Ok, so I'm working on some health related app. So far, we have our custom database, with Rest API end points, java spring app and oracle database.
Now they are considering to move to the HL7/FHIR specifications. I know pretty much nothing about this framework.
One of our requirements is some sort of audit module recording all sorts of events such as "this patient file got modified by that doctor".
The thing is the framework seems to include an AuditEvent module. https://www.hl7.org/fhir/auditevent.html
Ideally when a PUT rest call occurs on a "patient" resource, we would create and save a new AuditEvent resource.
The problem I face is how do I know the author of the PUT? The staff member that triggered the patient record update?
There is nothing in their REST recommendations that specifies how we are supposed to cover that aspect? The "author" of a PUT. https://www.hl7.org/fhir/http.html#vread
Is it specific to how we implement the specifications, some sort of session/security related userID
Many Thanks
PS: there would be other types of events apart from just recording REST calls.
