Three Democrat legislators accused the Oklahoma Department of Veteran Affairs of breaking Health Insurance Portability and Accountability Act (HIPAA) Rules. They have likewise called for the termination of two leading Oklahoma VA officials as a result of the incident.
The supposed HIPAA violation took place at the time of an appointed web outage. At that time, VA medical aides were not able to access the veterans’ healthcare records. But because the outage was expected to bring about serious disruption and would slowdown the giving to “hundreds” of veterans their prescribed medicines, the Oklahoma Department of Veteran Affairs permitted the medical aides to utilize their own smartphones to gain access to the electronic health records .
Reps. Brian Renegar, David Perryman and Chuck Hoskin sent a letter to Oklahoma Governor Mary Fallin and asked for the termination of VA Executive Director Doug Elliot as well as the clinical compliance director Tina Williams concerning the supposed HIPAA breach.
The Congressmen stated Elliot and Williams gave little value for medical care and don’t know enough about it. The fact that they permitted the medical aides to gain access to electronic healthcare records through their personal smartphones proves this. There was an outright HIPAA violation, which can likely put a huge amount of federal funding at risk.
State CISO Mark Gower is firm in saying that there was no breach of HIPAA Rules. He stated that just a few medical aides were granted to get access to electronic health records by using their mobile phones, and access was simply allowed for a short period of time up to the time the problem was settled. When the concern was over, healthcare records access by using smartphones was discontinued. It was merely a case of short term replacement of a laptop computer or desktop computer for a mobile phone.
Gower mentioned that being able to access healthcare records through a smartphone didn’t cause the healthcare records to be stolen. The healthcare records system doesn’t produce a cache or keep any data locally. Gower furthermore mentioned that the medical records system and the mobile phones all followed the VA’s security conditions.
The three lawmakers don’t believe Gower’s answer and assert that throughout the outage, workers at all the care centers were authorized to replicate medical records on their own smartphones.
Doug Elliot mentioned that their med aides were the best and smartest and that it was unthinkable that any of them exposed that data to a third party. It was “unconscionable” for the lawmakers to imply that VA employees had broken HIPAA Rules and patient privacy.
Whereas Elliot doesn’t feel the accusations have any worth, they are taking it seriously. Elliot has sent in a report on the matter to the IT security team of the state which is going to conduct a complete review. The Office of Management and Enterprise Services, which supervises IT for state departments, is also checking the accusations.
The representatives aren’t satisfied with the problem being investigated by a state agency and feel that this incident would simply be impartially inspected by the federal government. The representatives have also issued notification on the concern to the Department of Health and Human Services, the U.S. Attorney Robert Troester and the Department of Veteran Affairs.
It is the federal government that will decide this issue. There is no state agency aiding the washing of hands concerning what was done, stated Rep. Renegar.