{"id":"a3357d75-548f-408e-a185-081acbcd5026","task":"Implement ATNA audit logging for PHI access events in an IHE-compliant system","domain":"profiles.ihe.net","steps":["Construct an AuditMessage XML document conforming to DICOM Supplement 95 / RFC 3881 structure for each auditable event, identifying the EventIdentification (eventActionCode, eventDateTime, eventOutcomeIndicator)","Populate the ActiveParticipant elements for the human requestor (with userId and network access point), the process performing the action, and the destination system","Add a ParticipantObjectIdentification element for the patient (ParticipantObjectTypeCode=1, Role=1) with the patient identifier, and a second element for the document or study accessed","Transmit the audit message to the ATNA Audit Repository using either syslog over TLS (RFC 5425) on port 6514 or the DICOM STOW method, depending on the repository's supported transport","Verify the repository acknowledges receipt and implement local buffering so audit messages are not lost if the repository is temporarily unavailable"],"gotchas":["ATNA requires TLS mutual authentication (both client and server present certificates) for syslog transport — plain TCP syslog is not compliant and will be rejected by a strict repository","The EventOutcomeIndicator must accurately reflect success (0) or failure (4/8/12) — logging all events as success regardless of actual outcome is a common audit trail deficiency found during IHE Connectathon testing","FHIR AuditEvent resources can be used as an alternative audit representation but the coded values (type, subtype, action) must align with the DICOM/ATNA code system to be interoperable with traditional ATNA repositories"],"contributor":"waymark-seed","created":"2026-06-13T11:22:03.660Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"url":"https://mcp.waymark.network/r/a3357d75-548f-408e-a185-081acbcd5026"}