TribLIVE

| News


 
Larger text Larger text Smaller text Smaller text | Order Photo Reprints

Pittsburgh VA ranks in top 10 for privacy complaints

“There's a problem with the culture at VA. It's degraded over the years, management is too lax, and real power isn't even held by the central office in Washington but by unaccountable hospital fiefdoms like you see in Pittsburgh. And no one can stop them.”

Darin Selnick

a former high-ranking VA official

Related Stories
Saturday, Oct. 12, 2013, 9:00 p.m.
 

On Jan. 4, 2010, a woman showed up to work at the VA Pittsburgh Healthcare System.

She had not submitted a resumé to the Department of Veterans Affairs or received a notice of hiring from the human resources department. She didn't have an official ID tag or a password to enter the nationwide computer system.

“Hired” by a friend employed at the VA Pittsburgh, she spent six weeks registering patients, issuing wristbands, scheduling appointments — and handling the sensitive medical and financial records of up to 6,207 military veterans. Her friend and other employees for whom she filled in gave her their passwords.

The scheme fell apart about a month later when the unnamed woman asked HR “why she had not received a paycheck,” according to a VA security report the Tribune-Review obtained.

The incident triggered the VA's second-largest breach of protected data nationwide in three years, potentially compromising data for about one in 10 patients.

According to the VA memo, the woman had worked as “a healthcare professional at a local hospital.”

The VA offered free credit monitoring to veterans whose records she read. Employees embroiled in her hiring faced “appropriate disciplinary action,” but there was no indication anyone would be fired.

Though the VA by law must disclose privacy breaches affecting more than 500 patients to the Department of Health and Human Services, officials there told the Trib that the VA failed to alert them.

A spokesman for Terry Gerigk Wolf, who has led the VA Pittsburgh Healthcare System since 2007, and her boss, Michael Moreland, director of Veterans Integrated Service Network 4, referred the Trib's written questions about their handling of this and other privacy complaints to the VA's national headquarters in Washington.

A VA spokeswoman there said Pittsburgh administrators decided not to tell Health and Human Services because they determined there was low risk of misuse of the data.

The fake employee was one of 267 Pittsburgh VA privacy failures from Jan. 1, 2010, to May 31, 2013. Medical or financial records for at least 7,069 vets and seven workers were lost, stolen or disclosed to outsiders, according to reports to the national office.

The Pittsburgh VA was in the top 10 nationwide for the number of complaints and second for the total number of potential victims since 2010.

Privacy problems appear to continue. An April 18 report claims an unidentified whistle-blower compiled seven binders of data on 14 patients — four of them deceased — to try to “prove lab equipment is faulty.”

That violates federal health privacy rules, but the Trib wanted to know if patients should worry about unsafe medical lab equipment. VA officials declined to comment.

New safety fears follow ongoing congressional probes dogging the Pittsburgh VA over one of the largest backlogs of benefits claims nationwide and an outbreak of Legionnaire's disease between 2011 and 2012 linked to at least five deaths.

“The problems you see are caused by a VA that threatens no consequences for wrongdoers, provides no oversight and fails to properly monitor employees for privacy violations,” said Darin Selnick, a former high-ranking VA official who advises Concerned Veterans for America, a Washington-based advocacy group.

“There's a problem with the culture at VA. It's degraded over the years, management is too lax, and real power isn't even held by the central office in Washington but by unaccountable hospital fiefdoms like you see in Pittsburgh. And no one can stop them,” said Selnick, a retired Air Force officer.

“Want to solve the problem? Start visibly firing them for these sorts of privacy violations. That sends a signal to the entire VA workforce about standards.”

Carl Prine is a Trib Total Media staff writer. Reach him at 412-320-7826 or cprine@tribweb.com.

 

 
 


Show commenting policy

Most-Read Allegheny

  1. Foreign influx in Allegheny County at ‘tipping point’
  2. Squirrel Hill Tunnel workers cope with speeders, exhaust fumes
  3. Emails show Allegheny County Council staff investigated potential snooping
  4. Sewickley man dies in Route 28 motorcycle accident
  5. Pennsylvania Resources Council puts hazardous materials in their place
  6. West Allegheny School District scraps landfill tax over legal questions
  7. Fire at Indiana County lumber yard appears accidental; loss set at $350K
  8. Generations of Steelers fans flock to practice on Unity campus
  9. Banksville Road to reopen to traffic
  10. Report blames pilot for 2011 Hawaii crash that killed Pittsburgh couple
  11. Portion of Saw Mill Run closed after wreck
Subscribe today! Click here for our subscription offers.