<?xml version=“1.0” encoding=“UTF-8”?> <AuditEvent xmlns=“hl7.org/fhir”>

      <id value="example-disclosure"/>
      <meta>
  <security>
    <system value="http://terminology.hl7.org/CodeSystem/v3-ActReason"/>
    <code value="HTEST"/>
    <display value="test health data"/>
  </security>
</meta>

      <type>
              <system value="http://dicom.nema.org/resources/ontology/DCM"/>
              <code value="110106"/>
              <display value="Export"/>
      </type>
      <subtype>
              <code value="Disclosure"/>
              <display value="HIPAA disclosure"/>
      </subtype>
      <action value="R"/>
      <recorded value="2013-09-22T00:08:00Z"/>
      <outcome value="0"/>
      <outcomeDesc value="Successful  Disclosure"/>
      <purposeOfEvent>
              <coding>
                      <system value="http://terminology.hl7.org/CodeSystem/v3-ActReason"/>
                      <code value="HMARKT"/>
                      <display value="healthcare marketing"/>
              </coding>
      </purposeOfEvent>

      <agent>
              <!--  who disclosed the data  -->
              <type>
                      <coding>
                              <system value="http://dicom.nema.org/resources/ontology/DCM"/>
                              <code value="110153"/>
                              <display value="Source Role ID"/>
                      </coding>
              </type>
              <who>
                      <identifier>
                              <value value="SomeIdiot@nowhere"/>
                      </identifier>
              </who>
              <altId value="notMe"/>
              <name value="That guy everyone wishes would be caught"/>
              <requestor value="true"/>
              <location>
                      <reference value="Location/1"/>
              </location>
              <policy value="http://consent.com/yes"/>
              <network>
                      <address value="custodian.net"/>
                      <type value="1"/>
              </network>
      </agent>
      <agent>
              <!--  who received the data  -->
              <type>
                      <coding>
                              <system value="http://dicom.nema.org/resources/ontology/DCM"/>
                              <code value="110152"/>
                              <display value="Destination Role ID"/>
                      </coding>
              </type>
              <who>
                      <reference value="Practitioner/example"/>
                      <display value="Where"/>
              </who>
              <requestor value="false"/>
              <network>
                      <address value="marketing.land"/>
                      <type value="1"/>
              </network>
              <purposeOfUse>
                      <coding>
                              <system value="http://terminology.hl7.org/CodeSystem/v3-ActReason"/>
                              <code value="HMARKT"/>
                              <display value="healthcare marketing"/>
                      </coding>
              </purposeOfUse>
      </agent>
      <source>
              <!--  what system detected this disclosure  -->
              <site value="Watcher"/>
              <observer>
                      <display value="Watchers Accounting of Disclosures Application"/>
              </observer>
              <type>
                      <system value="http://terminology.hl7.org/CodeSystem/security-source-type"/>
                      <code value="4"/>
                      <display value="Application Server"/>
              </type>
      </source>
      <entity>
              <!--  patient whos data got disclosed  -->
              <what>
                      <reference value="Patient/example"/>
              </what>
              <type>
                      <system value="http://terminology.hl7.org/CodeSystem/audit-entity-type"/>
                      <code value="1"/>
                      <display value="Person"/>
              </type>
              <role>
                      <system value="http://terminology.hl7.org/CodeSystem/object-role"/>
                      <code value="1"/>
                      <display value="Patient"/>
              </role>
      </entity>
      <entity>
              <!--  data that got disclosed  -->
              <what>
                      <reference value="Patient/example/_history/1"/>
                      <identifier>
                              <value value="What.id"/>
                      </identifier>
              </what>
              <type>
                      <system value="http://terminology.hl7.org/CodeSystem/audit-entity-type"/>
                      <code value="2"/>
                      <display value="System Object"/>
              </type>
              <role>
                      <system value="http://terminology.hl7.org/CodeSystem/object-role"/>
                      <code value="4"/>
                      <display value="Domain Resource"/>
              </role>
              <lifecycle>
                      <system value="http://terminology.hl7.org/CodeSystem/dicom-audit-lifecycle"/>
                      <code value="11"/>
                      <display value="Disclosure"/>
              </lifecycle>
              <securityLabel>
                      <system value="http://terminology.hl7.org/CodeSystem/v3-Confidentiality"/>
                      <code value="V"/>
                      <display value="very restricted"/>
              </securityLabel>
              <securityLabel>
                      <system value="http://terminology.hl7.org/CodeSystem/v3-ActCode"/>
                      <code value="STD"/>
                      <display value="sexually transmitted disease information sensitivity"/>
              </securityLabel>
              <securityLabel>
                      <system value="http://terminology.hl7.org/CodeSystem/v3-ActCode"/>
                      <code value="DELAU"/>
                      <display value="delete after use"/>
              </securityLabel>
              <name value="Namne of What"/>
              <description value="data about Everthing important"/>
      </entity>

</AuditEvent>