People can have a strange kind of cognitive dissonance when it comes to electronic and paper records. Many people won’t think twice about handing their credit card (with the security code prominently displayed on the back) to a high-school-aged waitress.
Similarly, they may have no problem leaving their credit card bills and checks in their mailbox for hours or even days. But if you ask them to use paperless billing or online bill pay, they’ll refuse because they’re concerned about security.
Something similar can happen in organizations. When companies convert from paper to electronic documents, many employees suddenly become concerned about the security or the privacy of their data…even if the organization has not traditionally been concerned about the security of its paper records.
“Nobody asks about privacy when the data is in folders sitting on desks,” Dr. Rhonda Dean Kyncl, assistant dean for academic services for the College of Arts and Sciences at the University of Oklahoma, said in her presentation at Empower 2013. “But it’s held to a different standard when it’s online.”
It’s important, of course, to safeguard the security of electronic records. But many people don’t realize that electronic documents are inherently more secure than paper records. Evidence supporting this was published as long ago as 1996, for example, in a paper in the Journal of the American Medical informatics Association.
Here are three important ways paper records are vulnerable.
- Inappropriate access: This can occur when people gain access to unlocked record storage areas and file cabinets (particularly when they look like they belong there).
It can also occur when they find records left on counters, offices, or copy machines, or receive misdirected fax copies. In fact, whenever paper copies are sent to other places — whether it’s other offices, insurance companies, or government agencies — the data on them can be read by mailroom workers, administrative assistants, and other unauthorized individuals.
This access could be accidental or intentional, but either way, the data on the paper records can be compromised. Electronic data, by contrast, can be encrypted so that even if it’s copied or stolen, the information can be protected. Also, electronic records can more easily have sensitive data redacted for certain uses.
- Data tampering: Anyone with access to a paper record can remove pages, add entries, erase or otherwise tamper with authentic entries. Electronic records can have a digital signature that notifies people when this has happened, as well as a time stamp that indicates whenever a record is transferred or modified.
- Loss: Because paper files need to be moved around and filed again, they can be lost or misfiled. Electronic records tend to stay where they are, often with audit trails and other indications of which people have used them.
There are other limitations as well: Paper records are typically not copied. If something happens to them, there’s usually no backup. Destroying paper records presents another set of problems: they can often be recovered by the wrong parties after they’ve supposedly been disposed of.
A survey by the Ponemon Institute showed that respondents found paper to be less secure than electronic records in a number of ways. While the survey dates back to 2008, there’s no reason to believe that paper is any more secure now.