The U.S. Veterans Affairs Office of Inspector General has launched a criminal investigation into a security breach of veterans’ medical information at the Atlanta Veterans Administration Medical Center, according to an internal document. The inspector general is investigating a report that a physician assistant stored unauthorized clinical information on her personal laptop regarding veterans who were seen at one of the VA specialty clinics. The document said there are reportedly two sets of patient information involved — one that includes more than 18 years of data, and another that includes up to 3 years of data.
In late December, a physicians assistant revealed to a VA nurse scientist that she had been recording clinical data from patient encounters on her personal laptop. The worker asked the nurse if she could use the data for “research purposes” not related to the VA. The nurse replied that such work was not permitted and asked the worker to destroy the data. After multiple follow-up conversations and receiving no confirmation that she had destroyed the data, the nurse scientist notified the compliance officer of the issue. The physicians assistant, hired in October of 2oo9, resigned effective Feb. 28 2010.
The inspector general’s office reviewed the personal laptop and found multiple documents on the device that appeared to have come from an unapproved research project. The results of the investigation and analysis will help determine whether to send notifications and offers of credit protection services to the affected veterans.