Difference between revisions of "Add RESTful Query and Feed to ATNA"

From IHE Wiki
Jump to navigation Jump to search
(28 intermediate revisions by 2 users not shown)
Line 1: Line 1:
=Add RESTful Query to ATNA=
+
=Add RESTful ATNA (Query and Feed)=
  
  
Line 6: Line 6:
 
Event logging is a system facility that is used by healthcare applications and other applications.
 
Event logging is a system facility that is used by healthcare applications and other applications.
 
This supplement updates the Audit Trail and Node Authentication (ATNA) Profile. ATNA defines a standardized way to create and send audit records; however, it does not identify a standardized way to retrieve audit records collected by an Audit Record Repository.
 
This supplement updates the Audit Trail and Node Authentication (ATNA) Profile. ATNA defines a standardized way to create and send audit records; however, it does not identify a standardized way to retrieve audit records collected by an Audit Record Repository.
This supplement adds Retrieve capabilities to the Audit Record Repository (ARR). This profile defines a new actor, the Audit Consumer, and two new transactions:
+
This supplement extends the functionalities of ATNA profile introducing RESTful operations that could be used to submit and to retrieve audit records.  This allows light weight applications to easily manage the creation and the access audit information. This supplement is based on FHIR protocol and uses FHIR AuditEvent Resources in order to exchange audit records content. This supplement also defines a query transaction that enables access to raw syslog messages.
 +
This profile defines a new actor, the Audit Consumer, two new transactions and two new message interactions for the Record Audit Event [ITI-20] transaction:
  
*The Retrieve ATNA Audit Event [ITI-81] transaction allows an Audit Consumer to retrieve ATNA Audit Events stored within a target Audit Record Repository. This transaction is based on a FHIR RESTful search operation on AuditEvent resources.
+
#The Retrieve ATNA Audit Event [ITI-81] transaction allows an Audit Consumer to retrieve ATNA Audit Events stored within a target Audit Record Repository. This transaction is based on a FHIR RESTful search operation on AuditEvent resources.
*The Retrieve Syslog Event [ITI-82] transaction allows an Audit Consumer to search syslog messages stored in an Audit Record Repository. This transaction is defined as a 130 RESTful operation. The search parameters are based on syslog metadata.
+
#The Retrieve Syslog Event [ITI-82] transaction allows an Audit Consumer to search syslog messages stored in an Audit Record Repository. This transaction is defined as a RESTful operation. The search parameters are based on syslog metadata.
 +
#Reord Audit Event ITI-20 - Send Audit Resource interaction allows a Secure Node, Secure Application or Record Audit Forwarder to feed a single AuditEvent Resource to an Audit Record Repository.
 +
#Reord Audit Event ITI-20 - Send Audit Bundle interaction allows a Secure Node, Secure Application or Record Audit Forwarder to feed a Bundle of AuditEvent Resources to an Audit Record Repository.
  
Note that ATNA Audit Events are syslog events, so the Retrieve Syslog Event [ITI-82]
+
 
 +
Note:ATNA Audit Events are syslog events, so the Retrieve Syslog Event [ITI-82]
 
transaction enables search of ATNA events based on syslog metadata values.
 
transaction enables search of ATNA events based on syslog metadata values.
  
Line 19: Line 23:
  
 
==Actors==
 
==Actors==
===FileManager===
+
===Audit Record Repository===
The File Manager stores files provided by the File Source and maintains related metadata. The File Manager responds to search and retrieve requests initiated by the File Consumer. The File Manager responds to metadata update requests initiated by the File Source.  
+
The Audit Record Repository receives event audit reports and stores them. It may be part of a federated network of repositories. It is expected to have analysis and reporting capabilities, but those capabilities are not specified as part of this profile. This profile does not specify the capacity of an Audit Record Repository, because the variety of deployment needs makes it impractical to set requirements for the event report volume or capacity needed.
 +
The Audit Repository shall support:
 +
#At least one of the audit transport mechanisms specified in ITI TF-2a: 3.20.
 +
#Receipt of at least one of the IHE-specified audit message formats. Note that the message format is extensible to include both future IHE specifications (e.g., audit requirements for new IHE transactions) and private extensions.
 +
#Local security and privacy service protections and user access controls.
  
===File Consumer===
+
Optionally the Audit Record Repository supports search capabilities as defined in ITI TF2c: 3.81 and ITI TF-2c: 3.82.
The Authorization Decisions Verifier is the actor that verifies if the Requester Entity is authorized to access specific resources by querying the Authorization Decisions Verifier. This actor enforces the Access The File Consumer queries for file metadata meeting certain criteria, and may retrieve selected files.
 
 
 
===File Source===
 
The File Source publishes and updates files produced by either the File Source or by other systems. It is responsible for sending files and related metadata to a File Manager. The File Source can send metadata update requests to the File Manager.  
 
  
 +
===Audit Consumer===
 +
The Audit Consumer queries an Audit Record Repository for syslog and ATNA audit records using Syslog metadata and ATNA audit record content. Subsequent processing of the query result is not defined in this profile.
  
 
==Transactions==
 
==Transactions==
===Submit File===
+
===Retrieve ATNA Audit Event [ITI-81]===
 
 
This transaction allows a File Source to publish one or more new files and related metadata. It also enables update of one or more existing files and metadata by publishing a new version.
 
 
 
This transaction uses the Create File Request message either when there is no prior file, or when the prior needs to be preserved.
 
 
 
This transaction uses the Update File Request message when there is a prior file that doesn’t need to be preserved. (The File Manager is not required to support FHIR resource versioning; see https://www.hl7.org/fhir/STU3/http.html#history.)
 
  
===Search File===
+
This transaction supports the retrieval of ATNA audit record from the Audit Record Repository in accordance with a set of search parameters that determine the retrieved event reports. This transaction enables an Audit Consumer to search audit events that an Audit Record Repository created via the Record Audit Event [ITI-20] transaction.
 +
This transaction is a profiling of a standard FHIR search of the AuditEvent resource.
  
The transaction is used by the File Consumer to find DocumentReference Resources that are stored and managed by a File Manager. Those DocumentReference Resources are not associated with a Patient Resource.
+
===Retrieve Syslog Event [ITI-82]===
  
 +
This transaction supports the retrieval of syslog messages from the Audit Record Repository subject to parameters that limit the retrieval.
  
===Update DocumentReference File===
+
===Record Audit Evnet [ITI-20] - Send Audit Resource interaction===
  
The File Source uses this message to update just a DocumentReference Resource already stored by the File Manager
+
This interaction supports the feed of an AuditEvent Resource to an Audit Record Repository. This interaction is a profiled as a standard FHIR create.
  
 +
===Record Audit Evnet [ITI-20] - Send Audit Bundle interaction===
  
== Use-Case of Reference: Privacy Policies ==
+
This interaction supports the feed of a Bundle of AuditEvent Resources to an Audit Record Repository. This interaction is a profiled as a standard FHIR transaction.
  
A hospital’s privacy office defines a set of Privacy Policies that a patient can agree to. Mr. Blue, a hospital privacy office employee, creates the policy file using the HIS. Using a Submit File [ITI-87] transaction, the application makes it available to all the systems involved in his organization.
+
== Use-Case of Reference: Patient access to his audit records process flow ==
  
Mrs. Black, a nurse of the Goodcare Hospital, wants to search for the current valid BPPC Privacy Policy files that the admitting patient can agree to. She uses a combined BPPC Content Creator and NPFSm File Consumer to issue a query, a Search File [ITI-88] transaction, to search for the current valid Privacy Policy files. Once policies are found, she can retrieve them. The retrieved Privacy Policy files are used, by the Content Creator, in the creation of the consent document that the patient can read and agree to.
+
During a hospitalization, Mr. Brown was asked to sign a consent to share documents produced during that clinical event with a research facility, so that researchers could analyze the efficiency of the applied treatment. Mr. Brown does not provide this consent because he is worried that his data could be used for marketing purposes. A nurse collects the patient’s consent document, but forgets to record his decision in the HIS system.
 +
Access to all the data collected during Mr. Brown’s hospitalization by clinicians involved in his care are tracked as “Export” or “Disclosure events for a “Treatment” purpose. An access to the data by the research facility would be tracked as “Export” or “Disclosure” events for a “Research” purpose. Mr. Brown’s healthcare facility provides on-line access to health information. Mr. Brown can use a web app to access this data (shared using XDS or XCA infrastructure). The web app can also display audit information related to those documents/studies. Audit records are collected by many ATNA Audit Record Repositories, but local policies or system configurations allows the web app to identify the right Audit Record Repository system that stores relevant records. Using the document and study identifiers, the web app can query the appropriate ATNA Audit Record Repository.
 +
The web app reports to Mr. Brown that his documents/studies had been disclosed or exported for both treatment and research purposes.
  
A legal health officer informs the Goodcare Hospital that one of the Privacy Policy files changed. Mr. Blue searches to discover the Privacy Policy and its related metadata (including FHIR resource ids), once they are found he uses an HIS to perform the Submit File [ITI-87] to update the targeted Privacy Policy and related metadata.
 
  
 
===Process flow===
 
===Process flow===
[[File:PP.png]]
+
[[File:Atnaprocessflow.PNG]]
  
 
==Specification==
 
==Specification==
Line 64: Line 68:
  
 
'''Documents:'''  
 
'''Documents:'''  
[http://ihe.net/uploadedFiles/Documents/ITI/IHE_ITI_Suppl_NPFSm.pdf NPFSm Supplement]
+
[http://ihe.net/uploadedFiles/Documents/ITI/IHE_ITI_Suppl_RESTful-ATNA.pdf Add RESTful ATNA (Query and Feed) Supplement]
  
 
'''Additional Supplements:'''
 
'''Additional Supplements:'''
Line 70: Line 74:
  
 
'''Underlying Standards:'''
 
'''Underlying Standards:'''
*HL7 FHIR  HL7 FHIR standard STU3 http://hl7.org/fhir/STU3/index.html
+
[[Audit Trail and Node Authentication]]
** DocumentReference
+
*HL7 FHIR  HL7 FHIR standard R4 http://hl7.org/fhir/R4/index.html
 
** OperationOutcome
 
** OperationOutcome
 
** Bundle
 
** Bundle
** Binary
+
** AuditEvent
 
*RFC2616  Hypertext Transfer Protocol – HTTP/1.1
 
*RFC2616  Hypertext Transfer Protocol – HTTP/1.1
*RFC7540 Hypertext Transfer Protocol – HTTP/2
+
*RFC4627        The application/json Media Type for JavaScript Object Notation (JSON)
 
*RFC3986 Uniform Resource Identifier (URI): Generic Syntax
 
*RFC3986 Uniform Resource Identifier (URI): Generic Syntax
 +
*RFC3339        Date and Time on the Internet: Timestamps
 
*RFC6585 Additional HTTP Status Codes
 
*RFC6585 Additional HTTP Status Codes
 +
*RFC5424        The Syslog Protocol
  
 
==FHIR Implementation Guide==
 
==FHIR Implementation Guide==
Informatively this profile is also published on [https://simplifier.net/IHENPFSm Simplifier as a set of FHIR conformance resources], that are also registered at https://registry.fhir.org
 
  
Note the following links are to current instances maintained in Simplifier. This URL may change over time, which is why the canonical URI is provided. The canonical URI can not be used for browser navigation, but can be used for lookup at registry or simplifier as search capability allows.
+
Informatively this profile is also as a set of FHIR conformance resources, that are also registered at https://registry.fhir.org
* [https://simplifier.net/IHENPFSm/IHENPFSm IHE NPFSm Implementation Guide]
 
** canonical URI http://ihe.net/fhir/ImplementationGuide/IHE.NPFSm
 
* [https://simplifier.net/IHENPFSm/IHENPFSmclasscodecs ClassCode CodeSystem for NPFSm Profile]
 
** canonical URI http://ihe.net/fhir/CodeSystem/IHE.NPFSm.classcode.cs
 
* [https://simplifier.net/IHENPFSm/IHENPFSmclasscodevs ClassCode ValueSet for NPFSm Profile]
 
** canonical URI http://ihe.net/fhir/ValueSet/IHE.NPFSm.classcode.vs
 
* Actor Capability Statements
 
** [https://simplifier.net/IHENPFSm/IHENPFSmFileConsumer NPFSm File Consumer] Actor CapabilityStatement
 
*** canonical URI http://www.ihe.net/fhir/CapabilityStatement/IHE.NPFSm.FileConsumer
 
** [https://simplifier.net/IHENPFSm/IHENPFSmFileConsumerFileRetrieveOption NPFSm File Consumer supporting the File Retrieve Option] Actor CapabilityStatement
 
*** canonical URI http://www.ihe.net/fhir/CapabilityStatement/IHE.NPFSm.FileConsumer.FileRetrieveOption
 
** [https://simplifier.net/IHENPFSm/IHENPFSmFileManager NPFSm File Manager] Actor CapabilityStatement
 
*** canonical URI http://www.ihe.net/fhir/CapabilityStatement/IHE.NPFSm.FileManager
 
** [https://simplifier.net/IHENPFSm/IHENPFSmFileSource NPFSm File Source] Actor CapabilityStatement
 
*** canonical URI http://www.ihe.net/fhir/CapabilityStatement/IHE.NPFSm.FileSource
 
** [https://simplifier.net/IHENPFSm/IHENPFSmFileSourceUpdateFileMetadataOption NPFSm File Source supporting the Update File Metadata Option] Actor CapabilityStatement
 
*** canonical URI http://www.ihe.net/fhir/CapabilityStatement/IHE.NPFSm.FileSource.UpdateFileMetadataOption
 
* Structure Definitions
 
** [https://simplifier.net/IHENPFSm/IHENPFSmDocumentReference DocumentReference]
 
*** canonical URI http://www.ihe.net/fhir/StructureDefinition/IHE.NPFSm.DocumentReference
 
** [https://simplifier.net/IHENPFSm/IHENPFSmSubmitFile Bundle for Submit File (ITI-87) transaction]
 
*** canonical URI http://www.ihe.net/fhir/StructureDefinition/IHE.NPFSm.SubmitFile
 
  
Prior conformance resources have been registered, they should now be marked retired
+
The conformance resources are available on the [[Implementation Material]] folder.
  
The conformance resources are also available on the [[Implementation Material]] folder.
 
  
  
[[Category:Profiles]]
 
[[Category:ITI Profile]]
 
[[Category:FHIR]]
 
 
[[Category:Security]]
 
[[Category:Security]]

Revision as of 20:41, 12 November 2019

Add RESTful ATNA (Query and Feed)

Introduction

Event logging is a system facility that is used by healthcare applications and other applications. This supplement updates the Audit Trail and Node Authentication (ATNA) Profile. ATNA defines a standardized way to create and send audit records; however, it does not identify a standardized way to retrieve audit records collected by an Audit Record Repository. This supplement extends the functionalities of ATNA profile introducing RESTful operations that could be used to submit and to retrieve audit records. This allows light weight applications to easily manage the creation and the access audit information. This supplement is based on FHIR protocol and uses FHIR AuditEvent Resources in order to exchange audit records content. This supplement also defines a query transaction that enables access to raw syslog messages. This profile defines a new actor, the Audit Consumer, two new transactions and two new message interactions for the Record Audit Event [ITI-20] transaction:

  1. The Retrieve ATNA Audit Event [ITI-81] transaction allows an Audit Consumer to retrieve ATNA Audit Events stored within a target Audit Record Repository. This transaction is based on a FHIR RESTful search operation on AuditEvent resources.
  2. The Retrieve Syslog Event [ITI-82] transaction allows an Audit Consumer to search syslog messages stored in an Audit Record Repository. This transaction is defined as a RESTful operation. The search parameters are based on syslog metadata.
  3. Reord Audit Event ITI-20 - Send Audit Resource interaction allows a Secure Node, Secure Application or Record Audit Forwarder to feed a single AuditEvent Resource to an Audit Record Repository.
  4. Reord Audit Event ITI-20 - Send Audit Bundle interaction allows a Secure Node, Secure Application or Record Audit Forwarder to feed a Bundle of AuditEvent Resources to an Audit Record Repository.


Note:ATNA Audit Events are syslog events, so the Retrieve Syslog Event [ITI-82] transaction enables search of ATNA events based on syslog metadata values.

Actors and Transactions

Actros.PNG

Actors

Audit Record Repository

The Audit Record Repository receives event audit reports and stores them. It may be part of a federated network of repositories. It is expected to have analysis and reporting capabilities, but those capabilities are not specified as part of this profile. This profile does not specify the capacity of an Audit Record Repository, because the variety of deployment needs makes it impractical to set requirements for the event report volume or capacity needed. The Audit Repository shall support:

  1. At least one of the audit transport mechanisms specified in ITI TF-2a: 3.20.
  2. Receipt of at least one of the IHE-specified audit message formats. Note that the message format is extensible to include both future IHE specifications (e.g., audit requirements for new IHE transactions) and private extensions.
  3. Local security and privacy service protections and user access controls.

Optionally the Audit Record Repository supports search capabilities as defined in ITI TF2c: 3.81 and ITI TF-2c: 3.82.

Audit Consumer

The Audit Consumer queries an Audit Record Repository for syslog and ATNA audit records using Syslog metadata and ATNA audit record content. Subsequent processing of the query result is not defined in this profile.

Transactions

Retrieve ATNA Audit Event [ITI-81]

This transaction supports the retrieval of ATNA audit record from the Audit Record Repository in accordance with a set of search parameters that determine the retrieved event reports. This transaction enables an Audit Consumer to search audit events that an Audit Record Repository created via the Record Audit Event [ITI-20] transaction. This transaction is a profiling of a standard FHIR search of the AuditEvent resource.

Retrieve Syslog Event [ITI-82]

This transaction supports the retrieval of syslog messages from the Audit Record Repository subject to parameters that limit the retrieval.

Record Audit Evnet [ITI-20] - Send Audit Resource interaction

This interaction supports the feed of an AuditEvent Resource to an Audit Record Repository. This interaction is a profiled as a standard FHIR create.

Record Audit Evnet [ITI-20] - Send Audit Bundle interaction

This interaction supports the feed of a Bundle of AuditEvent Resources to an Audit Record Repository. This interaction is a profiled as a standard FHIR transaction.

Use-Case of Reference: Patient access to his audit records process flow

During a hospitalization, Mr. Brown was asked to sign a consent to share documents produced during that clinical event with a research facility, so that researchers could analyze the efficiency of the applied treatment. Mr. Brown does not provide this consent because he is worried that his data could be used for marketing purposes. A nurse collects the patient’s consent document, but forgets to record his decision in the HIS system. Access to all the data collected during Mr. Brown’s hospitalization by clinicians involved in his care are tracked as “Export” or “Disclosure events for a “Treatment” purpose. An access to the data by the research facility would be tracked as “Export” or “Disclosure” events for a “Research” purpose. Mr. Brown’s healthcare facility provides on-line access to health information. Mr. Brown can use a web app to access this data (shared using XDS or XCA infrastructure). The web app can also display audit information related to those documents/studies. Audit records are collected by many ATNA Audit Record Repositories, but local policies or system configurations allows the web app to identify the right Audit Record Repository system that stores relevant records. Using the document and study identifiers, the web app can query the appropriate ATNA Audit Record Repository. The web app reports to Mr. Brown that his documents/studies had been disclosed or exported for both treatment and research purposes.


Process flow

Atnaprocessflow.PNG

Specification

Profile Status: Trial Implementation

Documents: Add RESTful ATNA (Query and Feed) Supplement

Additional Supplements: Appendix Z on HL7 FHIR

Underlying Standards: Audit Trail and Node Authentication

  • HL7 FHIR HL7 FHIR standard R4 http://hl7.org/fhir/R4/index.html
    • OperationOutcome
    • Bundle
    • AuditEvent
  • RFC2616 Hypertext Transfer Protocol – HTTP/1.1
  • RFC4627 The application/json Media Type for JavaScript Object Notation (JSON)
  • RFC3986 Uniform Resource Identifier (URI): Generic Syntax
  • RFC3339 Date and Time on the Internet: Timestamps
  • RFC6585 Additional HTTP Status Codes
  • RFC5424 The Syslog Protocol

FHIR Implementation Guide

Informatively this profile is also as a set of FHIR conformance resources, that are also registered at https://registry.fhir.org

The conformance resources are available on the Implementation Material folder.

Retrieved from "http://wiki.ihe.net/index.php?title=Add_RESTful_Query_and_Feed_to_ATNA&oldid=118607"