The FHIR R4 Provenance resource tracks the origin, authorship, and transmission of clinical data. It identifies the agents, systems, and source documents involved in creating or importing a given resource. Health Gorilla automatically generates Provenance records for key clinical data to support data lineage, audit trails, and trustworthiness assessments.
Use Cases
- Audit who created or imported a clinical record
- Identify the source system or provider organization that authored a result
- Investigate how a resource was derived or transmitted into the system
Base URLs
- Production: https://api.healthgorilla.com/fhir/R4/Provenance
- Sandbox: https://sandbox.healthgorilla.com/fhir/R4/Provenance
Authentication
All requests require OAuth 2.0 authentication using a Bearer Token. Unauthorized requests return 401 Unauthorized responses.
Required Scopes
provenance.readfor GET
For more information, go to: OAuth 2.0 Authentication.
Supported Methods
Provenance Methods
| Method | Operation | Description |
|---|---|---|
GET | Read Provenance | Retrieves a specific Provenance record by its FHIR ID. |
GET | Search Provenance | Searches for Provenance records referencing a target resource or patient. |
Note:
POST,PUT, andDELETEare not supported. Provenance is system-managed.
Frequently Used Search Parameters
| Parameter | Description | FHIR Value Set / Example Values | FHIR Data Type | Required |
|---|---|---|---|---|
target | Filters by the resource the provenance refers to | Observation/{id}, DocumentReference/{id} | Reference | Yes (recommended) |
patient | Filters by the patient related to the target resource | Patient/{id} | Reference | No |
recorded | Filters by the timestamp the provenance was recorded | ge2023-01-01 | date | No |
agent | Filters by the actor responsible for the activity | Practitioner/{id}, Organization/{id} | Reference | No |
_id | Filters by the Provenance FHIR resource ID | Provenance/{id} | token | No |
Commonly Returned Resource Attributes
| Attribute | Description | Example Values | FHIR Data Type | Required |
|---|---|---|---|---|
id | Unique FHIR ID for the Provenance record | prov-123456 | id | Yes |
target | Resources the provenance applies to | Observation/{id}, DocumentReference/{id} | Reference[] | Yes |
recorded | Timestamp when the activity was recorded | 2024-01-05T14:22:01Z | instant | Yes |
agent | Actor(s) responsible for the activity | Practitioner, Organization, or system ID | Provenance.Agent[] | Yes |
agent.type | Type of participant in the event | performer | CodeableConcept | No |
agent.who | Reference to the agent (person or system) | Practitioner/{id} | Reference | Yes |
entity | Source data or resource used to construct the target | DocumentReference/{id}, Observation/{id} | Provenance.Entity[] | No |
entity.role | Role of the entity in the provenance event | source, derivation | code | No |
signature | Digital signature for validation (if present) | base64-encoded digital signature | Signature[] | No |
Linked Resource Types
Health Gorilla automatically creates Provenance records for the following resource types:
- AllergyIntolerance
- CarePlan
- Condition
- DeviceUseStatement
- DiagnosticReport
- Encounter
- FamilyMemberHistory
- Goal
- Immunization
- MedicationRequest
- MedicationDispense
- NutritionOrder
- Observation (vitals, functional, social history)
- Procedure
- DocumentReference
Webhooks
Provenance resources are not directly pushed via webhooks, but may be referenced in webhook-triggering payloads (e.g., DocumentReference, Observation, DiagnosticReport).
For more information, go to: Webhooks & Polling.
Error Handling
All Provenance operations follow standard Health Gorilla error handling, including use of FHIR OperationOutcome for structured error responses.
For more information, go to: Error Handling.