The Department of Veterans Affairs has released a plan to protect the privacy and security of data in its Virtual Lifetime Electronic Record program, according to a notice published in the Federal Register, Government Health IT reports (Mosquera, Government Health IT, 5/11).
In 2009, VA and the Department of Defense launched the VLER program to share health data on veterans and active military personnel with civilian health care providers.
The program initially launched in California before expanding to multiple sites across the U.S. (iHealthBeat, 9/9/11).
Details of Privacy and Security Plan
To protect data in the VLER program, VA's plan recommends:
- Limiting access to databases to individuals whose jobs require it (Bowman, FierceHealthIT, 5/14);
- Requiring information security officers to review and authorize data access requests;
- Regulating data access with security software that uses unique codes and passwords to authenticate users;
- Providing information security training to all staff, including instruction about individual responsibility for safeguarding data confidentiality;
- Restricting physical access to rooms that contain computers with confidential data to authorized staff and protecting those areas with security devices;
- Protecting data transmissions with software and hardware operational systems, such as firewalls and encryption; and
- Maintaining backup computer files at off-site locations (Government Health IT, 5/11).
VA is accepting public comments on the privacy and security plan until June 11 (Conn , Modern Healthcare, 5/14).
DOD Outlines Plans for Joint EHR System
In related news, the Department of Defense has released a report detailing how federal agencies will develop the proposed joint electronic health record system that will be used by the Military Health System and VA, Modern Healthcare reports.
According to the report, the "envisioned target state" of the joint EHR system is "a coordinated, 'best-of-breed' approach that includes a mix of existing SOA (service-oriented architecture)-compliant capabilities, commercial-off-the-shelf, open-source and custom systems."
The report designates DOD's Manpower Data Center as the "single identity management source" and the department's Defense Information Systems Agency as operator of the EHR system's data centers (Conn , Modern Healthcare, 5/14).