EMR Audit Trails: Importance in winning medical malpractice cases
When we consider the labyrinth of Electronic Health Records (EHRs), the concept of an audit trail might not strike us as immediately significant—until we delve into the realm of medical malpractice. Here, audit trails transcend their basic function to become pivotal elements in the quest for truth, often determining the course of justice in malpractice litigation.
An audit trail in the context of EHRs is essentially a digital breadcrumb trail. It meticulously logs every interaction with a patient’s health record. This includes not just the modifications made to the record, but also who accessed it and when. This might sound straightforward, but the implications are profound, particularly when the accuracy of medical records comes under scrutiny in a court of law.
Firstly, audit trails provide a precise timeline of patient care events. Imagine a scenario where the sequence of medical actions is disputed in a lawsuit. Here, the audit trail acts as a chronological witness to the events, lending clarity to the proceedings and often becoming a cornerstone of the legal argument.
Moreover, the integrity of health records is paramount. Audit trails ensure this integrity by logging every transaction and access—like a vigilant guard that keeps a watchful eye on the sanctity of medical data. This feature is crucial because it allows for the detection of any alterations or deletions to the records, which could suggest attempts to cover up errors. It’s a feature that brings both transparency and accountability to the digital records.
The data from audit trails can either corroborate or contradict the testimonies of healthcare providers. In legal contexts, where testimonies can vary wildly in their accounts, the objective, unchangeable log of an audit trail provides a baseline of facts that can affirm or challenge these subjective narratives.
Additionally, audit trails help to identify all healthcare professionals who interacted with the patient’s records. This can be especially useful in complex cases involving multiple caregivers, where pinpointing responsibility is key. The detailed logs of access and modifications can precisely attribute actions to specific individuals at specific times.
Beyond the basics of logging views and edits, audit trails also record system alerts and order sets. System alerts in audit trails can indicate automated medical responses triggered by certain data inputs, which can be crucial in understanding how and why certain decisions were made. Order sets documented within audit logs detail the specific care protocols that were prescribed, offering insights into the standard of care administered.
However, despite their utility, audit trails are complex beasts. They require expert analysis to be effectively understood and utilized in legal contexts. This complexity often necessitates the involvement of specialized Electronic Medical Record (EMR) data experts who can decipher the technical logs and translate them into comprehensible evidence for the courtroom. Audit trails commonly include the object identifier that the action refers to. Production of EMR often fails to clearly include the object identifier in the patient’s medical chart, sometimes requiring additional production requests of EMR that clearly label the object identifier of the care note, in basket message, order entered, lab results reviewed, and other health care provider documents created, edited, approved, printed or viewed.
In conclusion, the role of audit trails in electronic health records is multifaceted and indispensable. They not only foster transparency and accountability in patient care but also serve as vital tools in the adjudication of medical malpractice cases. By providing a clear, unalterable record of medical interactions, audit trails help ensure that justice can be appropriately served, influenced by concrete evidence rather than mere conjecture. Thus, in the intricate dance of legal proceedings, audit trails offer a step towards clarity and fairness, proving or disproving claims with the weight of digital truth.
Lee Neubecker is the President and CEO of Enigma Forensics, Inc., a Chicago and Fort Lauderdale based Computer Forensics and Cyber Investigation consultancy. Neubecker assists Fortune 500 clients, government agencies, and private organizations with cyber-related investigations involving theft of electronic data, authentication of digital evidence, electronic medical records, fraud, counterfeiting, and online identity unmasking.
During 2016 and 2017, Neubecker assisted the U.S. Federal Government in discovering important security compromises including, the compromise of NIST.gov wildcard certificate (boudicca.nist.gov) using deprecated encryption (December 2016), compromise of time.gov NIST time servers (December 2016), compromise of NIST NSRL Hash Set download page (December 2016) and leaked email usernames and passwords from U.S. Intelligence Agency email account credentials onto public sandbox websites such as pastebin.com. (December 2016 and January 2017). Neubecker has a track record of uncovering Cyber Data Breaches and has performed investigations on the State and Federal Government Agency levels.
Neubecker’s has performed extensive research pertaining to hardware based vulnerabilities and exploits including, Serial Peripheral Interface – chip stored malware that has been impacting individuals, companies and government agencies in the wild following the leak of
Prior to founding Forensicon, Inc., Mr. Neubecker founded BuzzBolt Media, a web development and Search Engine Optimization consultancy which later became Forensicon, Inc. Before moving to Chicago in 2000, Mr. Neubecker led the online communities’ product
development and programming initiatives for the Lycos Network, a pioneering Web media model that included three Top 10 Web sites and was one of the most visited hubs on the Internet during Neubecker’s tenure. Neubecker was responsible for creating, launching and managing chat, instant messaging, message boards, and online games across the Lycos network. In this role, Mr. Neubecker led the company’s response to legal inquiries from law enforcement personnel and personally oversaw complicated international investigations involving transcontinental Cyber attacks against company servers and users.
Before joining Lycos and graduating with an MBA focused in technology, Mr. Neubecker launched and successfully managed Innovative Consulting, Inc., an information technology consulting company. Mr. Neubecker’s company deployed network management, contact management, sales automation and ERP solutions to small and mid-tier organizations. Prior to Innovative Consulting, Neubecker held operations and finance analyst positions with Ford Motor Company and Comerica Bank. Mr. Neubecker has experience in securities valuation and accounting from his position at Comerica Bank, where he served as a Trust Fund finance analyst. While serving at Ford Motor Company as an intern, Neubecker was integral in automating important processes and bringing financial forecasting methodologies online, resulting in more timely and accurate quarterly financial forecasts.
Mr. Neubecker graduated magna cum laude from Babson College with a Masters of Business Administration, focusing on Technology. Mr. Neubecker also holds an undergraduate degree in Finance, magna cum laude, from Eastern Michigan University.
NOTABLE CASES OF RECORD AS A COMPUTER FORENSICS EXPERT WITNESS
LESEAN DOBY v. ZIDAN MANAGEMENT GROUP, INC.
IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF ILLINOIS EASTERN DIVISION
Case No. 1:23-cv-16602
Provided affidavit regarding the analysis of a biometric fingerprint lock in support of the defendant as it relates to the Illinois Biometric Information Protection Act.
JAQUAN SHORTER v. ADVOCATE HEALTH AND HOSPITALS ) CORPORATION, ET. AL.
IN THE CIRCUIT COURT OF COOK COUNTY, ILLINOIS
COUNTY DEPARTMENT, LAW DIVISION
Case No. 2023L012024
Filed affidavit regarding user authentication to the defendant’s Electronic Medical Record system and the origins of the logon activities when accessing the patient’s health provider’s EMR system.
EUGENE EVANS v. CORRECTHEALTH CLAYTON, LLC and PAMELA BLAHA, LPN
IN THE SUPERIOR COURT OF FULTON COUNTY STATE OF GEORGIA, Case No. 2023CV379078
Filed affidavit regarding electronic medical records.
MARVA BURNETTE v. RUSSELL P. NOCKELS, M.D., IGNACIO JUSUE-TORRES, M.D., and LOYOLA UNIVERSITY MEDICAL CENTER
IN THE CIRCUIT COURT OF COOK COUNTY, ILLINOIS COUNTY DEPARTMENT, LAW
DIVISION, Case No. 2023-L-000973
Filed affidavit regarding electronic medical records and audit trails.
CHRISTINE MCLAUGHLIN, CRYSTAL VANDERVEEN, JUSTIN LEMBKE, SCOTT HARDT, ET. AL. v. SELECT REHABILITATION LLC
UNITED STATES DISTRICT COURT FOR THE MIDDLE DISTRICT OF FLORIDA
JACKSONVILLE DIVISION
CLASS and COLLECTIVE ACTION Case No: 3:22-cv-00059-HES-MCR
Filed Declaration regarding the availability of EMR audit log records to show when staff were performing work.
CIRCUIT COURT OF COOK COUNTY, ILLINOIS, Case No. 2022-CV-00415
Provided affidavit detailing the lack of compliance with the courts’ order requiring handover of Robertson’s personal smartphone and computer for forensic preservation and analysis relating to a departed employee investigation and alleged electronic trade secret misappropriation.
DEVIN ESTIME v. SOUTHERN CALIFORNIA PERMANENTE MEDICAL GROUP
SUPERIOR COURT OF THE STATE OF CALIFORNIA COUNTY OF LOS ANGELES, Case No.: 22STCV06517
Filed affidavit regarding electronic medical records and audit trail productions.
Completed forensics analysis of iPhone, Macbook, and iPad of defendant in the case.
CONNIE & GARY ANDERSON v. PATIENT FIRST MARYLAND MEDICAL GROUP
IN THE CIRCUIT COURT FOR BALTIMORE COUNTY Case No. C-03-CV-21-001814
Provided affidavit related to EMR and audit trail logs.
PHOTOFAX, INC. v. JOSEPH BRADY CIRCUIT COURT OF KANE COUNTY, IL Case No. 21-CH-000167
Provided affidavit detailing the forensic examination of the PhotoFax issued laptop by the departed employee. Reported on the destruction of evidence and provided support for a motion to compel examination of the devices still used by Joseph Brady to look for sensitive company data and trade secrets.
JAMES ABRAHAM, successor Trustee of the JOHN A. ABRAHAM TRUST v. ELIZABETH CHAPMAN
IN THE CIRCUIT COURT OF COOK COUNTY, ILLINOIS COUNTY DEPARTMENT, MUNICIPAL DIVISION
Case No. 2020 M170426
Provided affidavit regarding the authenticity of alleged lease produced by the defendant relative to a forensic analysis of computing devices.
JOSEPH NICOLOSI ET. AL. v. STANDARD PARKING ET. AL.
CIRCUIT COURT OF COOK COUNTY, IL Case No. 20-L-007912.
Provided affidavit detailing EXIF photo metadata extracted from the Plaintiff’s production of alleged photos taken of damaged artwork and other effects. Identified photos that were edited after they were taken using Photoshop.
PATRICK T. MCKINNEY, BY AND THROUGH HIS LEGAL GUARDIAN, RONI S. MCKINNEY, AND RONI S. AND TIMOTHY C. MCKINNEY, INDIVIDUALLY AND AS THE PARENTS AND NATURAL GUARDIANS OF PATRICK T. MCKINNEY v. THE CLEVELAND CLINIC FOUNDATION AND THE CLEVELAND CLINIC HEALTH SYSTEM
COURT OF COMMON PLEAS OF CUYAHOGA COUNTY, OHIO Case No. CV-20-931-660.
Provided affidavit in support of a motion to compel for supervised on-site obtainment of the plaintiff’s full medical records. Involved Epic EMR software.
NIMISH SHAH, AS THE NATURAL SON OF PUSHPABEN C. SHAH, v. ST. LUKE’S EPISCOPAL PRESBYTERIAN HOSPITALS, D/B/A ST LUKE’S HOSPITAL, ET. AL. CIRCUIT COURT OF ST. LOUIS COUNTY, MISSOURI. Case No. 20SL-CC04023. Div. 8.
Signed an affidavit exhibiting deficiencies in Defense’s production and supporting a motion to compel for an on-site collection of the plaintiff’s medical records. Involved Cerner software.
MARC STRAUSS v. KATHLEEN VAN VALKENBURG, M.D. and SIGHT MEDICAL DOCTORS, P.L.L.C.
SUPREME COURT OF THE STATE OF NEW YORK, COUNTY OF NASSAU, Index No. 608054/2020.
Submitted an affidavit in support of a motion to compel for full medical records involving MyCare iMedicWare EMR software.
IN THE CIRCUIT COURT OF THE SEVENTH JUDICIAL CIRCUIT SANGAMON COUNTY, ILLINOIS, Case No. 2020-L-105
Provided affidavit related to EMR and audit trail logs.
RONI S. AND TIMOTHY C. MCKINNEY, v. THE CLEVELAND CLINIC FOUNDATION
IN THE COURT OF COMMON PLEAS CUYAHOGA COUNTY, OHIO
Case No.: CV-20-931660
Filed affidavit regarding electronic medical records.
AUSTIN ROBERTS v. IOWA HEALTH SYSTEM d/b/a UNITYPOINT HEALTH, TRINITY MEDICAL CENTER
IN THE CIRCUIT COURT OF THE FOURTEENTH JUDICIAL CIRCUIT ROCK ISLAND COUNTY, ILLINOIS, Case No. 2020 L 76
Filed affidavit regarding electronic medical records and audit trails.
SMART MORTGAGE CENTERS, INC. V BRIAN NOE, EILEEN PRUITT, AND NEXA MORTGAGE, LLC
IN THE CIRCUIT COURT OF WILL COUNTY, ILLINOIS TWELFTH JUDICIAL CIRCUIT Case No. 20 CH 292
Filed an affidavit regarding allegations of trade secret misappropriation.
PHILIPS NORTH AMERICA, LLC v. FITBIT, INC.
IN THE US DISTRICT COURT FOR THE DISTRICT OF MASSACHUSETTS
Case No.: 1:2019cv11586
Filed affidavit relating to forensic inspection of electronic data relative to allegations of trade secret misappropriation.
ROBERT WATSON and MARK SAULKA, v. RYAN TODD WEIHOFEN and POOL TECHNOLOGIES, LTD.,
IN THE CIRCUIT COURT OF COOK COUNTY ILLINOIS COUNTY DEPARTMENT, CHANCERY DIVISION, Case No. 2019 CH 12252
Filed affidavit regarding the expected cost to comply with a subpoena for production of electronic medical records.
LOUIS ARGIRIS v. PAUL V. FAHRENBACH, M.D., GI SOLUTIONS OF ILLINOIS LLC, ATHANASIOS D. DINIOTIS, M.D., TIESENGA SURGICAL ASSOCIATES, S.C. d/b/a SUBURBAN SURGERY CENTER INCORPORATED, JOSEPH Z. PUDLO, M.D., and JOSEPH Z. PUDLO, M.D., S.C.
COOK COUNTY CIRCUIT COURT, ILLINOIS, Case No. 2019 L 012187.
Provided affidavit in support of a motion to compel for the revision history of the plaintiff’s medical records. Consulted with counsel in serving subpoena to EMR system provider.
Involved Greenway Health’s EHR platform.
CHRISTOPHER JOHANSEN v. NOW MARKETING SERVICES INC. AND INTERCOVE, INC.
CIRCUIT COURT OF WILL COUNTY, IL, Case No. 19-L-989.
Provided affidavit relating to departed employee apparent deletion activities including access of emails post employee departure in support of a motion to compel forensic preservation and analysis of the departed employee’s personal electronic devices.
ROBERT WATSON AND MARK SAULKA v. RYAN TODD WEIHOFEN AND POOL TECHNOLOGIES, LTD.
CIRCUIT COURT OF COOK COUNTY, IL, Case No. 19-CH-12252.
Provided affidavit discussing the expected costs of a third party producing electronically stored information.
BYRON FOXIE, as legal guardian and parent of TIGE W. FOXIE, v. ANN & ROBERT H. LURIE CHILDREN’S HOSPITAL OF CHICAGO, and ALMOST HOME KIDS, and OTHER UNKNOWN PARTIES, JOHN DOES 1-10 and ROE CORPORATIONS 1-10 CIRCUIT COURT OF COOK COUNTY, ILLINOIS, Case No. 19 L 7430
Provided testimony in the form of three affidavits supporting a motion to compel during discovery due to deficiencies in EMR production. Involved Epic EMR software.
CIRCUIT COURT OF KANE COUNTY, ILLINOIS, Case No. 19-CH-000217.
Performed forensic imaging of departed employee devices. Assisted with the construction of an ESI protocol. Analyzed, signed an affidavit, and testified regarding alleged misappropriation of trade secrets.
BLACK ROCK TRUCK GROUP, INC. FKA NEW ENGLAND TRUCK SALES AND SERVICE, INC. v. HARRY TARASIEWICZ and JOSEPH TARASIEWICZ
UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF NEW YORK, Case No. 7:19-cv-2367
Performed preservation of evidence, search and production of ESI. Analysis regarding allegations of trade secret misappropriation. Provided testimony regarding fabrication of emails and destruction of evidence.
TERRI BROWN v. MOUNT SINAI MEDICAL CENTER OF FLORIDA, INC. ET. AL.
IN THE CIRCUIT COURT OF THE ELEVENTH JUDICIAL CIRCUIT IN AND FOR MIAMI-DADE COUNTY, FLORIDA
Case No. 2018-016560-CA-09
Filed affidavit regarding the inadequate production of Plaintiff’s electronic medical records.
JERAME ANDREWS, and THERESA ANDREWS v ANKLE AND FOOT CENTERS OF GEORGIA. ET. AL
IN THE STATE COURT OF GEORGIA FULTON COUNTY Case No. 18EV003536
Filed affidavit regarding the inadequate production of Plaintiff’s Electronic Medical Records.
UNITED STATES DEPARTMENT OF JUSTICE V. BUYANTOGTOKH DASHDELEG, PETITION FOR REMOVAL.
Executive Office for Immigration Review Chicago, Illinois, File No. A218-056-722
Filed affidavit regarding the authenticity of email transmitted.
PEOPLE OF THE STATE OF ILLINOIS v. CHRISTIAN DAIGRE
CIRCUIT COURT OF COOK COUNTY, ILLINOIS, Case No. 2018-cr-1626801
Provided affidavit regarding the lack of the original sources of data being preserved that would allow for authentication of SMS and MMS messages allegedly sent and received.
RILEY ANN BERGTHOLDT v. ADVOCATE HEALTH AND HOSPITAL CORP, ET. AL.
CIRCUIT COURT OF COOK COUNTY, ILLINOIS, Case No. 2018-L-8647
Provided affidavit detailing deficiencies with defendant’s production of Electronic Medical Records (hereafter “EMR”) produced from Allscripts and from EPIC.
ANDREA BROCK, MICHAEL BROCK, S.B. v. THE UNIVERSITY OF CHICAGO MEDICAL CENTER D/B/A COMER CHILDREN’S HOSPITAL
CIRCUIT COURT OF COOK COUNTY, IL, Case No. 18-L-1175.
Provided affidavit in support of a motion to compel production of the Patient’s complete EMR, including Defendant’s secure file storage system, “Sticky Notes”, “In Basket” messages, audit trail records and complete revision history of the EMR as stored in the EPIC Hospital Information System.
TERRI BROWN, an individual, and ALAN ROCK, her husband, v. MOUNT SINAI MEDICAL CENTER OF FLORIDA, INC. d/b/a MOUNT SINAI MEDICAL CENTER, a Florida Corporation; and WILLIAM F. BURKE III, M.D., an individual; and BRETT C. FUKUMA, M.D., an individual
CIRCUIT COURT OF MIAMI-DADE COUNTY, FLORIDA, Case No. 2018-016560-CA-09.
Filed two affidavits in support of a motion to compel for an on-site collection of plaintiff’s electronic medical records. Involved Epic EMR software and Synapse PACS.
THE FOREST PRESERVE DISTRICT OF COOK COUNTY V. ROYALTY PROPERTIES, LLC; CANNON SQUIRES PROPERTIES, LLC; MERIX PHARMACEUTICAL CORPORATION, RICHARD KIRK CANNON, MERYL SQUIRES-CANNON, MCGINLEY PARTNERS, LLC, AND ROYALTY FARMS, LLC CIRCUIT COURT OF COOK COUNTY, ILLINOIS, Case No. 18 L 315.
Provided in courtroom testimony on the significance of electronic file metadata as it relates to when documents were received and modified.
CIRCUIT COURT OF COOK COUNTY LAW DIVISION, Case No. 18 L 1096.
Provided in court testimony and testimony via affidavit to assist with eDiscovery protocol process and address allegations of spoliation, withholding of information and authenticity of email.
JORIE LP, KOPLIN AND CONTENT CURATION & DATA ASSET MANAGEMENT v. ROBERTS MCGIVNEY ZAGOTTA ET AL.
CIRCUIT COURT OF DUPAGE COUNTY, ILLINOIS, Case No. 17 L 728.
Provided in court testimony and testimony via affidavit involving issues of email authenticity, cell phone fabrication of evidence, and eDiscovery.
CIRCUIT COURT OF WILL COUNTY, ILLINOIS, Case No. 15 L 681.
Provided written affidavits regarding alleged software code misappropriation. Assisted counsel with seeking preservation of electronic data from third parties.
BORCHERS V. FRANCISCAN TERTIARY PROVINCE OF THE SACRED HEART, INC., ET. AL..
LORILLARD TOBACCO COMPANY v. CANSTAR (U.S.A.), INC. ET. AL.
NORTHERN DISTRICT COURT OF ILLINOIS, EASTERN DIVISION, Case No. 03-C-4769.
Performed forensic preservation and forensic analysis that resulted in identifying a counterfeiting syndicate. Located personal email accounts and offshore wiring accounts used to perpetrate the counterfeiting scheme. More than $5 million was awarded from Neubecker’s discovery of a counterfeit scheme.
Managed Engineering Development and data analysis activities across many disparate technologies, from legacy through more recent technologies and platforms including;
Mac OS X, Windows (Dos/3.1/NT/2000/XP/Vista/2008/2012/7/8/10), Windows Server NT, 2000, 2008, 2012 (Active Directory, Group Policy Management, Certificate Management), Bash, Busybox, Amiga, Commodore, CPM, TI 99/4a, Grub, Kali Linux, Linux, Raspbian OS, Solaris, VMware, Raspberry PI OS, & Unix
MS Office, SDR, Webx, WebTrends, Camtasia, Adobe Photoshop, MS Office, MS Project, MS Access, MS Excel, MS Powerpoint, MS Word, MS Visio, Peachtree, Quickbooks & Quicken
Created documentation and work ticketing system for tracking problems and improving service response HaystackID — Boston, MA (1/2018 – 3/2018)Chief Information Security Officer
Performed initial security assessment of organization
Prepared for GDPR compliance initiatives of organization
Outreach to potential clients
FORENSICON, a QDiscovery Company — Founder and consultant, Chicago, IL (2016 – 2017)
Identified opportunities to provide existing client base with services available from combined companies
Presented on the Telephone Consumer Protection Act regarding strategies towards mitigating lawsuits
FORENSICON, INC. — Chicago, IL (2000 – 2016)President & CEO
Conducted fraud examinations involving misappropriation of funds, trade secrets, tax evasion, money laundering, and other white collar related investigations
Supervised a team of forensics experts in providing complex litigation plaintiff and defense consulting
Appointed by the U.S District Court of the Northern District of Illinois to assist defense counsel in the trial against accused terrorist trial of Tahawwur Rana – The single count where my firm presented testimony, the defendant was found not guilty
Performed online investigative work to identify and assist law enforcement with the apprehension of the Boston Bombing perpetrators, Dzhokhar and Tamerlan Tsarnaev
Uncovered and reported the third known data breach of the Chicago Board of Elections voter database and election worker personal information
Supervised testifying experts on many cases of record to prepare technical experts for cross examination and rebuttal of their findings
Preserved electronic evidence for a range of clients using legally sanctioned protocols
Selected as preferred vendor by the Illinois Attorney Registration Disciplinary Commission – assisted with investigating various claims filed against licensed Illinois Attorneys
Developed Custom ERP System for evidence management, project management, time tracking and billing
Provided expert testimony to resolve disputes for various commercial, nonprofit, and governmental agency clients
Appeared several times as a computer forensics expert on WCIU TV Chicago Channel 26, First Business, NPR Business News, NBC Chicago and more
Led data breach first responder efforts for; State Government Social Services Department, Non-Profit HealthCare Organization, Financial Services Company, Accounting Firm, Private Membership Club Organization and various Corporations
Oversaw the development and presentations made to attorneys and legal support staff at the Chicago Bar Association, Illinois Attorney & Discipline Regulatory Commission, DuPage County Bar Association, various associations and more
Provided expert witness testimony regarding willful deletion of evidence by a departing employee where the testimony was upheld on appeal proving spoliation of evidence
Compiled emails from numerous platforms into popular litigation support platforms
Speaker at various events on the topic of computer forensics (see list below)
Performed computer forensics examinations in FBI forensics labs
Led the successful forensic analysis defense efforts against a law firm client of our firm that was accused of willful spoliation of evidence – discovered and reported our findings to Judge Mikva that no spoliation had occurred as alleged, the drive was merely encrypted and contained all information
Led numerous anonymous online defamation investigations resulting in the identification of many anonymous persons responsible for the defaming activities
Expert in Search Engine Optimization
LYCOS, INC. — Senior Product Development Manager, Community Products Group, Waltham, MA (1998 – 1999)
Managed and/or launched a large group of products including chat, message boards, and games
Responded to SEC/FBI Inquiries pertaining to illicit behavior in Lycos network online properties
Tracked hacker attacks on the Lycos network of sites to help identify and prosecute offenders
Implemented safeguards against denial-of-service attacks across product group
Instituted product development and service roadmap management system for teams
Created & managed multiple cross-functional product teams
Managed transition of products from external to internal hosting
Led engineering team on the development of scalable & secure online products
INNOVATIVE CONSULTING, INC. — President Brownstown, MI (1994 – 1997)
Led a company of five professionals providing IT support to various sized Companies
Provided Network support in a multi server environment (NT, Novell, Mac, Linux)
Implemented financial management software for tier 3 automotive suppliers
Designed & executed disaster recovery procedures for multiple businesses
Architected multi-office communication infrastructure for multiple companies
COMERICA BANK — Securities & Trust Fund Accountant, Detroit, MI (1994)
Audited security transactions for bank trust funds
Researched discrepancies in reporting
Published & verified daily yield rates of several portfolios of marketable securities
Initiated automation of trust fund daily reporting
FORD MOTOR COMPANY, INC. — Detroit, MI (1992 – 1994)Product Pricing Analyst
Estimated cost impact on production forecast for various product design changes
Benchmarked sourced products to ensure price competitiveness
Designed & implemented a profit forecasting system using Excel & EDI
PRESENTATIONS
“Keys to Unlocking Electronic Medical Records EMR”, MCLE Tuesday May 25, 2021 delivered via Zoom co-sponsored by the Illinois Public Defender Association, the Illinois Innocence Project, the Center for Integrity in Forensic Sciences, and the Family Justice Resource Center.
Illinois Public Pension Advisory Committee: Friday, December 2nd’s IPPAC Winter Conference “The Imminent Threat of Cyber Attacks to your Pension Boards” panel
National Society of Insurance Investigators: “Cellphones, Pictures, Videos . . . What a Cyber Forensic Investigation Can Reveal”, December 4th, 2014
The Disaster Conferences : “Cyber Threats and Data Breaches”, September 18th, 2014
First Chair Awards : “Data Breach & Incident Response: How to Mitigate Your Risk Exposure”, August 2014
Cigar Society of Chicago : “How to Catch a Terrorist”, September 2013
ICPAS Fraud Conference 2012: “What a Responsible Professional (CPA or Attorney)
Should Know about eDiscovery and Document Management”, September 2012
Law Bulletin E-Discovery Seminar: “Managing Scope & Review”, June 28th, 2011
NetSecure ‘11: IT Security and Forensics Conference and Expo: “Protecting Digital Assets from Hackers and Thieves”, March 24th, 2011
Chicago Association of Litigation Support Managers, CALSMposium: “Seventh Circuit Electronic Discovery Pilot Program”, October 7th, 2009
National Business Institute – “E-Discovery Searching the Virtual File Cabinets”:(co-presented with Christopher S. Griesmeyer, partner at Levenfeld Pearlstein, LLC and David W. Porteous, partner at Faegre Baker Daniels LLP) “Obtaining Electronic Data & Best Practices in using Computer Forensics”, September 19th, 2008
Law Bulletin E-Discovery Seminar — “Electronic Discovery in Practice”: (co-presented with Jennifer Wojciechowski of Kroll Ontrack) “Avoiding the Pitfalls of the Electronic Era”, October 2005
Institute of Internal Auditors, Chicago West Chapter Meeting: (co-presented with Cameron Nelson, attorney at Greenberg Traurig) “Using Computer Forensics To Conduct Investigations”, May 9th, 2006
Association of Certified Fraud Examiners Workshop: (co-presented with Kathryn Hoying, attorney at Johnson & Bell, Ltd.) “Using Computer Forensics to Conduct Investigations”, February 10, 2006
Chicago Law & Technology Conference: “Computer Forensic Update”, co-presented with Greenberg Traurig LLP Attorney Cameron Nelson, February 23, 2006
FagelHaber, LLC’s E-Discovery Conference: (co-presented with Richard Chapman, Gary Green, David Rownd and Robert Kamensky, attorneys at FagelHaber, LLC) “Avoiding the Pitfalls of the Electronic Era”, October, 2005
Chicago Bar Association, CLE Seminar: (co-presented with Kathryn Hoying, attorney at Johnson & Bell, Ltd.) — “Deliverables to Request From Your Computer Forensics Examiner”,2005
Chicago Economic Development Council: “Internal Fraud Investigations”, 2005
Law Bulletin Publishing Company E-Discovery Conference 2005: “Show me the Smoking Gun!”, 2005
American Law Firm Association’s International Client Seminar 2005: (co-presented with Joe Marconi, attorney at Johnson & Bell, Ltd and Donald Kaufman, attorney at McNees, Wallace & Nurick LLC) — “Discovery, Document Retention & eDiscovery in aPost-Enron/Andersen World”, 2005
Chicago Bar Association, CLE Seminar: (co-presented with William J. Cook of Wildman Harrold, Jeffrey L. Hartman of Competitive Advantage Solutions and Mark S. Simon of Eclipsecurity, LLC) “Computer Forensics For Lawyers”, May 6th, 2004
Chicago/Milwaukee Joint Midwest Law & Technology Conference 2004: “Finding the Smoking Guns: Legal Computer Forensics Without the Geekspeak”, November 30th, 2004
Chicago Bar Association, CLE Seminar: “Resolving Intellectual Property Theft with Computer Forensics”, October 20th, 2004
Chicago Bar Association, CLE Seminar: “Computer Forensics for Lawyers”, May 6th, 2004
Law Bulletin Publishing Company E-Discovery Conference: “Electronic Document Collection and Processing”, April 27th, 2004
LegalTech 2003, Chicago : “True Electronic Discovery”, October 30th, 2003
Chicago Bar Association (Law Office Technology Committee): “Electronic Discovery 101”, 2003
Illinois Academy of Criminology: “Electronic Discovery 101”, Circa 2003
Greater Chicago Chapter of the Association of Legal Administrators: “Electronic Discovery 101”, Circa 2003
Chicagoland Chamber of Commerce: “Web Page Programming For Search Engine Effectiveness”, Circa 2001
NORBIC: “Web Page Programming For Search Engine Effectiveness”, Circa 2001
On April 29th, the Raleigh Housing Authority fell victim to a cyber attack that shut down their computer system. The attack disrupted the agency’s ability to access their email, files, and financial records, leaving the organization struggling to conduct their day-to-day operations.
The RHA provides affordable housing for low-income individuals and families in the Raleigh area. The cyber attack has had a significant impact on the agency’s ability to fulfill its mission of providing safe and affordable housing. In the aftermath of the attack, the RHA has been forced to rely on manual processes to complete their work, causing delays in critical services for their clients.
Cyber attacks have become increasingly common in recent years, with hackers targeting organizations of all sizes and industries. These attacks can result in the loss of sensitive data, financial losses, and damage to a company’s reputation. In the case of the RHA, the attack has disrupted the lives of the low-income families who rely on their services.
To prevent cyber attacks, organizations must prioritize cyber security. This includes implementing strong password policies, regularly updating software and systems, and educating employees on how to recognize and report suspicious activity. Additionally, organizations should consider investing in cyber security insurance to mitigate the financial impact of an attack.
When a cyber attack does occur, it’s important to have a plan in place to respond quickly and effectively. This includes identifying and isolating affected systems, restoring data from backups, and conducting a thorough investigation to determine the cause of the attack and prevent future incidents.
In the case of the RHA, they have taken steps to restore their computer systems and minimize the impact of the attack. However, the incident serves as a reminder of the importance of cyber security and the devastating consequences that can result from a successful cyber attack.
In conclusion, the cyber attack on the Raleigh Housing Authority is a sobering reminder of the importance of cyber security for organizations of all types and sizes. By prioritizing cyber security, organizations can protect their data, their financial stability, and the well-being of their clients.
Informed consent prior to a procedure should be documented in the patients chart and visible on an audit trail.
by Dr. Aikaterina Assimacopoulos
Informed consent is a must prior to any elective procedure. After all risks, benefits and alternatives (r/b/a’s) are thoroughly explained consent can be given. An informed patient is one who understands the nature and purpose of the procedure as well as postoperative expectations of pain, recovery time, need for physical therapy, and any changes to physical appearance. Signed consent should be found in the patients EMR.
Informed Risk Assessment
Common surgical risks include the risk of infection, bleeding or damage to surrounding organs. If a minimally invasive approach is planned, the possibility to convert to an open procedure should be discussed. If the patient is to have an exploratory surgery, a risk is the possibility that nothing is found on exploration. In some cases, there is a potential the surgeon recognizes additional measures must be taken upon viewing the patient’s anatomy. In these cases, the surgeon is usually aware of this potential and should obtain consent and discuss r/b/a’s.
Doctor Washing Hands Before Operating. Hospital Concept.
The benefit or likelihood of a positive outcome should be clearly and realistically defined. The patient should be aware of any alternative options and their r/b/a’s. This includes both more conservative methods of treatment such as medications, physical therapy, or injections as well as any alternative surgical approaches that may vary in method or invasiveness. For example, a vaginal vs. abdominal approach to hysterectomy or LINX vs. Nissen fundoplication methods for gastroesophageal reflux.
Documented Consent
A signed consent form and statement should be uploaded in the chart. For example, “r/b/a’s discussed, patient expressed understanding, all questions asked and answered” should be documented in the chart. However, this does not necessarily mean the patient was properly informed. Often this statement is included as part of a provider’s template, without being consciously documented. Therefore, this raises the question of whether or not the conversation actually took place.
Because this discussion is verbal, it is difficult to use an audit trail to prove whether appropriate informed consent was obtained. However, an audit trail can be used to analyze other aspects of preoperative care which, if deficient, or incomplete, could support the notion informed consent was deficient as well.
What to look for in an audit trail
If surgical complications arose and the physician was concerned about the preoperative care provided, the physician could enter the patient chart after the fact and make additions to the patient’s chart. This is why it is necessary to get an audit trail that extends through the date the EMR is generated. Providers can alter a patients EMR at any time. These changes might not be visible on the EMR but will be on the audit trail.
In most cases, evidence of the following actions should exist in both the printed patient chart and the audit trail:
A clinic visit in which the patient’s need for surgery is assessed.
Any attempt to manage symptoms with more conservative first-line measures. For example, prescription orders or referrals to physical therapy or a pain specialist.
A diagnosis made prior to surgery and added to the patient’s problem list.
In some cases, evaluation of the patient’s personal risk due to any comorbid conditions is done using a ‘risk calculator’ and results should be documented.
A preoperative physical/assessment for higher risk patients.
A complete history and physical note (H&P) within the 30 days prior to surgery.
Procedure-specific labs and imaging which should be viewed by the surgeon prior to surgery.
As motor vehicle theft rates increase, criminals use of technology to open and start vehicles without breaking in may be accelerating the rate of theft.
Smash and grab is no longer required to open a motor vehicle and drive off.
Vehicle theft over the years has largely been on the decline. Technology has improved, therefore, Anti-Theft Systems have gotten more advanced. Beginning around 1983, keyless entry systems began appearing on American Motors vehicles. By the mid to late 2000s, many fobs enabling remote ignition start became more common place on higher end vehicles. However, as this technology advances, criminals are finding new ways to break through.
Security researchers first reported security vulnerabilities in motor vehicle fobs around 2016. This could allow an unauthorized person to unlock and even start a vehicle by intercepting radio frequency (“RF”) emissions from a driver’s fob. Once intercepted, the unauthorized party could use the intercepted signals to conduct a replay attack. As a result, a successful attack on these identified vulnerabilities can allow the unauthorized person to unlock and start a vehicle.
RF Relay Attack Reported in 2017
On November 28, 2017, Police in West Midlands, UK released video footage showing criminals stealing a car by relaying a signal from the fob key inside the home to the car in the driveway. This fob replay attack effectively allows thieves to unlock a vehicle and start the ignition then are able to drive off with the vehicle undamaged. Later on, the thieves swap out the VINs, and reprogram new key fobs to work with the stolen vehicle.
Defcon Cyber Security and Hacker Conference Focus on Vehicle Exploitation in 2018
In 2018, Defcon, a popular cybersecurity event, attended by black and white hat hackers, featured its first Car Hacking Village. During that convention, a good deal of technology related vulnerabilities on vehicles were shared. Both White and Black Hat hackers attend these events. The Black Hats are the bad guys that seek to use security vulnerabilities to exploit weaknesses and commit crimes.
Motor Vehicle Theft data sets have yet to be released for 2021 for the entire United States. Early indicators show these types of crimes are experiencing rapid growth across the US.
High end vehicles are more likely to have keyless entry and remote ignition starting capabilities. They can also fetch a higher dollar amount when resold outside the US. As a result, according to New Jersey state police officer Cory Rodriguez, “Car theft in 2021 is up over 21% year-to-date for total thefts and about 44% for high-end vehicles.” Reports have indicated that thieves are using technology to execute vehicle thefts more efficiently and without immediate detection.
Chicago Motor Vehicle Thefts Climb with Fewer Arrests Made in 2021
Chicago Police Officers have witnessed thieves using laptops and other cyber tools to accelerate their ability to quickly steal locked vehicles. Data compiled from the City of Chicago website shows that “Motor Vehicle Thefts” across the city are accelerating at an alarming rate. The problem isn’t specific to Chicago and vehicle thefts appears to be increasing across the country as well.
Doorbell video: Car thieves use computing device to steal SUV in Metropolitan ChicagolandElmhurst – Video by WGN News
In Chicago, February 2021 crime statistics reported a total of 627 Motor Vehicle Theft incident reports filed. Of those reports, only 26 (4.1%) resulted in an arrest. Comparatively, last month in January 2022, there were 1,073 Motor Vehicle Theft related police reports filed, with only 20 (1.8%) of those resulting in an arrest.
Our data analysis of Chicago Crime statistics for the 12 month period beginning February 2021 until January 2022 indicates that there were a total of 10,823. Motor Vehicle Theft incidents reported. This equates to 395 per 100,000 persons based on Chicago’s 2021 estimated population of 2,739,797.
Vehicle thefts on the rise throughout the USA
Vehicle theft isn’t just rising in Chicago. In fact, Chicago doesn’t even rank among the top 20 US cities in vehicle thefts. For example, California, Texas and Florida are continually among the top states in vehicle theft per capita. Bakersfield, California has been the top city in vehicle thefts since 2019 and in the top 10 even longer. The rate of vehicle theft went up almost 25% from 2019 in Bakersfield in 2020.
(Denver statistics filtered for reports coded as any of the following; “burg-auto-theft-busn-no-force”, “burg-auto-theft-busn-w-force”, “burg-auto-theft-resd-no-force”, “burg-auto-theft-resd-w-force”, “robbery-car-jacking “, “theft-items-from-vehicle”, and “theft-of-motor-vehicle”) California, Texas and Florida lead the states with the greatest number of vehicle thefts and accounted for 37% of all Motor Vehicle Thefts in the nation, based on 2020 National Insurance Crime Bureau statistics.
Since the start of the pandemic, there has been much disruption in some industries. Many businesses have been challenged during the pandemic as a result of the difficulty of managing cyber and data security. Data breaches relating to remote workers and hacking of corporations continue to escalate at an alarming rate, require prompt response to mitigate the fallout.
There have been several significant shifts in the ways that businesses operate and their reliance on digital systems. Many businesses moved to a largely remote working model. Some have had to focus more on online activities in order to keep their brands active and visible. Businesses in a number of industries began to deliver products and services online for the first time. Meanwhile, those that already existed in online spaces saw an increase in business. All of these changes have meant that various security issues have arisen and become more prominent for businesses everywhere.
Increase in corporate data breaches
Cybercriminals have been taking advantage of the unprecedented circumstances caused by the pandemic, exploiting the vulnerabilities of businesses everywhere. Verizon carried out a recent study called ‘Analyzing the COVID-19 data breach landscape‘, which looks at 36 confirmed data breaches that were directly related to the pandemic. In addition, there was 474 data breaches between March and June 2020. Using this data, they determined that many cybercriminals were using the same methods to obtain data as before the pandemic while exploiting the disruption experienced by many businesses.
One way in which corporate data breaches have been impacted by the pandemic is through increased use of ransomware. Seven of the nine malware incidents from Verizon’s 36 COVID-19 data breach cases demonstrated a spike in ransomware usage. Another change is in the way that criminals use phishing emails to play on the emotions of users. In a time when stress is high and mental health problems have increased, many people are more susceptible to phishing emails. Phishing was already a popular and often successful form of cyber attack before and even more so now.
Cost of data breaches for companies hit a record high in 2021
The cost of a data breach also hit a record high during the pandemic, according to IBM Security. They revealed the results of a global study showing the average cost of data breaches for companies surveyed was $4.24 million per incident. This is a 10% increase from the previous year. When remote work was a factor in the breach, data breaches cost an average of $1 million more. Stolen user credentials were the most common cause of data breaches. However, the study also showed the use of methods such as AI, security analytics, and encryption helped to reduce costs.
The COVID-19 pandemic has affected corporate data breaches due to a number of shifts in the way businesses are working, user behavior, and more. It’s vital for companies to take the right steps to prevent breaches and protect themselves.
If your company recently fell victim to a cyber attack, such as ransomware, or suspected data exfiltration by an unknown hacker, call Enigma Forensics today. We offer emergency incident response services and can help preserve available data, identify the origins of the attacker, and assist with the restoration of company services. Our experts have experience testifying and helping to mitigate risk and maximize your potential of recovering damages and lost data. Call us today at 312-668-0333 for a complimentary consultation.
Apple has filed a lawsuit against NSO Group relating to their installation of Pegasus spyware on Apple users’ devices. Apple wishes to hold NSO Group accountable for their surveillance of users.
Apple has taken the significant step to begin notifying individuals about the threat of state-sponsored attacks on their accounts and devices. Apple is suing NSO Group and its parent company to attempt to hold them accountable for surveillance of Apple users. Their lawsuit, filed November 23, 2021, seeks an injunction to ban NSO Group permanently from using any Apple software, services, or devices. It comes after NSO Group has been shown to have infected Apple users’ devices with Pegasus spyware.
Apple’s Actions to Notify Impacted Users
Apple threat notifications are intended to provide warnings to individuals who may have been targeted by state-sponsored attacks. They use two different methods to notify the user through their account. When logging into appleid.apple.com, there will be a Threat Notification displayed at the top of the page. Additionally, the user will receive an email and an iMessage notification to the email addresses and phone numbers associated with their Apple ID account. The notifications offer advice on the steps that they can take to improve their security and protect their devices and personal information.
In a press release, Apple’s senior vice president of Software Engineering, Craig Federighi, said, “State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change.”
NSO Group Allegations
The legal complaint from Apple reveals new information about the activities of NSO Group. It highlights FORCEDENTRY, which exploited a former vulnerability to gain access to Apple devices and install the NSO Group’s spyware Pegasus. The lawsuit from Apple intends to both ban NSO Group from having access to Apple products and services and to seek action on the violation of federal and state law by the NSO Group.
WhatsApp Similar Litigation
In 2019, WhatsApp also brought a court case aiming to hold NSO Group accountable for distributing their spyware through the app. A group of other tech companies, including Google and Microsoft, lent their official support to WhatsApp to encourage the United States Court of Appeals for the Ninth Circuit to hold NSO Group accountable.
Apple responds by funding Cyber Threat Research
Apple has also announced a $10 million contribution in support of cyber-surveillance researchers and advocates. Any damages from the lawsuit have also been pledged to organizations in these areas. Apple is also supporting Citizen Lab, a research group at the University of Toronto that originally discovered the exploit that NSO Group used, by providing technical, threat intelligence, and engineering assistance at no charge. They will also provide assistance to other organizations doing work in the same field, where appropriate.
Ron Deibert, director of the Citizen Lab at the University of Toronto said, “Mercenary spyware firms like NSO Group have facilitated some of the world’s worst human rights abuses and acts of transnational repression, while enriching themselves and their investors. I applaud Apple for holding them accountable for their abuses, and hope in doing so Apple will help to bring justice to all who have been victimized by NSO Group’s reckless behavior.”In response to the complaint, NSO Group replied, “Thousands of lives were saved around the world thanks to NSO Group’s technologies used by its customers”. They said, “Pedophiles and terrorists can freely operate in technological safe-havens, and we provide governments with the lawful tools to fight [them]. NSO group will continue to advocate for the truth.”
When you’re requesting that a defendant produce medical records from their Health Information System (“HIS”), it can be difficult to know where to start.
Below, we’ve laid out the database table names for Synapse PACS, providing a roadmap to the data you’re seeking. It is possible to generate an EMR audit log using data from any of the listed tables that delineates specific fields contained within those tables.
Sometime in the near future, we will be adding detailed table field pages to show the types of fields contained in each of the listed tables. In the meantime, if you are seeking discovery of the audit trail logs for any Synapse PACS HIS, we are happy to provide a complimentary consultation.
One private firm’s artificial-intelligence system is deemed insufficient evidence
ShotSpotter, a gunshot detection firm contracted by police departments nationwide, has recently received criticism for its audio forensics system that, it claims, incorporates “sensors, algorithms, and AI” to identify gunshots and locate their source. While several precincts have praised the company for increasing police response to incidents of gun violence, its accuracy as evidence in court remains questionable.
There are two primary reasons for skepticism: 1) studies have indicated that its algorithm has a propensity for generating false positives, and 2) employees are able to modify the database after alerts come in. Since its system is protected as a trade secret, it has been generally inscrutable from oversight.
As seen in this Associated Press investigation, a State’s Attorney’s Office used ShotSpotter’s data for evidence in a case against a Chicago man. This left him in prison for 11 months before the judge dismissed the case. The report eventually released by ShotSpotter showed that the alert in question was identified differently at first. It alerted to a “firecracker” several blocks away from the alleged scene of the crime — but an employee later revised the identification and location. As a result, prosecutors decided that the “evidence was insufficient to meet [their] burden of proof.”
How could it be improved?
This case emphasizes the importance of accountability in regards to digital evidence on either side of a case. The Health Information Portability and Accountability Act (HIPAA), for example, requires retention of Electronic Medical Records (EMR) stored in Health Information Systems (HIS). Healthcare firms must record a permanent record of all additions, changes and deletions of EMR, including the time and person making those changes.
While ShotSpotter obviously isn’t in healthcare, its system would still benefit from similar transparency. It would help improve the reliability of such information. In this case, such logs would have revealed human intervention earlier on. This would have saved the defendant from the 11 he spent months in prison. In other cases, transparency could support prosecution. Regardless, it would bolster ShotSpotter’s credibility when used as evidence.
It’s possible that we could examine information recorded — when the stored data was originally entered and changes to that stored data — without violating trade secret status to a software provider’s algorithms. HIS software providers have trade secret protection to their software. Still, they are required to disclose all record EMR, as well as the revision history to those records.
Where we can help.
Asking the right questions and gathering all available digital evidence is important to achieving an equitable outcome. Enigma Forensics has experience auditing and authenticating digitally stored electronic evidence. We can assist with validating such claims as genuine.
Learn what details to provide when hiring a data forensic expert during medical malpractice litigation to increase efficiency and cost effectiveness.
Prepare a summary of the following:
Develop timeline of notable events
Organize case documents and provide to your experts
Copy of the Complaint
Requests to produce
Interrogatories filed
Replies to Interrogatories
EMR Produced
Audit Logs Produced
Ask Your EMR Data Expert to Prepare the EMR for efficient review by attorneys & medical experts
OCR the produced EMR (Allows for keyword searching)
Convert the EMR to a spreadsheet format where practical
Identify key events and providers
Consider filtering for key dates, workers, or concepts
Produce subset pdf documents / spreadsheets that are more easily reviewable
Consider having pivot tables created showing overviews
In-Person Direct access provides additional information
Routing History
What the notes looked like at various points in time
Access to deleted records
Communications between healthcare workers
Example Screenshots from Popular HIS Systems follow
Enigma Forensics EMR Data Forensics Experts provide detailed analysis and interpretation of an EMR Audit Trail to assist Medical Malpractice Attorneys during litigation. We help win cases! Hire an Expert (HAE)! Call 312-668-0333
