Palo Alto VA failed to thoroughly vet vendor before handing over PHI

A review from the VA Office of Inspector General found the VA Palo Alto Health Care System potentially compromised the protected health information and other sensitive information of VA patients after granting a third party contractor access to data without formal authorization.

The VA OIG received an allegation in October 2014 that the VA Palo Alto Health Care System inappropriately shared the information of patients. After a review, the OIG determined there was a signed agreement between the health system and health technology company Kyron to conduct a pilot program testing Kyron's extraction software on a VA server using de-identified VA patient information.

The OIG's review indicates the VA's chief of informatics "failed to ensure Kyron personnel met the appropriate background investigation requirements before granting access to VA patient information." The review also found the chief of informatics did not carry out the VA's required security and privacy awareness training with Kyron's personnel.

Additionally, the OIG said the VA's regional information security officers did not carry out their responsibilities as they did not provide PAHCS guidance on information security matters by not coordinating, advising or participating in developing and maintaining a security documentation or system risk analysis before Kyron implemented its software on the VA server.

"The lack of coordination between the chief of informatics and ISOs in executing the Kyron agreement potentially jeopardized the confidentiality of veterans' [PHI] and other sensitive information," according to the review.

More articles on data breaches:

Premera has incurred 38 lawsuits since March disclosure of data breach
The OPM and UCLA breaches: 5 lessons learned
Insider data breach: Former CVS employee compromises data on nearly 55k individuals

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars