The FHIR R4 Provenance
resource tracks the origin, authorship, and transmission of clinical data. It identifies the agents, systems, and source documents involved in creating or importing a given resource. Health Gorilla automatically generates Provenance
records for key clinical data to support data lineage, audit trails, and trustworthiness assessments.
Use Cases
- Audit who created or imported a clinical record
- Identify the source system or provider organization that authored a result
- Investigate how a resource was derived or transmitted into the system
Base URLs
- Production: https://api.healthgorilla.com/fhir/R4/Provenance
- Sandbox: https://sandbox.healthgorilla.com/fhir/R4/Provenance
Authentication
All requests require OAuth 2.0 authentication using a Bearer Token. Unauthorized requests return 401 Unauthorized
responses.
Required Scopes
provenance.read
for GET
For more information, go to: OAuth 2.0 Authentication.
Supported Methods
Provenance Methods
Method | Operation | Description |
---|---|---|
GET | Read Provenance | Retrieves a specific Provenance record by its FHIR ID. |
GET | Search Provenance | Searches for Provenance records referencing a target resource or patient. |
Note:
POST
,PUT
, andDELETE
are not supported. Provenance is system-managed.
Frequently Used Search Parameters
Parameter | Description | FHIR Value Set / Example Values | FHIR Data Type | Required |
---|---|---|---|---|
target | Filters by the resource the provenance refers to | Observation/{id} , DocumentReference/{id} | Reference | Yes (recommended) |
patient | Filters by the patient related to the target resource | Patient/{id} | Reference | No |
recorded | Filters by the timestamp the provenance was recorded | ge2023-01-01 | date | No |
agent | Filters by the actor responsible for the activity | Practitioner/{id} , Organization/{id} | Reference | No |
_id | Filters by the Provenance FHIR resource ID | Provenance/{id} | token | No |
Commonly Returned Resource Attributes
Attribute | Description | Example Values | FHIR Data Type | Required |
---|---|---|---|---|
id | Unique FHIR ID for the Provenance record | prov-123456 | id | Yes |
target | Resources the provenance applies to | Observation/{id} , DocumentReference/{id} | Reference[] | Yes |
recorded | Timestamp when the activity was recorded | 2024-01-05T14:22:01Z | instant | Yes |
agent | Actor(s) responsible for the activity | Practitioner , Organization , or system ID | Provenance.Agent[] | Yes |
agent.type | Type of participant in the event | performer | CodeableConcept | No |
agent.who | Reference to the agent (person or system) | Practitioner/{id} | Reference | Yes |
entity | Source data or resource used to construct the target | DocumentReference/{id} , Observation/{id} | Provenance.Entity[] | No |
entity.role | Role of the entity in the provenance event | source , derivation | code | No |
signature | Digital signature for validation (if present) | base64-encoded digital signature | Signature[] | No |
Linked Resource Types
Health Gorilla automatically creates Provenance
records for the following resource types:
- AllergyIntolerance
- CarePlan
- Condition
- DeviceUseStatement
- DiagnosticReport
- Encounter
- FamilyMemberHistory
- Goal
- Immunization
- MedicationRequest
- MedicationDispense
- NutritionOrder
- Observation (vitals, functional, social history)
- Procedure
- DocumentReference
Webhooks
Provenance
resources are not directly pushed via webhooks, but may be referenced in webhook-triggering payloads (e.g., DocumentReference
, Observation
, DiagnosticReport
).
For more information, go to: Webhooks & Polling.
Error Handling
All Provenance
operations follow standard Health Gorilla error handling, including use of FHIR OperationOutcome
for structured error responses.
For more information, go to: Error Handling.