          }
        ]
      },
      "who" : {
        "reference" : "Device/ex-device"
      },
      "requestor" : false,
      "network" : {
        "address" : "192.168.1.1",
        "type" : "2"
      }
    },
    { // agent:server
      "type" : {
        "coding" : [
          {
            "system" : "http://dicom.nema.org/resources/ontology/DCM",
            "code" : "110152",
            "display" : "Destination Role ID"
          }
        ]
      },
      "who" : {
        "display" : "http://example.com/fhir"
      },
      "requestor" : false,
      "network" : {
        "address" : "http://example.com/fhir",
        "type" : "5"
      }
    },
    { // agent:user
      "type": {
        "coding": [
          {
            "system": "http://terminology.hl7.org/CodeSystem/v3-ParticipationType",
            "code": "IRCP",
            "display": "information recipient"
          }
        ]
      },
      "role": { // Role of the user
        "coding": [
          {
            "system": "urn:oid:2.16.756.5.30.1.127.3.10.6",
            "code": "HCP",
            "display": "Healthcare professional"
          }
        ],
        "text": "Healthcare professional"
      },
      "who": {
        "display": "Martina Musterarzt" // Real-world name of the user
      },
      "altId": "2000000090092", // ID of the user
      "name": "Martina Musterarzt", // Real-world name of the user
      "requestor": "true"
    }
  ],
  "source" : {
    "site" : "2.999.1.2", // @AuditEnterpriseSiteID
    "observer" : {
      "reference" : "Device/ex-device"
    },
    "type" : [
      {
        "system" : "http://terminology.hl7.org/CodeSystem/security-source-type",
        "code" : "1",
        "display" : "User Device"
      }
    ]
  },
  "entity" : [
    {
      "type" : {
        "system" : "http://terminology.hl7.org/CodeSystem/audit-entity-type",
        "code" : "2",
        "display" : "System Object"
      },
      "role" : {
        "system" : "http://terminology.hl7.org/CodeSystem/object-role",
        "code" : "24",
        "display" : "Query"
      },
      "description" : "GET http://example.org/fhir/patient.identifier=urn:oid:2.16.756.5.30.1.127.3.10.3|761337610411353650&status=current",
      "query" : "aHR0cDovL2V4YW1wbGUub3JnL2ZoaXIvcGF0aWVudC5pZGVudGlmaWVyPXVybjpvaWQ6Mi4xNi43NTYuNS4zMC4xLjEyNy4zLjEwLjN8NzYxMzM3NjEwNDExMzUzNjUwJnN0YXR1cz1jdXJyZW50"
    },
    {
      "what" : {
          "system" : "urn:oid:2.16.756.5.30.1.127.3.10.3",
          "value" : "761337610411353650"
      },
      "type" : {
        "system" : "http://terminology.hl7.org/CodeSystem/audit-entity-type",
        "code" : "1",
        "display" : "Person"
      },
      "role" : {
        "system" : "http://terminology.hl7.org/CodeSystem/object-role",
        "code" : "1",
        "display" : "Patient"
      }
    },
    { // TraceParent
      "what" : {
        "identifier" : {
          "value" : "00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-00"
        }
      },
      "type" : {
        "system" : "http://terminology.hl7.org/CodeSystem/audit-entity-type",
        "code" : "4",
        "display" : "Other"
      },
      "role" : {
        "system" : "http://terminology.hl7.org/CodeSystem/object-role",
        "code" : "26",
        "display" : "Processing Element"
      }
    }
  ]
}

[oliveregger]

remove group/organization

[oliveregger]

PR with a "real" example

[oliveregger]

discussion with ms today:

we should add also the option possibilites for the basic token iua mappings to audit event

https://build.fhir.org/ig/ehealthsuisse/ch-epr-fhir/iti-71.html#message-semantics-1