is intended for managers or other
members with investigation privileges. Instructions for individuals with
reviewer privileges are outlined in the Reviewer Guide.
Get to the Investigation page at any
time by clicking the crosshair icon. Through the Investigation page, you can create
investigations, add supporting documentation, route investigations to reviewers, and track reviewer comments through incident
can be created from the Search
results page, the Full Access page
(click on “i” icon), or from the Investigation
page (click on the crosshair icon).
Create an Investigation
from the Search results page
To create an investigation, select the event(s)
you would like to include.
Then click on the Select an Access drop
box and click Investigate Access. If you would like to include ALL, click the
top check box on the title bar.
Note: The same process is used if you would like to
select one or multiple accesses to Mark as Appropriate. Just choose the Mark Access Appropriate
option from the drop-down box.
3. When clicking Investigate Access, you will
receive a pop-up box allowing you to either Create a New Investigation or to Add selected events to an
clicking Investigate Access, you will receive a pop-up box allowing you to
either Create a New Investigation or to Add selected events to an Existing Investigation.
We recommend organizations use a consistent naming convention for
investigations. This keeps lists organized so you can easily retrieve
investigation records. The system never sends investigation titles via e-mail,
only investigation ID numbers, to ensure protected health information (PHI)
Create an Investigation
from Full Info Page
1. To create an investigation, click the crosshair icon next to the access from Search results.
2. This will take you to
the View Full Access page, where you
can review the access, then click the red
Investigate button at the top of the page. (See
Search Guide for help.)
This method is best for investigations that may or may not involve
access events (e.g. stolen laptop).
However, as with all investigation creation methods, access events can
be added later by
Add Investigation Details
When you create a new investigation, you are taken to the Investigation Details page to provide more information. Add details that may be helpful (or are required by law). This page includes details designed to meet Health and Human Services (HHS) Breach Notification requirements. Add or remove accesses from the investigation using the green and red buttons.
At the top of the Investigation Details page the Investigation will be assigned a unique number and will display the owner of the investigation.
Note: When Reviewers are added to an investigation, they will be displayed at the top of the Investigation page as well. In addition, ownership of the investigation can be changed by clicking on the pencil to the right of the owner.
1. 2. Investigation Status – This field is defaulted to Open; however, the status can be changed by clicking on the drop-down and selecting a new status.
NOTE: The following fields allow for drop-down selection customization. To modify these, click on your email address located at the top right corner of the EBAS application. Go to Admin / Settings, then click on Investigation Fields.
(Status, Investigation Type, Tags and Corrective Actions)
Individuals Affected – This field is
defaulted to “1”; however, once the number of individuals affected is determined,
updates can be made by entering the appropriate number or by utilizing the
Type - This field is empty as a default.
Click on the drop-down box and select the appropriate type.
– provide the ability to “tag” and then search for specific information
pertaining to investigations.
Date of Discovery – This field is automatically populated with the investigation creation date/time and is used along with the reporting days to calculate the Reporting Due date. This may not be the actual date you discovered an incident if it is early in the investigation. It is important to make sure the date reflects actual date of discovery, as that is the date state/federal reporting requirements are based off. To update, click on the Date of Discovery field and select the appropriate date from the calendar or enter the correct date.
Reporting Days – The top line (black boxes), reflect default days to report for each category. The default values can be set in Settings / Investigation Settings. They are also adjustable within each investigation. To update within an investigation, click in the field, enter a new date, clear a date completely, or update using the up/down arrows. This field will auto-calculate the Reporting Due field, utilizing the Date of Discovery date.
Reporting Due – The reporting due dates (if applicable) are
reflected in red. This date is
auto-calculated. To modify, you must
change the appropriate reporting days (black boxes).
7. Access Information
When access event(s) are added to an investigation, they are displayed in the Access Information section. Additional events can be added via the “Add to Existing Investigations” functionality or manually by clicking on the Add New Record button.
Access events can also be removed from an investigation by selecting the check box to the left of the event and clicking on Remove Accesses from Investigation.
9. Save – Click Save before moving to other pages (Additional Documentation, Manage Reviewers, Files, Investigation Change Log).
Use the toolbar at the top of the page to add Additional Documentation to an investigation, including other files.
Click the Breach Risk Assessment Doc link to download a template that you can customize for your organization.
Use the toolbar within investigations to Manage Reviewers. Only users with appropriate privileges can add reviewers to an investigation. Added reviewers can only view open investigations they are invited to, and only see information provided on the Manage Reviewers page.
(See Account Management
guide to adjust user privileges.)
Each investigation can have several reviewers, who can all add comments and files. Reviewer comments are listed chronologically on the Manage Reviewers tab. Click “i” to see Reviewer Comments. Click the pen icon to choose optional expiration dates for each reviewer. Reviewer comments are also searchable.
A list of all files accessible to reviewers is at the bottom of the Manage Reviewers page. This includes files uploaded by reviewers and files you upload and designate as Show to Reviewers. Upload files using the Files tab at the top of the page.
The Investigation Change Log page serves as an audit trail of changes to investigation documentation. Each change made by a user is included as a Privacy Investigation Update. Most recent updates are listed first.
Owners are also notified via e-mail any time an investigation is updated. E-mails specify the user who made the updates.
Use the investigation home page to see who is currently reviewing an investigation. The Check and Minus icons under Owner and Reviewer Information help you track reviewer activity.
Investigation Detail Page Diagram