A coalition of consumer privacy groups in the health care industry is asking the U.S. Department of Health and Human Services (DHHS) to conduct a HIPAA compliance review of the Department of Veterans Affairs after a massive security breach was disclosed last week.
In a letter sent Wednesday to Health and Human Services Secretary Mike Leavitt, 30 privacy groups belonging to the Consumer Coalition for Health Privacy expressed their concerns about the recent theft of personal data at the VA (see "Personal data on millions of U.S. veterans stolen").
The data, which included names, Social Security numbers and addresses belonging to 26.5 million veterans, also included protected health information such as medical diagnostic codes and disability ratings. The data was included in a laptop and disks that were stolen May 3 during a burglary at the home of a VA analyst who had improperly taken the data from the office.
The incident raises serious questions about the "nature and the extent" of violations by the VA of the security and privacy requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the letter said.
For the longest time I have talked about the Big Example that will drive compliance. This may be it.