Electronic records have a unique quality that is both positive and negative simultaneously.
In exchange for the convenience of electronic record portability we have accepted some risk that information is now also more easily accessed by those not authorized to have such information.
Two recent stories in the WorkCompCentral news demonstrate that while the move to electronic records can provide new efficiencies in the access of vital information, it is also easier for sensitive information to be obtained by others, sometimes negligently, sometimes maliciously.
But the issue is not that other people can access the information - your sensitive medical or workers' compensation case information has always been accessible to people you have no idea are viewing it or desire to have view it.
Paper records are notoriously insecure. Paper files need to be moved, need to be copied, mailed, opened on the recipient side, refiled, etc. In that process a dozen people have access to your information and may view it. And may use that information maliciously.
The real issue is the ease by which sensitive information may be obtained in large quantities, then analyzed and/or utilized for malicious purposes.
While media reports focus attention on companies and agencies that experience security breaches by "hackers" the single biggest risk of any enterprise dealing with sensitive data are its own employees - people whose job it is to handle that sensitive data and may inadvertently leave a computer open to access when away from the desk, losing a lap top, copying files, publishing by accident login information, etc.
This problem will only become more acute as more and more of our lives are communicated by ones and zeroes.
For every convenience modern man invents, there are always tradeoffs of inconvenience. This is a long standing common law principle - all risk is weighed against the benefit to society: motor vehicle operations, mining, construction, publishing, free speech, etc.
And so it is with electronic records - the great benefit to society of ease of access to information - is to be weighed against the risk of such ease of access.
So it is becoming less and less alarming with each media report of an electronics record security breach ... until such an event affects you personally.
The lesson? First, disavow the notion that there is privacy. There isn't. The best one can do is to limit the amount of private information that is made available.
Second, with the Federal Government push towards Electronic Health Records for each and every person in the United States by 2014, it is incumbent upon each person to do the best they can to protect their own personal information, but don't be surprised when someone else has that information.
And when someone maliciously uses that information be prepared to endure the long, arduous process of taking the necessary steps to prevent the abuse from spreading.
Cavalcade of Risk #134 now up
ReplyDeleteJulie Ferguson presents this week's epic collection of risk-related posts:
http://www.workerscompinsider.com/2011/06/cavalcade-of-ri-83.html
Please tell your readers.
And a friendly reminder to newbies and regulars alike that, while it's not mandatory to give a link back, it’s the way that carnivals work best. If your submitted post has been included in the Cav, please remember to post about it on your blog because it helps us all.
Thanks!
Hank Stern