Every step in the digitization process involves risks that need to be addressed to protect valuable data from unauthorized access or damage. It is essential that confidentiality be taken seriously when designing a secure system, as even small lapses can have serious consequences.
In this article, we will explore some critical challenges to maintaining confidentiality associated with the digitization process, as well as how we overcome these challenges to offer reliably secure digitization.
What is “Confidentiality?”
Confidentiality is a state of information in which access to it is controlled and only accessible by the right people. To be “confidential,” a file, document, record, or simple piece of knowledge must be known only by or accessible only to those who have permission to know. Something which is common knowledge or readily accessible information cannot be considered confidential.
Thus, importance and secrecy are essential contexts for confidentiality because it’s not worthwhile to ensure the confidentiality of information which is utterly unimportant. If sharing a particular piece of information would have no undesirable consequences, then why go through the trouble of controlling access to it?
Some obvious examples are information related to banking, official identification, or political or corporate secrets. All of these kinds of information are extremely important to many people, and an information leak or loss of confidentiality would have serious consequences for the relevant individuals and groups.
However, information doesn’t need to be broadly important to many people to be worth keeping confidential. All that matters, all that’s required to warrant confidentiality, is some undesired consequence from sharing it.
An individual’s medical record is most likely only important to them and their doctor(s); with a few exceptions, the rest of the world has little to no interest in any one person’s medical history. However, it’s still very important to keep it confidential for the sake of protecting that person’s privacy and their ability to feel comfortable trusting their healthcare service.
Confidentiality in Digitization
When sensitive files need to be digitized, maintaining confidentiality is crucial. After all, information only needs to leak once to no longer be confidential, so it’s important that confidentiality is protected at every step in any process that involves sensitive information.
Essentially, the challenge of maintaining confidentiality can be reduced to the following questions:
- Who is authorized to access your files? How can you trust them not to leak, copy, or otherwise steal the information contained within?
- How do you stop people who aren’t authorized from accessing your files?
Another way to think of both of these questions is access. If you ensure that the people you allow access to the files are trustworthy and that you can control who has access to the files, then you have achieved information security and can guarantee confidentiality.
Protecting Against Unauthorized Access
Our Solutions for Physical Security
To ensure that our clients’ files are physically secured against unauthorized access, our service bureau is located several stories up in a secure building which features 24/7 on-site security. Employees have to pass through both a keycard lock and a regularly rotated pin number lock to get in.
Visitors are required to sign in upon arrival, are monitored by an employee throughout their visit, and must sign out when departing.
Our Solutions for Digital Security
Cybersecurity risks are not worth gambling on, which is why we keep our entire service bureau network on an isolated (“air-gapped”) intranet. The computers and other equipment used in the digitization process are never connected to the wider internet in any capacity, and all external USB ports are disabled.
Employees are not allowed to store client files on personal devices at any time for any reason, and such personal devices are not allowed to access the isolated network.
Files are only moved from this network via secure removable storage by a few trusted individuals when necessary, such as when being transferred to clients.
In addition to these safeguards, we maintain an active and talented I.T. team to monitor and ensure cybersecurity, including providing training and warnings about phishing attacks to the rest of our team.
Who is Authorized and Why?
In some processes or systems, information can be handled without needing to increase the number of people who have access to it. For example, securely transporting a lockbox of paper files from one place to another does not require allowing transportation personnel access. That information can remain completely sealed throughout.
When digitizing, however, quality assurance personnel need to be able to access the files to perform quality assurance checks and screen for errors. This means that it’s not enough to merely control access to the information, you also need to control…
- …which individuals have access (i.e. what kind of individual).
- …in which circumstances authorized individuals are granted access.
Our Solutions: Trusted Personnel & Secure Service Bureau
We take great care in selecting and vetting potential records clerks before hiring, ensuring that each successful candidate understands the gravity of the security and confidentiality concerns at play in their new role, including signing non-disclosure agreements and passing a criminal records check.
Even after ensuring that only trustworthy individuals are allowed access to the files we process, we ensure that files never leave our service bureau during processing for any reason. Our personnel have access only to the specific files they’re tasked with processing and are prohibited from using any devices with cameras or other recording equipment while in the service bureau.
Consentia has been providing fully customizable digitization solutions to clients in Alberta for decades. In addition to all of the security measures discussed above, we can provide guidance and full transparency throughout the process.
Thinking of getting started on your own digitization project? Contact us with any questions or to set up a free consultation with our specialists, and take the first step toward securely enhancing your information system.