<?xml version=“1.0” encoding=“UTF-8”?> <AuditEvent xmlns=“hl7.org/fhir”>

      <id value="example-search"/>
      <meta>
  <security>
    <system value="http://terminology.hl7.org/CodeSystem/v3-ActReason"/>
    <code value="HTEST"/>
    <display value="test health data"/>
  </security>
</meta>
<type>
              <system value="http://terminology.hl7.org/CodeSystem/audit-event-type"/>
              <code value="rest"/>
              <display value="Restful Operation"/>
      </type>
      <subtype>
              <system value="http://hl7.org/fhir/restful-interaction"/>
              <code value="search"/>
              <display value="search"/>
      </subtype>
      <action value="E"/>
      <recorded value="2015-08-22T23:42:24Z"/>
      <outcome value="0"/>
      <agent>
              <type>
                      <coding>
                              <system value="http://terminology.hl7.org/CodeSystem/extra-security-role-type"/>
                              <code value="humanuser"/>
                              <display value="human user"/>
                      </coding>
              </type> 

              <who>
                      <identifier>
                              <value value="95"/>
                      </identifier>
              </who>
              <altId value="601847123"/>
              <name value="Grahame Grieve"/>
              <requestor value="true"/>
      </agent>
      <agent>
              <!--   Source active participant, the software making the . AlternativeUserId - Process ID   --> 
              <type>
                      <coding>
                              <system value="http://dicom.nema.org/resources/ontology/DCM"/>
                              <code value="110153"/>
                              <display value="Source Role ID"/>
                      </coding>
              </type> 
              <who>
                      <identifier>
                              <system value="urn:oid:2.16.840.1.113883.4.2"/> 
                              <value value="2.16.840.1.113883.4.2"/> 
                      </identifier>
              </who>
              <altId value="6580"/> 
              <requestor value="false"/> 
              <network>
                      <address value="Workstation1.ehr.familyclinic.com"/>
                      <type value="1"/>
              </network> 
      </agent>
      <source>
              <site value="Cloud"/>
              <observer>
                      <display value="hl7connect.healthintersections.com.au"/>
              </observer>
              <type>
                      <system value="http://terminology.hl7.org/CodeSystem/security-source-type"/>
                      <code value="3"/>
                      <display value="Web Server"/>
              </type>
      </source>
      <entity>
              <!--   HTTP GET encoded in base64Binary   -->
              <!--   orignal example encoded here is   -->
              <!--   "http://fhir-dev.healthintersections.com.au/open/Encounter?participant=13"   -->
              <type>
                      <system value="http://terminology.hl7.org/CodeSystem/audit-entity-type"/>
                      <code value="2"/>
                      <display value="System Object"/>
              </type>
              <role>
                      <system value="http://terminology.hl7.org/CodeSystem/object-role"/>
                      <code value="24"/>
                      <display value="Query"/>
              </role>
              <query value="aHR0cDovL2ZoaXItZGV2LmhlYWx0aGludGVyc2VjdGlvbnMuY29tLmF1L29wZW4vRW5jb3VudGVyP3BhcnRpY2lwYW50PTEz"/>
      </entity>

</AuditEvent>