For each actor in CA:Aud, the options (labeled “R”) shall be selected, and the options (labeled “O”) may be selected.
Actor | Options | Optionality |
Audit Creator | FHIR Feed | O (Note 1) |
Audit Record Repository | FHIR Feed | O (Note 1) |
Retrieve Audit Message | R | |
Audit Record Forwarder | FHIR Feed | O (Note 1) |
Audit Consumer | Retrieve Audit Message | R |
Note 1: The recording of audit events is mandatory, however CA:Aud does not enforce the means that are used to record the audit events into the Audit Record Repository. Audit records must be recorded using the IHE Record Audit Event [ITI-20] with FHIR Feed option or by other (non-IHE) methods. The FHIR Feed option is recommended.
Note that if other (non-IHE) methods are used to record the audit events, the messages must be converted into the FHIR format that is expected by the Audit Consumer for Retrieve ATNA Audit Event [ITI-81] transaction.
FHIR Feed Option
The audit message transport happens via FHIR Feed, that enables sending CA:Aud audit records using RESTful capabilities and FHIR resources.
The Audit Record Repository shall implement two RESTful interactions, Send Audit Resource and Send Audit Bundle, as defined in the Record Audit Event [ITI-20] transaction.
An Audit Creator or Audit Record Forwarder shall at least support one of the two RESTful interactions, Send Audit Resource and Send Audit Bundle, as defined in the Record Audit Event [ITI-20] transaction.
FHIR Feed is the recommended option, as it provides the appropriate FHIR format that can be consumed by the Audit Consumer actor using Retrieve ATNA Audit Event [ITI-81] transaction.
Retrieve Audit Message Option
The Retrieve Audit Message Option enables search requests for audit records based upon message contents.
An Audit Record Repository that supports this option shall implement the Retrieve ATNA Audit Event [ITI-81] transaction.
The [ITI-81] transaction is a RESTful search from an Audit Consumer to an Audit Record Repository (ARR) using FHIR resources. The search response will reflect the contents of the data storage at the time of the search. CA:Aud does not specify the criteria for message selection, archival, retention interval, etc. These are set by local policy and often vary for different Audit Record Repositories.