VA ramps up enforcement of contractor data security

By Mary Mosquera
May 20, 2010
09:43 AM

Breach reporting critical

At the same time, Baker said VA has to encourage vendors and others to report breaches, "because we can't mitigate the issue unless we know about it."

VA has required the security clause in contracts after November 2008 and last year reviewed contracts to make sure they contained the clause. Out of more than 22,000 contracts reviewed, vendors in 578 contracts refused or did not believe that their services required adhering to the clause, said Frederick Downs Jr., chief procurement and clinical logistics officer in the Veterans Health Administration.

"The 578 contracts were critical to our medical centers' ability to provide patient care," he said. The contracts were for direct healthcare services for nursing homes, hospices and physicians or to support maintenance for MRIs and CT scans.

"We had to weigh that because the risk of not having the contracts was high," Downs said, adding that VA has since clarified guidance for when the information security clause applies to healthcare contracts.

Rep. Steve Buyer (R-Ind.) questioned Baker about what a VA medical center should do when a contractor who delivers a radiologic service refuses to sign the information security clause.

"That is the challenge writ large across the organization with this information," Baker said. "How do we do great medical care and protect the information at the same time?"

The primary purpose of sensitive health information is to provide specific care for veterans. "We have to protect that information from unwanted access at the same time that we provide it to any one who needs to use it," he said.

Medical devices, which are certified by the Food and Drug Administration, add another layer of complexity to providing comprehensive information security. Some vendors who provide or support medical devices for VA cite FDA authority in refusing the VA security clause.

"We have to be careful from an IT perspective how we interact with the medical technology," Baker said. For example, VA can't apply patches to medical technology because it could have unknown effects on, say, an MRI machine.

It's an issue that "VA today is tackling in advance of the rest of the country," he said.

Topics: 
Electronic Health Records (EHR, EMR), Privacy & Security

More regional news

Smiling person looking at a smartphone

Mind the gaps: The healthcare industry is embracing AI, but needs to keep patient care at the center

December 19, 2024
Dr. Eric Liederman, CEO of CybersolutionsMD

Q&A: CybersolutionsMD CEO on preventing cyberattacks

By
Anthony Vecchione
December 18, 2024
Change healthcare booth

Nebraska sues Change Healthcare over ransomware attack

By
Jeff Lagasse
December 18, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Capitol Hill
Congress looks set to extend telehealth and hospital-at-home flexibilities

Most Read

My Health Record sharing law eyed and more briefs
Epic asks court to throw out 'baseless' Particle Health lawsuit
CHAI: Look for healthcare AI model 'nutrition labels' soon
New DiMe platform validates digital health software
Aidoc, NVIDIA intro new plan to speed AI adoption in healthcare
Zoom plans new genAI capabilities for healthcare providers

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

Josh Di Frances at LG NOVA_Top down view of startup team Photo by NanoStockk/iStock/Getty Images Plus
What a startup pitch competition shows about IT innovation
Cindy Henry at ZeOmega_Five star review slider Photo by Lemon_tm/iStock/Getty Images Plus
Medicare Advantage star ratings' 'new normal'
Rami Karjian at LeanTaaS_Team of surgeons Photo by Hispanolistic/E+/Getty Images
Addressing OR disruption with predictive analytics
Lee Kim at HIMSS_Healthcare Cybersecurity Forum 2024
Governance remains a significant cybersecurity weak point

More Stories

Ally Hunter of Henry Ford Health on virtual care
How Henry Ford Health is boosting health equity by bridging the telehealth divide
Data exchange represented by blue lights with a city in the background
Epic Nexus connects 625 hospitals to TEFCA
Stethoscope on tablet
HIMSSCast: The next big investment in patient experience is the CRM
Rami Karjian at LeanTaaS_Team of surgeons Photo by Hispanolistic/E+/Getty Images
Addressing OR disruption with predictive analytics
Person sits at table with a laptop while holding a pill bottle
Direct-to-patient platform uses AI to find gaps in care
Clinical care collaboration
ATA launches Center of Digital Excellence with health system heavy-hitters
Lee Kim at HIMSS_Healthcare Cybersecurity Forum 2024
Governance remains a significant cybersecurity weak point
Michael Meucci of Arcadia on AI
AI is shifting from novelty to a critical resource, embedded in healthcare