You have been assigned to investigate whether or not an emp…

You have been assigned to investigate whether or not an employee at a local hospital has been accessing patient records and selling information to online pharmacies. It is your first day of the investigation. Put together a list of data sources that must be examined during the investigation.

Answer

Title: Examining Data Sources in Investigating Suspected Unauthorized Access and Sale of Patient Records in a Hospital Setting

Introduction:
The illicit access and sale of patient records pose significant risks to healthcare institutions and patients alike. In order to conduct a thorough investigation, it is imperative to identify and examine pertinent data sources. This task aims to compile a comprehensive list of data sources that must be scrutinized during the investigation of an employee suspected of illegally accessing and selling patient information to online pharmacies at a local hospital.

Methods:
By employing a combination of technical, legal, and operational approaches, the list of data sources can be classified into four main categories: electronic health records (EHRs), access logs, communication records, and financial data. Each category will be further explored to provide a more in-depth understanding of the data sources that need to be examined.

Electronic Health Records (EHRs):
1. Patient demographics and medical history: This includes personal and medical information stored in the EHR system, such as demographic details, diagnoses, medications, and past medical procedures.
2. Prescription and medication records: This involves reviewing electronic prescriptions and medication administration records to identify any irregularities or suspicious patterns.
3. Lab and diagnostic results: Examination of lab results, radiology reports, and other diagnostic tests can help identify any correlation between the employee’s activities and abnormal ordering patterns.
4. Patient referrals and consultations: Investigating patient referrals and consultations in the EHR system can reveal any unauthorized access or communication between the employee and external parties.

Access Logs:
1. User access logs: Analyzing the records of user access to the EHR system can help ascertain whether the employee has accessed patient data beyond the ordinary scope of their responsibilities.
2. Privileged account activity logs: Reviewing privileged accounts, including IT administrators and system administrators, can uncover any suspicious activities leading to the unauthorized access of patient records.
3. Physical access logs: Examining physical access logs, such as swipe card entries, can help determine whether the employee has gained unauthorized access to restricted areas where patient records are stored.

Communication Records:
1. Email communications: Evaluating the suspect’s email communications can provide insights into any correspondence related to sale arrangements, communications with online pharmacies, or inquiries about patient information.
2. Instant messaging/chat logs: Examining instant messaging or chat logs can uncover potential communication channels used by the employee to facilitate the illicit sale of patient data.
3. Telephone records: Analyzing phone call logs can reveal any contacts with online pharmacies or other suspicious communications involving the employee.

Financial Data:
1. Bank transactions and statements: Investigating financial records, including bank transactions and statements, can assist in identifying potential transactions involving the sale of patient data.
2. Online payment platforms: Scrutinizing the employee’s online payment accounts, such as PayPal or Venmo, can provide evidence of any financial transactions related to the illegal sale of patient records.

Conclusion:
The investigation into employee involvement in the unauthorized access and sale of patient records necessitates a thorough examination of various data sources. By compiling and analyzing data from electronic health records, access logs, communication records, and financial data, investigators can gather the necessary evidence to substantiate these allegations. The identification and examination of these key data sources provide a solid foundation for conducting a comprehensive investigation while ensuring the protection of patient privacy and healthcare institution security.