Transaction 0
(Event 0_1
(Record location:
System Owner: Boston Police
Owner Type: Local government
System Name: Public Safety Records
File Name: s:/psr/john_doe_462
(Recorded by:
Userid: BN3498
Name: William Stout
Role: Police Officer
UniqueIdentifier: 3498
UniqueIdentifierType: Badge Number
EmployerName: Boston Police Department
EmployerLocation: 650 Harrison Avenue Boston, MA 02116-6199
Work Telephone: 617-343-4250
AuthorizedPurpose: law enforcement
AuthorizedPurpose: public safety)
(Relevant File content:
Time: 09:30
(Driver's License
Name: Alfred B. Newman
UniqueIdentifier: 4555-67-9898
UniqueIdentifierType: DL Number
Address: 123 Main Street, Cambridge, MA 10044
DOB: 1952-11-12
Height: 5'10"
Weight: 195
Hair: Brown
Eyes: Brown
Restrictions: none
Permissions: passenger vehicles / non-commercial)
(MIT Employee Health Benefits Card
Name: Alfred B. Newmam
UniqueIdentifier: 4555-67-9898
UniqueIdentifierType: Policy ID Number)
(Mastercard
Name: Alfred B. Newman
UniqueIdentifier: 3479-9999-4321-5555
UniqueIdentifier Type: Mastercard Account Number
ExpirationDate: 05/09)
(CredCa
Name: Alfred B. Newman
UniqueIdentifier: 5432-3791-5043-2483
UniqueIdentifier Type: CredCa Account Number
ExpirationDate: 02/08)
(Cell Phone
VirtualLocation: Cell Phone: 617-555-4333)
Additional: Responding to 911 call, found white male unconscious. Transported to Lawyers Hospital emergency room.
Checked pockets for identifying information.)))
(Event 0_2
(Record location:
System Owner: Lawyers Hospital
Owner Type: Private Company
System Name: New Patient Records
File Name: n:/PatRec/4555-67-9898#Initial
(Recorded by:
User: E3A987
Name: Gerome DeWilde
Role: Nurse
UniqueIdentifier: E3A987
UniqueIdentifierType: Employee ID Number
EmployerName: Lawyers Hospital
UniqueIdentifier: 44-9876543
UniqueIdentifierType: National Provider Identifier
(KKW comment: NPI = 10 digit number required by HIPAA, 45 cfr 162.406)
(KKW comment: HIPAA - at 45 CF 162.605 - requires adoption of IRS generated Employer Identification Number - mandated at 42 U.S.C. 1320d–2(b))
EmployerLocation: 830 Brookline Ave., Boston, MA 02215, Telephone: 617-667-8011
AuthorizedPurpose: hospital administration: emergency room: patient intake
AuthorizedPurpose: hospital services: nurse)
(Relevant Record Content:
(System log for Nurse DeWilde's computer access
(Date: 01-06-2007
(New patient record created
Time: 14:24:12
[Repeat all wallet & cellphone information from 0_1])))))
Transaction 1
[comment: HIPAA provides the exact naming conventions for some of the hospital's data at 45 CFR 162. ]
(Event 1_1
(Record location:
System Owner: Lawyers Hospital
Owner Type: Private Company
System Name: New Patient Records
File Name: n:/PatRec/4555-67-9898#Diagnosis
(Recorded by:
User: E3A987
Name: Gerome DeWilde
Role: Nurse
UniqueIdentifier: E3A987
UniqueIdentifierType: Employee ID Number
EmployerName: Lawyers Hospital
UniqueIdentifier: 44-9876543
UniqueIdentifierType: National Provider Identifier
EmployerLocation: 830 Brookline Ave., Boston, MA 02215, Telephone: 617-667-8011
AuthorizedPurpose: hospital administration: emergency room: patient intake
AuthorizedPurpose: hospital services: nurse)
(Relevant Record Content:
Time: 11:35:24
[Test dates and results - showing XDR/TB])))))
(Event 1_2
(Record location:
System Owner: Lawyers Hospital
Owner Type: Private Company
System Name: Phone System log
File Name: n:/PBX/02212007/6176678011
(Recorded by:
Automated System: PBX)
(Relevant Record Content:
Date: 2007-02-21
Ttelephone call from 617-667-8011
Telephone call to 617-983-6970
TimeStarted: 09:55:23
TimeEnded: 10:15:04
Comment: Nurse DeWilde calls Mr. Rekshun on the telephone to tell him about the patient)))
(Event 1_3
(Record location:
System Owner: Lawyers Hospital
Owner Type: Private Company
System Name: Data Transfer Log
File Name w:/data_trans/02212007
(Recorded by:
Automated System: Access Audit )
(Relevant Record Content:
DataTransferNumber: P6242
User: E3A987
TimeStarted: 10:24:44
TimeEnded: 10:24:58
From System: New Patient Records
From: n:/PatRec/4555-67-9898
Target: [list ip address]
Target System Name: Cases Reported
(Comment: Nurse DeWilde transfers patient data to Mr. Rekshun)))
(Event 1_4
(Record location:
System Owner: MA State Laboratory Institute
Owner Type: State government
System Name: Data Transfer Log
File Name m:/data_trans/02212007
(Recorded by:
Automated System: Access Audit )
(Relevant Record Content:
DataTransferNumber: RC070233
Date: 2007-02-21
TimeStarted: 10:24:44
TimeEnded: 10:24:58
Received from: [Source ip address]
Received Filename: PatRec/4555-67-9898
Received from System Name: New Patient Records
Sender: User: E3A987
Received into System: Cases Reported
Received into File Name: s:/CasesReported/2007NewmanA
Received at request of:
(Name: Art D. Rekshun
Role: TB Record Intake
UniqueIdentifier: R3345
UniqueIdentifier Type: Employee ID Number
EmployerName: State Laboratory Institute
EmployerLocation: 305 South St., Jamaica Plain, MA 02130, Telephone: (617) 983-6970
UniqueIdentifier: 1234567890
UniqueIdentifierType: Employer ID
VirtualLocation: art.rekshun@state.ma.us
AuthorizedPurpose 1: public health: administration)
(Comment: MA receives the file.)))
(Event 2_1
(Record location:
System Owner: MA State Laboratory Institute
Owner Type: State government
System Name: Phone System Log
File Name f://centrex/log/617-983-6970
(Recorded by:
Automated System: Centrex)
(Relevant Record Content:
Date: 2007-02-21
Ttelephone call from 617-983-6970
Telephone call to
TimeStarted: 11:37:06
TimeEnded: 11:42:55
Comment: Mr. Rekshun calls Nurse Poet on the telephone to tell him about the patient)))
(Event 2_2
(Record location:
System Owner: MA State Laboratory Institute
Owner Type: State Government
System Name: Data Transfer Log
File Name m:/data_trans/02212007
(Recorded by:
Automated System: Access Audit )
(Relevant Record Content:
DataTransferNumber: SC0702009
User: R3345
TimeStarted: 11:55:16
TimeEnded: 11:55:42
From: s:/CasesReported/2007NewmanA
Target: [list ip address]
Target System Name: Epidemic Investigations Case Records (EICR)
(Comment: Mr. Rekshun transfers patient data to Nurse Poet)))
(Event 2-3
(Record location:
System Owner: CDC, DTBE
Owner Type: US government
System Name: Data Transfer Log
File Name :/data_trans/02212007
(Recorded by:
Automated System: Access Audit )
(Relevant Record Content:
DataTransferNumber: R55632
Date: 2007-02-21
TimeStarted: 11:55:16
TimeEnded: 11:55:42
Received from: [Source ip address]
Received Filename: 2007NewmanA
Received from System Name: Cases Reported
Sender: User: R3345
Received into System: EICR
Received into File Name: s:/DTBE/XDRTB/NewmanA
Received at request of:
(Name: Jack Poet
Role: Nurse - Case Intake
UniqueIdentifier: N92526
UniqueIdentifier Type: Employee ID Number
EmployerName: (Centers for Disease Control (National Center for HIV/AIDS, Viral Hepatitis, STD and TB Prevention (Division of Tuberculosis Elimination)))
EmployerLocation: 1600 Clifton Rd., NE Mailstop E-10, Atlanta, GA 30333, Telephone: 404-639-8000
VirtualLocation: jpoet@cdc.gov
AuthorizedPurpose 1: public health: administration)
(Comment: CDC receives the file.)))
(Event 3_1
(Record location:
System Owner: CDC, DTBE
Owner Type: US government
System Name: EICR
File Name : s:/DTBE/XDRTB/NewmanA
(Recorded by:
Automated Audit Log )
(Relevant Record Content:
TimeStarted: 12:14:32
TimeEnded: 12:16:22
User: jpoet@cdc.gov
Data Entry:
"Field: Investigator Assigned
Name: Phil Austin
UniqueIdentifier: MO62663")))
(Name: Phil Austin
Role: Doctor - Medical Officer
UniqueIdentifier: MO62663
UniqueIdentifier Type: Employee ID Number
EmployerName: (Centers for Disease Control (National Center for HIV/AIDS, Viral Hepatitis, STD and TB Prevention (Division of Tuberculosis Elimination)))
EmployerLocation: 1600 Clifton Rd., NE Mailstop E-10, Atlanta, GA 30333, Telephone: 404-639-8000
VirtualLocation: paustin@cdc.gov
AuthorizedPurpose 1: public health: investigation))
(Event 4_1
(Record location:
System Owner: CDC, HHS
Owner Type: US government
System Name: Internet Session Syslog
File Name: w:/paustin/sessionstsore.js
(Recorded by:
Userid: paustin
Name: Phil Austin
Role: Doctor - Medical Officer
UniqueIdentifier: MO62663
UniqueIdentifier Type: Employee ID Number
EmployerName: (Centers for Disease Control (National Center for HIV/AIDS, Viral Hepatitis, STD and TB Prevention (Division of Tuberculosis Elimination)))
EmployerLocation: 1600 Clifton Rd., NE Mailstop E-10, Atlanta, GA 30333,
WorkTelephone: 404-639-8000
VirtualLocation: paustin@cdc.gov
AuthorizedPurpose 1: public health: investigation)
(Relevant File content:
Date: 2007-02-21
(Syslog file))))
(Event 4_2
(Record location:
System Owner: CDC, HHS
Owner Type: US government
System Name: Investigation Records
File Name: s:/DTBE/XDRTB/NewmanA)
(Recorded by:
Userid: paustin
Name: Phil Austin
Role: Doctor - Medical Officer
UniqueIdentifier: MO62663
UniqueIdentifier Type: Employee ID Number
EmployerName: (Centers for Disease Control (National Center for HIV/AIDS, Viral Hepatitis, STD and TB Prevention (Division of Tuberculosis Elimination)))
EmployerLocation: 1600 Clifton Rd., NE Mailstop E-10, Atlanta, GA 30333,
WorkTelephone: 404-639-8000
VirtualLocation: paustin@cdc.gov
AuthorizedPurpose 1: public health: investigation)
(Relevant File content:
Date: 2007-02-21
Text:
"Information gathered about Alfred B. Newman, from internet:
Works at MIT: http://www-swiss.ai.mit.edu/~abn/
("Material on this web page is licensed under a Creative Commons Attribution 2.5 License")
Volunteers for Daisy Troop: [need URL for Daisy Troop]
Sings in choir: http://www.clickerchoir.org")))
Transaction 5
(People:
(Name: Phil Austin)
(Name: Peter Bergman
Role: IT Manager
UniqueIdentifier: 876576005
UniqueIdentifier Type: Employee ID Number
EmployerName: Directory Services, Information Services & Technology, Massachusetts Institute of Technology
EmployerLocation: 77 Massachusetts Avenue Cambridge, MA 02139-4307, Telephone: 617-253-1101
VirtualLocation: peterb@mit.edu
AuthorizedPurpose 1: information management))
(Events:(Event 5_0
(System log
(Show Dr. Austin pulling through LDAP connection?
and
Peter Bergman implicated solely as the sponsoring employee of the Directory?)
Transaction 6
(People:
(Name: Phil Austin)
(Name: Betty? or was there a Daisy troop webmaster?
(Role: Volunteer Webmaster
UniqueIdentifier: webmaster@http://www.daisytroopaddress
UniqueIdentifier Type: email address
Employer: Daisy Troop number
EmployerLocation: no physical address
VirtualLocation: http://www.daisytroopaddress
AuthorizedPurpose1: web maintenance
AuthorizedPurpose2: access control)
(Note: Betty does not have an active role. She is responsible party because she set up the access control.))
(Events:(Event 6_0
(What is appropriate way to represent presentation of credentials to the system?
Austin must "show that the the children members' lives are at imminent risk. ")
))
Transaction 7
(People:
(Name: Phil Austin)
(Name: David Ossman
(Role: Volunteer Choir Director
UniqueIdentifier: david@http://www.clickerchoir.org
UniqueIdentifier Type: email address
Employer: Clicker Choir
EmployerLocation: no physical address
VirtualLocation: http://www.clickerchoir.org
AuthorizedPurpose1: senior management
AuthorizedPurpose2: general administration)
(Note: Ossman does not have an active role; he is the responsible party for the transaction because he set the access control and it is
from his page that it's possible to reach the other URIs))
(Events:(Event 7_0
(What is appropriate way to represent presentation of credentials to access controlled FOAF files?
Austin must assert his request is to "fulfill one of the legally authorized purposes of [his] agency.")
))
Transaction 8
(People:
(Name: Phil Austin)
(Name: Terry Dole
(Role: CEO
UniqueIdentifier: 354-55-6782
UniqueIdentifier Type: SSN
Employer: Dole's Criss-Cross Directories, Inc.
EmployerLocation: 764 Lakeshore Dr., Chicago, IL 60609
VirtualLocation: http://www.dccdi.com
AuthorizedPurpose1: senior management
AuthorizedPurpose2: general administration)
(Note: Dole does not have an active role; he build the computer system that now accepts credit card payments and
dispenses information.))
(Event 8_0
(Austin goes to the website, pays by credit card, and downloads the data.)
))
Transaction 9
(People:
(Name: Phil Austin)
(Event 9_0
(Austin creates a database, combining all the names, addresses, phone numbers, etc of all "possibles.")
))
Transaction 10
(Date: 2007-02-25 through 2007-03-05)
(People:
(Name: Phil Austin)
(Name: Phillip Proctor
(Xphone e'ee)
))
(Event 10_0
(Austin gets Newman's 6 mon phone from Proctor.
"emergency involving danger of death or serious physical injury to any person requires disclosure without delay of communications relating to the emergency")
))
Transaction 11
(Date: 2007-02-25 through 2007-03-05)
(People:
(Name: Phil Austin)
(Name: Phillip Proctor
(Xphone e'ee)
))
(Event 11_0
(Austin gets "possible"'s 6 mon phone from Proctor.)
emergency involving danger of death or serious physical injury to any person requires disclosure without delay of communications relating to the emergency
))
(Date: 2007-02-25 through 2007-03-05)
(People:
(Name: Phil Austin)
(Name: David Grimm
(CredCa e'ee)
))
(Event 12_0
(Austin gets Newman's 6 mon cc bils from Grimm.)
))
(Date: 2007-02-25 through 2007-03-05)
(People:
(Name: Phil Austin)
(Name: David Grimm
(CredCa e'ee)
))
(Event 13_0
(Austin gets "possible"'s 6 mon cc bills from Grimm.)
))
Nausea / weakness / fatigue, Rapid weight loss, Fever, Night sweats, Cough, Chest pain, Hemoptysis.
(Name: Robert F. Same
Role: Customer
Unique Identifier: 333-46-4529
Unique Identifier Type: SSN
Alias: Bob Same
Location: 300 Drucker Street, #4F, Boston, MA 02111
Virtual Location: Cell telephone: 617-432-4545)
(Name: Betty Jo Bialoski
Role: Customer Service Operator
Unique Identifier: 1642O
Unique Identifier Type: Employee Id Number
Employer Name: Xphone
Employer Location: 300 Drucker Street, Boston, #22A, MA 02111, Telephone: 617-428-0791)
(Name: Nicholas Danjer
Role: Technology Manager
Unique Identifier: 8832IT
Unique Identifier Type: Employee ID Number
Employer Name: XPhone
Employer Location: 57461 Liberty Heights Ave., Baltimore, MD 21207, Telephone 410-644-9901)
(Name: Richard Duck
Role: Assistant General Counsel
Unique Identifier: 4222GC Unique Identifier
Type: Employee ID Number
Employer Name: Xphone
Location: Xphone Center, One Xphone Way, Basking Ridge, NJ 07920, Telephone 908-425-6667))
(Events:
(Event 15_1a
Telephone call from Mr. Same to XPhone Customer Service
TimeStarted: 09:45:36
TimeEnded: 09:53:04
Call from 617-432-4545 to 800-870-9999 (XPhone Service)
(617-432-4545 presses "1" for new telephone service
Call routed to Operator Bialoski)
(Event 15_1b
(Session record for Operator Bialoski
Checked option - customer requests land line telephone service
Checked option - customer provides cell phone number for credit reference
Checked option - customer provides number from which he is calling System action - pull record for incoming number
Checked option - customer provides name and address matching system record
(Event 15_1c
System record -
System assigns telephone number 617-444-3975)
Operator clicks on "Notation 45623"))
(Event 15_2a_Variation_1
[Add to 15_1, after click on notation]
System record - Access denied)
(Event 15_2b_Variation_1
Telephone System log
telephone call from 617-428-0791 to 410-644-9901)
TimeStarted: 09:55:23
Time Ended: 10:15:04)
(Event 15_2_Variation_2
[Add to 144, after click on notation]
System record - Notation screen opened
Notation text - [need notation drafted for Transaction 11 - CDC request])
(Event 15_2_Variation_3
[Add to 144, after click on notation]
(System record - Notation screen opened
Notation text - "xdy774 - Office of General Counsel")
(System log - telephone call from 617-428-0791 to 908-425-6667
TimeStarted: 09:55:23
Time Ended: 10:15:04)
(System log for Richard Duck's computer access
TimeStarted: 09:59:34
TimeEnded: 10:03:15
Search conducted - all files - "Robert F. Same"
File opened from search results - c:\documents&settings\mydocuments\advice\CDCrequest))
(Event 15_2_Variation_4
No Transaction)
(Event 15_3
Operator Bialoski session
TimeStarted: 10:35:35
TimeEnded: 10:36:02
Reopens record for 617-444-3975
Checked option - service to location cannot be provided)
----------------------------
Last updated $Revision: 3149 $ of $Date: 2007-07-22$ by K. Krasnow Waterman