Record Audit Event [ITI-20]

Audit events, as specified by IHE’s Audit Trail and Node Authentication (ATNA) profile, are required by the Swiss EPR regulations. To align with these, the eMedication service complies itself with these regulations and has its own an Audit Record Repository for all ATNA logs related to the service. Clients of the eMedication service MUST record the necessary audit events during each transaction with the eMedication service by means of an ITI-20 transaction to the endpoint exposed by the eMedication service’s Audit Record Repository (see the endpoints page).

Recording audit events

The eMedication service supports only syslog messages. RESTful ATNA support is foreseen but not available for the time being.

Syslog Interaction

The eMedication service exposes a TCP port (see the endpoints page). This port accepts only two-way TLS connections and will process only syslog messages that comply with the ITI-20 profile. All valid syslog messages, as per IHE’s profile, are recorded in the eMedication Audit Record Repository.

Additionally, the Audit Record Repository will try to translate, if possible and as a best effort, all received audit messages to FHIR AuditEvent objects and more specifically, to CH ATC compliant AuditEvent objects. Note that it is the responsability of the systems recording audit events to generate complete and compliant messages as per the regulations and that the Audit Record Repository offers some basic transformations to help with CH ATC compliance as a nice-to-have extra on a best-effort basis and not as an obligation.

RESTful ATNA Feed

Not supported yet.