Audit Service: Render API

Implementation Guide
ePA Basisfunktionalitäten

Version 1.2.0-ballot.1 - draft

Seiteninhalt:

Einsatzbereich
Nachricht
Sicherheitsanforderungen
Protokollierung

Der Audit Event Service unterstützt die Abfrage aufbereiteter Protokolle im Datenformat PDF/A (d.h. kein FHIR) über die Render API: AuditEvent.

Einsatzbereich

Ein Nutzer des ePA-Client-Systems möchte keinen FHIR-basierte Abruf mit spezifischen Filtermöglichkeiten durchführen und stattdessen eine aufbereitete Anzeige protokollierter Ereignisse und ePA-Zugriffe in Form eines PDF/A-Dokuments anzeigen.

Nachricht

Die Nachricht zum Abruf von Protokolldaten wird als HTTP GET-Anfrage an den Audit Event Service gesendet, um eine Liste von Audit-Ereignissen in Form eines PDF/A-Dokuments abzurufen.

Auslösung

Wenn das ePA-Client-System eine zeitbasierte Suche über protokollierter Ereignisse und ePA-Zugriffe durchführen möchte, sendet er eine Render API: AuditEvent-Nachricht an den Audit Event Service.

API

    {"resourceType":"CapabilityStatement","id":"epa-audit-event-server","meta":{"profile":["https://gematik.de/fhir/ti/StructureDefinition/ti-capability-statement"]},"extension":[{"extension":[{"url":"name","valueString":"X-Request-ID"},{"url":"type","valueString":"string"},{"url":"description","valueString":"UUID of the request message"},{"url":"format","valueString":"uuid"},{"url":"required","valueBoolean":true}],"url":"https://gematik.de/fhir/ti/StructureDefinition/extension-http-header"},{"extension":[{"url":"name","valueString":"x-insurantid"},{"url":"type","valueString":"string"},{"url":"description","valueString":"Health Record Identifier"},{"url":"pattern","valueString":"^[A-Z]{1}\\d{9}$"},{"url":"required","valueBoolean":true}],"url":"https://gematik.de/fhir/ti/StructureDefinition/extension-http-header"},{"extension":[{"url":"name","valueString":"x-useragent"},{"url":"type","valueString":"string"},{"url":"description","valueString":"user agent information"},{"url":"pattern","valueString":"^[a-zA-Z0-9]{20}\\/[a-zA-Z0-9\\-\\.]{1,15}$"},{"url":"required","valueBoolean":true}],"url":"https://gematik.de/fhir/ti/StructureDefinition/extension-http-header"},{"extension":[{"url":"statusCode","valueString":"403"},{"url":"description","valueString":"Requestor not authorized (no user session with valid ID-Token available)"},{"url":"responseType","valueString":"application/json"},{"url":"errorCode","valueString":"invalAuth"}],"url":"https://gematik.de/fhir/ti/StructureDefinition/extension-http-response-info"},{"extension":[{"url":"statusCode","valueString":"403"},{"url":"description","valueString":"Requestor has no valid entitlement"},{"url":"responseType","valueString":"application/json"},{"url":"errorCode","valueString":"notEntitled"}],"url":"https://gematik.de/fhir/ti/StructureDefinition/extension-http-response-info"},{"extension":[{"url":"statusCode","valueString":"403"},{"url":"description","valueString":"Requestor role is not in the list of allowed user groups"},{"url":"responseType","valueString":"application/json"},{"url":"errorCode","valueString":"invalidOid"}],"url":"https://gematik.de/fhir/ti/StructureDefinition/extension-http-response-info"},{"extension":[{"url":"statusCode","valueString":"403"},{"url":"description","valueString":"Device registration does not exist (if requestor role is oid_versicherter only)"},{"url":"responseType","valueString":"application/json"},{"url":"errorCode","valueString":"unregisteredDevice"}],"url":"https://gematik.de/fhir/ti/StructureDefinition/extension-http-response-info"},{"extension":[{"url":"statusCode","valueString":"404"},{"url":"description","valueString":"Health record is in state UNKNOWN or INITIALIZED"},{"url":"responseType","valueString":"application/json"},{"url":"errorCode","valueString":"noHealthRecord"}],"url":"https://gematik.de/fhir/ti/StructureDefinition/extension-http-response-info"},{"extension":[{"url":"statusCode","valueString":"409"},{"url":"description","valueString":"Health record is in state SUSPENDED or MAINTENANCE"},{"url":"responseType","valueString":"application/json"},{"url":"errorCode","valueString":"statusMismatch"}],"url":"https://gematik.de/fhir/ti/StructureDefinition/extension-http-response-info"},{"extension":[{"url":"statusCode","valueString":"500"},{"url":"description","valueString":"Any other error"},{"url":"responseType","valueString":"application/json"},{"url":"errorCode","valueString":"internalError"}],"url":"https://gematik.de/fhir/ti/StructureDefinition/extension-http-response-info"},{"url":"https://gematik.de/fhir/ti/StructureDefinition/extension-base-url","valueString":"http://epa4all/epa/audit/api/v1/fhir"}],"url":"https://gematik.de/fhir/epa/CapabilityStatement/epa-audit-event-server","version":"1.2.0-ballot.1","name":"EPAAuditEventServer","title":"EPA Capability Statement für den Audit Event Service","status":"draft","date":"2025-08-01","publisher":"gematik GmbH","contact":[{"telecom":[{"system":"url","value":"https://www.gematik.de"}]}],"description":"EPA Capability Statement für den Audit Event Service","jurisdiction":[{"coding":[{"system":"urn:iso:std:iso:3166","code":"DE"}]}],"kind":"requirements","imports":["https://gematik.de/fhir/epa/CapabilityStatement/epa-basic-server"],"_imports":[{"extension":[{"url":"http://hl7.org/fhir/StructureDefinition/capabilitystatement-expectation","valueCode":"SHALL"}]}],"fhirVersion":"4.0.1","format":["application/fhir+json","application/fhir+xml"],"rest":[{"mode":"server","resource":[{"extension":[{"url":"http://hl7.org/fhir/StructureDefinition/capabilitystatement-expectation","valueCode":"SHALL"}],"type":"AuditEvent","profile":"https://gematik.de/fhir/epa/StructureDefinition/epa-auditevent","_profile":{"extension":[{"url":"http://hl7.org/fhir/StructureDefinition/capabilitystatement-expectation","valueCode":"SHALL"}]},"supportedProfile":["https://gematik.de/fhir/epa/StructureDefinition/epa-auditevent"],"_supportedProfile":[{"extension":[{"url":"http://hl7.org/fhir/StructureDefinition/capabilitystatement-expectation","valueCode":"SHALL"}]}],"interaction":[{"extension":[{"url":"http://hl7.org/fhir/StructureDefinition/capabilitystatement-expectation","valueCode":"SHALL"},{"extension":[{"url":"statusCode","valueString":"200"},{"url":"description","valueString":"Successful operation"}],"url":"https://gematik.de/fhir/ti/StructureDefinition/extension-http-response-info"},{"extension":[{"url":"statusCode","valueString":"400"},{"url":"description","valueString":"Unknown search parameter"},{"url":"responseType","valueString":"TIOperationOutcome"},{"url":"errorCode","valueString":"MSG_PARAM_UNKNOWN"}],"url":"https://gematik.de/fhir/ti/StructureDefinition/extension-http-response-info"},{"extension":[{"url":"statusCode","valueString":"400"},{"url":"description","valueString":"Invalid query parameter(s)"},{"url":"responseType","valueString":"TIOperationOutcome"},{"url":"errorCode","valueString":"MSG_BAD_SYNTAX"}],"url":"https://gematik.de/fhir/ti/StructureDefinition/extension-http-response-info"},{"extension":[{"url":"statusCode","valueString":"400"},{"url":"description","valueString":"Invalid request"},{"url":"responseType","valueString":"TIOperationOutcome"},{"url":"errorCode","valueString":"MSG_BAD_FORMAT"}],"url":"https://gematik.de/fhir/ti/StructureDefinition/extension-http-response-info"},{"extension":[{"url":"statusCode","valueString":"404"},{"url":"description","valueString":"Unknown resource type"},{"url":"responseType","valueString":"TIOperationOutcome"},{"url":"errorCode","valueString":"MSG_UNKNOWN_TYPE"}],"url":"https://gematik.de/fhir/ti/StructureDefinition/extension-http-response-info"}],"code":"search-type"},{"extension":[{"url":"http://hl7.org/fhir/StructureDefinition/capabilitystatement-expectation","valueCode":"SHALL"},{"extension":[{"url":"statusCode","valueString":"200"},{"url":"description","valueString":"Successful operation"}],"url":"https://gematik.de/fhir/ti/StructureDefinition/extension-http-response-info"},{"extension":[{"url":"statusCode","valueString":"400"},{"url":"description","valueString":"Invalid request"},{"url":"responseType","valueString":"TIOperationOutcome"},{"url":"errorCode","valueString":"MSG_BAD_FORMAT"}],"url":"https://gematik.de/fhir/ti/StructureDefinition/extension-http-response-info"},{"extension":[{"url":"statusCode","valueString":"404"},{"url":"description","valueString":"Unknown resource type"},{"url":"responseType","valueString":"TIOperationOutcome"},{"url":"errorCode","valueString":"MSG_UNKNOWN_TYPE"}],"url":"https://gematik.de/fhir/ti/StructureDefinition/extension-http-response-info"},{"extension":[{"url":"statusCode","valueString":"404"},{"url":"description","valueString":"Resource is not known"},{"url":"responseType","valueString":"TIOperationOutcome"},{"url":"errorCode","valueString":"MSG_RESOURCE_ID_FAIL"}],"url":"https://gematik.de/fhir/ti/StructureDefinition/extension-http-response-info"}],"code":"read"}],"searchParam":[{"extension":[{"url":"http://hl7.org/fhir/StructureDefinition/capabilitystatement-expectation","valueCode":"SHALL"}],"name":"_id","definition":"http://hl7.org/fhir/SearchParameter/Resource-id","type":"token","documentation":"Resource.id"},{"extension":[{"url":"http://hl7.org/fhir/StructureDefinition/capabilitystatement-expectation","valueCode":"SHALL"}],"name":"_lastUpdated","definition":"http://hl7.org/fhir/SearchParameter/Resource-lastUpdated","type":"date","documentation":"Resource.meta.lastUpdated"},{"extension":[{"url":"http://hl7.org/fhir/StructureDefinition/capabilitystatement-expectation","valueCode":"SHALL"}],"name":"action","definition":"http://hl7.org/fhir/SearchParameter/AuditEvent-action","type":"token","documentation":"AuditEvent.action"},{"extension":[{"url":"http://hl7.org/fhir/StructureDefinition/capabilitystatement-expectation","valueCode":"SHALL"}],"name":"altid","definition":"http://hl7.org/fhir/SearchParameter/AuditEvent-altid","type":"token","documentation":"AuditEvent.agent.altId"},{"extension":[{"url":"http://hl7.org/fhir/StructureDefinition/capabilitystatement-expectation","valueCode":"SHALL"}],"name":"date","definition":"http://hl7.org/fhir/SearchParameter/AuditEvent-date","type":"date","documentation":"AuditEvent.recorded"},{"extension":[{"url":"http://hl7.org/fhir/StructureDefinition/capabilitystatement-expectation","valueCode":"SHALL"}],"name":"outcome","definition":"http://hl7.org/fhir/SearchParameter/AuditEvent-outcome","type":"token","documentation":"AuditEvent.outcome"},{"extension":[{"url":"http://hl7.org/fhir/StructureDefinition/capabilitystatement-expectation","valueCode":"SHALL"}],"name":"entity-name","definition":"http://hl7.org/fhir/SearchParameter/AuditEvent-entity-name","type":"string","documentation":"AuditEvent.entity.name"},{"extension":[{"url":"http://hl7.org/fhir/StructureDefinition/capabilitystatement-expectation","valueCode":"SHALL"}],"name":"agent-name","definition":"http://hl7.org/fhir/SearchParameter/AuditEvent-agent-name","type":"string","documentation":"AuditEvent.agent.name"},{"extension":[{"url":"http://hl7.org/fhir/StructureDefinition/capabilitystatement-expectation","valueCode":"SHALL"}],"name":"type","definition":"http://hl7.org/fhir/SearchParameter/AuditEvent-type","type":"token","documentation":"AuditEvent.type"}]}]}]}

Signierte PDF/A anfordern (`true`) oder unsignierte PDF/A anfordern (`false`)

Frühester Zeitpunkt zur Berücksichtigung der Audit-Ereignisse z.B. 2025-07-15T00:00:00

Spätester Zeitpunkt zur Berücksichtigung der Audit-Ereignisse z.B. 2025-07-15T23:59:59

Successful operation

Rendering led to empty list

Beispiele

Den Audit Event Service zur Bereitstellung eines signierten PDF/A anfragen:

GET [base]/epa/audit/render/v1/pdf?signed=true

Den Audit Event Service zur Bereitstellung eines unsignierten PDF/A für die Protokolleinträge vom 15. Juli 2025 anfragen:

GET [base]/epa/audit/render/v1/pdf?lowerDateTime=2025-07-15T00:00:00&amp;upperDateTime=2025-07-15T23:59:59

Verarbeitung

Der Audit Event Service MUSS eine Liste von Audit-Event-Ereignissen als PDF/A (signiert oder unsigniert) erstellen und bei diesem API GET Aufruf zurückgeben. Der Audit Event Service muss in der Render API: PDF Audit den Parameter signed unterstützen.

signed=true fordert eine signiertes PDF/A an
signed=false fordert eine unsigniertes PDF/A an

Die Standardsortierung der Daten in dem PDF/A-Export des Audit Event Service MUSS anhand des Attributs recorded in absteigender Reihenfolge, sodass die neuesten Daten zuerst angezeigt werden. Der Audit Event Service MUSS für die Render API: PDF Audit bei einer erfolgreichen Ausgabe im PDF/A-Format den Media Type application/pdf im HTTP Header Content-Type setzen und den HTTP Status Code 200 zurückgeben. Der Audit Event Service MUSS bei einer Anfrage über die Render API: PDF Audit, die keine Einträge zurückliefert, den HTTP Status Code 404 mit dem Error Code noEntries zurückgeben. Der Audit Event Service MUSS in der Render API: PDF Audit die Suchparameter lowerDateTime und upperDateTime unterstützen.

lowerDateTime definiert den frühesten Zeitpunkt zur Berücksichtigung der AuditEvent-Ereignisse
upperDateTime definiert den spätesten Zeitpunkt zur Berücksichtigung der AuditEvent-Ereignisse

Sicherheitsanforderungen

Generelle Sicherheitsanforderungen werden hier festgehalten.

Protokollierung

Die Protokollierung erfolgt über den Audit Event Service. Weitere Anforderungen sind [gemSpec_Aktensystem_ePAfueralle#Protokollierung] zu entnehmen.

<vorherige

oben

nächste>

IG © 2025+ gematik GmbH. Paket de.gematik.epa#1.2.0-ballot.1 basierend auf FHIR 4.0.1. Generiert 2025-07-31
Links: Table of Contents | QA Report