Something just happened here in old Sweden. A doctor sent an email with confidential patient info to a local government office, but fatfingered the adresses, so it ended up with 200 different people at that government office. Problem was, except for the numbers, that the patient he was divulging info about, actually works at that office as well. Embarrassing, to put it mildly. Now they’re discussing what disciplinary measures to apply for fatfingering the destinations.
But the problem here isn’t that he fatfingered the adresses, the problem is that he used email at all. Except that seems to be established practice here. I don’t, btw. I stick to envelopes or encrypted fax.
I got an email account at the provincial healthcare system where I work, but I can’t get at that email account from the outside. I found that pretty dumb. After reading about this case, I changed my mind. Now I find it totally moronic. Allowing me to access it only from inside the provincial healthcare network gives me the impression that it is somehow a local and safe medium, which it is not. I’m perfectly able to send out any confidential information to absolutely anyone in the world, using this system, intentionally or otherwise. The only thing the access restriction actually prevents is… um… normal use?
To be fair, there is the hypothetical danger of someone hacking into my email account from the outside, to get at confidential information that someone else may have sent me and that I haven’t, for some reason, deleted, but compared to the danger of me actively sending out information by mistake to the wrong people, like a mailing list or a group adress, it’s negligible. No egress filtering is in place that I know of.
There is one useful solution to all this, namely a messaging feature in the electronic health care record system, since that automatically limits distribution to other authorized users of the system itself. But in our case, that function disappeared when they changed out our old system for a new and “improved” one.
In conclusion, I’ll claim that limiting outside access to the mail system like this is an illconsidered and useless move, more likely than not to be counterproductive.