<?xml version=“1.0” encoding=“UTF-8”?> <AuditEvent xmlns=“hl7.org/fhir”>

      <id value="example-error"/>
      <meta>
  <security>
    <system value="http://terminology.hl7.org/CodeSystem/v3-ActReason"/>
    <code value="HTEST"/>
    <display value="test health data"/>
  </security>
</meta>

      <contained>
              <!--  contained OperationOutcome from failed transaction  -->
              <OperationOutcome>
                      <id value="o1"/>

                      <issue>
                              <severity value="error"/>
                              <code value="invalid"/>
                              <details>
                                      <text value="Invalid pointer operation"/>
                              </details>
                      </issue>
              </OperationOutcome>
      </contained>
      <type>
              <system value="http://terminology.hl7.org/CodeSystem/audit-event-type"/>
              <code value="rest"/>
              <display value="Restful Operation"/>
      </type>
      <subtype>
              <system value="http://hl7.org/fhir/restful-interaction"/>
              <code value="create"/>
              <display value="create"/>
      </subtype>
      <action value="C"/>
      <recorded value="2017-09-07T23:42:24Z"/>
      <outcome value="8"/>
      <!--  Serious (500) failure  -->
      <outcomeDesc value="Invalid request to create an Operation resource on the Patient endpoint."/>

      <agent>
              <type>
                      <coding>
                              <system value="http://terminology.hl7.org/CodeSystem/extra-security-role-type"/>
                              <code value="humanuser"/>
                              <display value="human user"/>
                      </coding>
              </type> 

              <who>
                      <identifier>
                              <value value="95"/>
                      </identifier>
              </who>
              <altId value="601847123"/>
              <name value="Grahame Grieve"/>
              <requestor value="true"/>
      </agent>
      <agent>
              <!--  Source active participant, the software making the . AlternativeUserId - Process ID  --> 
              <type>
                      <coding>
                              <system value="http://dicom.nema.org/resources/ontology/DCM"/>
                              <code value="110153"/>
                              <display value="Source Role ID"/>
                      </coding>
              </type> 
              <who>
      <identifier>
              <system value="urn:oid:2.16.840.1.113883.4.2"/> 
              <value value="2.16.840.1.113883.4.2"/> 
      </identifier>

</who>

        <altId value="6580"/> 
        <requestor value="false"/> 
        <network>
                <address value="Workstation1.ehr.familyclinic.com"/>
                <type value="1"/>
        </network> 
</agent>
<source>
        <site value="Cloud"/>
        <observer>
                <identifier>
                        <value value="hl7connect.healthintersections.com.au"/>
                </identifier>
        </observer>
        <type>
                <system value="http://terminology.hl7.org/CodeSystem/security-source-type"/>
                <code value="3"/>
                <display value="Web Server"/>
        </type>
</source>
<entity>
        <!--  record the original transaction parameters  -->
        <type>
                <system value="http://terminology.hl7.org/CodeSystem/audit-entity-type"/>
                <code value="2"/>
                <display value="System Object"/>
        </type>
        <detail>
                <type value="requested transaction"/>
                <valueString value="http POST ..... "/>
                <!--  or better to have a pointer to the propritary log files from the API gateway or web server  -->
        </detail>
</entity>
<entity>
        <!--  record the OperationOutcome returned to the client  -->
        <what>
                <reference value="#o1"/>
        </what>
        <type>
                <system value="http://hl7.org/fhir/resource-types"/>
                <code value="OperationOutcome"/>
                <display value="OperationOutcome"/>
        </type>
        <description value="transaction failed"/>
</entity>

</AuditEvent>