• Home
• Topics
  • Business and Finance
  • Chronic Disease Care
  • Consumer Information
  • Data Standards
  • EHRs and PHRs
  • Global Health
  • Health Plans
  • Hospitals
  • Meaningful Use
  • Mobile Health
  • ONC
  • Patient Safety
  • Physician Practices
  • Policy
  • Privacy and Security
  • Public Health
  • Telehealth
• Perspectives
  • Current Perspectives
  • Perspectives Archive
• Features
  • Current Feature
  • Features Archive
• Data Points
  • Current Data Point
  • Data Point Archive
• Special Reports
• Most Popular
  • Most Viewed
  • Most Emailed
  • Most Commented

EVENTS

View All Events

FROM THE FOUNDATION

Big Business, Little Data

A growing number of Californians are being sent to ambulatory surgery centers for a wide variety of procedures, yet little is known about the care they deliver because reporting is not required.

Keeping Track of Asthma

CHCF has made a second investment in Asthmapolis, a device that tracks asthma inhaler use and reports data through mobile phones to patients and doctors to better manage the disease.

Department of Veterans Affairs CIO Roger Baker complied with federal information security requirements when he deployed Apple iPhones and iPads on the VA network, but he might have circumvented some rules in the process, according to a new federal audit, Federal Computer Week reports.

Linda Halliday -- assistant inspector general for audits and evaluations in the VA Office of Inspector General -- recently published the audit, which her office completed May 15 (Lipowicz, Federal Computer Week, 5/25).

Background

In July 2011, Baker announced that VA will allow employees to use Apple iPhones and iPads on its network (iHealthBeat, 7/26).

In September 2011, a federal telephone hotline received a confidential complaint alleging that VA was circumventing the Federal Information Security Management Act and other federal security rules regarding the use of Apple devices on the VA network.

In addition, Sen. Jon Kyl (R-Ariz.) asked the VA Office of Inspector General to evaluate whether VA was meeting FISMA requirements when it stored sensitive data without FIPS 140-2 hardware encryption.

According to Halliday, compliance with FIPS 140-2 encryption standards is required when agencies use cryptographic-based security systems to protect sensitive data.

Audit Details

In the audit, Halliday wrote, "VA deployed more than 200 Apple iPhones and iPads with encryption that was not FIPS 140-2 certified."

However, Baker took "compensating" measures to protect the sensitive data, the audit found. It noted that although the Apple devices were not protected with FIPS 140-2-certified encryption, the agency allowed only FIPS 140-2-certified applications to access sensitive data on the mobile devices.

Halliday wrote, "We determined that VA’s approach of allowing only FIPS 140-2-certified applications to access or store sensitive encrypted data on the mobile device met FISMA requirements for data protection."

Recommendations

The audit recommended that VA improve its data security protections by:

• Maintaining an accurate inventory; and
• Configuring devices in a consistent manner.

Baker agreed with the inspector general's recommendations, according to the audit (Federal Computer Week, 5/25).

• Print
• Email
• Share
  • Facebook
  • Twitter
  • Google+
  • LinkedIn
  • Digg

RELATED STORIES

05/24/2012

White House Launches Digital, Mobile Strategy for All Federal Agencies

05/23/2012

Report: Mobile Devices Could Improve Care, Reduce Medical Costs

05/18/2012

DHS: Mobile Technology Poses Security Risks to Health Data

05/09/2012

New VA Pilot Program To Provide 1,000 Family Caregivers With iPads

MOST POPULAR ARTICLES

• 
• 
•