In-Depth Step-by-Step Guide Creating Investigations

In-Depth Step-by-Step Guide Creating Investigations

This guide is intended for managers or other members with investigation privileges. Instructions for individuals with reviewer privileges are outlined in the Reviewer Guide.

Get to the Investigation page at any time by clicking the crosshair icon. Through the Investigation page, you can create investigations, add supporting documentation, route investigations to reviewers, and track reviewer comments through incident resolution.

Investigations can be created from the Search results page, the Full Access page (click on “i” icon), or from the Investigation page (click on the crosshair icon).

Create an Investigation from the Search results page

1.     To create an investigation, select the event(s) you would like to include. 

2.     Then click on the Select an Access drop box and click Investigate Access.  If you would like to include ALL, click the top check box on the title bar. 

Note:  The same process is used if you would like to select one or multiple accesses to Mark as Appropriate.  Just choose the Mark Access Appropriate option from the drop-down box.

3.      When clicking Investigate Access, you will receive a pop-up box allowing you to either Create a New Investigation or to Add selected events to an Existing Investigation.

4.     When clicking Investigate Access, you will receive a pop-up box allowing you to either Create a New Investigation or to Add selected events to an Existing Investigation.

5.     To Create a New Investigation, enter an Investigation Title and click Submit.
6.     To Add to an Existing Investigation, click on the drop-down box, select the investigation you would like to add the event(s) to and click Submit.

Investigation Titles

We recommend organizations use a consistent naming convention for investigations. This keeps lists organized so you can easily retrieve investigation records. The system never sends investigation titles via e-mail, only investigation ID numbers, to ensure protected health information (PHI) security. 

   Create an Investigation from Full Info Page

1.      To create an investigation, click the crosshair icon next to the access from Search results.

                        2.    This will take you to the View Full Access page, where you can review the access, then click the red Investigate button at the top of the page. (See Search Guide for help.)

                         Note:  This method is best for investigations that may or may not involve access events (e.g. stolen laptop).  However, as with all investigation creation methods, access events can be added later by

                         using the Add to an Existing Investigation option. 

                  3.    The Investigation Details page is opened.

   Add Investigation Details

When you create a new investigation, you are taken to the Investigation Details page to provide more information. Add details that may be helpful (or are required by law). This page includes details designed to meet Health and Human Services (HHS) Breach Notification requirements. Add or remove accesses from the investigation using the green and red buttons.

At the top of the Investigation Details page the Investigation will be assigned a unique number and will display the owner of the investigation.

Note:  When Reviewers are added to an investigation, they will be displayed at the top of the Investigation page as well.  In addition, ownership of the investigation can be changed by clicking on the pencil to the right of the owner.  

             1. Enter Investigation Title


1.                       2.      Investigation Status – This field is defaulted to Open; however, the status can be changed by clicking on the drop-down and selecting a new status. 

NOTE:  The following fields allow for drop-down selection customization.  To modify these, click on your email address located at the top right corner of the EBAS application.  Go to Admin / Settings, then click on Investigation Fields.

(Status, Investigation Type, Tags and Corrective Actions)

3.     Individuals Affected – This field is defaulted to “1”; however, once the number of individuals affected is determined, updates can be made by entering the appropriate number or by utilizing the up/down arrows.

4.     Investigation Type - This field is empty as a default.  Click on the drop-down box and select the appropriate type. 

5.     Tags – provide the ability to “tag” and then search for specific information pertaining to investigations. 

6.      Reporting

Date of Discovery – This field is automatically populated with the investigation creation date/time and is used along with the reporting days to calculate the Reporting Due date.  This may not be the actual date you discovered an incident if it is early in the investigation.  It is important to make sure the date reflects actual date of discovery, as that is the date state/federal reporting requirements are based off.  To update, click on the Date of Discovery field and select the appropriate date from the calendar or enter the correct date.

Reporting Days – The top line (black boxes), reflect default days to report for each category.  The default values can be set in Settings / Investigation Settings.  They are also adjustable within each investigation.  To update within an investigation, click in the field, enter a new date, clear a date completely, or update using the up/down arrows.  This field will auto-calculate the Reporting Due field, utilizing the Date of Discovery date.

Reporting Due – The reporting due dates (if applicable) are reflected in red.  This date is auto-calculated.  To modify, you must change the appropriate reporting days (black boxes).

             Reported On – The bottom line (green boxes).  When reporting is complete, enter the date reported in the appropriate box. 

7.      Access Information

When access event(s) are added to an investigation, they are displayed in the Access Information section.  Additional events can be added via the “Add to Existing Investigations” functionality or manually by clicking on the Add New Record button.  

Access events can also be removed from an investigation by selecting the check box to the left of the event and clicking on Remove Accesses from Investigation.

8.     Health and Human Services (HHS) Breach Notification requirements and Internal Corrective Actions. 

The Department of Health and Human Services (HHS) reporting requirements are reflected in the bottom section of the Investigation Details page.  Information submitted to HHS can also be reflected in your internal documentation.  In addition to HHS reporting, organizations can user specific corrective actions in this section.

                      9. Save – Click Save before moving to other pages (Additional Documentation, Manage Reviewers, Files, Investigation Change Log).

            Use the toolbar at the top of the page to add Additional Documentation to an investigation, including other files.

            Click the Breach Risk Assessment Doc link to download a template that you can customize for your organization.

Add Reviewers

Use the toolbar within investigations to Manage Reviewers. Only users with appropriate privileges can add reviewers to an investigation. Added reviewers can only view open investigations they are invited to, and only see information provided on the Manage Reviewers page.

(See Account Management guide to adjust user privileges.)


Each investigation can have several reviewers, who can all add comments and files. Reviewer comments are listed chronologically on the Manage Reviewers tab. Click “i” to see Reviewer Comments. Click the pen icon to choose optional expiration dates for each reviewer. Reviewer comments are also searchable.

            A list of all files accessible to reviewers is at the bottom of the Manage Reviewers page. This includes files uploaded by reviewers and files you upload and designate as Show to Reviewers.                        Upload files using the Files tab at the top of the page.


Track Investigations

The Investigation Change Log page serves as an audit trail of changes to investigation documentation. Each change made by a user is included as a Privacy Investigation Update. Most recent updates are listed first.

Owners are also notified via e-mail any time an investigation is updated. E-mails specify the user who made the updates.

Use the investigation home page to see who is currently reviewing an investigation. The  Check and Minus icons under Owner and Reviewer Information help you track reviewer activity.

            Investigation Detail Page Diagram

    • Related Articles

    • In-Depth Reviewers Guide

      You may have been invited to serve as a Reviewer for an electronic medical record (EMR)-related investigation. This guide will show you how to navigate the software to assist in the investigation. Organizations often request help from reviewers to ...
    • Quick Guide: Investigation and Reviewer

      Click here for a video tutorial on Investigations               You can create an investigation from Full Access page. To begin an investigation, click the red Investigate button at the top of the page.               To add multiple access events to ...
    • In-Depth Executive Reporting Guide

      The Reporting and Analytics option includes several features to analyze and display data. Access this option by clicking the graph icon. You can create custom reports summarizing data by clicking the Executive Reporting tab. This guide covers how to ...
    • In-Depth Account Management Guide

      The Explanation Based Auditing System (EBAS) integrates with your existing organizational structure. EBAS users are assigned to organizations, arranged in a tree structure broken down by regions and locations. Managers assign users to specific ...
    • Adding Custom Investigation Tags, Statuses, Types, and Corrective Actions.

      The EBAS tool has the option to add custom statuses, types, corrective actions, and tags to Investigations. Follow the below steps to do so:  First, click on your user name to show the drop-down menu choose "Settings".  Next click on "Investigation ...