Patient privacy concerns lead VA to test cloud application

The Department of Veterans Affairs (VA) is testing an unnamed commercial "cloud" application that will allow VA employees to share data in the cloud without compromising the personal health information of patients, according to a report in FierceGovernmentIT. VA Chief Information Office Roger Baker said a few months ago that this option would be available by the end of the summer.

The department's monthly reports to Congress have mentioned infractions of security rules involving unauthorized use of web-based solutions outside of the VA information system. Employees reportedly stored personally identifiable health data in commercial cloud collaboration applications such as GoogleDocs and Yahoo Calendar.

In one case at the Indianapolis VA hospital, a spreadsheet uploaded to EditGrid included the names and diagnoses of 184 patients. While the spreadsheet was password-protected, the site didn't use secure hypertext transfer protocol.

According to Baker, the new cloud application will require employees to be authenticated and to enter the website directly from the VA system. The commercial site will include a separate VA section that is completely secure.

"We're able to offer the service to our folks, not as a VA-customized version, or one that we brought in house, but one that is the authentic version of the cloud software," Baker said during a July 25 press call. "I would hope that once we've proven that with that vendor we can expand it to others and just be able to offer access to those services."

Baker has said all along that the VA doesn't want to develop its own cloud software. "I can guarantee you it would not be as good and it would not be as popular" as the commercial version, he said at a press briefing in April.

To learn more:
- read FierceGovernmentIT's story
- listen to the most recent VA press briefing
- check out this VA data breach report 

Suggested Articles

Epic CEO Judy Faulkner has big concerns about two federal interoperability rules, primarily that the rules undermine patient privacy.

Banner Health has agreed to pay up to $6 million to victims of a 2016 data breach as part of a proposed settlement, according to court documents.

Fitness tracker company Fitbit is teaming up with a Medicaid plan in Georgia to encourage beneficiaries to better manage their chronic conditions.