Tag Archives: health records

Security breach costs US CIO his job

By David Bicknell

Beware of data security – a breach can cost you your job.

According to Government Technology, a breach of health data within the Utah Department of Health in the US has cost the state’s CIO, Steve Fletcher, his position.

Fletcher’s departure was part of Utah Governor Gary Herbert’s actions following the breach, which was discovered on April 2 and is believed to have compromised 280,000 Social Security numbers other personal information of an estimated 500,000 people, including names, addresses, birth dates and some details contained in patient health records.

In response to the data loss, Utah has now started a comprehensive security audit of the state’s technology systems and created a new position of “health data security ombudsman.”

The data breach was found to have occurred on March 30, and is believed to have been caused by a weak password that allowed hackers to break through the department’s security and steal the personal information of as many as 780,000 people.

Government Technology reported that the breach was regarded as ‘preventable’, and that the incident shows that greater funding is needed to protect government’s IT systems.

At the same time, it shows the problems CIOs – in both the public and private sectors – face in trying to put adequate protection in place to prevent security breaches before they occur.

The problem is that if you ask for security funding before anything has happened, the request risks being rejected by executives. And if you wait until a breach occurs, as in the latest Utah case, it’s a bit like shutting the gate after the horse has bolted.

Dept of Technology Services CIO resigns over UDOH data breach

Veterans Affairs lines up contractors for landmark health records IT project

By David Bicknell

A US IT project is being developed to provide  US military veterans with instant electronic access to their health and benefits information and other services.

According to Federal Times, the Veterans Affairs Department is now working with companies it already has on a $12 billion information technology contract to help it develop the Virtual Lifetime Electronic Health Record (VLER)

Last July, Veterans Affairs awarded 14 contractors, including CACI, Harris and Hewlett Packard Enterprise Services, a place on the departments Transformation Twenty-One Total Technology( T4) programme. The 15th and final spot is reported to have gone to SAIC.

Under the “five-year indefinite-delivery, indefinite-quantity task-order contracts”, vendors will provide program management and strategy planning, systems and software engineering, and other support.

The T4 contract has already been the subject of multiple bid protests – presumably because it appears so lucrative – including one filed last year Standard Communications in the U.S. Court of Federal Claims.

According to Federal Times, “nearly 39,000 US military veterans in 12 regions across the country — including Indianapolis, Richmond, and San Diego — have signed up to have their health information shared electronically among the Veterans Affairs, the US Department of Defence (DoD), and private health care providers.

“When participating veterans receive care, their physicians can request their laboratory results and other health data using the Nationwide Health Information Network (NwHIN), a project led by the Health and Human Services Department to provide a secure, standards-based method of sharing health information over the Internet. However, veterans must first agree to have their health information shared.”

The next project milestone for VLER will be this summer when Veterans Affairs and DoD decide how to expand health information exchange pilots nationwide.

Will the project succeed? It’s too early to say, although there are already some suggestions that the project has too many mouths to feed. One comment on the story so far argues that (the project) “has way too many contractors and staff involved. As we say, there are too many chiefs and not enough workers. It’s my bet that we will be talking about the 100 million dollar failure of the EMR at the expense of the US Taxpayers with in the year. They aren’t even getting the right type of people involved in the process. This is mainly a group of systems geeks and executives. They are leaving out the Health Information Management Professionals and the Medical providers…. it’s a boon doogle from the start, but at least the contractors are making money.”

Links

VA announces expansion of Virtual Life Electronic Record

10 Lessons Learned from Linking VLER to private health orgs

Veterans Affairs CIO on VLER progress