Review of Information Security Issues Impacting VA Teleradiology Contracts

The Office of Inspector General (OIG) evaluated the merits of a hotline complaint alleging a specific contractor was not appropriately protecting sensitive patient data while performing tele-radiology services for Veterans Affairs (VA) medical facilities. We evaluated whether VA was providing adequate oversight of specific vendor contracts to ensure they met VA’s information security requirements. We substantiated the specific allegations of inadequate protections of sensitive patient data and determined comprehensive procedures had not been effectively implemented to mitigate the risk of unauthorized disclosure of sensitive information. We recommend that the Under Secretary for Health and Assistant Secretary for Information and Technology implement procedures to effectively mitigate the risk of unauthorized disclosure of sensitive patient data. The Assistant Secretary for Information and Technology and the Under Secretary for Health agreed with our findings and recommendations. The OIG will monitor implementation of the action plans.