Tuesday, September 27, 2016

Review of Alleged Breach of Privacy and Confidentiality of Personally Identifiable Information at the Milwaukee VARO

http://www.va.gov/oig/pubs/VAOIG-16-00623-306.pdf

RESULTS AND RECOMMENDATIONS - VA’s Processes and Controls Allowed the Dissemination of Wisconsin Veterans’ PII to Unauthorized Recipients
We substantiated the allegation that on April 1, 2015, a WDVA employee improperly disseminated over VA’s email server a monthly claims report that contained updates on Wisconsin veterans’ disability claims to unaccredited CVSO and TVSO employees not authorized to handle sensitive information, as well as to a Wisconsin veteran. The employee obtained the report from the Milwaukee VARO, which contained PII, including 638 names along with 416 Social Security Numbers (SSNs) and 222 claim numbers of Wisconsin veterans. While we determined that the VARO’s sharing of claims information with WDVA was consistent with Federal policy, WDVA staff did not need the report to help veterans facilitate the timely adjudication of their disability claims filed with VA. Furthermore, we determined that the improper dissemination of PII over VA’s email server was a violation of the Federal Information Security Management Act........... (read more, click on link, above)

No comments:

Post a Comment