Questions for IA or security1)Does anomalous behavior detection ‘start the c

1. Questions for IA or security
2.  
3. 1)Does anomalous behavior detection ‘start the clock’ for reporting a potential or suspected incident?
4. a. For example: An xxx employee with elevated privileges on a system containing PHI data logs in to that system at 9:42 a.m. on a Sunday. This is not a routine time for the employee to be working, but it is also quite possible that they are doing this for a legitimate work-related reason. We configure our system to alert us when an employee with elevated privileges logs in to such systems outside of routine working hours, and an xxx manager sees the alert at 11:30 a.m. the same day. We would propose to handle this notification by contacting the employee in question during routine working hours and asking them whether they were the person who logged in and, if so, why. If the employee confirms that they did log in for a valid reason, we would consider the issue closed. If the employee says that they did not log in at that time, we would report this potential incident to security@xxxxx. The xxxxx HIPAA and PHI training module contains the following sentence: "It is your duty to immediately report any potential or suspected breach or unauthorized disclosure of PHI." Our questions are as follows: In this situation, did the clock start running at 9:42 a.m. (or 11:30 a.m.) on Sunday when the system reported / the xxx manager read the automated report from the system concerning the potential incident? If so, did our efforts to investigate the situation prior to contacting security@xxxxx violate any law or university policy? If they did, what should we have done differently in handling the situation to avoid violating laws and/or policies?
5.