VA whistleblower emails vets’ PII to himself
According to the Salina Journal, a whistleblower who is also an employee of the Veterans’ Affairs Department has emailed personally identifiable information (PII) of veterans being treated in Colorado to himself, causing the VA to warn more than 2,100 veterans in Eastern Colorado and parts of Kansas that their PII may have been compromised;
An agency employee told The Associated Press that he is the person who emailed the information to himself, describing it as unauthorized wait lists used by VA health care facilities in Colorado. The employee, who spoke on condition of anonymity because he fears retaliation, said he wanted to document the lists because they could have been used to conceal lengthy delays in providing care.
In Wednesday’s warning to veterans, the VA said the potentially compromised information included veterans’ full names, the last four digits of their Social Security numbers and medical diagnoses. The agency said the employee emailed it to himself in unencrypted form.
Enough blame for everyone here. The VA apparently hasn’t abandoned their secret wait lists and there’s at least one employee who thinks that storing PII outside a secure system is OK to prove his allegations.
Category: Veterans' Affairs Department
I’m sure he’ll throw out the Hillary Defense. “I didn’t intend to compromise their PII, only to keep it because it was more convenient for me.”
Well, I hope each Veteran will be notified promptly and that each will sue the shit out of both the employee and the VA. Whatever the motive, that information is not for the personal use of any employee, period. I haven’t considered the causes of action but I am 100% confident several exist. $10,ooo per Veteran seems like a good number to me. In fact, leave the attys out of it. Unilaterally authorize the payment.
Realize this will be about the 5th or 6th time someone gets a letter about their information being spilled just in the last 3-4 years.
I think all of us who work, or worked for the government should get lifetime identity theft protection at this point.
The difference this time is that there was no hacking involved and this was not error or oversight. The employee took the data and VA evidently has no security wall to prevent that from happening.
Just because it’s the VA doesn’t exclude that entity from HIPAA rules, does it?
No, VAH and as a health isnurance provider is beholden to HIPPA–and frequently violates it.
I got a freebie three year coverage starting about a year ago. Seems my info when I applied to the VA was ripped. BTW, that info was the SECOND time my info was stolen.
Another reason to clean house at the VA and start all over. The way they handle PII and lie about appointment wait times is embarrassing.
I’m with MSG Eric – lifetime identity theft protection for anyone that has worked for the government.
Not so fast, here. As a Federal employee, I’ve forwarded emails to a Gmail account that substantiated agency wrongdoing in order to protect them from deletion by the agency involved. Lo and behold, those emails disappeared from several Outlook accounts and lo and behold, there were some red faces and adverse actions taken against the wrongdoers when the copies of emails were produced.
Granted, none of those emails contained PII but I can see this guy’s point for what he did. I wouldn’t crucify the guy just yet since we still don’t know if his allegations are substantiated.
What should he have done? Notified his chain of command? Please hold while I laugh out loud.
Grunt. I can think of several options off hand.You say, “Granted, none of those emails contained PII” but therein lies the fey distinction.
All of the options I can think of include removal of the data from the government system. There just is no way to protect such data from government misuse except to move it to a location where those admins have no reach.
Because our IG and Internal Control system all still operate as if it is perpetually 1942, there is no way to safeguard data and information from misuse, deletion, alteration, etc without physically moving the digits.
What is particularly appealing about email is the audit trail inherent in the way email systems forward and check messages for integrity. An advantage simply moving data to a drive or folder does not provide.
Until the government gets serious about automated record handling there is going to be fraud in the system. In an unfortunate fact of this condition, emailing data out of the system is probably not going to stop.
25X summed up my argument. Sometimes the only way to ensure that information the government wouldn’t like offered up for public consumption is to remove said data from government control.
Could it be done better? Sure. The article references names, last 4 of SSN, and medical diagnoses as the information removed. I’m not sure that I would be okay with that…then again, we are only hearing one side of the story.
k and f are nowhere near each other on my keyboard. Don’t ask me. I don’t write this stuff. I just type it for my idiot boss.
I’m so glad I still have tricare prime. But on the flip side I haven’t had that many issues with the VA as of yet and if I need outside care they offer to send me to a private Doc. I try to keep it simple if it gets to that and just use da tricare
What a dumbass!! Okay, great the VA is a fucking joke in so many ways, and this “whistleblower” is the epitome of all that is wrong at the VA. He thinks he is doing the right thing, but what he does is violate numerous laws and put at risk Veterans to have their Identities stolen, and the Health care information is out there now too.
I cannot even email a patients name to another employee without encrypting it first. Mistakes happen, but this wasn’t a mistake. It was a deliberate act.
The “secret wait list”; this shit is still going on? What in the actual f*&^?
There is absolutely no reason for it. I work in one of the busiest VISNs, and we have not had to deal with these issues because the powers that be made sure it was done right. When corrections were needed they were made.
Not saying we have all perfect employees, far from it. I can think of a large number of people who should have been let go, but are still here stealing oxygen. That is because they just suck, nothing criminal.