A Medical Device Daily

A key foundation principle of the use of electronic health records (EHRs) is that they are secured and private, accessible only to the individual and to those healthcare personnel authorized as needing access to them for healthcare purposes.

That principle might have been brought into considerable doubt recently with a report from theDepartment of Veterans Affairs (VA; Washington) that one of its data analysts, in unauthorized fashion, carried to his home electronic data from the department and that this data was then stolen from him.

According to the VA: “This data contained identifying information including names, social security numbers, and dates of birth for up to 26.5 million veterans and some spouses, as well as some disability ratings.”

VA data is one of the largest repositories of information concerning the health histories of veterans, but the department assured veterans as follows: “Importantly, the affected data did not include any of VA's electronic health records nor any financial information.”

The VA said that employee identified as having taken the information has been placed on administrative leave pending the outcome of an investigation.

The VA said that law enforcement agencies, including the FBI and the VA Inspector General's office, have launched what it termed as “full-scale investigations into this matter. Authorities believe it is unlikely the perpetrators targeted the items because of any knowledge of the data contents. It is possible that they remain unaware of the information which they posses or of how to make use of it.”

But the VA said that it is using “an abundance of caution” to inform veterans of these circumstances and inform them “of the steps they may take to protect themselves from misuse of their personal information.”

James Nicholson, the secretary of Veterans Affairs, said he has briefed the attorney general and the chairman of the Federal Trade Commission, co-chairs of the President's Identity Theft Task Force on the situation.

And he issued a letter to veterans saying that he was “outraged at the loss of this veterans' data and the fact an employee would put it at risk by taking it home in violation of our policies. I am also concerned about the timing of the department's response once the burglary became known. I will not tolerate inaction and poor judgment when it comes to protecting our veterans. We are engaged in a very extensive review of individuals up and down the chain of command.”