VA watchdog warns of security risks from undocumented PIV cards

PIV cards 

The Veterans Health Administration (VHA) is at increased risk of security breaches because it's not following requirements about documenting personal identity verification cards returned by contract personnel, according to a new inspector general report.

According to the report, a review of 46 professional service and health care resource contracts by the Veterans Affairs Office of Inspector General found that not one had the proper documentation to prove the contractors' personnel had returned their access cards. The IG report published on Tuesday warned that "even if subsequently detected, it could be too late to stop harm in the facility or the misuse or distribution of veterans’ personal information."

Federal Acquisition Regulation guidelines require contracting officers to maintain documentation indicating former contract personnel return PIV cards allowing them access to VA facilities and information systems following their tenure with the agency. The VHA has its own policy also calling for PIV cards to be tracked.

The IG asked VHA to ensure contracting officers record documentation ensuring PIV cards have been returned. Other recommendations called on the agency to establish periodic reviews and new "specific supervisory responsibilities" for contracting officer oversight around the PIV process.

VHA's acting chief Richard Stone agreed with the overall findings but contended in his response to the IG report that it was not the responsible party to oversee PIV processes. According to VHA, revising the process of tracking PIV card issuance and return could involve many offices and agencies including VA's Office of Information and Technology and the Office of Acquisition, Logistics and Construction. VHA said the VA's Identity, Credential and Access Management Executive Steering Committee "can more thoroughly assess the need and develop an agency-wide approach."

Security concerns around agency failures to document PIV returns have been previously reported throughout government, including at the General Services Administration, which failed to account for 15,000 access cards, according to a 2020 IG report.

About the Author

Chris Riotta is a staff writer at FCW covering government procurement and technology policy. Chris joined FCW after covering U.S. politics for three years at The Independent. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president.


  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/Shutterstock.com)

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected