The Electronic Adjudication Management System (EAMS) is California’s digital platform for handling workers’ compensation appeals, but its public access system has a major flaw that could jeopardize the privacy of thousands of claimants. Despite years of use and recent security upgrades for trading partners, the public-facing portion of the EAMS system still allows virtually anyone to search case records with no verified identity and zero accountability.

Launched in 2008 as a modernization of the older EDEX platform, EAMS was intended to streamline the process of filing and reviewing workers’ compensation claims in California. But more than a decade later, the platform’s most accessible feature—the public search portal—remains alarmingly insecure.

How the Public Portal Works

The EAMS public access site, located at https://eams.dwc.ca.gov/WebEnhancement, allows users to look up certain case details by submitting a simple form. The form asks for a first name, last name, email address, and the reason for accessing case information. On the surface, it appears to enforce responsible use of the platform. In practice, the system accepts virtually anything typed into these fields—real or fictional.

Tests on the system have shown it will allow entry with names like “Santa Claus” or random keystrokes such as “eodoijddd.” Even the email field can be filled with fake addresses, and there is no verification process to confirm user identity. Once submitted, access is granted immediately—no follow-up, no email confirmation, and no usage logs.

Why This Is a Big Deal

The ease of access means that sensitive case records can be searched by anyone with internet access and a moment of curiosity. There’s no way for a claimant to know if someone has viewed their case. There’s no internal log tracking what was searched or by whom.

In most digital systems that handle sensitive data, especially involving medical or legal records, access control and audit trails are basic security features. Yet EAMS has operated for years without these protections in place for public users. In today’s data-conscious world, where privacy breaches make headlines, this kind of open-door policy feels shockingly outdated and dangerous.

Recent Upgrades Ignored the Real Problem

In October 2024, California’s Division of Workers’ Compensation (DWC) implemented system-wide upgrades to improve infrastructure security and streamline file transmission for authorized trading partners. Passwords were reset, server protocols improved, and backend systems were reinforced.

But while these enhancements helped improve data transmission between law firms, claims administrators, and government entities, they did nothing to address the glaring hole in the public search portal. Shortly after the upgrades, a test using the name “Boo-Boo Bear” proved the flaw still existed—highlighting the disconnect between backend improvements and public-facing security.

Transparency vs. Privacy

EAMS was designed with transparency in mind. Allowing public access to workers’ compensation records helps legal teams, employers, and even the media verify claims. However, that transparency should not come at the expense of basic digital safeguards.

It’s possible to maintain public access while still implementing accountability. Requiring email verification, limiting the number of searches per IP address, or even logging user entries for internal audit purposes are all feasible steps. Many government systems already use these simple techniques to strike a balance between openness and responsibility.

Ethical Risks and Legal Gray Areas

Perhaps the most troubling issue is how the EAMS system might be used to violate employment laws. Although it’s illegal in many circumstances to base hiring decisions on a person’s workers’ compensation history, EAMS gives employers a tool to do just that—without any trace of misuse.

There’s no clear safeguard preventing unethical employers from running a background search on potential hires. And because there’s no logging, no one is ever held accountable. The result is a quiet erosion of both claimant privacy and the legal protections meant to shield them.

What Needs to Change

California’s DWC must confront this issue head-on. At a minimum, these measures should be implemented:

• Require email verification for public users
• Add CAPTCHA or rate limits to prevent bulk queries
• Internally log all access attempts for accountability
• Restrict access to case summaries based on role or licensing
• Review case eligibility for public search and limit overexposure

Implementing these changes wouldn’t eliminate transparency. Instead, they would modernize the system in line with current digital privacy standards.

Trust Is on the Line

For claimants, knowing that their legal history is accessible to anonymous users can be distressing. Many workers’ compensation cases involve physical trauma, emotional stress, and financial hardship. Leaving this data open to anyone—even fake users—can feel like a second injury.

The longer the loophole remains unaddressed, the more it chips away at public trust in California’s workers’ comp system. Reform isn’t just a tech issue—it’s a moral and ethical responsibility.

Conclusion: Time for Responsible Reform

EAMS was built to serve a critical function in managing workers’ compensation appeals, and it has largely succeeded in doing so. But public access without verification or oversight is a security risk that should no longer be ignored.

Technology is not the obstacle—intentional action is. The DWC already has the tools to fix this. What remains is the will to acknowledge the flaw and implement meaningful safeguards. Until then, the system remains wide open, and anyone—real or imaginary—can access sensitive legal data without leaving a trace.