Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
VA wrestles with portable medical data storage
Monday - 9/20/2010, 7:04am EDT
Federal News Radio
The Department of Veterans Affairs is trying to come to terms with a new challenge when it comes to medical records: should it allow young medical doctors some flexibility to use newly available Web tools to help them care for their patients?
Just about anyone who uses a computer and the Internet these days is familiar with online services that lets users store and share things like word processing documents and spreadsheets. And VA Assistant Secretary for Information and Technology and chief information officer Roger Baker is now trying to set official policy on whether such applications can be used in limited circumstances when accessing veterans' personal information.
Baker said VA first became aware of this new challenge in August when someone noticed a computer running at a New York VA facility, with the screen displaying an open website containing what looked like a patent's first and last name, part of a social security number and some medical information.
Baker said the issue is doctors and nurses need to have access to certain information about the patients in their care for two reasons:
- One is that they're frequently working at multiple hospitals during the day, and they need to discuss a patient if necessary from outside our facility with someone who is providing that patient with care.
- And for professional reasons, for their certifications, health care professionals need to track what roles they played in surgeries, so that when they go for their board certifications, they've got a full documentation of what they've done.
Baker said VA has provided tools with that kind of functionality at VA facilities.
"What's becoming very clear to us is that in this very mobile world, our tools are not exactly what our doctors need," he said.
Baker outlined the incident in his monthly 'data breach' conference call with reporters, in which he discusses everything from lost Blackberries and stolen laptops, to misplaced paper files.
He said says that following the initial report, VA conducted a data call to determine if there were any other medical Centers where residents were taking some of their patient information with them at the end of the day.
"We have folks saying that at least at nine different sites, that they're utilizing these kinds of tools," he said.
Rather than see this as a deliberate breach in data security, Baker instead said the issue is one of adapting VA patient data policy to the doctor's ability to use data just about anywhere using mobile devices such as BlackBerrys and iPhones - practices doctors have been accustomed to through apps developed for use in many top medical schools.
"There are folks that have been especially good at creating applications and devices for medical use, and they're highly attractive in the private sector," Baker said. "The VA is quite a bit tighter about what we will allow."
Baker credited the doctors involved for stepping forward to explain their use of these external websites for data storage, saying they have been extremely helpful to his investigation.
He said on examination, a number of the sites, which have been developed for use by security-conscious medical professionals, are already well-secured.
"In every instance at this point, we've been able to find that they are password-protected," he said. "One of the things we have found is that one or more of these sites actually have achieved Federal Information Security Management Act review, and FISMA approval."
Because of that, Baker said VA now is considering whether to permit limited use of these cloud sites.
"It may well be that in a significant policy change, we may decide that the use of those external websites, to allow access to certain information that these doctors have to have, we may decide to approve that under certain fairly tight policies and guidelines," he said. "It would be a big change for the VA, and it's something we're going to have to look at from a due diligence and deliberation standpoint."
Baker said no decision is imminent whether doctors will be able to continue to use these offsite medical document applications, but VA's investigation and discussions over the issue are continuing.
(Copyright 2010 by FederalNewsRadio.com. All Rights Reserved.)