ihe it audit messaging. proposed division of labor it profiles and framework define transport define...
TRANSCRIPT
IHE IT Audit MessagingIHE IT Audit Messaging
Proposed Division of LaborProposed Division of Labor
IT Profiles and Framework Define Transport Define Events Define Message Structure Define Message Vocabulary
Discipline Frameworks Implementation guidance
– Actor specific considerations
– Extended descriptions of events
Event oriented, not transaction Event oriented, not transaction orientedoriented
Common Audit Message describes events in terms of:– The event code– The active participants
Programs, People, etc.
– The objects Records, instances, people, etc.
A very generic structure instead of event specific structures like the IHE Radiology messages.
Common Audit MessageCommon Audit Message
Vocabularies– Basic IETF vocabulary– DICOM vocabulary
Defines minimum reporting requirements for particular events
Defines terminology vocabulary
– Temporary IT vocabulary Address gaps in DICOM vocabulary (especially for
administrative activities).
Real World ActivitiesReal World ActivitiesProduct
Capabilities
TransportAudit
Repository
IETFCAM
DICOMAudit
Vocabulary
Product Audit Capabilities
Site Policies
All Events
Describable Events
Reportable Events
Reported Events
ApplicationActivities
IHE Profiledand/or
IHE Recommendations
System
Application
Simple ComparisonSimple Comparison
IHE Interim User Login
DICOM– Event: ID= EV(CD14,DCM,”User Authentication), EventType=
“login” or “Logout”– Active Participant (Mandatory)
UserID: Identity of person logging in, Role=Login
– Active Participant (Optional) UserID: Identity of process or node that authenticated the user,
Role=Authenticator
Complex ComparisonComplex Comparison
Instances Transferred– DICOM Supplement 95, A.Y.6 (pg 12)– IHE Interim, Rnode and InstancesAction
Vocabulary ExtensionsVocabulary Extensions
Primary Path– Proposals to SDO (DICOM, ASTM, etc.)– Incorporation of the SDO vocabulary by IHE
Interim Path– IHE vocabulary only when necessary due to
lack of an appropriate SDO activity.
Vocabulary ExtensionsVocabulary Extensions
Extension Reviews– No Synonyms. Use existing IETF or DICOM
vocabulary whenever it is applicable, even in other non-DICOM situations.
– No Ambiguity. Define new vocabulary for new events and concepts.
Private Vocabularies– No conflict with standard vocabularies provided there
are no synonyms or ambiguous terms used.
Vocabulary ExtensionsVocabulary Extensions
If there are no synonyms or ambiguous terms, then– You can mix messages and vocabulary– An application can use whichever vocabulary
applies to a particular event