• E-mail
• Print
• RSS

Update on VA data breach: Agency steps up security while search continues

HIPAA Weekly Advisor, July 16, 2007

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

In January 2007, an IT specialist from an Alabama research facility for the Veterans Affairs Department (VA) lost a hard drive containing personal health data on well over a million people. Despite the fact that investigators have since followed "all possible leads", six months later, the drive remains missing. About half of the 1.3 million physicians whose PHI was on the hard drive, as well as 254,000 veterans, are potentially at risk while the hard drive remains at large, reports GovernmentExecutive.com

For the IT specialist whose hard drive went missing, and who subsequently tried to cover up the extent of the data breach, the situation is not resolved. Michael Kussman, VA's undersecretary for health, agreed with the Office of Inspector General's recent recommendation that "appropriate administrative action [be] taken against the IT specialist for his inappropriate actions" according to GovernmentExecutive.com

Since the breach occurred, the VA has increased its security requirements. Effective December, it will require encryption for all portable storage devices used internally, reports Federal Computer Week . While the VA already had similar security measures in place for the removable storage devices (e.g., flash drives) that staff members would take off site, management failed to enforce the regulations.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive