>> The management would like to know if anyone else is trying or successfully accessed the flagged customers. <<

This is a HIPAA requirement and it is best done with third party
software that has been certified. Conventional tools based off the
log files will show changes, but not access by user.