If after the Healthcare.gov debacle, there’s still any confidence that centralized Federal systems are secure and trustworthy, please read this HealthcareITNews tally of the multiple data breaches and HIPAA violations taking place at the US Department of Veterans Affairs (VA).
From 2010 through May 2013, VA department employees or contractors were responsible for 14,215 privacy breaches affecting more than 101,000 veterans across 167 VA facilities, including incidences of identity theft, stealing veteran prescriptions, Facebook posts concerning veterans’ body parts, and failing to encrypt data, a Pittsburgh Tribune-Review investigation revealed.
The two-month investigation by the Pittsburgh Tribune-Review published this weekend found that the VA led the way in HIPAA violations–17 in the past few years–for reasons centering on lack of accountability, shoddy safeguards, sloppiness in handling data and failure to encrypt data even after the 2006 theft of a laptop put records of 26.5 million veterans in danger. There are few firings, disciplinary actions or HHS fines.
This should put telehealth and telemedicine providers on notice that their encryption will have to be ‘stronger than the VA’, as both they and Department of Defense (DOD) are the single largest users of telehealth in the US.