Digital copiers built since 2002 contain hard drives that store images of every document copied or scanned. Many of the stored documents include confidential data, leaving individuals vulnerable to identify theft if no safeguards are in place.

During a recent investigation, an expert downloaded tens of thousands of documents from old copiers available for sale using a free forensic software program. One copier contained files from a police department sex crimes unit; one contained addresses and social security numbers along with $40,000 in copied checks; and yet another contained 300 pages of individual medical records from a health insurance company. Armen Keteyian, “Digital Photocopiers Loaded With Secrets,” www.cbsnews.com (Apr. 19, 2010).

As is the norm with these investigative journalism pieces, the video is very sensationalized. The dangers are real though and should be treated with respect.

This report reveals the risk employers face when getting rid of old copiers. For example, during hiring procedures, employers make copies of employees’ social security numbers, birth certificates, drivers’ licenses and other personal information. With hard drives storing this information, employers run a huge risk of inadvertently divulging personal data for identity theft and violating a person’s confidential information.

Health records present a particularly risky situation if they are divulged. Federal privacy laws including the Americans with Disabilities (ADA) require that employers keep employee health records private.

Some copier manufacturers offer security or encryption packages that automatically erase an image from the hard drive after it is copied. Another company has developed software that can scrub all the data from copier hard drives. Because the hard drives on copiers are actually computers, IT experts should make sure the hard drives are clean and safe before they are resold or thrown away.

Employers should also take steps to make certain that employees do not steal recorded data from copiers as well. Particularly vulnerable are employers that copy social security numbers and medical records.

Diversified Insurance Group has been a member of TechAssure almost since its inception.  TechAssure is a non-profit organization founded in 2001 for insurance and risk management professionals dedicated to serving clients in the Technology, Life Sciences, Digital Media, and Venture Capital industries.

Check out this video featuring John Love, the President of TechAssure

At the inception of TechAssure it was agreed that the insurance policies then in existence did not adequately address the major risks of the average technology or life science company. These companies were typically venture-backed and were growing rapidly. TechAssure members came up with a wish-list of coverage enhancements and pricing targets and partnered with the leading insurance carriers in these areas to create best-in-class coverage forms that are offered at preferred rates. TechAssure later did the same thing for Venture Capital and Private Equity Funds creating an Asset Protection Program endorsed by the NVCA that addresses the unique exposures that VC/PE managers and members have in running their funds. It is much like a D&O policy but tailored to cover big liability holes that exist for fund managers and members in the execution of their duties in their respective roles.

I have recently had a very real, very personal experience regarding the value of Electronic Medical Records (EMRs). My mother suffered a stroke over a year ago but is largely recovered and living independently in the Southeast. While visiting a daughter in Texas she had an unexplained “episode” for which she would have visited her primary care physician. Because she was away from home and thus with no medical history that followed her, she chose not to visit the emergency room as the immediate symptoms had passed. Unfortunately, she had a repeat episode that was a bit more severe and was whisked away to the local emergency room outside of Dallas. She was subjected to a whole battery of tests, from simple bloodwork to a full MRI in an attempt to diagnose her symptoms. We are still awaiting the results. Had the doctors at the medical facility in Texas been in possession of her full medical history, they may have much more quickly (and possibly much more inexpensively) diagnosed her condition.

At the most basic level, EMRs are digital documentation of a doctor visit, including patient histories, exam notes, tests ordered, drugs prescribed, and any test results. Some systems check for drug interactions, access X-rays, or deliver a prompt when a patient has not had a flu shot. The preventive aspects alone can save millions of dollars and thousands of hospitalizations. The problem with our current situation is the incentive system at play. Doctors get paid for service, not wellness. EMRs require time and money to implement for which doctors are not compensated.

Privacy Concerns have dogged the adoption of Electronic Medical Records but EMRs allow for a number of very real advantages. People with significant or lengthy health / medical records often find it hard to shop for doctors. EMRs allow an easier transfer of information for people seeking specialists and can greatly reduce the number of expensive tests required for a person.

Doctors can debate, but it looks as if Electronic Medical Recprds are here for the longterm. The American Recovery and Reinvestment Act states that every American should have an electronic medical record by 2014. The Obama administration is looking to speed the transition by providing financial incentives, up to $65,000 apiece to eligible physicians, starting in 2011.

Wired magazine has a good article about EMRs that further discusses additional ramifications and concerns.

For a somewhat opposing view on the problems with implementing EMRs, BusinessWeek has an interesting story.

While some companies fail to implement the most rudimentary of security measures, an increasing number of companies are experiencing data breaches despite sophisticated security measures.

As the economy continues to slump, security breaches continue to rise at an ever increasing rate.