A bipartisan group of lawmakers has sent a letter to the director of TRICARE asking how the department plans to protect sensitive patient data in the wake of a recent data breach, Modern Healthcare reports.
TRICARE is a health benefits provider for military personnel, retirees and their families.
Five members of Congress sent the letter in response to a September data breach that affected about 4.9 million patients of TRICARE clinics and hospitals (Daly, Modern Healthcare, 12/5).
Science Applications International Corporation -- the Department of Defense contractor responsible for the breach -- said the incident involved the loss of backup computer tapes from an electronic health record system. SAIC reported the breach on Sept. 14.
The tapes contained data on TRICARE beneficiaries who received care at military facilities between 1992 and Sept. 7. Affected beneficiaries are residents of TRICARE's southern region.
According to officials, the patient data on the magnetic tapes include:
- Personal health information;
- Phone numbers; and
- Social Security numbers (iHealthBeat, 10/14).
Details of the Letter
The letter was sent to Jonathan Woodson, assistant secretary of Defense for health affairs and director of the TRICARE Management Activity (Brewin, "What's Brewin'," NextGov, 12/2). The letter was signed by Reps. Robert Andrews (D-N.J.), Joe Barton (R-Texas), Diana DeGette (D-Colo.), Edward Markey (D-Mass.) and Cliff Stearns (R-Fla.).
According to the letter, the data breach was "an extremely serious and substantial lapse in security." The members of Congress pointed out that SAIC has been responsible for at least six other security incidents (Anderson, Gov Info Security, 12/2).
The letter poses 17 questions related to health information and other data security policies ("What's Brewin'," NextGov, 12/2). Among the questions the letter asks is whether TRICARE will require SAIC and other contractors to eliminate the physical transportation of backup tapes and instead use more secure methods (Gov Info Security, 12/2).
The lawmakers requested that TRICARE respond by Feb. 2 ("What's Brewin'," NextGov, 12/2).