VA Data Exchange Practices Lack Security

Molly Bernhart Walker | FierceGovernmentIT | October 25, 2012

Veterans Affairs Department medical centers are not effectively or securely sharing data with research and university facilities, according to an Oct. 23 VA office of inspector general report (.pdf).

"VA's data governance approach has been ineffective to ensure that research data exchanged are adequately controlled and protected throughout the data life cycle," write report authors.
The department regularly exchanges medical and patient information with external organizations for healthcare services and collaborative research studies. But auditors say medical centers lack an accurate inventory of research data exchanged, knowledge of where data is housed and assessments of the sensitivity levels of the data.

For example, one university provided teleradiology services to VA without formal documentation establishing a network connection, authorizing the types of data exchanged or defining data security roles and responsibilities, say report authors.