| type | Yes | Coding | Type/identifier of event |
| subtype | No | Coding[] | More specific type/id for the event |
| action | No | code | Type of action performed during the event |
| period | No | Period | When the activity occurred |
| recorded | Yes | instant | Time when the event was recorded |
| outcome | No | code | Whether the event succeeded or failed |
| outcomeDesc | No | string | Description of the event outcome |
| purposeOfEvent | No | CodeableConcept[] | The purposeOfUse of the event |
| agent | Yes | AuditEventAgent | Actor involved in the event |
| - id | No | string | Unique id for inter-element referencing |
| - extension | No | Extension[] | Additional content defined by implementations |
| - modifierExtension | No | Extension[] | Extensions that cannot be ignored even if unrecognized |
| - type | No | CodeableConcept | How agent participated |
| - role | No | CodeableConcept[] | Agent role in the event |
| - who | No | Reference<PractitionerRole / Practitioner / Organization / Device / Patient / RelatedPerson> | Identifier of who |
| - altId | No | string | Alternative User identity |
| - name | No | string | Human friendly name for the agent |
| - requestor | Yes | boolean | Whether user is initiator |
| - location | No | Reference<Location> | Where |
| - policy | No | uri[] | Policy that authorized event |
| - media | No | Coding | Type of media |
| - network | No | AuditEventAgentNetwork | Logical network location for application activity |
| - id | No | string | Unique id for inter-element referencing |
| - extension | No | Extension[] | Additional content defined by implementations |
| - modifierExtension | No | Extension[] | Extensions that cannot be ignored even if unrecognized |
| - address | No | string | Identifier for the network access point of the user device |
| - type | No | code | The type of network access point |
| - purposeOfUse | No | CodeableConcept[] | Reason given for this user |
| source | Yes | AuditEventSource | Audit Event Reporter |
| - id | No | string | Unique id for inter-element referencing |
| - extension | No | Extension[] | Additional content defined by implementations |
| - modifierExtension | No | Extension[] | Extensions that cannot be ignored even if unrecognized |
| - site | No | string | Logical source location within the enterprise |
| - observer | Yes | Reference<PractitionerRole / Practitioner / Organization / Device / Patient / RelatedPerson> | The identity of source detecting the event |
| - type | No | Coding[] | The type of source where event originated |
| entity | No | AuditEventEntity | Data or objects used |
| - id | No | string | Unique id for inter-element referencing |
| - extension | No | Extension[] | Additional content defined by implementations |
| - modifierExtension | No | Extension[] | Extensions that cannot be ignored even if unrecognized |
| - what | No | Reference<Resource> | Specific instance of resource |
| - type | No | Coding | Type of entity involved |
| - role | No | Coding | What role the entity played |
| - lifecycle | No | Coding | Life-cycle stage for the entity |
| - securityLabel | No | Coding[] | Security labels on the entity |
| - name | No | string | Descriptor for entity |
| - description | No | string | Descriptive text |
| - query | No | base64Binary | Query parameters |
| - detail | No | AuditEventEntityDetail | Additional Information about the entity |
| - id | No | string | Unique id for inter-element referencing |
| - extension | No | Extension[] | Additional content defined by implementations |
| - modifierExtension | No | Extension[] | Extensions that cannot be ignored even if unrecognized |
| - type | Yes | string | Name of the property |
| - value[x] | Yes | string, base64Binary | Property value |
