Release 5

This page is part of the FHIR Specification (v5.0.0: R5 - STU). This is the current published version. For a full list of available versions, see the Directory of published versions . Page versions: R5 R4B R4 R3 R2

Example Provenance/signature (XML)

Security Work GroupMaturity Level: N/AStandards Status: InformativeCompartments: Device, Patient, Practitioner, RelatedPerson

Raw XML (canonical form + also see XML Format Specification)

Jump past Narrative

Provenance holding a signature (id = "signature")

<?xml version="1.0" encoding="UTF-8"?>

<Provenance xmlns="http://hl7.org/fhir">
  <id value="signature"/> 
    <!--   
  <text>
    <status value="extensions"/>
    <div xmlns="http://www.w3.org/1999/xhtml">procedure record authored on 27-June
   2015 by Harold Hippocrates, MD Content extracted from Referral received 26-June</div>
  </text>
   -->
      <!--    
    where possible, provenance targets should be version specific,
    so that there is no ambiguity about which version of the 
    record this relates to
     -->
  <text> <status value="generated"/> <div xmlns="http://www.w3.org/1999/xhtml"><p> <b> Generated Narrative: Provenance</b> <a name="signature"> </a> </p> <div style="display: inline-block; background-color: #d9e0e7; padding: 6px; margin: 4px; border:
       1px solid #8da1b4; border-radius: 5px; line-height: 60%"><p style="margin-bottom: 0px">Resource Provenance &quot;signature&quot; </p> </div> <p> <b> target</b> : <span title=" 
  &lt;text&gt;
    &lt;status value=&quot;extensions&quot;/&gt;
    &lt;div xmlns=&quot;http://www.w3.org/1999/xhtml&quot;&gt;procedure record authored
         on 27-June 2015 by Harold Hippocrates, MD Content extracted from Referral received
         26-June&lt;/div&gt;
  &lt;/text&gt;
 &amp;#10;  
    where possible, provenance targets should be version specific,
    so that there is no ambiguity about which version of the 
    record this relates to
   "><a href="documentreference-example.html">DocumentReference/example/_history/4</a> </span> </p> <p> <b> recorded</b> : 27 Aug 2015, 8:39:24 am</p> <h3> Authorizations</h3> <table class="grid"><tr> <td> -</td> <td> <b> Concept</b> </td> </tr> <tr> <td> *</td> <td> treatment <span style="background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki"> (<a href="http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActReason.html">ActReason</a> #TREAT)</span> </td> </tr> </table> <p> <b> activity</b> : authenticated <span style="background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki"> (<a href="http://terminology.hl7.org/5.1.0/CodeSystem-v3-DocumentCompletion.html">DocumentCompletion</a> #AU)</span> </p> <h3> Agents</h3> <table class="grid"><tr> <td> -</td> <td> <b> Type</b> </td> <td> <b> Who</b> </td> </tr> <tr> <td> *</td> <td> Verifier <span style="background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki"> (<a href="http://terminology.hl7.org/5.1.0/CodeSystem-contractsignertypecodes.html">Contract Signer Type Codes</a> #VERF)</span> </td> <td> <span title="  very often, the user won't have a known system - these aren't available 
      for security system log ons. But where you can define it, you should.
      Most of the time the userId is fully qualfied such as an email address   
              "><span/>  </span> </td> </tr> </table> <h3> Signatures</h3> <table class="grid"><tr> <td> -</td> <td> <b> Type</b> </td> <td> <b> When</b> </td> <td> <b> Who</b> </td> <td> <b> TargetFormat</b> </td> <td> <b> SigFormat</b> </td> <td> <b> Data</b> </td> </tr> <tr> <td> *</td> <td> <span title="  verification signature  ">Verification Signature (Details: urn:iso-astm:E1762-95:2013 code 1.2.840.10065.1.12.1.5
               = 'Verification Signature', stated as 'Verification Signature')</span> </td> <td> 27 Aug 2015, 8:39:24 am</td> <td> <a href="practitioner-example-xcda-author.html">Practitioner/xcda-author</a>  &quot;Harold HIPPOCRATES&quot;</td> <td> application/fhir+xml</td> <td> application/signature+xml</td> <td> Li4u</td> </tr> </table> </div> </text> <target> 
    <reference value="DocumentReference/example/_history/4"/>     
  </target> 
  <recorded value="2015-08-27T08:39:24+10:00"/> 
  <authorization> 
    <concept> 
    <coding> 
      <system value="http://terminology.hl7.org/CodeSystem/v3-ActReason"/> 
      <code value="TREAT"/> 
      <display value="treatment"/> 
    </coding> 
      </concept> 
  </authorization> 
  <activity> 
    <coding> 
      <system value="http://terminology.hl7.org/CodeSystem/v3-DocumentCompletion"/> 
      <code value="AU"/> 
      <display value="authenticated"/> 
    </coding> 
  </activity> 

      <!--    signer = Harold Hippocrates    -->
  <agent> 
    <type> 
      <coding> 
        <system value="http://terminology.hl7.org/CodeSystem/contractsignertypecodes"/> 
        <code value="VERF"/> 
      </coding> 
    </type> 

        <!--    very often, the user won't have a known system - these aren't available 
      for security system log ons. But where you can define it, you should.
      Most of the time the userId is fully qualfied such as an email address   
        -->
    <who> 
      <identifier> 
        <system value="urn:ietf:rfc:3986"/> 
        <value value="mailto://hhd@ssa.gov"/> 
      </identifier> 
    </who> 
  </agent> 
  <signature> 
        <!--    verification signature    -->
    <type> 
      <system value="urn:iso-astm:E1762-95:2013"/> 
      <code value="1.2.840.10065.1.12.1.5"/> 
      <display value="Verification Signature"/> 
    </type> 
    <when value="2015-08-27T08:39:24+10:00"/> 
    <who> 
      <reference value="Practitioner/xcda-author"/> 
    </who>   
    <targetFormat value="application/fhir+xml"/> 
    <sigFormat value="application/signature+xml"/> 
    <data value="Li4u"/> 
  </signature> 
</Provenance>

Usage note: every effort has been made to ensure that the examples are correct and useful, but they are not a normative part of the specification.