“The Department of Veterans Affairs’ watchdog agency alleges that two VA employees “concealed” and “mispresented” the cybersecurity and privacy risks of an ambitious “big data” project that would have analyzed 22 million veterans’ health records dating back two decades.”
“The VA ended up pulling the plug on the contract with technology vendor Flow Health Inc. before the project launched after news media coverage brought VA leadership’s attention to the initiative’s issues. The case not only spotlights the risks involved in big data initiatives, but also the threats posed by insiders.”
“In its report – “False Statements and Concealment of Material Information by VA Information Technology Staff” – issued Thursday, the VA Office of Inspector General says it dug into whether two VA employees had financial conflicts of interest in their connection with the Flow Health deal.”
“The two VA workers were an Office of IT program manager and a Veterans Health Administration health system specialist in the VHA central office, OIG writes.”
“The VA’s IT leaders requested an OIG investigation into the situation in December 2016 following media coverage of a November 2016 Flow Health press release that alerted senior VHA and Office of IT officials to the project contract.”
“The VA “unilaterally terminated” the deal about a month later, on Dec. 20, 2016, before any health data was given to Flow Health, the VA OIG report notes.”
“The VA OIG did not find any financial conflicts of interest involving the two VA employees and Flow Health. The VA OIG also says it referred the matter to the Department of Justice, which declined to prosecute. The watchdog also recommended that the VA determine whether “any administrative action” should be taken regarding the two staff members…” Read the full report here.
Source: OIG: VA Workers Hid ‘Big Data’ Project Privacy, Security Risks – By Marianne Kolbasuk McGee, January 29, 2021. HealthcareInfoSecurity.