The use of firewalls and increased encryption to protect data transmissions between various operational systems and warehouses are among several steps the Department of Veterans Affairs plans to take to safeguard patient data used in the Virtual Lifetime Electronic Record (VLER) program, according to a recent notice posted in the Federal Register.
The VA will limit access to databases with such information only to individuals whose job requires that access, and will enforce that access using information security officers, in addition to security software, according to the notice. What’s more, the VA plans train all staff on information security, emphasizing that it’s not just the job of the IT department to keep such information safe.
Other steps outlined by the VA in its notice include providing physical security for buildings and rooms housing veterans’ data and housing copies of back-up computer files at off-site locations.
The notice also proposes a number of “routine use disclosures” for the data. For example, the VA says that such data can be disclosed to federal, state, local, tribal or foreign agencies pertaining to criminal and civil violations of law.
The VLER program--which shares veterans’ health information electronically between the VA, the Department of Defense and select private healthcare facilities partnering with those entities--initially was launched in April 2009 to create a unified lifetime electronic health record for members of the armed forces. Last fall, it was expanded to seven sites: Grand Junction, Colo; rural Utah; Asheville and Western North Carolina; Buffalo; Charleston, S.C.; Minneapolis; and Puget Sound Wash.
The VA’s proposed 2013 budget requests $52.9 million for the VLER program.
To learn more:
- here’s the notice in the Federal Register