VA data breach reports available online
CIO Roger Baker says the move advances transparency
The Veterans Affairs Department has begun publishing monthly online accounts of its data breaches and lost BlackBerry handheld devices and laptop computers as part of its open government program.
Roger Baker, the VA’s chief information officer, said that the monthly data breach reports are prepared for Congress and have been posted online since April to improve accountability.
“We gain a lot by increasing transparency,” Baker said in a conference call with reporters on Aug. 11.
Lost your BlackBerry? Ooh, you're in trouble now
HHS publishes online list of patient data breaches
Health data breach notification rule starts Sept. 23
Since April, the VA has lost 72 BlackBerrys and 34 laptops, and experienced 441 incidents of patient information sent to the wrong address or otherwise mailed incorrectly, according to figures published in the Monthly Reports to Congress for April through July on the department's Web site.
The VA site also contained quarterly reports of the data breaches. For the second quarter of fiscal 2010, there were 9,746 breach incidents involving notifications to patients, and 2,501 incidents in which credit reporting was required. Credit reporting is used in cases where there is a risk of identity theft.
For the first quarter, there were 1,999 breaches and 3,585 incidents requiring credit reporting.
The data breach reports also track incidents of unencrypted emails being sent containing sensitive patient information and mishandling of data containing sensitive information. In one example, a patient prescription of medication was sent to the wrong address; the packaging contained sensitive information about the patient. In other incident, a patient reported she had received another patient’s appointment information in the mail.
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.