1. "Paper Records, Films Most Common Type of Healthcare Data Breach, Study Finds." Healthcare Informatics Magazine. Accessed August 17, 2018. https://www.healthcare-informatics.com/news-item/cybersecurity/paper-records-films-most-common-type-healthcare-data-breach-study-finds
How to securely digitize your physical records
Conventional wisdom once said that the only safe way to store sensitive information was in the form of physically secured paper documents. It wasn't just that nascent digital data storage technology was too insecure and unreliable—which it was—but that people simply felt more comfortable using a physical lock and key.
However, as digital security has become more reliable and user-friendly, more and more people have chosen to digitize documents rather than physically store them.
Digital files, which can be backed up in several locations, aren't nearly as vulnerable to fires or sudden disasters. They can't be physically stolen and kept from their owners, but digital backups also present their own potential security concerns. Learn how to safely manage digital files while making your business more efficient.
What data should be digitized?
Physical storage isn't turning out to be as secure as people tend to assume it will be. Hospitals have an incredibly high number of paper and film data breaches.1 This is where digitization comes in.
Digitization helps with both crucial forms of document security: secure long-term storage and secure quick-access storage.
With cloud-based digital storage, it's easy to keep vast databases for long periods of time without cluttering up the office or taking valuable office space. For quick-access documents, there's no physical system that can compete with the convenient accessibility of a secure cloud storage service.
How to safely digitize documents
Once you've identified the documents that you want to transfer to digital form, then comes the digitization process. You can opt to handle the process yourself or bring in a third-party expert.
If you are using a third party, that contractor must either come to you—working with your documents solely in a secured room—or they must receive your documents via a trusted, secure courier service.
The very first thing to do is ensure that the digitization hardware is disconnected from the internet. This early stage—scanning documents and saving the initial image files—is the only step of the process at which your files will be unsecured, as they haven't yet entered your secure storage system.
Once the digitization has been completed for a given document—the file transferred into your secure digital ecosystem and automatically backed up—the next step is to decide what to do with the physical records.
If the main concern was simply the long-term survival of the information, then it might make the most sense to keep the physical records as well—space and cost allowing, of course.
However, if you don't need the physical copies, you should destroy them as soon as the digital ones have been confirmed. This means using at least a shredding service—preferably one that feeds its shredded documents directly into an incinerator.
Control access to your new records
When creating a secure database of information, you must ask yourself who will get access to the information. Who will read these highly protected documents? And how do these authorized individuals get that access? For many documents, the answer would be to simply curate and enforce a list of privileged employees with reason to need access to the data.
For more sensitive data at a greater risk of attack, access should be limited to a single workstation or a small selection of them. This negates much of the convenience aspect of digital storage but makes it much harder for a hacker to work their way into the system.
Remember that digital storage systems also have physical security concerns, as high-level hacking often involves physically inserting a USB drive or some other piece of hardware into a system on the threatened network. The final level of security to add to your records management system is simple but important: thick, locked doors and security cameras watching any room with machines hosting your data.
Companies can also set up mobile device access to the files. However, if multiple devices have access, it's more likely that malicious actors could gain access. Make sure that no file is ever granted wider permissions than it absolutely needs. The more sensitive a piece of information, the fewer people need to access it daily.
Successful records management relies on security
Physical security does have its place, but, at the end of the day, there are still very few pieces of information that should not be digitized.
There is no door lock or fireproof safe that can truly protect your data from both surveillance and loss the way a digital storage system can. That's especially true if the data in question will be needed on an ongoing basis. Digital backups can be the answer, providing both security and usability, but only if the process is handled carefully, and with proper respect for the modern-day difficulties of making any data truly secure.