According to a recent article jointly produced by ProPublica and NPR, privacy violations within the VA between 2011 and 2014 nearly doubled from 1,547 to 3,054. These violations are causing some veterans to question just how safe the VA keeps their medical data.
Well aware of privacy concerns, the VA released a statement that read in part, “inappropriate access of patient health records, either during or post treatment, is absolutely unacceptable and in violation of privacy laws and regulations, VA policies and procedures, and our principles,” according to the statement. “To protect against improper access and disclosure, VA’s VistA electronic health record, and other VA information systems, have built-in safeguards to ensure patient privacy.”
For example, whenever a VA employee pulls up an individual’s medical record, VIstA generates a Sensitive Patient Access Report that logs the viewer’s identity and the time of access. The VA also requires that all employees and contractors complete privacy and information security training annually, and more than 500,000 staff members must sign VA’s Rules of Behavior, which confirms that these users are aware of, and will comply with, safeguarding requirements for protecting veterans’ private medical information.
“The challenges VA is facing are similar to those experienced across public and private sectors, and we are continuously striving to better protect veteran data,” according to the VA statement. “VA is also transparent in its handling of privacy incidents, both by contacting veterans directly as provided by law, as well as posting monthly reports to the VA website containing a sampling of reported incidents.”
Despite the efforts, some veterans are not satisfied. “I don't trust them,” said veteran Anthony McCann in an interview with ProPublica. “They don't do what they say they're going to do.”
In 2014, McCann received a package containing more than 250 pages of medical information concerning another veteran’s mental health. At a town hall meeting with the director of the VA's Tennessee Valley Healthcare System in attendance, McCann alerted the director to the violation but refused to turn over the documents, citing his belief that the VA lacked the ability to keep this information private. Complicating matters, McCann also claimed that this was not the first time he had received another veteran's private medical records in the mail.