Following a two-year investigation, the Bakersfield, Calif. Veterans Affairs (VA) clinic was finally able to close the books on allegations of an internal patient data breach last week. Two former clinical staffers had claimed that a doctor allegedly stole documents from the clinic that contained patient data such as names, social security numbers and dates of birth in 2011.
Despite the VA ending its investigation, the staffers still have their doubts. And when the VA’s recent data breach history is taken into account, the fact that questions remain isn’t surprising.
According to bakersfieldcalifornian.com, the VA conducted three separate investigations over seven months to prove that confidential patient information hadn’t been “released into the community or abused in any way.” Instead, the VA claims the doctor had only taken patient schedules, containing patient Social Security numbers, that he had authority to take home. The VA didn’t release the name of the doctor involved but said the doctor is no longer working at the facility.
“We are confident that these results confirm that veterans in Bakersfield and Kern County did not have their personal information compromised,” said David Holt, the VA Los Angeles associate director, to bakersfieldcalifornian.com.
JoAnn Van Horn is a former VA Bakersfield clinic site manager who, based on a security guard’s reports, alerted the Los Angeles VA office of the alleged breach. Holt and the LA VA’s privacy officer looked into the breach but found nothing, he said. Blanche Glasier, a former nurse at the clinic, also worked with the security guard and Van Horn and said that the papers contained sensitive patient information. None of the three work at the clinic anymore.
“The VA doesn’t want anyone to know, the general public to know, that a VA employee could do this terrible HIPAA violation and they’ll deny it forever because it makes them look bad,” said Van Horn.
Holt told bakersfieldcalifornian.com that the more than 7-month delay in notifying media and veterans was because he had to implement recommendations and take “administrative actions.”
The Los Angeles VA, the Veterans Integrated Services Network, Region 22 (the regional office that oversees the Los Angeles VA), and the Department of Veterans Affairs Office of Inspector General (OIG) conducted the investigations. Details are sparse regarding the investigations, but
Congressman Kevin McCarthy promised to ensure no corners were cut and to help the Veterans Affairs oversight committee looking for more information.
“I want to see and review all the evidence that was collected in these investigations, and I want to make sure the VA has taken every possible action to ensure this situation never happens again,” said McCarthy, R-Bakersfield. “No veteran should have to question if their privacy information and medical records are protected.”