The Electronic Adjudication Management System, or EAMS, is California’s digital gateway to the Workers’ Compensation Appeals Board (WCAB). It’s meant to streamline and manage case data electronically. But despite recent upgrades to improve security for trading partners, the public-facing portion of EAMS remains surprisingly vulnerable.
In fact, nearly anyone can search case records using made-up names and unverified email addresses—and there’s no trace of who performed the search or why. The loophole has existed for over a decade and still hasn’t been addressed in the system’s public access portal.
What Is EAMS and Why Does It Matter?
EAMS has been the official case management platform for the WCAB since November 17, 2008. Before that, California used the Electronic Data Exchange System (EDEX) from 1994 to 2008. EAMS was intended to modernize the way workers’ compensation claims are filed, reviewed, and managed.
One of its features is public access to certain case records—useful for attorneys, employers, and claims administrators verifying case history. That portal can be found at:
https://eams.dwc.ca.gov/WebEnhancement/
To use the system, all a person needs to do is fill in a short form: first name, last name, email address, and the reason for their search. But there’s a major flaw—none of that data is verified or monitored.
A Public Portal Open to Everyone—Literally
The most surprising part of the EAMS portal is how little scrutiny it applies to user credentials. You can input real information, or simply make it up—and you’ll still be granted access.
In testing the system, users have successfully logged in using names like “Santa Claus,” “Easter Bunny,” and even nonsensical entries such as “eodoijddd” for the first name and “dkwowo” as the last. The email field accepts gibberish too, and there’s no confirmation link sent to verify the address.
This means anyone, whether or not they have a legitimate reason, can access workers’ compensation case summaries with no audit trail. Even employers looking into job applicants’ claims histories—despite ethical and legal concerns—can search anonymously.
Why Is This a Concern?
This loophole raises serious questions about privacy, accountability, and data integrity. For one, claimants whose cases are publicly viewable through EAMS have no way to know who accessed their file, when it happened, or for what purpose.
In most modern databases, logging and access control are basic security features. But the current EAMS system doesn’t log public searches, allowing complete anonymity. That’s a problem in an age where data privacy is under intense scrutiny and misuse of personal information can have serious consequences.
Recent Upgrades Didn’t Fix the Problem
In October 2024, California’s Division of Workers’ Compensation (DWC) upgraded the EAMS server infrastructure. These improvements were aimed at enhancing file transmission security, especially for trading partners and authorized users. Passwords were reset, and system performance was optimized.
However, none of these upgrades extended to the public access portion of the site. Shortly after the update, an employer tested whether the access issue was fixed. The result? They successfully logged in using the name “Boo-Boo Bear.”
This confirmed that even after significant infrastructure investments, the same security gaps remain in place for public users.
Should Public Access Be Restricted?
EAMS is designed to promote transparency and accessibility in California’s workers’ comp system. But transparency should not come at the expense of basic cybersecurity and accountability. There’s a strong case to be made that public users should have to register with verified credentials—at minimum, a confirmed email address.
Many other government databases already require two-factor authentication or professional licensing information for access. EAMS could easily adopt similar protocols to protect both user and claimant interests.
Moreover, tracking public access doesn’t mean making searches visible—it simply means keeping a record internally to identify misuse, if it occurs.
Legal and Ethical Implications
The lack of monitoring on EAMS searches may inadvertently open the door to discriminatory hiring practices. While it’s unlawful in many cases to base hiring decisions on workers’ compensation history, the temptation to use this tool as a screening mechanism is real.
With no logs or oversight, unethical users can search at will and never be identified. This undermines the intent of both workers’ comp protections and employment laws.
It also weakens public trust in the system. Claimants may feel exposed or vulnerable, especially if they’ve been through traumatic injuries or disputed claims. The current system leaves their data unguarded against unwarranted curiosity.
Will DWC Address the Flaw?
So far, the DWC has not publicly acknowledged the continued open access loophole in EAMS. While the October 2024 upgrades were a step forward for internal operations, they failed to address the most glaring issue with the public portal.
Legal experts, claims administrators, and compliance professionals are increasingly raising awareness about the need for reform. At Friedman + Bartoumian, a leading firm tracking these developments, updates are being closely monitored for any signs of change.
Until the system is updated to verify user identities and log access, the question remains: what’s the point of having a sign-in form that lets anyone in without checking who they are?
Final Thoughts
EAMS serves a critical purpose in making workers’ compensation data available to the public. But public access without safeguards risks violating privacy, enabling misconduct, and damaging trust in California’s compensation system.
The technology exists to fix this. What’s missing is the urgency and accountability to make it happen. Until then, anyone—even Boo-Boo Bear—can search a claimant’s records without leaving a trace.
