Sharing and Securing Veterans Health Data

Published: December 03, 2014

Health CareHealth ITVA

According to VA’s CIO Steph Warren, for the VA, information security is all about people, process and paper. Securing VA health information involves risk balance.

Warren’s remarks were aimed at a ballroom full of Health IT professionals on Tuesday at AFCEA Bethesda’s Annual Health IT Day. 

According to statistics from an October information security activity report released by Warren, VA blocked over 12 million intrusion attempts, contained or blocked over 200 million occurrences of malware, and blocked over 70 million suspicious/malicious e-mails.  No veterans were affected by these threats or attempts.  However, the same report shows 52 lost or stolen devices, 131 lost PIV cards, 135 mishandled incidents and 155 mis-mailed incidents affecting 765 veterans in the same time period.

One of VA’s biggest security problems is paper.  Once the information is printed, it becomes harder to secure.  The document can be inadvertently left somewhere, misplaced, or lost. 

VA is addressing security vulnerabilities with the following initiatives:  

  • Defense in Depth 
  • Continuous Monitoring  
  • Einstein 2 and 3A  
  • 100% Device Encryption  
  • Secure Access through Mobile (Citrix)

VA is also responsible for securing 600,000 medical devices which carry unique risk balance challenges due to complexity, and HIPPA and FDA regulations.   

Sharing data is also a high priority for VA, not only with DoD, but also with outside third party providers.  For example, Walgreens is sharing data with the VA.  If a veteran gets a flu shot at a Walgreens, it is added to his/her electronic health record in VistA. 

Below are FY 2014 milestones achieved to increase interoperability with DoD:  

  • Joint Legacy Viewer (JLV)  
  • Health Management Platform (HMP)  
  • VistA Standardization  
  • Immunization 
  • Application Programming Interface (API)

Planned milestones for further interoperability:  

  • Ongoing integration of DoD and external provider data  
  • New ONC certified EHR platform  
  • Deployment of view-only eHMP  
  • Clinical improvements for patient safety decision support, communication and population health  
  • Begin VistA scheduling deployment

DoD and VA are currently sharing data, but it’s not integrated.  Right now, DoD data is in a separate tab.  They are working to blend the data into a single view and add read/write capability.  Janus (Joint Legacy Viewer) is the current viewer.   eHMP is the replacement for Janus.

VA’s priorities for FY 2015 include driving down the claims backlog with the Veterans Benefits Management System (VBMS), VistA Evolution, OneVA by providing one website with single login credentials, and infrastructure.  These priorities will be dependent on VA’s appropriated IT budget.