Safeguarding Veterans' Information
Why is information essential
to VA Research?
VA Research is dedicated to improving
Veterans' lives through innovation
and discovery. To conduct studies that
may ultimately lead to advancements in Veterans'
health care, VA researchers must have access to
general data on VA care and services, as well as
data on Veterans' health care utilization and
outcomes. It is important to note, however, that
researchers have access only to information that
is considered vital to their study—as determined
by an Institutional Review Board (IRB). An IRB
is a board made up of researchers, non-researchers,
and experts outside of VA. Protecting personal
information is essential because its loss or
unauthorized use can lead to serious consequences
for Veterans and disruptions in VA's operations.
Veterans' information from
unauthorized access?
To protect Veterans' personal information on
which VA research relies, extensive policies and
procedures are in place. Main elements of the
security program can be categorized as:
- Managerial—includes establishment
and continual examination and upgrading of
information security policies and directives;
- Technical—includes upgrading of software
and equipment to prevent unauthorized access to
sensitive data; and
- Operational—includes establishment of
enhanced training programs to educate employees
about their information security responsibilities.
Management
Adopting Effective Policies and Procedures
Upgraded information security procedures
include a requirement that VA health studies' lead
researchers and other staff certify that all projects
comply with current requirements for the use,
storage, and security of research information.
Also, reviews are conducted to identify VA
employees who require access to sensitive data;
these employees undergo appropriate background
checks, depending on their responsibilities and the
level of access they require.
VA also works with other federal and commercial
entities that have Veterans' information for
business reasons to ensure they have appropriate
safeguards in place to protect sensitive data.
Technical
Securing Computers and Related Technologies
Like most organizations today, VA relies heavily
on computer systems and telecommunications
networks to achieve its mission. VA researchers,
in particular, have benefited from advances in
computer technology. They can access the
information stored in VA's state-of-the-art
electronic health record system, with proper safeguards
in place, and conduct large-scale studies
that contribute greatly to Veterans' health care.
For sensitive information accessed on-site, as well
as data retrieval from remote locations, security
requirements are in place to prevent unauthorized
access. For example, laptop computers throughout
VA have data encryption programs installed,
and all sensitive data on mobile computers or
portable storage devices such as thumb drives
must be encrypted so that unauthorized users
are unable to decipher the information.
Operational
Emphasizing Personal Responsibility
To ensure current policies and
procedures protect sensitive
information, VA Research places
great emphasis on personal vigilance
and individual responsibility among
its employees. All employees receive
training on privacy and security of
sensitive data, and education campaigns are
continuously undertaken to remind employees of
their all-important responsibilities in this area.