Skip to main content

VA suspends contractor over patient data security

  • Story Highlights
  • Unidentified transcription company failed to follow policy, department says
  • Patient information was vulnerable but never breached, VA says
  • Incident sparks examination of other contractors' practices
  • Next Article in U.S. »
From Adam Levine
Decrease font Decrease font
Enlarge font Enlarge font

WASHINGTON (CNN) -- The Department of Veterans Affairs has suspended a contractor for failing to follow the department's policies for securing sensitive data about patients, the department said Thursday.

"When we detect a problem, ... we will quickly fix it," VA Secretary Eric Shinseki said.

"When we detect a problem, ... we will quickly fix it," VA Secretary Eric Shinseki said.

A routine inspection revealed that a transcription contractor, with access to information including name, Social Security number and diagnosis, was using computers that did not follow guidelines for protecting the data.

"VA insists that contractors, as well as our own personnel, adhere to the highest standards for protecting personal information," Secretary of Veterans Affairs Eric K. Shinseki said in a written statement.

"When we detect a problem, as happened in this case, we will quickly fix it, and we will ensure such problems are not happening elsewhere."

The company, unidentified but described by VA spokesman Phil Budahn as handling a regional contract, was hired to transcribe recordings made by doctors and other health professionals during examinations and surgeries for inclusion in patient records.

"There is no evidence that any patient information was disclosed as a result of the violation," the VA said.

The contractor in question has been suspended from handling such services until it is in compliance with the VA guidelines, Budahn said.

The incident has sparked an examination of other contractors, starting with other transcription contracts and other companies that handle medical information "to see if there is something more here," Budahn said.

The VA, which runs the largest health care system in the country, has moved aggressively to create an all electronic medical and personnel record system.

The breach, Budahn said, did not expose information like the 2006 loss of a VA laptop that contained personal information on millions of veterans. That incident led to a recent $20 million settlement.

In this case, Budahn explained, it is not a question of information "floating out there." The VA can trace who is handling the information, he said.

Also in 2006, government investigators found that the VA's overseas contractors were handling personal information with lax security and oversight. The VA no longer uses international contractors, Budahn said.

President Obama has called for electronic record-keeping through the U.S. health care system. The VA's newly discovered vulnerability could work against that ambition.

All About U.S. Department of Veterans AffairsComputer SecurityHealth Care Issues

  • E-mail
  • Save
  • Print