SanteDB iCDR and dCDR instances implement a local where local audits are stored for events related to SanteDB , as well as an which is responsible for shipping audits to a centralized audit repository (if the iCDR or dCDR are participating in an OpenHIE instance).

In the SanteDB administrative panel, audits are accessed using the Audit Repository function in the Security section of the Administrative Panel.

Audit List

The audit list provides an overview of the complete audit trail available in the SanteDB iCDR or dCDR instance to which the administrative panel is connected.

Audits are displayed with the event summary fields visible.

Action

The action field in an Audit indicates the overall operation which was performed which resulted in the audit being created.

Event

The event code is context specific (i.e. it depends on the interface, the transaction, and standard being implemented), and describes the specific operation which occurred and resulted in the audit being created.

Event codes on the summary screen have a badge with an event classification, and a detailed code. Common badges for events are:

Internal event codes for SanteDB start with a SecurityAuditCode prefix, representing their concept registration.

Outcome

The outcome indicator of the audit summary view indicates the overall result of the action which is represented in the detail view

Timestamp

The timestamp of the audit represents the exact moment in time that the action described in the audit event occurred.

Audit Details

When clicking the View button on an audit, you will be presented with a long-form data view of the audit information contained in the event. The screen is broken into 4 sections.

Event Information

The event information section of an audit indicates the overall metadata about the event.

The event metadata is the same as that shown in the summary list, with additional context fields.

Network Information

The network information section shows information about the network infrastructure when the request was made.

Users and Computers

The users and computers section of the audit detail show the information about the actors involved in the event.

Each actor has four attributes expressed in the table:

• User Name: Which shows the device, application or user name of the principal which was involved in the transaction.

• Machine: Showing the IP address or hostname of the machine on which the transaction was executed.

• R: An indicator showing if the specified event was triggered by the action (i.e. the user is the requestor)

• Roles: Shows the role which played, roles are:

  • 110150 - Application Process

  • 110152 - Source

  • 110153 - Destination

  • humanuser - A human who is accessing the system

Data and Objects

The data and objects section shows the objects which were involved in the event. That is, the records, or objects which were impacted, created, deleted, executed, etc. The data and objects section differs between each type of object.

Lifecycles

Each object has a lifecycle attached to it which identifies the action or state within the object's overall lifecycle which the event interacted with.

Session Objects

Session objects represent a security session which was established for a user. The object carries additional contextual data about the policies with which the session was authenticated.

Query Objects

Query events will typically append the original query being executed against the CDR as a query structure. The format of the query data will depend on the source of the audit and the event but typically the query data is represented as:

• SQL Query definition which was executed

• HDSI Query definition which was executed

• The HL7v2 QBP QPD segment data

• The HL7 FHIR REST Request with Headers

De-Identification Objects

Whenever a policy decision is made, and the CDR needs to de-identify patient data to protect privacy of the patient, a deidentification object will be registered. This contains the identifier of the object which was the target of masking, as well as the policy which resulted in the masking occurring.

Policy Decision

When an access control decision is performed, and a policy violation exception thrown, the SanteDB audit log will carry a copy of the policy outcome object indicating the policy which failed validation and the overall action taken.