The FHIR R4 Provenance resource tracks the origin, authorship, and transmission of clinical data. It identifies the agents, systems, and source documents involved in creating or importing a given resource. Health Gorilla automatically generates Provenance records for key clinical data to support data lineage, audit trails, and trustworthiness assessments.

Use Cases

Audit who created or imported a clinical record
Identify the source system or provider organization that authored a result
Investigate how a resource was derived or transmitted into the system

Base URLs

Production: https://api.healthgorilla.com/fhir/R4/Provenance
Sandbox: https://sandbox.healthgorilla.com/fhir/R4/Provenance

Authentication

All requests require OAuth 2.0 authentication using a Bearer Token. Unauthorized requests return 401 Unauthorized responses.

Required Scopes

provenance.read for GET

For more information, go to: OAuth 2.0 Authentication.

Supported Methods

Provenance Methods

Method	Operation	Description
`GET`	Read Provenance	Retrieves a specific Provenance record by its FHIR ID.
`GET`	Search Provenance	Searches for Provenance records referencing a target resource or patient.

Note: POST, PUT, and DELETE are not supported. Provenance is system-managed.

Frequently Used Search Parameters

Parameter	Description	FHIR Value Set / Example Values	FHIR Data Type	Required
`target`	Filters by the resource the provenance refers to	`Observation/{id}`, `DocumentReference/{id}`	`Reference`	Yes (recommended)
`patient`	Filters by the patient related to the target resource	`Patient/{id}`	`Reference`	No
`recorded`	Filters by the timestamp the provenance was recorded	`ge2023-01-01`	`date`	No
`agent`	Filters by the actor responsible for the activity	`Practitioner/{id}`, `Organization/{id}`	`Reference`	No
`_id`	Filters by the Provenance FHIR resource ID	`Provenance/{id}`	`token`	No

Commonly Returned Resource Attributes

Attribute	Description	Example Values	FHIR Data Type	Required
`id`	Unique FHIR ID for the Provenance record	`prov-123456`	`id`	Yes
`target`	Resources the provenance applies to	`Observation/{id}`, `DocumentReference/{id}`	`Reference[]`	Yes
`recorded`	Timestamp when the activity was recorded	`2024-01-05T14:22:01Z`	`instant`	Yes
`agent`	Actor(s) responsible for the activity	`Practitioner`, `Organization`, or `system ID`	`Provenance.Agent[]`	Yes
`agent.type`	Type of participant in the event	`performer`	`CodeableConcept`	No
`agent.who`	Reference to the agent (person or system)	`Practitioner/{id}`	`Reference`	Yes
`entity`	Source data or resource used to construct the target	`DocumentReference/{id}`, `Observation/{id}`	`Provenance.Entity[]`	No
`entity.role`	Role of the entity in the provenance event	`source`, `derivation`	`code`	No
`signature`	Digital signature for validation (if present)	base64-encoded digital signature	`Signature[]`	No

Linked Resource Types

Health Gorilla automatically creates Provenance records for the following resource types:

AllergyIntolerance
CarePlan
Condition
DeviceUseStatement
DiagnosticReport
Encounter
FamilyMemberHistory
Goal
Immunization
MedicationRequest
MedicationDispense
NutritionOrder
Observation (vitals, functional, social history)
Procedure
DocumentReference

Webhooks

Provenance resources are not directly pushed via webhooks, but may be referenced in webhook-triggering payloads (e.g., DocumentReference, Observation, DiagnosticReport).

For more information, go to: Webhooks & Polling.

Error Handling

All Provenance operations follow standard Health Gorilla error handling, including use of FHIR OperationOutcome for structured error responses.
For more information, go to: Error Handling.

Additional Resources

HL7 FHIR Provenance