August 15, 2018
The Oklahoma Division of Veteran Matters has been blamed of breaking Health Insurance Portability and Accountability Act (HIPAA) Laws by three Democrat legislators, who have also called for two top Oklahoma VA officers to be dismissed over the occurrence.
The suspected HIPAA breach happened during a planned internet outage, during which VA medical assistants were prohibited from gaining access to veterans’ medical files. The outage had the capability to cause major interruption and avoid “hundreds” of old-timers from being issued with their medicines. To prevent this, the Oklahoma Department of Veteran Affairs permitted medical assistants to access electronic medical records using their private smartphones.
In a letter to Oklahoma Governor Mary Fallin, Reps. Chuck Hoskin, Brian Renegar, and David Perryman called for the VA Executive Director Doug Elliot and the clinical compliance director Tina Williams to be dismissed over the suspected HIPAA breach.
They claimed Elliot and Williams “have little respect for, and knowledge of, health care,” and letting medical assistants access electronic medical files through personal smartphones was “a direct breach of HIPAA” and possibly placed millions of dollars of federal financing in trouble.
State CISO Mark Gower is adamant that HIPAA Laws were not breached. He clarified that just a limited number of medical assistants were permitted to access electronic health files using their smartphones, and access was only approved for a limited period of time until the problem was solved. When the problem was finished, access to medical files through smartphones was obstructed. It was just a case of provisionally exchanging a laptop or desktop computer for a smartphone.
Gower described that retrieving medical files using a smartphone didn’t lead to medical files being copied to the appliances. The medical records system doesn’t create a cache or stock any information locally. Gower also said that the records system and the smartphones met the VA’s safety requirements.
The three lawmakers don’t think Gower’s clarification and claim that during the outage, workers at all seven of the state’s care centers were permitted to copy medical files onto their private cellphones.
Doug Elliot said the medical assistants were “the best and brightest” and that it was “Unfathomable that any of the med assistants have revealed that information to a third party.” He also said it was “unacceptable” for the lawmakers to indicate that VA workers had breached HIPAA Laws and patient secrecy.
While Elliot doesn’t think the accusations have any merit, they are being taken seriously. Elliot has informed the matter to the state’s IT safety group which will be carrying out a complete inquiry. The Office of Management and Enterprise Services, which supervises IT for state organizations, is also looking into the accusations.
The lawmakers are not pleased with the matter being probed by a state organization and think that this occurrence can only be independently probed by the central government. The lawmakers have also informed the matter to the Division of Health and Human Services, the Division of Old-timer Affairs, and U.S. Attorney Robert Troester.
“The central government’s going to be the one to decide this, not some state organization assisting another state organization washes their hands of what they did,” said Rep. Renegar.