The Veterans Affairs Department is facing a new challenge when it comes to cybersecurity: letting doctors access patient data outside the workplace. VA CIO Bake...
wfedstaff | June 3, 2015 2:06 pm
By Max Cacas
Reporter
Federal News Radio
The Department of Veterans Affairs is trying to come to terms with a new challenge when it comes to medical records: should it allow young medical doctors some flexibility to use newly available Web tools to help them care for their patients?
Just about anyone who uses a computer and the Internet these days is familiar with online services that lets users store and share things like word processing documents and spreadsheets. And VA Assistant Secretary for Information and Technology and chief information officer Roger Baker is now trying to set official policy on whether such applications can be used in limited circumstances when accessing veterans’ personal information.
Baker said VA first became aware of this new challenge in August when someone noticed a computer running at a New York VA facility, with the screen displaying an open website containing what looked like a patent’s first and last name, part of a social security number and some medical information.
Baker said the issue is doctors and nurses need to have access to certain information about the patients in their care for two reasons:
Baker said VA has provided tools with that kind of functionality at VA facilities.
“What’s becoming very clear to us is that in this very mobile world, our tools are not exactly what our doctors need,” he said.
Baker outlined the incident in his monthly ‘data breach’ conference call with reporters, in which he discusses everything from lost Blackberries and stolen laptops, to misplaced paper files.
He said says that following the initial report, VA conducted a data call to determine if there were any other medical Centers where residents were taking some of their patient information with them at the end of the day.
“We have folks saying that at least at nine different sites, that they’re utilizing these kinds of tools,” he said.
Rather than see this as a deliberate breach in data security, Baker instead said the issue is one of adapting VA patient data policy to the doctor’s ability to use data just about anywhere using mobile devices such as BlackBerrys and iPhones – practices doctors have been accustomed to through apps developed for use in many top medical schools.
“There are folks that have been especially good at creating applications and devices for medical use, and they’re highly attractive in the private sector,” Baker said. “The VA is quite a bit tighter about what we will allow.”
Baker credited the doctors involved for stepping forward to explain their use of these external websites for data storage, saying they have been extremely helpful to his investigation.
He said on examination, a number of the sites, which have been developed for use by security-conscious medical professionals, are already well-secured.
“In every instance at this point, we’ve been able to find that they are password-protected,” he said. “One of the things we have found is that one or more of these sites actually have achieved Federal Information Security Management Act review, and FISMA approval.”
Because of that, Baker said VA now is considering whether to permit limited use of these cloud sites.
“It may well be that in a significant policy change, we may decide that the use of those external websites, to allow access to certain information that these doctors have to have, we may decide to approve that under certain fairly tight policies and guidelines,” he said. “It would be a big change for the VA, and it’s something we’re going to have to look at from a due diligence and deliberation standpoint.”
Baker said no decision is imminent whether doctors will be able to continue to use these offsite medical document applications, but VA’s investigation and discussions over the issue are continuing.
(Copyright 2010 by FederalNewsRadio.com. All Rights Reserved.)
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.