• Categories

  • Archives

    « Home

    GovHealthIT: Electronic data breaches fade from VA security reports

    GovHealthIT reports on the improved security for data privacy at the Department of Veterans Affairs:

    Each month, Roger Baker, CIO of the Veterans Affairs Department, briefs reporters about the previous month’s electronic and paper data breaches and near misses. It used to be a lively discussion mostly about human gaffes with technology that had potentially negative consequences for sometimes a large number of innocent individuals.

    Over time, however, the data breach reports have become, to be honest, rather boring.

    Data breaches now occur only with paper records, for example in the June report (PDF), a total of nine mis-mailed prescriptions out of 6,305,975 total packages mailed out from VA’s outpatient pharmacy. […]

    A major reason for the improvement in electronic health information security is that VA has now encrypted all its laptops, save the few that are not used for information operations. […]

    Private and public healthcare organizations must report to the Health and Human Services secretary and to the public when data breaches affect more than 500 individuals. Four VA data breaches appear among 479 incidents on the Office of Civil Rights “Wall of Shame”. Only one involved a laptop, which was stolen in 2010 from a VA contractor, which later installed encryption on its computers.

    As a result of VA’s 2006 data breach involving the theft of a laptop containing the data of millions of veterans, and which was subsequently recovered, the department started to encrypt its computers as they were replaced and updated.

    VA also consolidated its IT under the department CIO, set stringent privacy and security policies and procedures and stepped up employee training. […]

    With information moving to smart phones, VA has also put in place a mobile device manager to foster information security for the 1,000 iPhone devices that are in the initial rollout. A more robust mobile device manager that will be able to handle the many thousands more anticipated mobile devices is now in procurement. Existing password-protected Blackberry smart phones can be wiped clean if they are lost or stolen.

    Leave a Reply