Network Working Group                                        G. Marshall
Request for Comments: 3881                                       Siemens
Category: Informational                                   September 2004
        
Network Working Group                                        G. Marshall
Request for Comments: 3881                                       Siemens
Category: Informational                                   September 2004
        

Security Audit and Access Accountability Message XML Data Definitions for Healthcare Applications

医疗保健应用程序的安全审计和访问责任消息XML数据定义

Status of this Memo

本备忘录的状况

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。

Copyright Notice

版权公告

Copyright (C) The Internet Society (2004).

版权所有(C)互联网协会(2004年)。

IESG Note

IESG注释

This RFC is not a candidate for any level of Internet Standard. The IETF disclaims any knowledge of the fitness of this RFC for any purpose, and notes that it has not had IETF review. The RFC Editor has chosen to publish this document at its discretion.

本RFC不适用于任何级别的互联网标准。IETF不承认任何关于本RFC适用于任何目的的知识,并注意到其未经IETF审查。RFC编辑已自行决定发布本文件。

Abstract

摘要

This document defines the format of data to be collected and minimum set of attributes that need to be captured for security auditing in healthcare application systems. The format is defined as an XML schema, which is intended as a reference for healthcare standards developers and application designers. It consolidates several previous documents on security auditing of healthcare data.

本文档定义了要收集的数据的格式,以及医疗保健应用程序系统中安全审计需要捕获的最小属性集。该格式定义为XML模式,供医疗标准开发人员和应用程序设计人员参考。它整合了以前关于医疗数据安全审计的几个文档。

Table of Contents

目录

   1. Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . .  2
   2. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  4
      2.1.  Data Collection . . . . . . . . . . . . . . . . . . . . .  4
      2.2.  Anticipated Data End-uses . . . . . . . . . . . . . . . .  5
      2.3.  Conformance . . . . . . . . . . . . . . . . . . . . . . .  6
   3. Goals . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  6
      3.1.  Effective Data Gathering. . . . . . . . . . . . . . . . .  6
      3.2.  Efficiency. . . . . . . . . . . . . . . . . . . . . . . .  7
   4. Trigger Events. . . . . . . . . . . . . . . . . . . . . . . . .  8
      4.1.  Security Administration . . . . . . . . . . . . . . . . .  8
      4.2.  Audit Administration and Data Access. . . . . . . . . . .  9
      4.3.  User Access . . . . . . . . . . . . . . . . . . . . . . . 10
   5. Data Definitions. . . . . . . . . . . . . . . . . . . . . . . . 13
      5.1.  Event Identification. . . . . . . . . . . . . . . . . . . 13
      5.2.  Active Participant Identification . . . . . . . . . . . . 17
      5.3.  Network Access Point Identification . . . . . . . . . . . 20
      5.4.  Audit Source Identification . . . . . . . . . . . . . . . 22
      5.5.  Participant Object Identification . . . . . . . . . . . . 24
   6. XML Schema. . . . . . . . . . . . . . . . . . . . . . . . . . . 31
      6.1.  XML Schema Definition . . . . . . . . . . . . . . . . . . 31
      6.2.  XML Schema Localization . . . . . . . . . . . . . . . . . 43
   7. Security Considerations . . . . . . . . . . . . . . . . . . . . 44
   8. References. . . . . . . . . . . . . . . . . . . . . . . . . . . 44
      8.1.  Normative References. . . . . . . . . . . . . . . . . . . 44
      8.2.  Informative References. . . . . . . . . . . . . . . . . . 45
   Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . . . . 45
   Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 46
   Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 47
        
   1. Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . .  2
   2. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  4
      2.1.  Data Collection . . . . . . . . . . . . . . . . . . . . .  4
      2.2.  Anticipated Data End-uses . . . . . . . . . . . . . . . .  5
      2.3.  Conformance . . . . . . . . . . . . . . . . . . . . . . .  6
   3. Goals . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  6
      3.1.  Effective Data Gathering. . . . . . . . . . . . . . . . .  6
      3.2.  Efficiency. . . . . . . . . . . . . . . . . . . . . . . .  7
   4. Trigger Events. . . . . . . . . . . . . . . . . . . . . . . . .  8
      4.1.  Security Administration . . . . . . . . . . . . . . . . .  8
      4.2.  Audit Administration and Data Access. . . . . . . . . . .  9
      4.3.  User Access . . . . . . . . . . . . . . . . . . . . . . . 10
   5. Data Definitions. . . . . . . . . . . . . . . . . . . . . . . . 13
      5.1.  Event Identification. . . . . . . . . . . . . . . . . . . 13
      5.2.  Active Participant Identification . . . . . . . . . . . . 17
      5.3.  Network Access Point Identification . . . . . . . . . . . 20
      5.4.  Audit Source Identification . . . . . . . . . . . . . . . 22
      5.5.  Participant Object Identification . . . . . . . . . . . . 24
   6. XML Schema. . . . . . . . . . . . . . . . . . . . . . . . . . . 31
      6.1.  XML Schema Definition . . . . . . . . . . . . . . . . . . 31
      6.2.  XML Schema Localization . . . . . . . . . . . . . . . . . 43
   7. Security Considerations . . . . . . . . . . . . . . . . . . . . 44
   8. References. . . . . . . . . . . . . . . . . . . . . . . . . . . 44
      8.1.  Normative References. . . . . . . . . . . . . . . . . . . 44
      8.2.  Informative References. . . . . . . . . . . . . . . . . . 45
   Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . . . . 45
   Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 46
   Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 47
        
1. Purpose
1. 意图

To help assure healthcare privacy and security in automated systems, usage data needs to be collected. This data will be reviewed by administrative staff to verify that healthcare data is being used in accordance with the healthcare provider's data security requirements and to establish accountability for data use. This data collection and review process is called security auditing.

为了帮助确保自动化系统中的医疗隐私和安全,需要收集使用数据。管理人员将对这些数据进行审查,以验证医疗保健数据的使用是否符合医疗保健提供商的数据安全要求,并确定数据使用的责任。这种数据收集和审查过程称为安全审计。

This document defines the format of the data to be collected and minimum set of attributes that need to be captured by healthcare application systems for subsequent use by an automation-assisted review application. The data includes records of who accessed healthcare data, when, for what action, from where, and which

本文档定义了要收集的数据的格式,以及医疗保健应用程序系统需要捕获以供自动化辅助审查应用程序后续使用的最小属性集。数据包括谁访问了医疗保健数据、何时、采取何种行动、从何处以及从何处访问的记录

patients' records were involved. The data definition is an XML schema to be used as a reference by healthcare standards developers and application designers.

涉及患者记录。数据定义是一个XML模式,供医疗标准开发人员和应用程序设计人员参考。

This document consolidates previously disjointed viewpoints of security auditing from Health Level 7 (HL7) [HL7SASIG], Digital Imaging and Communications in Medicine (DICOM) Working Group 14, Integrating the Healthcare Enterprise (IHE) [IHETF-3], the ASTM International Healthcare Informatics Technical Committee (ASTM E31) [E2147], and the Joint NEMA/COCIR/JIRA Security and Privacy Committee [NEMASPC]. It is intended as a reference for these groups and other healthcare standards developers.

本文件整合了健康水平7(HL7)[HL7SASIG],医学数字成像与通信(DICOM)工作组14,整合了医疗保健企业(IHE)[IHETF-3],ASTM国际医疗保健信息技术委员会(ASTM E31)[E2147]之前对安全审计的脱节观点,以及NEMA/COCIR/JIRA联合安全和隐私委员会[NEMASPC]。本手册旨在为这些团体和其他医疗标准开发人员提供参考。

The purposes the document fulfills are to:

本文件的目的是:

1) Define data to be communicated for evidence of compliance with, or violations of, a healthcare enterprise's security and privacy policies and objectives.

1) 定义要传达的数据,以证明符合或违反医疗保健企业的安全和隐私政策及目标。

This document defines the audit message format and content for healthcare application systems. The focus of auditing is to retrospectively detect and report security/privacy breaches. This includes capturing data that supports individual accountability for patient record creation, access, updates, and deletions.

本文档定义了医疗保健应用系统的审核消息格式和内容。审计的重点是回顾性地检测和报告安全/隐私违规行为。这包括捕获支持创建、访问、更新和删除病历的个人责任的数据。

This document does not define healthcare security and privacy policies or objectives. It also does not include real-time access alarm actions since there is a perception in the healthcare community that security measures that inhibit access may also inhibit effective patient care, under some circumstances.

本文档未定义医疗安全和隐私政策或目标。它也不包括实时访问警报操作,因为医疗界认为,在某些情况下,禁止访问的安全措施也可能会阻碍有效的患者护理。

2) Depict the data that would potentially reside in a common audit engine or database.

2) 描述可能驻留在公共审计引擎或数据库中的数据。

Privacy and security audit data is to be collected on each hardware system, and there are likely to be separate local data stores for system-level and application-level audits. Collating these records and providing a common view - transcending hardware system boundaries - is seen as necessary for cost-effective security and privacy policy administration.

隐私和安全审计数据将在每个硬件系统上收集,并且可能有单独的本地数据存储用于系统级和应用程序级审计。整理这些记录并提供一个共同的视图——超越硬件系统边界——被认为是经济高效的安全和隐私政策管理所必需的。

The data definitions in this document support such a collation, but the technical implementation alternatives are not covered in this document.

本文档中的数据定义支持这种排序,但本文档不包括技术实现备选方案。

3) Depict data that allows useful queries against audited events.

3) 描述允许对已审核事件进行有用查询的数据。

Audit data, in its raw form, reflects a sequential view of system activity. Useful inquiries for security and privacy administration need workflow, business process, organizational, role, and person-oriented views. Data definitions in this document anticipate and support creating those views and queries, but do not define them.

原始形式的审计数据反映了系统活动的顺序视图。安全和隐私管理的有用查询需要工作流、业务流程、组织、角色和面向个人的视图。本文档中的数据定义预期并支持创建这些视图和查询,但不定义它们。

4) Provide a common reference standard for healthcare IT standards development organizations.

4) 为医疗IT标准开发组织提供通用参考标准。

By specifying an XML schema, this document anticipates extensions to the base schema to meet requirements of healthcare standards bodies and application developers.

通过指定XML模式,本文档预期对基本模式进行扩展,以满足医疗保健标准机构和应用程序开发人员的需求。

2. Scope
2. 范围
2.1. Data Collection
2.1. 数据收集

This document specifies audit data to be collected and communicated from automated systems. It does not include non-automated processes.

本文件规定了从自动化系统收集和传达的审计数据。它不包括非自动化流程。

Data for events in the above categories may be selectively collected, based on healthcare organization policy. This document does not specify any baseline or minimal policies.

根据医疗保健组织的政策,可以有选择地收集上述类别事件的数据。本文档未指定任何基准或最低策略。

For each audited event, this document specifies the minimal data requirements plus optional data for the following event categories:

对于每个经审核的事件,本文件规定了以下事件类别的最低数据要求和可选数据:

1) Security administrative events - establishing and maintaining security policy definitions, secured object definitions, role definitions, user definitions, and the relationships among them. In general, these events are specific to the administrative applications.

1) 安全管理事件-建立和维护安全策略定义、安全对象定义、角色定义、用户定义以及它们之间的关系。通常,这些事件特定于管理应用程序。

2) Audit access events - reflecting special protections implemented for the audit trail itself.

2) 审核访问事件-反映为审核跟踪本身实施的特殊保护。

3) Security-mediated events - recording entity identification and authentication, data access, function access, nonrepudiation, cryptographic operations, and data import/export for messages and reports. In general, these events are generic to all protected resources, without regard to the application data content.

3) 安全中介事件-记录实体标识和身份验证、数据访问、功能访问、不可否认性、加密操作以及消息和报告的数据导入/导出。通常,这些事件对于所有受保护的资源都是通用的,而不考虑应用程序数据内容。

4) Patient care data events - documenting what was done, by whom, using which resources, from what access points, and to whose medical data. In general, these audits are application-specific since they require knowledge of the application data content.

4) 患者护理数据事件-记录做了什么,由谁做,使用了哪些资源,从哪些访问点,以及到谁的医疗数据。通常,这些审核是特定于应用程序的,因为它们需要了解应用程序数据内容。

Security subsystems found in most system infrastructures include a capability to capture system-level security relevant events like log-on and security object accesses. This document does not preclude such functions being enabled to record and supply the data defined in this document, but transformation of the collected data to the common XML schema definition may be necessary to support requirements consolidated auditing views.

大多数系统基础设施中的安全子系统都具有捕获系统级安全相关事件(如登录和安全对象访问)的能力。本文档并不排除启用此类功能来记录和提供本文档中定义的数据,但可能需要将收集的数据转换为通用XML模式定义,以支持需求合并审核视图。

Application-level events, such as patient record access, are not captured by system-level security audits. The defined data support applications' record access auditing for healthcare institutional security and privacy assurance plus related policy administration functions.

系统级安全审核不会捕获应用程序级事件,例如病历访问。定义的数据支持应用程序的记录访问审核,用于医疗机构安全和隐私保障以及相关的策略管理功能。

System-local data definitions for collection and storage of audit data, prior to transformation to a common schema and transmission to a common repository, are not included in this document.

在转换为公共模式并传输到公共存储库之前,用于收集和存储审核数据的系统本地数据定义不包含在本文档中。

2.2. Anticipated Data End-uses
2.2. 预期数据最终用途

This document anticipates, but does not define, end-uses for the data collected.

本文件预期但未定义所收集数据的最终用途。

The typical healthcare IT environment contains many systems from various vendors and developers who have not implemented common or interoperable security administrative functions. This document anticipates a requirement to transmit data from several unrelated systems to a common repository. It also anticipates the aggregated data which may then be queried and viewed in a variety of ways.

典型的医疗IT环境包含来自不同供应商和开发人员的许多系统,这些供应商和开发人员尚未实现通用或可互操作的安全管理功能。本文档预计需要将数据从几个不相关的系统传输到一个公共存储库。它还预测聚合的数据,然后可以通过各种方式查询和查看这些数据。

There are distinctions of detail granularity, specificity, and frequency between audit data required for surveillance versus forensic purposes. While some surveillance data may be useful for forensics, the scope of this document is limited to surveillance.

监督和法医目的所需的审计数据在细节粒度、特异性和频率上存在差异。虽然一些监控数据可能对取证有用,但本文件的范围仅限于监控。

This document does not address access real-time policy violation alarm actions. There is a perception in the healthcare community that security measures which inhibit access may also inhibit effective patient care, under some circumstances.

本文档不涉及访问实时策略违反警报操作。医疗保健界有一种看法,即在某些情况下,禁止访问的安全措施也可能会妨碍有效的患者护理。

This document does not define any data for patient care consents or patients' permissions for data disclosure. It is conceivable that the proposed audit data could be input to such applications, however, assuming strict access controls for audit data have been established.

本文档未定义患者护理同意书或患者数据披露权限的任何数据。可以想象,拟议的审计数据可以输入到此类应用程序中,但前提是对审计数据建立了严格的访问控制。

This document does not define system-specific or application-specific data that may be collected and reported in addition to the defined elements. For example, it is conceivable that audit mechanisms may be useful for tracking financial or payroll transactions. At the same time, this document does not preclude extending the XML schema to incorporate additional data.

本文件未定义除已定义元素外可能收集和报告的特定于系统或特定于应用程序的数据。例如,可以想象,审计机制可能有助于跟踪财务或工资交易。同时,本文档并不排除扩展XML模式以合并其他数据。

There is a potential requirement for a set of administrative messages to be sent from a central source to each participating system to uniformly specify, control, enable, or disable audit data collection. Such messages are not included in this document.

可能需要从中心源向每个参与系统发送一组管理消息,以统一指定、控制、启用或禁用审核数据收集。此类信息不包含在本文件中。

2.3. Conformance
2.3. 一致性

This document does not include any definitions of conformance practices. Instead, it anticipates that standards development organizations that reference this document may specify their own conformance requirements.

本文件不包括合规实践的任何定义。相反,它预期引用本文档的标准开发组织可能会指定自己的一致性要求。

3. Goals
3. 目标
3.1. Effective Data Gathering
3.1. 有效的数据收集

The process of assuring that security policies are implemented correctly is essential to information security administration. It is a set of interrelated tasks all aimed at maintaining an acceptable level of confidence that security protections are, in fact, working as intended. These tasks are assisted by data from automated instrumentation of system and application functions.

确保安全策略正确实施的过程对于信息安全管理至关重要。这是一组相互关联的任务,所有这些任务的目的都是保持一种可接受的信心水平,即安全保护实际上是按预期工作的。这些任务由来自系统和应用程序功能自动检测的数据来辅助。

Data gathered from a secured environment is used to accumulate evidence that security systems are working as intended and to detect incidents and patterns of misuse for further actions. Once messages have been collected, various reports may be created in support of security assurance and administration information requirements.

从安全环境收集的数据用于积累安全系统按预期工作的证据,并用于检测事件和滥用模式,以便采取进一步行动。收集消息后,可以创建各种报告以支持安全保证和管理信息要求。

When a site runs multiple heterogeneous applications, each application system may have its own security mechanisms - user log-on, roles, access right permissions and restrictions, etc. Each application system also has its own security log file that records security relevant events, e.g., log-in, data access, and updates to the security policy databases. A system administrator or security auditor must examine each of these log files to find security

当一个站点运行多个异构应用程序时,每个应用程序系统可能有自己的安全机制—用户登录、角色、访问权限和限制等。每个应用程序系统也有自己的安全日志文件,记录安全相关事件,例如登录、数据访问、,以及安全策略数据库的更新。系统管理员或安全审计员必须检查每个日志文件以查找安全性

relevant incidents. Not only is it difficult to examine each of these files separately, the format and contents of each file may be confusingly different.

相关事件。不仅很难单独检查这些文件中的每一个,而且每个文件的格式和内容可能会有令人困惑的不同。

Resolving these issues requires a framework to:

解决这些问题需要一个框架来:

- Maximize interoperability and the meaningfulness of data across applications and sites - Minimize ambiguity among heterogeneous systems - Simplify and limit the costs of administrative audit tasks.

- 最大限度地提高跨应用程序和站点的互操作性和数据的意义—最大限度地减少异构系统之间的不确定性—简化并限制管理审核任务的成本。

3.2. Efficiency
3.2. 效率

One of the leading concerns about auditing is the potential volume of data gathering and its impact on application system performance. Although this document does not prescribe specific implementations or strategies, the following are meant as informative guidance for development.

审计的一个主要问题是潜在的数据收集量及其对应用程序系统性能的影响。尽管本文件没有规定具体的实施或策略,但以下内容是开发的信息性指导。

1) Audits should be created for transactions or record-level data access, not for individual attribute-level changes to data.

1) 应为事务或记录级数据访问创建审核,而不是为数据的单个属性级更改创建审核。

2) This document does not discourage locally optimized gathering of audit data on each application system. Instead, it anticipates implementation-defined periodic gathering and transmission of data to a common repository. This common repository would be optimized for after-the-fact audit queries and reporting, thus unburdening each application system of those responsibilities. It is also important to keep the message size compact so that audit data will not penalize normal network operation.

2) 本文档并不妨碍在每个应用程序系统上对审核数据进行本地优化收集。相反,它预期实现定义的定期数据收集和传输到公共存储库。该公共存储库将针对事后审计查询和报告进行优化,从而减轻每个应用程序系统的责任。保持消息大小紧凑也很重要,这样审计数据就不会影响正常的网络操作。

3) On each application system, a variety of policy-based methods could be employed to optimize data gathering and storage, e.g., selective auditing of only events defined as important plus workload buffering and balancing. Data gathering itself should be stateless to avoid the overhead of transactional semantics. In addition, prior to transmission, some filtering, aggregation, and summarization of repeated events would reduce the number of messages. Audit data storage and integrity on each application system need only be scaled for relatively low-volume and short-duration requirements, yet be consistent with implementation-defined minimums for holding the data for subsequent collection.

3) 在每个应用系统上,可以使用各种基于策略的方法来优化数据收集和存储,例如,仅对定义为重要的事件进行选择性审计,再加上工作负载缓冲和平衡。数据收集本身应该是无状态的,以避免事务语义的开销。此外,在传输之前,对重复事件进行一些过滤、聚合和汇总将减少消息的数量。每个应用程序系统上的审计数据存储和完整性只需针对相对较低的容量和较短的持续时间要求进行扩展,但应符合实施定义的用于保存数据以供后续收集的最低要求。

4) Leveraging existing data collection should be considered. For example, most commercial security subsystems record events in a local common log file, so the log file data can be extracted for communication to a common repository. Also, it is common in some systems' designs to have a transaction log for data reconstruction

4) 应考虑利用现有数据收集。例如,大多数商业安全子系统在本地公共日志文件中记录事件,因此可以提取日志文件数据,以便与公共存储库通信。此外,在一些系统的设计中,为数据重建设置事务日志也是很常见的

in event of database loss, so collecting data-update audit data within this subsystem could reduce impact on application system performance.

在数据库丢失的情况下,因此在此子系统中收集数据更新审计数据可以减少对应用程序系统性能的影响。

5) A security audit repository would gather all audit message data from the different applications in one database with one standard structure. This would allow easier evaluation and querying. Once a suspicious pattern has been found in the audit log repository, investigation might proceed with more detail in the application specific audit log. The presence of a common repository also simplifies and streamlines the implementation of policies for audit data storage, integrity, retention, and destruction.

5) 安全审计存储库将使用一个标准结构在一个数据库中收集来自不同应用程序的所有审计消息数据。这将使评估和查询更容易。一旦在审核日志存储库中发现可疑模式,调查可能会在特定于应用程序的审核日志中继续进行。公共存储库的存在还简化和优化了审核数据存储、完整性、保留和销毁策略的实施。

4. Trigger Events
4. 触发事件

The following identifies representative trigger events for generating audit messages. This is not a complete list of trigger events.

以下内容确定了用于生成审核消息的代表性触发事件。这不是触发器事件的完整列表。

For those events arising in the security infrastructure the "minimal" and "basic" level of auditing as outlined in the Common Criteria [ISO15408-2] should be used as a reference standard.

对于安全基础设施中发生的事件,应使用通用标准[ISO15408-2]中概述的“最低”和“基本”审计级别作为参考标准。

4.1. Security Administration
4.1. 安全管理

This group includes all actions that create, maintain, query, and display definitions for securing data, functions, and the associated access policies. For each trigger type, the creation, update or amendment, deletion, and activation or deactivation are auditable.

此组包括创建、维护、查询和显示用于保护数据、功能和关联访问策略的定义的所有操作。对于每种触发器类型,创建、更新或修改、删除以及激活或停用都是可审核的。

4.1.1. Data Definition
4.1.1. 数据定义

This includes creation, modification, deletion, query, and display of security attributes for data sets, data groups, or classes plus their atomic data elements or attributes.

这包括为数据集、数据组或类及其原子数据元素或属性创建、修改、删除、查询和显示安全属性。

4.1.2. Function Definition
4.1.2. 函数定义

This includes, for example, creation, modification, deletion, query, or display of security attributes and auditable events for the application functions used for patient management, clinical processes, registry of business objects and methods, program creation and maintenance, etc.

例如,这包括创建、修改、删除、查询或显示用于患者管理、临床流程、业务对象和方法注册、程序创建和维护等的应用程序功能的安全属性和可审核事件。

4.1.3. Domain Definition
4.1.3. 域定义

This includes all activities to create, modify, delete, query, or display security domains according to various organizational categories such as entity-wide, institutional, departmental, etc.

这包括根据各种组织类别(如实体范围、机构、部门等)创建、修改、删除、查询或显示安全域的所有活动。

4.1.4. Classification Definition
4.1.4. 分类定义

This includes all activities that create, modify, delete, query or display security categories or groupings for functions and data such as patient management, nursing, clinical, etc.

这包括为功能和数据(如患者管理、护理、临床等)创建、修改、删除、查询或显示安全类别或分组的所有活动。

4.1.5. Permission Definition
4.1.5. 权限定义

This includes all activities that create, modify, delete, query or display the allowable access permissions associated with functions and data, such as create, read, update, delete, and execution of specific functional units or object access or manipulation methods.

这包括创建、修改、删除、查询或显示与功能和数据相关的允许访问权限的所有活动,例如创建、读取、更新、删除和执行特定功能单元或对象访问或操作方法。

4.1.6. Role Definition
4.1.6. 角色定义

This includes all activities that create, modify, delete, query or display security roles according to various task-grouping categories such as security administration, admissions desk, nurses, physicians, clinical specialists, etc. It also includes the association of permissions with roles for role-based access control.

这包括根据各种任务分组类别(如安全管理、入院台、护士、医生、临床专家等)创建、修改、删除、查询或显示安全角色的所有活动。它还包括权限与基于角色的访问控制角色的关联。

4.1.7. User Definition
4.1.7. 用户定义

This includes all activities that create, modify, delete, query, or display user accounts. It includes password or other authentication data. It also includes the association of roles with users for role-based access control, or permissions with users for user-based access control.

这包括创建、修改、删除、查询或显示用户帐户的所有活动。它包括密码或其他身份验证数据。它还包括角色与用户的关联(用于基于角色的访问控制),或权限与用户的关联(用于基于用户的访问控制)。

4.2. Audit Administration and Data Access
4.2. 审计管理和数据访问

This category includes all actions that determine the collection and availability of audit data.

此类别包括确定审核数据收集和可用性的所有操作。

4.2.1. Auditable Event Enable or Disable
4.2.1. 可审核事件启用或禁用

This reflects a basic policy decision that an event should or should not be audited. Some, but not necessarily all, triggers or use cases must create an audit record. The selection of what to audit depends on administrative policy decisions. Note that, for integrity, this event should always be audited.

这反映了一个基本的政策决策,即事件应该或不应该被审计。一些(但不一定全部)触发器或用例必须创建审计记录。审计内容的选择取决于行政决策。请注意,为了完整性,应始终审核此事件。

4.2.2. Audit Data Access
4.2.2. 审计数据访问

This includes instances where audit data is viewed or reported for any purpose. Since the audit data itself may include data protected by institutional privacy policies and expose the implementation of those policies, access to the data is highly sensitive. This event should therefore always be audited.

这包括出于任何目的查看或报告审计数据的实例。由于审计数据本身可能包括受机构隐私政策保护的数据,并披露这些政策的实施情况,因此对数据的访问是高度敏感的。因此,应始终审核此事件。

4.2.3. Audit Data Modify or Delete
4.2.3. 审核数据修改或删除

This includes instances where audit data is modified or deleted. While such operations are sometimes permitted by systems policies, modification or destruction of audit data may well be the result of unauthorized hostile systems access. Therefore, this type of event should always be audited.

这包括修改或删除审核数据的实例。虽然系统策略有时允许此类操作,但修改或销毁审计数据很可能是未经授权的恶意系统访问的结果。因此,应始终审核此类事件。

4.3. User Access
4.3. 用户访问

This category includes events of access to secured data and functions for which audit data might be collected.

此类别包括访问安全数据的事件和可能收集审核数据的函数。

4.3.1. Sign-On
4.3.1. 签到

This includes successful and unsuccessful attempts from human users and automated system. It also includes re-authentication actions and re-issuing time-sensitive credentials such as Kerberos tickets.

这包括人类用户和自动化系统的成功和失败尝试。它还包括重新身份验证操作和重新颁发对时间敏感的凭据,如Kerberos票证。

4.3.2. Sign-Off
4.3.2. 签字

This includes explicit sign-off events and session abandonment timeouts from human users and automated systems.

这包括人工用户和自动化系统的显式签准事件和会话放弃超时。

4.3.3. Function Access
4.3.3. 功能访问

This includes user invocation of application or system functions that have permission definitions associated with them. Note that in a Discretionary Access Control environment not all functions require permissions, especially if their impact is benign in relation to security policies.

这包括用户调用具有与其关联的权限定义的应用程序或系统函数。请注意,在自主访问控制环境中,并非所有功能都需要权限,特别是当它们的影响与安全策略相关时。

The following are examples of trigger events relevant to healthcare privacy. The actual triggers for institutional data access, policies for non-care functions, and support regulatory requirements need to be identified by application-domain standards developers and system implementers.

以下是与医疗保健隐私相关的触发事件示例。应用领域标准开发人员和系统实施人员需要确定机构数据访问的实际触发因素、非照护功能的政策以及支持法规要求。

4.3.3.1. Subject of Care Record Access
4.3.3.1. 护理对象记录访问

This includes all functions which manipulate basic patient data:

这包括操作基本患者数据的所有功能:

- Create, e.g., demographics or patient profile - Assign identifier, e.g., medical record number - Update, amend - Merge/unmerge, e.g., combine multiple medical records for one patient - Import/export of data from/to an external source, including printing and creation of portable media copies. - Delete, e.g., invalid creation of care record

- 创建,例如人口统计或患者档案-分配标识符,例如病历号-更新、修订-合并/取消合并,例如,为一名患者合并多个病历-从外部源导入/导出数据,包括打印和创建便携式媒体副本。-删除,例如,无效创建护理记录

4.3.3.2. Encounter or Visit
4.3.3.2. 遭遇或拜访

This includes all functions which associate a subject of care with an instance of care:

这包括将护理对象与护理实例关联的所有功能:

- Create, e.g., demographics or patient profile - Assign encounter identifier - Per-admit - Admit - Update, amend - Delete, e.g., invalid creation of encounter record, breakdown of equipment, patient did not arrive as expected

- 创建,例如人口统计或患者档案-分配遭遇标识符-每次入院-入院-更新、修改-删除,例如,遭遇记录创建无效、设备故障、患者未按预期到达

4.3.3.3. Care Protocols
4.3.3.3. 护理协议

This includes all functions which associate care plans or similar protocols with an instance or subject of care:

这包括将护理计划或类似协议与护理实例或护理对象关联的所有功能:

- Schedule, initiate - Update, amend - Complete - Cancel

- 计划,启动-更新,修改-完成-取消

4.3.3.4. Episodes or Problems
4.3.3.4. 情节或问题

This includes specific clinical episodes within an instance of care. Initiate:

这包括护理实例中的特定临床事件。启动:

- Update, amend - Resolve, complete - Cancel

- 更新、修改-解决、完成-取消

4.3.3.5. Orders and Order Sets
4.3.3.5. 订单和订单集

This includes clinical or supplies orders within an instance or episode of care:

这包括护理实例或事件中的临床或供应订单:

- Initiate - Update, amend - Check for contraindications - Verify - Deliver/complete - including instructions - Cancel

- 启动-更新、修改-检查禁忌症-验证-交付/完成-包括说明-取消

4.3.3.6. Health Service Event or Act
4.3.3.6. 卫生服务事件或行为

This includes various health services scheduled and performed within an instance or episode of care:

这包括在护理实例或事件中安排和执行的各种医疗服务:

- Schedule, initiate - Update, amend - Check for contraindications - Verify - Perform/complete - including instructions - Cancel

- 计划,启动-更新,修订-检查禁忌症-验证-执行/完成-包括说明-取消

4.3.3.7. Medications
4.3.3.7. 药物治疗

This includes all medication orders and administration within an instance or episode of care:

这包括护理实例或事件中的所有医嘱和给药:

- Order - Check - Check for interactions - Verify - Dispense/deliver - including administration instructions - Administer - Cancel

- 订单-检查-检查交互-验证-分发/交付-包括管理说明-管理-取消

4.3.3.8. Staff/Participant Assignment
4.3.3.8. 工作人员/参与者分配

This includes staffing or participant assignment actions relevant to an instance or episode of care:

这包括与护理实例或事件相关的人员配备或参与者分配行动:

- Assignment of healthcare professionals, caregivers attending physician, residents, medical students, consultants, etc. - Change in assigned role or authorization, e.g., relative to healthcare status change. - De-assignment

- 医疗专业人员、护理人员、主治医师、住院医师、医学生、顾问等的分配-分配角色或授权的变化,例如,与医疗状态变化相关的变化。-解除分配

5. Data Definitions
5. 数据定义

This section defines and describes the data in the XML schema. The actual XML schema definition is in section 6.

本节定义并描述XML模式中的数据。实际的XML模式定义见第6节。

The proposed data elements are grouped into these categories:

建议的数据元素分为以下几类:

1) Event Identification - what was done 2) Active Participant Identification - by whom 3) Network Access Point Identification - initiated from where 4) Audit Source Identification - using which server 5) Participant Object Identification - to what record

1) 事件标识-做了什么2)活动参与者标识-由谁3)网络接入点标识-从何处发起4)审核源标识-使用哪个服务器5)参与者对象标识-到什么记录

5.1. Event Identification
5.1. 事件识别

The following data identifies the name, action type, time, and disposition of the audited event. There is only one set of event identification data per audited event.

以下数据标识已审核事件的名称、操作类型、时间和处置。每个审核事件只有一组事件标识数据。

5.1.1. Event ID
5.1.1. 事件ID

Description

描述

Identifier for a specific audited event, e.g., a menu item, program, rule, policy, function code, application name, or URL. It identifies the performed function.

特定审核事件的标识符,例如菜单项、程序、规则、策略、功能代码、应用程序名称或URL。它标识执行的功能。

Optionality: Required

可选性:必需

Format / Values

格式/值

Coded value, either defined by the system implementers or as a reference to a standard vocabulary. The "code" attribute must be unambiguous and unique, at least within Audit Source ID (see section 5.4). Examples of Event IDs are program name, method name, or function name.

编码值,由系统实现者定义或作为标准词汇表的参考。“代码”属性必须明确且唯一,至少在审计源ID内(见第5.4节)。事件ID的示例有程序名、方法名或函数名。

For implementation defined coded values or references to standards, the XML schema defines these optional attributes:

对于实现定义的编码值或对标准的引用,XML模式定义以下可选属性:

         Attribute      Value
         -------------- --------------------------------------------
         CodeSystem     OID reference
         CodeSystemName Name of the coding system; strongly recommended
                        to be valued for locally-defined code-sets.
         DisplayName    The value to be used in displays and reports
         OriginalText   Input value that was translated to the code
        
         Attribute      Value
         -------------- --------------------------------------------
         CodeSystem     OID reference
         CodeSystemName Name of the coding system; strongly recommended
                        to be valued for locally-defined code-sets.
         DisplayName    The value to be used in displays and reports
         OriginalText   Input value that was translated to the code
        

To support the requirement for unambiguous event identification, multiple values may not be specified.

为了支持明确事件标识的要求,可以不指定多个值。

Rationale

根本原因

This identifies the audited function. For "Execute" Event Action Code audit records, this identifies the application function performed.

这标识了已审核的函数。对于“执行”事件操作代码审核记录,这标识了执行的应用程序功能。

5.1.2. Event Action Code
5.1.2. 事件操作代码

Description

描述

Indicator for type of action performed during the event that generated the audit.

生成审核的事件期间执行的操作类型的指示器。

Optionality: Optional

可选性:可选

Format / Values

格式/值

Enumeration:

枚举:

         Value Meaning               Examples
         ----- --------------------- ----------------------------------
           C   Create                Create a new database object, such
                                     as Placing an Order.
           R   Read/View/Print/Query Display or print data, such as a
                                     Doctor Census
           U   Update                Update data, such as Revise
                                     Patient Information
           D   Delete                Delete items, such as a doctor
                                     master file record
           E   Execute               Perform a system or application
                                     function such as log-on, program
                                     execution, or use of an object's
                                     method
        
         Value Meaning               Examples
         ----- --------------------- ----------------------------------
           C   Create                Create a new database object, such
                                     as Placing an Order.
           R   Read/View/Print/Query Display or print data, such as a
                                     Doctor Census
           U   Update                Update data, such as Revise
                                     Patient Information
           D   Delete                Delete items, such as a doctor
                                     master file record
           E   Execute               Perform a system or application
                                     function such as log-on, program
                                     execution, or use of an object's
                                     method
        

Rationale

根本原因

This broadly indicates what kind of action was done on the Participant Object.

这大致指示对参与者对象执行了什么类型的操作。

Notes

笔记

Actions that are not enumerated above are considered an Execute of a specific function or object interface method or treated two or more distinct events. An application action, such as an authorization, is a function Execute, and the Event ID would identify the function.

上面未列举的操作被视为特定函数或对象接口方法的执行,或被处理两个或多个不同事件。应用程序操作(如授权)是一个函数执行,事件ID将标识该函数。

For some applications, such as radiological imaging, a Query action may only determine the presence of data but not access the data itself. Auditing need not make as fine a distinction.

对于某些应用程序,如放射成像,查询操作可能仅确定数据的存在,而无法访问数据本身。审计不需要如此精细的区分。

Compound actions, such as "Move," would be audited by creating audit data for each operation - read, create, delete - or as an Execute of a function or method.

复合操作(如“移动”)将通过为每个操作(读取、创建、删除)或作为函数或方法的执行创建审核数据进行审核。

5.1.3. Event Date/Time
5.1.3. 活动日期/时间

Description

描述

Universal coordinated time (UTC), i.e., a date/time specification that is unambiguous as to local time zones.

世界协调时间(UTC),即对本地时区明确的日期/时间规范。

Optionality: Required

可选性:必需

Format / Values

格式/值

A date/time representation that is unambiguous in conveying universal coordinated time (UTC), formatted according to the ISO 8601 standard [ISO8601]

根据ISO 8601标准[ISO8601]格式化的一种日期/时间表示形式,在传达世界协调时间(UTC)时明确无误

Rationale

根本原因

This ties an event to a specific date and time. Security audits typically require a consistent time base, e.g., UTC, to eliminate time-zone issues arising from geographical distribution.

这将事件与特定日期和时间关联。安全审计通常需要一致的时基,例如UTC,以消除因地理分布而产生的时区问题。

Notes

笔记

In a distributed system, some sort of common time base, e.g., an NTP [RFC1305] server, is a good implementation tactic.

在分布式系统中,某种公共时基(例如NTP[RFC1305]服务器)是一种很好的实现策略。

5.1.4. Event Outcome Indicator
5.1.4. 事件结果指标

Description

描述

Indicates whether the event succeeded or failed.

指示事件是成功还是失败。

Optionality: Required

可选性:必需

Format / Values

格式/值

Enumeration:

枚举:

      Value Meaning
       ---- ----------------------------------------------------
        0   Success
        4   Minor failure; action restarted, e.g., invalid password
            with first retry
        8   Serious failure; action terminated, e.g., invalid
            password with excess retries
       12   Major failure; action made unavailable, e.g., user
            account disabled due to excessive invalid log-on attempts
        
      Value Meaning
       ---- ----------------------------------------------------
        0   Success
        4   Minor failure; action restarted, e.g., invalid password
            with first retry
        8   Serious failure; action terminated, e.g., invalid
            password with excess retries
       12   Major failure; action made unavailable, e.g., user
            account disabled due to excessive invalid log-on attempts
        

Rationale

根本原因

Some audit events may be qualified by success or failure indicator. For example, a Log-on might have this flag set to a non-zero value to indicate why a log-on attempt failed.

某些审核事件可能通过成功或失败指标进行限定。例如,登录可能会将此标志设置为非零值,以指示登录尝试失败的原因。

Notes

笔记

In some cases a "success" may be partial, for example, an incomplete or interrupted transfer of a radiological study. For the purpose of establishing accountability, these distinctions are not relevant.

在某些情况下,“成功”可能是部分的,例如,放射研究的不完整或中断转移。为了确立问责制,这些区别并不相关。

5.1.5. Event Type Code
5.1.5. 事件类型代码

Description

描述

Identifier for the category of event.

事件类别的标识符。

Optionality: Optional

可选性:可选

Format / Values

格式/值

Coded value enumeration, either defined by the system implementers or as a reference to a standard vocabulary. For implementation defined codes or references to standards, the XML schema defines these optional attributes:

编码值枚举,由系统实现者定义或作为标准词汇表的参考。对于实现定义的代码或对标准的引用,XML模式定义了以下可选属性:

         Attribute      Value
         -------------- --------------------------------------------
         CodeSystem     OID reference
         CodeSystemName Name of the coding system; strongly recommended
                        to be valued for locally-defined code-sets.
         DisplayName    The value to be used in displays and reports
         OriginalText   Input value that was translated to the code
        
         Attribute      Value
         -------------- --------------------------------------------
         CodeSystem     OID reference
         CodeSystemName Name of the coding system; strongly recommended
                        to be valued for locally-defined code-sets.
         DisplayName    The value to be used in displays and reports
         OriginalText   Input value that was translated to the code
        

Since events may be categorized in more than one way, there may be multiple values specified.

由于事件可以以多种方式分类,因此可能会指定多个值。

Rationale

根本原因

This field enables queries of messages by implementation-defined event categories.

此字段允许按实现定义的事件类别查询消息。

5.2. Active Participant Identification
5.2. 主动参与者识别

The following data identify a user for the purpose of documenting accountability for the audited event. A user may be a person, or a hardware device or software process for events that are not initiated by a person.

以下数据确定了用于记录审计事件责任的用户。用户可以是个人,也可以是非由个人发起的事件的硬件设备或软件进程。

Optionally, the user's network access location may be specified.

可选地,可以指定用户的网络接入位置。

There may be more than one user per event, for example, in cases of actions initiated by one user for other users, or in events that involve more than one user, hardware device, or system process. However, only one user may be the initiator/requestor for the event.

例如,在一个用户为其他用户发起操作的情况下,或者在涉及多个用户、硬件设备或系统进程的事件中,每个事件可能有多个用户。但是,只有一个用户可以是事件的发起方/请求方。

5.2.1. User ID
5.2.1. 用户ID

Description

描述

Unique identifier for the user actively participating in the event

积极参与活动的用户的唯一标识符

Optionality: Required

可选性:必需

Format / Values

格式/值

User identifier text string from the authentication system. It is a unique value within the Audit Source ID (see section 5.4).

来自身份验证系统的用户标识符文本字符串。它是审核源ID中的唯一值(参见第5.4节)。

Rationale

根本原因

This field ties an audit event to a specific user.

此字段将审核事件绑定到特定用户。

Notes

笔记

For cross-system audits, especially with long retention, this user identifier will permanently tie an audit event to a specific user via a perpetually unique key.

对于跨系统审核,尤其是长期保留,此用户标识符将通过永久唯一的密钥将审核事件永久绑定到特定用户。

For node-based authentication -- where only the system hardware or process, but not a human user, is identified -- User ID would be the node name.

对于基于节点的身份验证(仅识别系统硬件或进程,而不识别人类用户),用户ID将是节点名称。

5.2.2. Alternative User ID
5.2.2. 备用用户ID

Description

描述

Alternative unique identifier for the user

用户的可选唯一标识符

Optionality: Optional

可选性:可选

Format / Values

格式/值

User identifier text string from authentication system. This identifier would be one known to a common authentication system (e.g., single sign-on), if available.

来自身份验证系统的用户标识符文本字符串。如果可用,该标识符将是公共身份验证系统(例如单点登录)已知的标识符。

Rationale

根本原因

In some situations a user may authenticate with one identity but, to access a specific application system, may use a synonymous identify. For example, some "single sign on" implementations will do this. The alternative identifier would then be the original identify used for authentication, and the User ID is the one known to and used by the application.

在某些情况下,用户可以使用一个身份进行身份验证,但为了访问特定的应用程序系统,可以使用同义标识。例如,一些“单点登录”实现可以做到这一点。然后,替代标识符将是用于身份验证的原始标识,而用户标识是应用程序已知并使用的标识。

5.2.3. User Name
5.2.3. 用户名

Description

描述

The human-meaningful name for the user

用户有意义的名称

Optionality: Optional

可选性:可选

Format / Values

格式/值

Text string

文本字符串

Rationale

根本原因

The User ID and Alternative User ID may be internal or otherwise obscure values. This field assists the auditor in identifying the actual user.

用户ID和备选用户ID可以是内部值或其他模糊值。此字段帮助审核员识别实际用户。

5.2.4. User Is Requestor
5.2.4. 用户是请求者

Description

描述

Indicator that the user is or is not the requestor, or initiator, for the event being audited.

指示用户是否是正在审核的事件的请求者或发起者。

Optionality: Optional

可选性:可选

Format / Values

格式/值

Boolean, default/assumed value is "true"

布尔值,默认值/假定值为“真”

Rationale

根本原因

This value is used to distinguish between requestor-users and recipient-users. For example, one person may initiate a report-output to be sent to a another user.

此值用于区分请求者用户和接收者用户。例如,一个人可以发起报告输出以发送给另一个用户。

5.2.5. Role ID Code
5.2.5. 角色ID代码

Description

描述

Specification of the role(s) the user plays when performing the event, as assigned in role-based access control security.

根据基于角色的访问控制安全性中的分配,指定用户在执行事件时扮演的角色。

Optionality: Optional; multi-valued

可选性:可选;多值

Format / Values

格式/值

Coded value, with attribute "code" valued with the role code or text from authorization system. More than one value may be specified.

编码值,属性“code”由角色代码或授权系统中的文本值确定。可以指定多个值。

The codes may be implementation-defined or reference a standard vocabulary enumeration. For implementation defined codes or references to standards, the XML schema defines these optional attributes:

代码可以是实现定义的,也可以引用标准词汇表枚举。对于实现定义的代码或对标准的引用,XML模式定义了以下可选属性:

         Attribute      Value description
         -------------- --------------------------------------------
         CodeSystem     OID reference
         CodeSystemName Name of the coding system; strongly recommended
                        to be valued for locally-defined code-sets.
         Display Name   The value to be used in displays and reports
         OriginalText   Input value that was translated to the code
        
         Attribute      Value description
         -------------- --------------------------------------------
         CodeSystem     OID reference
         CodeSystemName Name of the coding system; strongly recommended
                        to be valued for locally-defined code-sets.
         Display Name   The value to be used in displays and reports
         OriginalText   Input value that was translated to the code
        

Rationale

根本原因

This value ties an audited event to a user's role(s). It is an optional value that might be used to group events for analysis by user functional role categories.

此值将已审核事件绑定到用户的角色。它是一个可选值,可用于按用户功能角色类别对事件进行分组以进行分析。

Notes

笔记

Many security systems are unable to produce this data, hence it is optional.

许多安全系统无法生成此数据,因此它是可选的。

For the common message, this identifier would be the one known to a common authorization system, if available. Otherwise, it is a unique value within the Audit Source ID (see section 5.4). Consider using a globally unique identifier associated with the role to avoid ambiguity in auditing data collected from multiple systems.

对于公共消息,该标识符将是公共授权系统已知的标识符(如果可用)。否则,它是审核源ID中的唯一值(参见第5.4节)。考虑使用与角色相关联的全局唯一标识符,以避免从多个系统收集的审计数据的模糊性。

Role ID is not a substitute for personal accountability.

角色ID不能代替个人责任。

Ambiguities arise from composite roles and users with multiple roles, i.e., which role within a composite is being used or what privilege was a user employing?

复合角色和具有多个角色的用户会产生歧义,即,复合中使用的是哪个角色,或者用户使用的是什么特权?

5.3. Network Access Point Identification
5.3. 网络接入点识别

The network access point identifies the logical network location for application activity. These data are paired 1:1 with the Active Participant Identification data.

网络接入点标识应用程序活动的逻辑网络位置。这些数据与活动参与者身份数据1:1配对。

5.3.1. Network Access Point Type Code
5.3.1. 网络接入点类型代码

Description

描述

An identifier for the type of network access point that originated the audit event.

发起审核事件的网络接入点类型的标识符。

Optionality: Optional

可选性:可选

Format / Values

格式/值

Enumeration:

枚举:

         Value Meaning
         ----- --------------------------------
           1   Machine Name, including DNS name
           2   IP Address
           3   Telephone Number
        
         Value Meaning
         ----- --------------------------------
           1   Machine Name, including DNS name
           2   IP Address
           3   Telephone Number
        

Rationale

根本原因

This datum identifies the type of network access point identifier of the user device for the audit event. It is an optional value that may be used to group events recorded on separate servers for analysis of access according to a network access point's type.

该数据标识审核事件的用户设备的网络接入点标识符的类型。它是一个可选值,可用于根据网络接入点的类型对单独服务器上记录的事件进行分组,以便分析访问。

5.3.2. Network Access Point ID
5.3.2. 网络接入点ID

Description

描述

An identifier for the network access point of the user device for the audit event. This could be a device id, IP address, or some other identifier associated with a device.

用于审核事件的用户设备的网络接入点的标识符。这可能是设备id、IP地址或与设备关联的其他标识符。

Optionality: Optional

可选性:可选

Format / Values

格式/值

Text may be constrained to only valid values for the given Network Access Point Type, if specified. Recommendation is to be as specific as possible where multiple options are available.

如果指定,文本可能仅限于给定网络接入点类型的有效值。在有多种选择的情况下,建议应尽可能具体。

Rationale

根本原因

This datum identifies the user's network access point, which may be distinct from the server that performed the action. It is an optional value that may be used to group events recorded on separate servers for analysis of a specific network access point's data access across all servers.

此数据标识用户的网络接入点,该接入点可能不同于执行操作的服务器。它是一个可选值,可用于对单独服务器上记录的事件进行分组,以分析特定网络接入点在所有服务器上的数据访问。

Note

笔记

Network Access Point ID is not a substitute for personal accountability. Internet IP addresses, in particular, are highly volatile and may be assigned to more than one person in a short time period.

网络接入点ID不能代替个人责任。特别是,互联网IP地址非常不稳定,可能在短时间内分配给多个人。

Examples

例子

Network Access Point ID: SMH4WC02 Network Access Point Type: 1 = Machine Name

网络接入点ID:SMH4WC02网络接入点类型:1=计算机名称

Network Access Point ID: 192.0.2.2 Network Access Point Type: 2 = IP address

网络接入点ID:192.0.2.2网络接入点类型:2=IP地址

Network Access Point ID: 610-555-1212 Network Access Point Type: 3 = Phone Number

网络接入点ID:610-555-1212网络接入点类型:3=电话号码

5.4. Audit Source Identification
5.4. 审核源标识

The following data are required primarily for application systems and processes. Since multi-tier, distributed, or composite applications make source identification ambiguous, this collection of fields may repeat for each application or process actively involved in the event. For example, multiple value-sets can identify participating web servers, application processes, and database server threads in an n-tier distributed application. Passive event participants, e.g., low-level network transports, need not be identified.

以下数据主要用于应用系统和流程。由于多层、分布式或复合应用程序使源标识不明确,因此此字段集合可能会对事件中积极参与的每个应用程序或流程重复。例如,多个值集可以标识n层分布式应用程序中参与的web服务器、应用程序进程和数据库服务器线程。无需识别被动事件参与者,例如低级别网络传输。

Depending on implementation strategies, it is possible that the components in a multi-tier, distributed, or composite applications may generate more than one audit message for a single application event. Various data in the audit message may be used to identify such cases, supporting subsequent data reduction. This document anticipates that the repository and reporting mechanisms will perform data reduction when required, but does not specify those mechanism.

根据实现策略,多层、分布式或复合应用程序中的组件可能会为单个应用程序事件生成多个审核消息。审计消息中的各种数据可用于识别此类情况,支持后续数据缩减。本文档预期存储库和报告机制将在需要时执行数据缩减,但未指定这些机制。

5.4.1. Audit Enterprise Site ID
5.4.1. 审核企业站点ID

Description

描述

Logical source location within the healthcare enterprise network, e.g., a hospital or other provider location within a multi-entity provider group.

医疗保健企业网络中的逻辑源位置,例如,多实体提供商组中的医院或其他提供商位置。

Optionality: Optional

可选性:可选

Format / Values

格式/值

Unique identifier text string within the healthcare enterprise. May be unvalued when the audit-generating application is uniquely identified by Audit Source ID.

医疗保健企业中的唯一标识符文本字符串。当生成审核的应用程序由审核源ID唯一标识时,可能未赋值。

Rationale

根本原因

This value differentiates among the sites in a multi-site enterprise health information system.

此值在多站点企业健康信息系统中的站点之间存在差异。

Notes

笔记

This is defined by the application that generates the audit record. It contains a unique code that identifies a business organization (owner of data) that is known to the enterprise. The value further qualifies and disambiguates the Audit Source ID. Values may vary depending on type of business. There may be levels of differentiation within the organization.

这是由生成审核记录的应用程序定义的。它包含一个唯一的代码,用于标识企业已知的业务组织(数据所有者)。该值进一步限定和消除审核源ID的歧义。值可能因业务类型而异。组织内部可能存在不同程度的差异化。

5.4.2. Audit Source ID
5.4.2. 审核源ID

Description

描述

Identifier of the source where the event originated.

事件发生的源的标识符。

Optionality: Required

可选性:必需

Format / Values

格式/值

Unique identifier text string, at least within the Audit Enterprise Site ID

唯一标识符文本字符串,至少在审核企业站点ID内

Rationale

根本原因

This field ties the event to a specific source system. It may be used to group events for analysis according to where the event occurred.

此字段将事件绑定到特定的源系统。它可用于根据事件发生的位置对事件进行分组以进行分析。

Notes

笔记

In some configurations, a load-balancing function distributes work among two or more duplicate servers. The values defined for this field thus may be considered as an source identifier for a group of servers rather than a specific source system.

在某些配置中,负载平衡功能在两个或多个重复服务器之间分配工作。因此,为该字段定义的值可以被视为一组服务器的源标识符,而不是特定的源系统。

5.4.3. Audit Source Type Code
5.4.3. 审核源类型代码

Description

描述

Code specifying the type of source where event originated.

指定事件起源的源类型的代码。

Optionality: Optional

可选性:可选

Format / Values

格式/值

Coded-value enumeration, optionally defined by system implementers or a as a reference to a standard vocabulary. Unless defined or referenced, the default values for the "code" attribute are:

编码值枚举,可选地由系统实现者定义或作为对标准词汇表的引用。除非定义或引用,“代码”属性的默认值为:

         Value  Meaning
         -----  ------------------------------------------------------
           1    End-user interface
           2    Data acquisition device or instrument
           3    Web server process tier in a multi-tier system
           4    Application server process tier in a multi-tier system
           5    Database server process tier in a multi-tier system
           6    Security server, e.g., a domain controller
           7    ISO level 1-3 network component
           8    ISO level 4-6 operating software
           9    External source, other or unknown type
        
         Value  Meaning
         -----  ------------------------------------------------------
           1    End-user interface
           2    Data acquisition device or instrument
           3    Web server process tier in a multi-tier system
           4    Application server process tier in a multi-tier system
           5    Database server process tier in a multi-tier system
           6    Security server, e.g., a domain controller
           7    ISO level 1-3 network component
           8    ISO level 4-6 operating software
           9    External source, other or unknown type
        

For implementation defined codes or references to standards, the XML schema defines these optional attributes:

对于实现定义的代码或对标准的引用,XML模式定义了以下可选属性:

         Attribute      Value
         -------------- --------------------------------------------
         CodeSystem     OID reference
         CodeSystemName Name of the coding system; strongly recommended
                        to be valued for locally-defined code-sets.
         DisplayName    The value to be used in displays and reports
         OriginalText   Input value that was translated to the code
        
         Attribute      Value
         -------------- --------------------------------------------
         CodeSystem     OID reference
         CodeSystemName Name of the coding system; strongly recommended
                        to be valued for locally-defined code-sets.
         DisplayName    The value to be used in displays and reports
         OriginalText   Input value that was translated to the code
        

Since audit sources may be categorized in more than one way, there may be multiple values specified.

由于审计源可以以多种方式进行分类,因此可能会指定多个值。

Rationale

根本原因

This field indicates which type of source is identified by the Audit Source ID. It is an optional value that may be used to group events for analysis according to the type of source where the event occurred.

此字段指示由审核源ID标识的源类型。它是一个可选值,可用于根据事件发生的源类型对事件进行分组以进行分析。

5.5. Participant Object Identification
5.5. 参与者对象识别

The following data assist the auditing process by indicating specific instances of data or objects that have been accessed.

以下数据通过指示已访问的数据或对象的特定实例来帮助审核过程。

These data are required unless the values for Event Identification, Active Participant Identification, and Audit Source Identification are sufficient to document the entire auditable event. Production of

除非事件标识、活动参与者标识和审核来源标识的值足以记录整个可审核事件,否则需要这些数据。生产

audit records containing these data may be enabled or suppressed, as determined by healthcare organization policy and regulatory requirements.

根据医疗保健组织的政策和法规要求,可以启用或禁止包含这些数据的审核记录。

Because events may have more than one participant object, this group can be a repeating set of values. For example, depending on institutional policies and implementation choices:

因为事件可能有多个参与者对象,所以该组可以是一组重复的值。例如,根据机构政策和实施选择:

- Two participant object value-sets can be used to identify access to patient data by medical record number plus the specific health care encounter or episode for the patient. - A patient participant and his authorized representative may be identified concurrently. - An attending physician and consulting referrals may be identified concurrently. - All patients identified on a worklist may be identified. - For radiological studies, a set of related participant objects identified by accession number or study number, may be identified.

- 两个参与者对象值集可用于通过病历号加上患者的特定医疗经历或事件来识别对患者数据的访问。-患者参与者及其授权代表可同时识别。-主治医师和咨询转诊可同时确定。-可识别工作清单上确定的所有患者。-对于放射学研究,可确定一组由登记号或研究号确定的相关参与者对象。

Note, though, that each audit message documents only a single usage instance of such participant object relationships and does not serve to document all relationships that may be present or possible.

但是,请注意,每个审核消息仅记录此类参与者对象关系的一个使用实例,并不用于记录可能存在或可能存在的所有关系。

5.5.1. Participant Object Type Code
5.5.1. 参与者对象类型代码

Description

描述

Code for the participant object type being audited. This value is distinct from the user's role or any user relationship to the participant object.

正在审核的参与者对象类型的代码。此值与用户角色或与参与者对象的任何用户关系不同。

Optionality: Optional

可选性:可选

Format / Values

格式/值

Enumeration:

枚举:

         Value Meaning
         ----- -------------
           1   Person
           2   System Object
           3   Organization
           4   Other
        
         Value Meaning
         ----- -------------
           1   Person
           2   System Object
           3   Organization
           4   Other
        

Rationale

根本原因

To describe the object being acted upon. In addition to queries on the subject of the action in an auditable event, it is also important to be able to query on the object type for the action.

描述被作用的物体。除了在可审核事件中查询操作的主题外,能够查询操作的对象类型也很重要。

5.5.2. Participant Object Type Code Role
5.5.2. 参与者对象类型代码角色

Description

描述

Code representing the functional application role of Participant Object being audited

表示正在审核的参与者对象的功能应用程序角色的代码

Optionality: Optional

可选性:可选

Format / Values

格式/值

Enumeration, specific to Participant Object Type Code:

枚举,特定于参与者对象类型代码:

         Value Meaning              Participant Object Type Codes
         ----- -------------------- ----------------------------------
           1   Patient              1 - Person
           2   Location             3 - Organization
           3   Report               2 - System Object
           4   Resource             1 - Person
                                    3 - Organization
           5   Master file          2 - System Object
           6   User                 1 - Person
                                    2 - System Object (non-human user)
           7   List                 2 - System Object
           8   Doctor               1 - Person
           9   Subscriber           3 - Organization
          10   Guarantor            1 - Person
                                    3 - Organization
          11   Security User Entity 1 - Person
                                    2 - System Object
          12   Security User Group  2 - System Object
          13   Security Resource    2 - System Object
          14   Security Granularity 2 - System Object
               Definition
          15   Provider             1 - Person
                                    3 - Organization
          16   Data Destination     2 - System Object
          17   Data Repository      2 - System Object
          18   Schedule             2 - System Object
          19   Customer             3 - Organization
          20   Job                  2 - System Object
          21   Job Stream           2 - System Object
        
         Value Meaning              Participant Object Type Codes
         ----- -------------------- ----------------------------------
           1   Patient              1 - Person
           2   Location             3 - Organization
           3   Report               2 - System Object
           4   Resource             1 - Person
                                    3 - Organization
           5   Master file          2 - System Object
           6   User                 1 - Person
                                    2 - System Object (non-human user)
           7   List                 2 - System Object
           8   Doctor               1 - Person
           9   Subscriber           3 - Organization
          10   Guarantor            1 - Person
                                    3 - Organization
          11   Security User Entity 1 - Person
                                    2 - System Object
          12   Security User Group  2 - System Object
          13   Security Resource    2 - System Object
          14   Security Granularity 2 - System Object
               Definition
          15   Provider             1 - Person
                                    3 - Organization
          16   Data Destination     2 - System Object
          17   Data Repository      2 - System Object
          18   Schedule             2 - System Object
          19   Customer             3 - Organization
          20   Job                  2 - System Object
          21   Job Stream           2 - System Object
        

22 Table 2 - System Object 23 Routing Criteria 2 - System Object 24 Query 2 - System Object

22表2-系统对象23路由条件2-系统对象24查询2-系统对象

A "Security Resource" is an abstract securable object, e.g., a screen, interface, document, program, etc. -- or even an audit data set or repository.

“安全资源”是一个抽象的安全对象,例如屏幕、界面、文档、程序等,甚至是审计数据集或存储库。

Rationale

根本原因

For some detailed audit analysis it may be necessary to indicate a more granular type of participant, based on the application role it serves.

对于一些详细的审计分析,可能需要根据所服务的应用程序角色指示更细粒度的参与者类型。

5.5.3. Participant Object Data Life Cycle
5.5.3. 参与者对象数据生命周期

Description

描述

Identifier for the data life-cycle stage for the participant object. This can be used to provide an audit trail for data, over time, as it passes through the system.

参与者对象的数据生命周期阶段的标识符。随着时间的推移,当数据通过系统时,这可用于为数据提供审计跟踪。

Optionality: Optional

可选性:可选

Format/Values

格式/值

Enumeration:

枚举:

         Value Meaning
         ----- --------------------------------------
           1   Origination / Creation
           2   Import / Copy from original
           3   Amendment
           4   Verification
           5   Translation
           6   Access / Use
           7   De-identification
           8   Aggregation, summarization, derivation
           9   Report
          10   Export / Copy to target
          11   Disclosure
          12   Receipt of disclosure
          13   Archiving
          14   Logical deletion
          15   Permanent erasure / Physical destruction
        
         Value Meaning
         ----- --------------------------------------
           1   Origination / Creation
           2   Import / Copy from original
           3   Amendment
           4   Verification
           5   Translation
           6   Access / Use
           7   De-identification
           8   Aggregation, summarization, derivation
           9   Report
          10   Export / Copy to target
          11   Disclosure
          12   Receipt of disclosure
          13   Archiving
          14   Logical deletion
          15   Permanent erasure / Physical destruction
        

Rationale

根本原因

Institutional policies for privacy and security may optionally fall under different accountability rules based on data life cycle. This provides a differentiating value for those cases.

基于数据生命周期,隐私和安全的机构政策可能会有选择地归入不同的问责规则。这为这些情况提供了区分价值。

5.5.4. Participant Object ID Type Code
5.5.4. 参与者对象ID类型代码

Description

描述

Describes the identifier that is contained in Participant Object ID.

描述参与者对象ID中包含的标识符。

Optionality: Required

可选性:必需

Format / Values

格式/值

Coded-value enumeration, specific to Participant Object Type Code, using attribute-name "code". The codes below are the default set.

编码值枚举,特定于参与者对象类型代码,使用属性名称“Code”。以下代码是默认设置。

         Value Meaning                Participant Object Type Codes
         ----- ---------------------- -----------------------------
           1   Medical Record Number  1 - Person
           2   Patient Number         1 - Person
           3   Encounter Number       1 - Person
           4   Enrollee Number        1 - Person
           5   Social Security Number 1 - Person
           6   Account Number         1 - Person
                                      3 - Organization
           7   Guarantor Number       1 - Person
                                      3 - Organization
           8   Report Name            2 - System Object
           9   Report Number          2 - System Object
           10  Search Criteria        2 - System Object
           11  User Identifier        1 - Person
                                      2 - System Object
           12  URI                    2 - System Object
        
         Value Meaning                Participant Object Type Codes
         ----- ---------------------- -----------------------------
           1   Medical Record Number  1 - Person
           2   Patient Number         1 - Person
           3   Encounter Number       1 - Person
           4   Enrollee Number        1 - Person
           5   Social Security Number 1 - Person
           6   Account Number         1 - Person
                                      3 - Organization
           7   Guarantor Number       1 - Person
                                      3 - Organization
           8   Report Name            2 - System Object
           9   Report Number          2 - System Object
           10  Search Criteria        2 - System Object
           11  User Identifier        1 - Person
                                      2 - System Object
           12  URI                    2 - System Object
        

User Identifier and URI [RFC2396] text strings are intended to be used for security administration trigger events to identify the objects being acted-upon.

用户标识符和URI[RFC2396]文本字符串旨在用于安全管理触发事件,以标识所操作的对象。

The codes may be the default set stated above, implementation-defined, or reference a standard vocabulary enumeration, such as HL7 version 2.4 table 207 or DICOM defined media types. For implementation defined codes or references to standards, the XML schema defines these optional attributes:

代码可以是上面所述的默认集、实现定义的代码或参考标准词汇表枚举,如HL7 2.4版表207或DICOM定义的媒体类型。对于实现定义的代码或对标准的引用,XML模式定义了以下可选属性:

         Attribute      Value
         -------------- --------------------------------------------
         CodeSystem     OID reference
         CodeSystemName Name of the coding system; strongly recommended
                        to be valued for locally-defined code-sets.
         DisplayName    The value to be used in displays and reports
         OriginalText   Input value that was translated to the code
        
         Attribute      Value
         -------------- --------------------------------------------
         CodeSystem     OID reference
         CodeSystemName Name of the coding system; strongly recommended
                        to be valued for locally-defined code-sets.
         DisplayName    The value to be used in displays and reports
         OriginalText   Input value that was translated to the code
        

Rationale

根本原因

Required to distinguish among various identifiers that may synonymously identify a participant object.

需要区分可能同义标识参与者对象的各种标识符。

5.5.5. Participant Object Sensitivity
5.5.5. 参与者对象敏感度

Description

描述

Denotes policy-defined sensitivity for the Participant Object ID such as VIP, HIV status, mental health status, or similar topics.

表示参与者对象ID(如VIP、HIV状态、心理健康状态或类似主题)的策略定义敏感度。

Optionality: Optional

可选性:可选

Format / Values

格式/值

Values are institution- and implementation-defined text strings.

值是机构和实现定义的文本字符串。

5.5.6. Participant Object ID
5.5.6. 参与者对象ID

Description

描述

Identifies a specific instance of the participant object.

标识参与者对象的特定实例。

Optionality: Required

可选性:必需

Format / Values

格式/值

Text string. Value format depends on Participant Object Type Code and the Participant Object ID Type Code.

文本字符串。值格式取决于参与者对象类型代码和参与者对象ID类型代码。

Rationale

根本原因

This field identifies a specific instance of an object, such as a patient, to detect/track privacy and security issues.

此字段标识对象(如患者)的特定实例,以检测/跟踪隐私和安全问题。

Notes

笔记

Consider this to be the primary unique identifier key for the object, so it may be a composite data field as implemented.

将此视为对象的主要唯一标识符键,因此它可能是实现的复合数据字段。

5.5.7. Participant Object Name
5.5.7. 参与者对象名称

Description

描述

An instance-specific descriptor of the Participant Object ID audited, such as a person's name.

参与者对象ID的实例特定描述符,如人名。

Optionality: Optional

可选性:可选

Format / Values

格式/值

Text string

文本字符串

Rationale

根本原因

This field may be used in a query/report to identify audit events for a specific person, e.g., where multiple synonymous Participant Object IDs (patient number, medical record number, encounter number, etc.) have been used.

该字段可在查询/报告中用于识别特定人员的审核事件,例如,在使用多个同义参与者对象ID(患者编号、病历编号、遭遇编号等)的情况下。

5.5.8. Participant Object Query
5.5.8. 参与者对象查询

Description

描述

The actual query for a query-type participant object.

查询类型参与者对象的实际查询。

Optionality: Optional

可选性:可选

Format / Values

格式/值

Base 64 encoded data

base64编码数据

Rationale

根本原因

For query events it may be necessary to capture the actual query input to the query process in order to identify the specific event. Because of differences among query implementations and data encoding for them, this is a base 64 encoded data blob. It may be subsequently decoded or interpreted by downstream audit analysis processing.

对于查询事件,可能需要捕获查询过程的实际查询输入,以便识别特定事件。由于查询实现和数据编码之间的差异,这是一个base64编码的数据blob。随后可由下游审计分析处理对其进行解码或解释。

5.5.9. Participant Object Detail
5.5.9. 参与者对象详细信息

Description

描述

Implementation-defined data about specific details of the object accessed or used.

关于所访问或使用的对象的特定细节的实现定义的数据。

Optionality: Optional

可选性:可选

Format

总体安排

Type-value pair. The "type" attribute is an implementation-defined text string. The "value" attribute is a base 64 encoded data.

类型值对。“type”属性是一个实现定义的文本字符串。“value”属性是一个base64编码的数据。

Rationale

根本原因

Specific details or values from the object accessed may be desired in specific auditing implementations. The type-value pair enables the use of implementation-defined and locally-extensible object type identifiers and values. For example, a clinical diagnostic object may contain multiple test results, and this element could document the type and number and type of results.

在特定的审计实现中,可能需要访问对象的特定细节或值。类型-值对支持使用实现定义的和本地可扩展的对象类型标识符和值。例如,一个临床诊断对象可能包含多个测试结果,该元素可以记录结果的类型、数量和类型。

Many possible data encodings are possible for this elements, so the value is a base 64 encoded data blob. It may be subsequently decoded or interpreted by downstream audit analysis processing.

此元素可能有许多可能的数据编码,因此该值为base64编码的数据blob。随后可由下游审计分析处理对其进行解码或解释。

6. XML Schema
6. XML模式

This section contains the actual XML schema definition for the data defined in section 5. It also provides brief guidance for specifying schema localizations for implementation purposes.

本节包含第5节中定义的数据的实际XML模式定义。它还提供了为实现目的指定模式本地化的简要指导。

The XML schema specified in section 6.1 conforms with the W3C Recommendations for XML Schema structure [W3CXML-1] and data types [W3CXML-2].

第6.1节中指定的XML模式符合W3C关于XML模式结构[W3CXML-1]和数据类型[W3CXML-2]的建议。

6.1. XML Schema Definition
6.1. XML模式定义
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
 elementFormDefault="qualified" attributeFormDefault="unqualified">
 <xs:element name="AuditMessage">
  <xs:complexType>
   <xs:sequence>
    <xs:element name="EventIdentification"
     type="EventIdentificationType"/>
    <xs:element name="ActiveParticipant" maxOccurs="unbounded">
     <xs:complexType>
      <xs:complexContent>
       <xs:extension base="ActiveParticipantType"/>
      </xs:complexContent>
     </xs:complexType>
    </xs:element>
    <xs:element name="AuditSourceIdentification"
        
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
 elementFormDefault="qualified" attributeFormDefault="unqualified">
 <xs:element name="AuditMessage">
  <xs:complexType>
   <xs:sequence>
    <xs:element name="EventIdentification"
     type="EventIdentificationType"/>
    <xs:element name="ActiveParticipant" maxOccurs="unbounded">
     <xs:complexType>
      <xs:complexContent>
       <xs:extension base="ActiveParticipantType"/>
      </xs:complexContent>
     </xs:complexType>
    </xs:element>
    <xs:element name="AuditSourceIdentification"
        
     type="AuditSourceIdentificationType" maxOccurs="unbounded"/>
    <xs:element name="ParticipantObjectIdentification"
     type="ParticipantObjectIdentificationType" minOccurs="0"
     maxOccurs="unbounded"/>
   </xs:sequence>
  </xs:complexType>
 </xs:element>
 <xs:complexType name="EventIdentificationType">
  <xs:sequence>
   <xs:element name="EventID" type="CodedValueType"/>
   <xs:element name="EventTypeCode" type="CodedValueType"
    minOccurs="0" maxOccurs="unbounded"/>
  </xs:sequence>
  <xs:attribute name="EventActionCode" use="optional">
   <xs:simpleType>
    <xs:restriction base="xs:string">
     <xs:enumeration value="C">
      <xs:annotation>
       <xs:appinfo>Create</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="R">
      <xs:annotation>
       <xs:appinfo>Read</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="U">
      <xs:annotation>
       <xs:appinfo>Update</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="D">
      <xs:annotation>
       <xs:appinfo>Delete</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="E">
      <xs:annotation>
       <xs:documentation>Execute</xs:documentation>
      </xs:annotation>
     </xs:enumeration>
    </xs:restriction>
   </xs:simpleType>
  </xs:attribute>
  <xs:attribute name="EventDateTime" type="xs:dateTime"
   use="required"/>
  <xs:attribute name="EventOutcomeIndicator" use="required">
   <xs:simpleType>
        
     type="AuditSourceIdentificationType" maxOccurs="unbounded"/>
    <xs:element name="ParticipantObjectIdentification"
     type="ParticipantObjectIdentificationType" minOccurs="0"
     maxOccurs="unbounded"/>
   </xs:sequence>
  </xs:complexType>
 </xs:element>
 <xs:complexType name="EventIdentificationType">
  <xs:sequence>
   <xs:element name="EventID" type="CodedValueType"/>
   <xs:element name="EventTypeCode" type="CodedValueType"
    minOccurs="0" maxOccurs="unbounded"/>
  </xs:sequence>
  <xs:attribute name="EventActionCode" use="optional">
   <xs:simpleType>
    <xs:restriction base="xs:string">
     <xs:enumeration value="C">
      <xs:annotation>
       <xs:appinfo>Create</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="R">
      <xs:annotation>
       <xs:appinfo>Read</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="U">
      <xs:annotation>
       <xs:appinfo>Update</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="D">
      <xs:annotation>
       <xs:appinfo>Delete</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="E">
      <xs:annotation>
       <xs:documentation>Execute</xs:documentation>
      </xs:annotation>
     </xs:enumeration>
    </xs:restriction>
   </xs:simpleType>
  </xs:attribute>
  <xs:attribute name="EventDateTime" type="xs:dateTime"
   use="required"/>
  <xs:attribute name="EventOutcomeIndicator" use="required">
   <xs:simpleType>
        
    <xs:restriction base="xs:integer">
     <xs:enumeration value="0">
      <xs:annotation>
       <xs:appinfo>Success</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="4">
      <xs:annotation>
       <xs:appinfo>Minor failure</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="8">
      <xs:annotation>
       <xs:appinfo>Serious failure</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="12">
      <xs:annotation>
       <xs:appinfo>Major failure; action made unavailable
          </xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
    </xs:restriction>
   </xs:simpleType>
  </xs:attribute>
 </xs:complexType>
 <xs:complexType name="AuditSourceIdentificationType">
  <xs:sequence>
   <xs:element name="AuditSourceTypeCode" minOccurs="0"
    maxOccurs="unbounded">
    <xs:complexType>
     <xs:complexContent>
      <xs:restriction base="CodedValueType">
       <xs:attribute name="code" use="required">
        <xs:simpleType>
         <xs:restriction base="xs:string">
          <xs:enumeration value="1">
           <xs:annotation>
            <xs:appinfo>End-user display device, diagnostic
             display</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="2">
           <xs:annotation>
            <xs:appinfo>Data acquisition device or
             instrument</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
        
    <xs:restriction base="xs:integer">
     <xs:enumeration value="0">
      <xs:annotation>
       <xs:appinfo>Success</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="4">
      <xs:annotation>
       <xs:appinfo>Minor failure</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="8">
      <xs:annotation>
       <xs:appinfo>Serious failure</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="12">
      <xs:annotation>
       <xs:appinfo>Major failure; action made unavailable
          </xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
    </xs:restriction>
   </xs:simpleType>
  </xs:attribute>
 </xs:complexType>
 <xs:complexType name="AuditSourceIdentificationType">
  <xs:sequence>
   <xs:element name="AuditSourceTypeCode" minOccurs="0"
    maxOccurs="unbounded">
    <xs:complexType>
     <xs:complexContent>
      <xs:restriction base="CodedValueType">
       <xs:attribute name="code" use="required">
        <xs:simpleType>
         <xs:restriction base="xs:string">
          <xs:enumeration value="1">
           <xs:annotation>
            <xs:appinfo>End-user display device, diagnostic
             display</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="2">
           <xs:annotation>
            <xs:appinfo>Data acquisition device or
             instrument</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
        
          <xs:enumeration value="3">
           <xs:annotation>
            <xs:appinfo>Web server process</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="4">
           <xs:annotation>
            <xs:appinfo>Application server process</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="5">
           <xs:annotation>
            <xs:appinfo>Database server process</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="6">
           <xs:annotation>
            <xs:appinfo>Security server, e.g., a domain
             controller</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="7">
           <xs:annotation>
            <xs:documentation>ISO level 1-3 network
             component</xs:documentation>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="8">
           <xs:annotation>
            <xs:appinfo>ISO level 4-6 operating software</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="9">
           <xs:annotation>
            <xs:appinfo>External source, other or unknown
             type</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
         </xs:restriction>
        </xs:simpleType>
       </xs:attribute>
      </xs:restriction>
     </xs:complexContent>
    </xs:complexType>
   </xs:element>
  </xs:sequence>
  <xs:attribute name="AuditEnterpriseSiteID" type="xs:string"
   use="optional"/>
        
          <xs:enumeration value="3">
           <xs:annotation>
            <xs:appinfo>Web server process</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="4">
           <xs:annotation>
            <xs:appinfo>Application server process</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="5">
           <xs:annotation>
            <xs:appinfo>Database server process</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="6">
           <xs:annotation>
            <xs:appinfo>Security server, e.g., a domain
             controller</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="7">
           <xs:annotation>
            <xs:documentation>ISO level 1-3 network
             component</xs:documentation>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="8">
           <xs:annotation>
            <xs:appinfo>ISO level 4-6 operating software</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="9">
           <xs:annotation>
            <xs:appinfo>External source, other or unknown
             type</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
         </xs:restriction>
        </xs:simpleType>
       </xs:attribute>
      </xs:restriction>
     </xs:complexContent>
    </xs:complexType>
   </xs:element>
  </xs:sequence>
  <xs:attribute name="AuditEnterpriseSiteID" type="xs:string"
   use="optional"/>
        
  <xs:attribute name="AuditSourceID" type="xs:string"
   use="required"/>
 </xs:complexType>
 <xs:complexType name="ActiveParticipantType">
  <xs:sequence minOccurs="0">
   <xs:element name="RoleIDCode" type="CodedValueType" minOccurs="0"
    maxOccurs="unbounded"/>
  </xs:sequence>
  <xs:attribute name="UserID" type="xs:string" use="required"/>
  <xs:attribute name="AlternativeUserID" type="xs:string"
   use="optional"/>
  <xs:attribute name="UserName" type="xs:string" use="optional"/>
  <xs:attribute name="UserIsRequestor" type="xs:boolean"
   use="optional" default="true"/>
  <xs:attribute name="NetworkAccessPointID" type="xs:string"
   use="optional"/>
  <xs:attribute name="NetworkAccessPointTypeCode" use="optional">
   <xs:simpleType>
    <xs:restriction base="xs:unsignedByte">
     <xs:enumeration value="1">
      <xs:annotation>
       <xs:appinfo>Machine Name, including DNS name</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="2">
      <xs:annotation>
       <xs:appinfo>IP Address</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="3">
      <xs:annotation>
       <xs:appinfo>Telephone Number</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
    </xs:restriction>
   </xs:simpleType>
  </xs:attribute>
 </xs:complexType>
 <xs:complexType name="ParticipantObjectIdentificationType">
  <xs:sequence>
   <xs:element name="ParticipantObjectIDTypeCode">
    <xs:complexType>
     <xs:complexContent>
      <xs:restriction base="CodedValueType">
       <xs:attribute name="code" use="required">
        <xs:simpleType>
         <xs:restriction base="xs:string">
          <xs:enumeration value="1">
        
  <xs:attribute name="AuditSourceID" type="xs:string"
   use="required"/>
 </xs:complexType>
 <xs:complexType name="ActiveParticipantType">
  <xs:sequence minOccurs="0">
   <xs:element name="RoleIDCode" type="CodedValueType" minOccurs="0"
    maxOccurs="unbounded"/>
  </xs:sequence>
  <xs:attribute name="UserID" type="xs:string" use="required"/>
  <xs:attribute name="AlternativeUserID" type="xs:string"
   use="optional"/>
  <xs:attribute name="UserName" type="xs:string" use="optional"/>
  <xs:attribute name="UserIsRequestor" type="xs:boolean"
   use="optional" default="true"/>
  <xs:attribute name="NetworkAccessPointID" type="xs:string"
   use="optional"/>
  <xs:attribute name="NetworkAccessPointTypeCode" use="optional">
   <xs:simpleType>
    <xs:restriction base="xs:unsignedByte">
     <xs:enumeration value="1">
      <xs:annotation>
       <xs:appinfo>Machine Name, including DNS name</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="2">
      <xs:annotation>
       <xs:appinfo>IP Address</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="3">
      <xs:annotation>
       <xs:appinfo>Telephone Number</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
    </xs:restriction>
   </xs:simpleType>
  </xs:attribute>
 </xs:complexType>
 <xs:complexType name="ParticipantObjectIdentificationType">
  <xs:sequence>
   <xs:element name="ParticipantObjectIDTypeCode">
    <xs:complexType>
     <xs:complexContent>
      <xs:restriction base="CodedValueType">
       <xs:attribute name="code" use="required">
        <xs:simpleType>
         <xs:restriction base="xs:string">
          <xs:enumeration value="1">
        
           <xs:annotation>
            <xs:appinfo>Medical Record Number</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="2">
           <xs:annotation>
            <xs:appinfo>Patient Number</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="3">
           <xs:annotation>
            <xs:appinfo>Encounter Number</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="4">
           <xs:annotation>
            <xs:appinfo>Enrollee Number</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="5">
           <xs:annotation>
            <xs:appinfo>Social Security Number</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="6">
           <xs:annotation>
            <xs:appinfo>Account Number</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="7">
           <xs:annotation>
            <xs:appinfo>Guarantor Number</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="8">
           <xs:annotation>
            <xs:appinfo>Report Name</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="9">
           <xs:annotation>
            <xs:appinfo>Report Number</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="10">
           <xs:annotation>
            <xs:appinfo>Search Criteria</xs:appinfo>
           </xs:annotation>
        
           <xs:annotation>
            <xs:appinfo>Medical Record Number</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="2">
           <xs:annotation>
            <xs:appinfo>Patient Number</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="3">
           <xs:annotation>
            <xs:appinfo>Encounter Number</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="4">
           <xs:annotation>
            <xs:appinfo>Enrollee Number</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="5">
           <xs:annotation>
            <xs:appinfo>Social Security Number</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="6">
           <xs:annotation>
            <xs:appinfo>Account Number</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="7">
           <xs:annotation>
            <xs:appinfo>Guarantor Number</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="8">
           <xs:annotation>
            <xs:appinfo>Report Name</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="9">
           <xs:annotation>
            <xs:appinfo>Report Number</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="10">
           <xs:annotation>
            <xs:appinfo>Search Criteria</xs:appinfo>
           </xs:annotation>
        
          </xs:enumeration>
          <xs:enumeration value="11">
           <xs:annotation>
            <xs:appinfo>User Identifier</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="12">
           <xs:annotation>
            <xs:appinfo>URI</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value=""/>
         </xs:restriction>
        </xs:simpleType>
       </xs:attribute>
      </xs:restriction>
     </xs:complexContent>
    </xs:complexType>
   </xs:element>
   <xs:choice minOccurs="0">
    <xs:element name="ParticipantObjectName" type="xs:string"
     minOccurs="0"/>
    <xs:element name="ParticipantObjectQuery" type="xs:base64Binary"
     minOccurs="0"/>
   </xs:choice>
   <xs:element name="ParticipantObjectDetail"
    type="TypeValuePairType" minOccurs="0" maxOccurs="unbounded"/>
  </xs:sequence>
  <xs:attribute name="ParticipantObjectID" type="xs:string"
   use="required"/>
  <xs:attribute name="ParticipantObjectTypeCode" use="optional">
   <xs:simpleType>
    <xs:restriction base="xs:unsignedByte">
     <xs:enumeration value="1">
      <xs:annotation>
       <xs:appinfo>Person</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="2">
      <xs:annotation>
       <xs:appinfo>System object</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="3">
      <xs:annotation>
       <xs:appinfo>Organization</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
        
          </xs:enumeration>
          <xs:enumeration value="11">
           <xs:annotation>
            <xs:appinfo>User Identifier</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value="12">
           <xs:annotation>
            <xs:appinfo>URI</xs:appinfo>
           </xs:annotation>
          </xs:enumeration>
          <xs:enumeration value=""/>
         </xs:restriction>
        </xs:simpleType>
       </xs:attribute>
      </xs:restriction>
     </xs:complexContent>
    </xs:complexType>
   </xs:element>
   <xs:choice minOccurs="0">
    <xs:element name="ParticipantObjectName" type="xs:string"
     minOccurs="0"/>
    <xs:element name="ParticipantObjectQuery" type="xs:base64Binary"
     minOccurs="0"/>
   </xs:choice>
   <xs:element name="ParticipantObjectDetail"
    type="TypeValuePairType" minOccurs="0" maxOccurs="unbounded"/>
  </xs:sequence>
  <xs:attribute name="ParticipantObjectID" type="xs:string"
   use="required"/>
  <xs:attribute name="ParticipantObjectTypeCode" use="optional">
   <xs:simpleType>
    <xs:restriction base="xs:unsignedByte">
     <xs:enumeration value="1">
      <xs:annotation>
       <xs:appinfo>Person</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="2">
      <xs:annotation>
       <xs:appinfo>System object</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="3">
      <xs:annotation>
       <xs:appinfo>Organization</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
        
     <xs:enumeration value="4">
      <xs:annotation>
       <xs:appinfo>Other</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
    </xs:restriction>
   </xs:simpleType>
  </xs:attribute>
  <xs:attribute name="ParticipantObjectTypeCodeRole" use="optional">
   <xs:simpleType>
    <xs:restriction base="xs:unsignedByte">
     <xs:enumeration value="1">
      <xs:annotation>
       <xs:appinfo>Patient</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="2">
      <xs:annotation>
       <xs:appinfo>Location</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="3">
      <xs:annotation>
       <xs:appinfo> Report</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="4">
      <xs:annotation>
       <xs:appinfo>Resource</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="5">
      <xs:annotation>
       <xs:appinfo>Master file</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="6">
      <xs:annotation>
       <xs:appinfo>User</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="7">
      <xs:annotation>
       <xs:appinfo>List</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="8">
      <xs:annotation>
        
     <xs:enumeration value="4">
      <xs:annotation>
       <xs:appinfo>Other</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
    </xs:restriction>
   </xs:simpleType>
  </xs:attribute>
  <xs:attribute name="ParticipantObjectTypeCodeRole" use="optional">
   <xs:simpleType>
    <xs:restriction base="xs:unsignedByte">
     <xs:enumeration value="1">
      <xs:annotation>
       <xs:appinfo>Patient</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="2">
      <xs:annotation>
       <xs:appinfo>Location</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="3">
      <xs:annotation>
       <xs:appinfo> Report</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="4">
      <xs:annotation>
       <xs:appinfo>Resource</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="5">
      <xs:annotation>
       <xs:appinfo>Master file</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="6">
      <xs:annotation>
       <xs:appinfo>User</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="7">
      <xs:annotation>
       <xs:appinfo>List</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="8">
      <xs:annotation>
        
       <xs:appinfo>Doctor</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="9">
      <xs:annotation>
       <xs:appinfo>Subscriber</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="10">
      <xs:annotation>
       <xs:appinfo>Guarantor</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="11">
      <xs:annotation>
       <xs:appinfo>Security User Entity</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="12">
      <xs:annotation>
       <xs:appinfo>Security User Group</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="13">
      <xs:annotation>
       <xs:appinfo>Security Resource</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="14">
      <xs:annotation>
       <xs:appinfo>Security Granualarity Definition</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="15">
      <xs:annotation>
       <xs:appinfo>Provider</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="16">
      <xs:annotation>
       <xs:appinfo>Report Destination</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="17">
      <xs:annotation>
       <xs:appinfo>Report Library</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
        
       <xs:appinfo>Doctor</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="9">
      <xs:annotation>
       <xs:appinfo>Subscriber</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="10">
      <xs:annotation>
       <xs:appinfo>Guarantor</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="11">
      <xs:annotation>
       <xs:appinfo>Security User Entity</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="12">
      <xs:annotation>
       <xs:appinfo>Security User Group</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="13">
      <xs:annotation>
       <xs:appinfo>Security Resource</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="14">
      <xs:annotation>
       <xs:appinfo>Security Granualarity Definition</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="15">
      <xs:annotation>
       <xs:appinfo>Provider</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="16">
      <xs:annotation>
       <xs:appinfo>Report Destination</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="17">
      <xs:annotation>
       <xs:appinfo>Report Library</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
        
     <xs:enumeration value="18">
      <xs:annotation>
       <xs:appinfo>Schedule</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="19">
      <xs:annotation>
       <xs:appinfo>Customer</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="20">
      <xs:annotation>
       <xs:appinfo>Job</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="21">
      <xs:annotation>
       <xs:appinfo>Job Stream</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="22">
      <xs:annotation>
       <xs:appinfo>Table</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="23">
      <xs:annotation>
       <xs:appinfo>Routing Criteria</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="24">
      <xs:annotation>
       <xs:appinfo>Query</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
    </xs:restriction>
   </xs:simpleType>
  </xs:attribute>
  <xs:attribute name="ParticipantObjectDataLifeCycle" use="optional">
   <xs:simpleType>
    <xs:restriction base="xs:unsignedByte">
     <xs:enumeration value="1">
      <xs:annotation>
       <xs:appinfo>Origination / Creation</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="2">
      <xs:annotation>
        
     <xs:enumeration value="18">
      <xs:annotation>
       <xs:appinfo>Schedule</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="19">
      <xs:annotation>
       <xs:appinfo>Customer</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="20">
      <xs:annotation>
       <xs:appinfo>Job</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="21">
      <xs:annotation>
       <xs:appinfo>Job Stream</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="22">
      <xs:annotation>
       <xs:appinfo>Table</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="23">
      <xs:annotation>
       <xs:appinfo>Routing Criteria</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="24">
      <xs:annotation>
       <xs:appinfo>Query</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
    </xs:restriction>
   </xs:simpleType>
  </xs:attribute>
  <xs:attribute name="ParticipantObjectDataLifeCycle" use="optional">
   <xs:simpleType>
    <xs:restriction base="xs:unsignedByte">
     <xs:enumeration value="1">
      <xs:annotation>
       <xs:appinfo>Origination / Creation</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="2">
      <xs:annotation>
        
       <xs:appinfo>Import / Copy from original </xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="3">
      <xs:annotation>
       <xs:appinfo>Amendment</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="4">
      <xs:annotation>
       <xs:appinfo>Verification</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="5">
      <xs:annotation>
       <xs:appinfo>Translation</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="6">
      <xs:annotation>
       <xs:appinfo>Access / Use</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="7">
      <xs:annotation>
       <xs:appinfo>De-identification</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="8">
      <xs:annotation>
       <xs:appinfo>Aggregation, summarization,
        derivation</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="9">
      <xs:annotation>
       <xs:appinfo>Report</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="10">
      <xs:annotation>
       <xs:appinfo>Export / Copy to target</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="11">
      <xs:annotation>
       <xs:appinfo>Disclosure</xs:appinfo>
      </xs:annotation>
        
       <xs:appinfo>Import / Copy from original </xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="3">
      <xs:annotation>
       <xs:appinfo>Amendment</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="4">
      <xs:annotation>
       <xs:appinfo>Verification</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="5">
      <xs:annotation>
       <xs:appinfo>Translation</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="6">
      <xs:annotation>
       <xs:appinfo>Access / Use</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="7">
      <xs:annotation>
       <xs:appinfo>De-identification</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="8">
      <xs:annotation>
       <xs:appinfo>Aggregation, summarization,
        derivation</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="9">
      <xs:annotation>
       <xs:appinfo>Report</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="10">
      <xs:annotation>
       <xs:appinfo>Export / Copy to target</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="11">
      <xs:annotation>
       <xs:appinfo>Disclosure</xs:appinfo>
      </xs:annotation>
        
     </xs:enumeration>
     <xs:enumeration value="12">
      <xs:annotation>
       <xs:appinfo>Receipt of disclosure</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="13">
      <xs:annotation>
       <xs:appinfo>Archiving</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="14">
      <xs:annotation>
       <xs:appinfo>Logical deletion</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="15">
      <xs:annotation>
       <xs:appinfo>Permanent erasure / Physical destruction
       </xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
    </xs:restriction>
   </xs:simpleType>
  </xs:attribute>
  <xs:attribute name="ParticipantObjectSensitivity" type="xs:string"
   use="optional"/>
 </xs:complexType>
 <xs:complexType name="CodedValueType">
  <xs:attribute name="code" type="xs:string" use="required"/>
  <xs:attributeGroup ref="CodeSystem"/>
  <xs:attribute name="displayName" type="xs:string" use="optional"/>
  <xs:attribute name="originalText" type="xs:string" use="optional"/>
 </xs:complexType>
 <xs:complexType name="TypeValuePairType">
  <xs:attribute name="type" type="xs:string" use="required"/>
  <xs:attribute name="value" type="xs:base64Binary" use="required"/>
 </xs:complexType>
 <xs:attributeGroup name="CodeSystem">
  <xs:attribute name="codeSystem" type="OID" use="optional"/>
  <xs:attribute name="codeSystemName" type="xs:string"
   use="optional"/>
 </xs:attributeGroup>
 <xs:simpleType name="OID">
  <xs:restriction base="xs:string">
   <xs:whiteSpace value="collapse"/>
  </xs:restriction>
 </xs:simpleType>
        
     </xs:enumeration>
     <xs:enumeration value="12">
      <xs:annotation>
       <xs:appinfo>Receipt of disclosure</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="13">
      <xs:annotation>
       <xs:appinfo>Archiving</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="14">
      <xs:annotation>
       <xs:appinfo>Logical deletion</xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
     <xs:enumeration value="15">
      <xs:annotation>
       <xs:appinfo>Permanent erasure / Physical destruction
       </xs:appinfo>
      </xs:annotation>
     </xs:enumeration>
    </xs:restriction>
   </xs:simpleType>
  </xs:attribute>
  <xs:attribute name="ParticipantObjectSensitivity" type="xs:string"
   use="optional"/>
 </xs:complexType>
 <xs:complexType name="CodedValueType">
  <xs:attribute name="code" type="xs:string" use="required"/>
  <xs:attributeGroup ref="CodeSystem"/>
  <xs:attribute name="displayName" type="xs:string" use="optional"/>
  <xs:attribute name="originalText" type="xs:string" use="optional"/>
 </xs:complexType>
 <xs:complexType name="TypeValuePairType">
  <xs:attribute name="type" type="xs:string" use="required"/>
  <xs:attribute name="value" type="xs:base64Binary" use="required"/>
 </xs:complexType>
 <xs:attributeGroup name="CodeSystem">
  <xs:attribute name="codeSystem" type="OID" use="optional"/>
  <xs:attribute name="codeSystemName" type="xs:string"
   use="optional"/>
 </xs:attributeGroup>
 <xs:simpleType name="OID">
  <xs:restriction base="xs:string">
   <xs:whiteSpace value="collapse"/>
  </xs:restriction>
 </xs:simpleType>
        
</xs:schema>
        
</xs:schema>
        
6.2. XML Schema Localization
6.2. XML模式本地化

The schema specified in section 6.1 may be extended and restricted to meet local implementation-specific requirements. W3C Recommendation for XML Schema structure [W3CXML-1], section 4, is the governing standard for accomplishing this.

第6.1节中规定的模式可以扩展和限制,以满足当地实施的具体要求。W3C关于XML模式结构的建议[W3CXML-1]第4节是实现这一点的管理标准。

As of the current version of this document, a public reference URI for the base schema has not been established.

截至本文档的当前版本,尚未建立基本架构的公共引用URI。

Local definitions reference the common audit message base schema. For example, here is a schema with a local vocabulary restriction for "Audit Enterprise Site ID" plus an extension adding a new "Audit Source Asset Number" element.

本地定义引用公共审核消息基架构。例如,下面是一个模式,它对“Audit Enterprise Site ID”具有本地词汇限制,并添加了一个新的“Audit Source Asset Number”元素的扩展。

The URI used to identify this schema (http://audit-message-uri) is a syntactically valid example that does not represent an actual schema. Schema validators might report an error when attempting to import a schema using this URI.

用于标识此架构的URI(http://audit-message-uri)是一个语法上有效的示例,它不表示实际的模式。架构验证程序在尝试使用此URI导入架构时可能会报告错误。

<xs:schema xmlns:audit="http://audit-message-URI"
 xmlns:xs="http://www.w3.org/2001/XMLSchema"
 elementFormDefault="qualified" attributeFormDefault="unqualified">
 <xs:import schemaLocation="http://audit-message-URI"/>
 <xs:complexType name="LocaAuditSourceIdentificationType">
  <xs:complexContent>
   <xs:restriction base="AuditSourceIdentificationType">
    <xs:attribute name="AuditEnterpriseSiteID" use="required">
     <xs:simpleType>
      <xs:restriction base="xs:string">
       <xs:enumeration value="Main"/>
       <xs:enumeration value="Clinic1"/>
       <xs:enumeration value="Clinic2"/>
       <xs:enumeration value="Radiology"/>
       <xs:enumeration value="Lab"/>
      </xs:restriction>
     </xs:simpleType>
    </xs:attribute>
   </xs:restriction>
  </xs:complexContent>
 </xs:complexType>
 <xs:element name="LocalAuditSourceIdentification">
  <xs:complexType>
   <xs:complexContent>
    <xs:extension base="LocaAuditSourceIdentificationType">
      <xs:attribute name="AuditSourceAssetNumber" type="xs:string"
        
<xs:schema xmlns:audit="http://audit-message-URI"
 xmlns:xs="http://www.w3.org/2001/XMLSchema"
 elementFormDefault="qualified" attributeFormDefault="unqualified">
 <xs:import schemaLocation="http://audit-message-URI"/>
 <xs:complexType name="LocaAuditSourceIdentificationType">
  <xs:complexContent>
   <xs:restriction base="AuditSourceIdentificationType">
    <xs:attribute name="AuditEnterpriseSiteID" use="required">
     <xs:simpleType>
      <xs:restriction base="xs:string">
       <xs:enumeration value="Main"/>
       <xs:enumeration value="Clinic1"/>
       <xs:enumeration value="Clinic2"/>
       <xs:enumeration value="Radiology"/>
       <xs:enumeration value="Lab"/>
      </xs:restriction>
     </xs:simpleType>
    </xs:attribute>
   </xs:restriction>
  </xs:complexContent>
 </xs:complexType>
 <xs:element name="LocalAuditSourceIdentification">
  <xs:complexType>
   <xs:complexContent>
    <xs:extension base="LocaAuditSourceIdentificationType">
      <xs:attribute name="AuditSourceAssetNumber" type="xs:string"
        
       use="required"/>
    </xs:extension>
   </xs:complexContent>
  </xs:complexType>
 </xs:element>
</xs:schema>
        
       use="required"/>
    </xs:extension>
   </xs:complexContent>
  </xs:complexType>
 </xs:element>
</xs:schema>
        
7. Security Considerations
7. 安全考虑

Audit data must be secured at least to the same extent as the underlying data and activities being audited. This includes access controls as well as data integrity and recovery functions. This document acknowledges the need for, but does not specify, the policies and technical methods to accomplish this.

审计数据的安全程度必须至少与被审计的基础数据和活动相同。这包括访问控制以及数据完整性和恢复功能。本文件承认需要,但未具体说明实现这一目标的政策和技术方法。

It is conceivable that audit data might have unintended uses, e.g., tracking the frequency and nature of system use for productivity measures. ASTM standard E2147-01 [E2147] states, in paragraph 5.3.10, "Prohibit use for other reasons than to enforce security and to detect security breaches in record health information systems, for example, the audits are not to be used to explore activity profiles or movement profiles of employees."

可以想象,审计数据可能具有非预期用途,例如,跟踪系统用于生产力测量的频率和性质。ASTM标准E2147-01[E2147]在第5.3.10段中规定,“禁止出于其他原因使用记录健康信息系统,而不是为了加强安全性和检测安全漏洞,例如,审计不得用于探索员工的活动档案或流动档案。”

Some audit data arises from security-relevant processes other than data access. These are the trigger events listed in section 4.1 and 4.2 of this document. Audit data, defined in this document, can record the accountabilities for the results of these processes, as part of a complete security implementation. A discussion of the associated authorities, reference standards, and implementation technology choices for the processes is outside the scope of this document.

有些审计数据来自与安全相关的过程,而不是数据访问。这些是本文件第4.1节和第4.2节中列出的触发事件。本文档中定义的审计数据可以记录这些过程结果的责任,作为完整安全实施的一部分。有关相关当局、参考标准和过程实施技术选择的讨论不在本文件范围内。

8. References
8. 工具书类
8.1. Normative References
8.1. 规范性引用文件

[E2147] "E2147-01 Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems", ASTM International, June 2002.

[E2147]“E2147-01健康信息系统用审计和披露日志标准规范”,ASTM国际,2002年6月。

[ISO15408-2] "ISO/IEC 15408:1999 Common Criteria for Information Technology Security Evaluation, Part 2: Security Functional Requirements", ISO, August 1999.

[ISO154008-2]“ISO/IEC 15408:1999信息技术安全评估通用标准,第2部分:安全功能要求”,ISO,1999年8月。

[ISO8601] "ISO 8601:2000 Data elements and interchange formats -- Information interchange -- Representation of dates and times", ISO, December 2000.

[ISO8601]“ISO 8601:2000数据元素和交换格式——信息交换——日期和时间的表示”,ISO,2000年12月。

[RFC1305] Mills, D., "Network Time Protocol (Version 3) Specification, Implementation", RFC 1305, March 1992.

[RFC1305]Mills,D.,“网络时间协议(版本3)规范,实施”,RFC1305,1992年3月。

[RFC2396] Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform Resource Identifiers (URI): Generic Syntax", RFC 2396, August 1998.

[RFC2396]Berners Lee,T.,Fielding,R.和L.Masinter,“统一资源标识符(URI):通用语法”,RFC 2396,1998年8月。

[W3CXML-1] W3C Recommendation "XML Schema Part 1: Structures", version 1.0, May 2001.

[W3CXML-1]W3C建议“XML模式第1部分:结构”,版本1.0,2001年5月。

[W3CXML-2] W3C Recommendation "XML Schema Part 2: Datatypes," version 1.0, May 2001.

[W3CXML-2]W3C建议“XML模式第2部分:数据类型”,版本1.0,2001年5月。

8.2. Informative References
8.2. 资料性引用

[HL7SASIG] Marshall, G. and G. Dickinson, "Common Audit Message", HL7 Security and Accountability Special Interest Group, November 2001.

[HL7SASIG]Marshall,G.和G.Dickinson,“共同审计信息”,HL7安全和责任特别利益集团,2001年11月。

[IHETF-3] "IHE Technical Framework", Volume III, HIMMS/RSNA, April 2002.

[IHETF-3]“IHE技术框架”,第三卷,HIMMS/RSNA,2002年4月。

[NEMASPC] "Security and Privacy Auditing in Health Care Information Technology", Joint NEMA/COCIR/JIRA Security and Privacy Committee, 26 June 2001.

[NEMASPC]“医疗保健信息技术中的安全和隐私审计”,NEMA/COCIR/JIRA安全和隐私联合委员会,2001年6月26日。

Acknowledgments

致谢

The author gratefully acknowledges the advice and assistance of the following people during the preparation of this document:

作者衷心感谢以下人员在编写本文件过程中提供的建议和帮助:

Carmela Couderc, Siemens Medical Solutions Michael Davis, SAIC Gary Dickinson Christoph Dickmann, Siemens Medical Solutions Daniel Hannum, Siemens Medical Solutions Robert Horn, Agfa James McAvoy, Siemens Medical Solutions John Moehrke, General Electric Medical Systems Jennifer Puyenbroek, McKesson Information Solutions Angela Ray, McKesson Information Solutions Lawrence Tarbox, Siemens Corporate Research

Carmela Couderc、Siemens Medical Solutions Michael Davis、SAIC Gary Dickinson Christoph Dickmann、Siemens Medical Solutions Daniel Hannum、Siemens Medical Solutions Robert Horn、Agfa James McAvoy、Siemens Medical Solutions John Moehrke、General Electric Medical Systems Jennifer Puyenbroek、McKesson Information Solutions Angela Ray、,McKesson信息解决方案劳伦斯·塔博克斯,西门子公司研究部

Author's Address

作者地址

Glen Marshall Siemens Medical Solutions Health Services 51 Valley Stream Parkway Malvern, PA 19312 USA

格伦·马歇尔西门子医疗解决方案健康服务公司美国宾夕法尼亚州马尔文谷溪公园路51号,邮编:19312

Phone: (610) 219-3938 EMail: glen.f.marshall@siemens.com

电话:(610)219-3938电子邮件:glen.f。marshall@siemens.com

Full Copyright Statement

完整版权声明

Copyright (C) The Internet Society (2004).

版权所有(C)互联网协会(2004年)。

This document is subject to the rights, licenses and restrictions contained in BCP 78, and at www.rfc-editor.org, and except as set forth therein, the authors retain all their rights.

本文件受BCP 78和www.rfc-editor.org中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。

This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/S HE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

本文件及其包含的信息是按“原样”提供的,贡献者、其代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。

Intellectual Property

知识产权

The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the ISOC's procedures with respect to rights in ISOC Documents can be found in BCP 78 and BCP 79.

IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关ISOC文件中权利的ISOC程序信息,请参见BCP 78和BCP 79。

Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.

向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.

The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.

IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.

Acknowledgement

确认

Funding for the RFC Editor function is currently provided by the Internet Society.

RFC编辑功能的资金目前由互联网协会提供。