Please use a compatible browser :Google Chrome or Mozilla Firefox
Page expired. Any change will be lost. Try to refresh the page.
Gazelle update scheduled, unsaved changes will be lost :
Your session will timeout :
Redeployed...
Logged out...
The server is restarting. Any change will be lost.
 

Test : ATNA_Logging_FHIR-Feed

Test Summary

Id
13633
Keyword
ATNA_Logging_FHIR-Feed
Name
ATNA_Logging_FHIR-Feed
Version
EPR Bern 2021
Test Author
vhofman
Last modifier
vhofman
Status
ready
Type
connectathon
Is external tool ?
Is Orchestrable
is Validated ?
Peer Type
Peer To Peer
Short Description
Secure Node Sends Log Message to Audit Record Repository - ATX: FHIR Feed Option
Last changed
5/2/22 3:18:55 PM

Test Description in English

Special Instructions

PREREQUISITE TEST:

The ATNA Secure Node/Application should successfully complete the no-peer AuditEvent_Resource_Check test before this one.  Passing that test ensures that you are sending compliant audit messages in this peer-to-peer test.

TRANSPORT FOR THE AUDIT RECORDS:

There are three variations of this peer-to-peer test:

  • ATNA_Audit_Logging_FHIR-Feed (this test)
  • ATNA_Audit_Logging_TLS-Syslog
  • ATNA_Audit_Logging_UDP-Syslog

TEST PARTNERS:

This is a peer-to-peer test. A Secure Node or Secure Application must send audit messages to a vendor's Audit Record Repository; a tool is not a valid partner for this test. 

Both test partners must support the ATX: FHIR Feed option.

Description

The purpose of this ATNA_Logging_FHIR-Feed test is for your ATNA Secure Node or Secure Application to send AuditEvent Resources to an Audit Record Repository.

The type of AuditEvent Resource depends on the nature of the Secure Node/Application.

The top priority for audit testing would be an event that involves access to PHI that would result in an audit message that includes a Patient ID.  If the Secure Node or Secure Application does not generate an audit message that includes a patient ID, we will accept a different audit message.

Evaluation

Monitor Instructions:  The primary purpose of this test is to check interoperability (exchange of audit messages) between the Secure Node/Application and the Audit Record Repository.  It is not necessary for you to use the EVSClient tool to verify the content of the audit messages that are exchanged in this test.  That kind of verification is done in the AuditEvent_Resource_Check test.

Evidence provided by the ARR:

  • Some ARRs have great user interfaces to enable the monitor to view the received audit message; the ARR will give guidance in Step 10 on how to find the audit message(s) exchanged in this test.
  • Otherwise the ARR is asked to paste log evidence, database evidence, or a screen capture into Test Step 20 so that you don't have to hunt for logs with the ARR.  
  • Step 30 tells the participants in the test that a Monitor will not verify it without good evidence in step 10 or 20.

Evidence provided by the Secure Node or Application:

  • The XML or JSON for the audit AuditEvent Resource sent by the SN or SA is found in Step 110.

To verify:

  1. The submission of an audit record is an HTTP POST by the SecureNode/Application of a single AuditEvent Resource to the Audit Record Repository.
  2. The AuditEvent applies to a transaction/trigger that occurred during Connectathon week (i.e. the SA/SN is not posting an 'old' audit record)
  3. Confirm that the AuditEvent sent by the SN and SA has been received and stored on the ARR.

Test Roles

Keyword
# to realize
Card Min
Card Max
Optionality
URL
URL Doc
SN/SA-ATNA-ATX-FHIR-Feed
Integration profileActorOptionIs tested ?
Keyword
Keyword
Keyword
Keyword
IntegrationProfile ATNA-Audit Trail and Node Authentication Actor SA-Secure ApplicationATX_FHIR_FEEDtrue
IntegrationProfile ATNA-Audit Trail and Node Authentication Actor SN-Secure NodeATX_FHIR_FEEDtrue
211Required
ARR-ATNA-ATX-FHIR-Feed
Integration profileActorOptionIs tested ?
Keyword
Keyword
Keyword
Keyword
IntegrationProfile ATNA-Audit Trail and Node Authentication Actor ARR-Audit Record RepositoryATX_FHIR_FEEDtrue
311Required

Test Steps


Step Index
Initiator Role
Responder Role
Transaction
Secured
Message Type
Option
Description
Assertions
10ARR-ATNA-ATX-FHIR-FeedARR-ATNA-ATX-FHIR-FeedInstructionsOptionalSome ARRs have good user interfaces which make it easy for Monitors to find the sent audit messages. If your ARR has a web interface that the monitor can access remotely, in this test step please provide the details of the parameters to use to query for the audit message(s) exchanged in this test.
20ARR-ATNA-ATX-FHIR-FeedARR-ATNA-ATX-FHIR-FeedInstructionsOptional***If your ARR does not have a web interface or GUI***, you are still compliant with the ATNA profile; however, to assist the Connectathon Monitor with evaluation, the ARR partner in the test must post time-stamped evidence from their local system log or database, or a screen shot that shows that it received the AuditEvent Resource from the SA/SN partner in this test. This saves the monitor's time -- and yours -- trying to hunt for logs within the ARR. Attach the log file to this test step.
30ARR-ATNA-ATX-FHIR-FeedARR-ATNA-ATX-FHIR-FeedInstructionsRequiredIf evidence for the monitor is not in either Step 10 or 20, the monitor will not verify this test.
100SN/SA-ATNA-ATX-FHIR-FeedSN/SA-ATNA-ATX-FHIR-FeedInstructionsRequiredSecure Node or Secure Application engages in some transaction that triggers an audit message. In the best scenario, this includes a specific Patient ID, but that is not required. If a Patient ID is used, please paste it into this test step, along with the transaction you sent, eg PatientID=XXXX, Transaction=ITI-78 for PDQm Query.
110SN/SA-ATNA-ATX-FHIR-FeedARR-ATNA-ATX-FHIR-FeedITI-20ITI-20 (HTTP POST)RequiredSecure Node or Secure Application sends AuditEvent Resource. Attach a copy of your audit message (XML or JSON) in this test step.
120SN/SA-ATNA-ATX-FHIR-FeedARR-ATNA-ATX-FHIR-FeedITI-20ITI-20 (HTTP POST)OptionalIf your Secure Node/App can trigger an audit message by a non-message action (eg application start/stop or many others), you perform that action and send the associated audit message. Attach a copy of your AuditEvent Resource in this test step.

Tool index

  • Simulators

    Copyright IHE 2024
  • Gazelle 7.1.7
Back to top