Image: Pressmaster/Shutterstock.com
By: FEDweek StaffThe Defense Department “did not effectively control access to health information of well known DoD personnel and possibly of any DoD personnel,” an inspector general audit has found, stressing that medical information maintained by the department includes medical diagnoses, mental health notes, medications, and a patient’s personally identifiable information, such as a full name, social security number, and date of birth.
Many specifics were redacted, but the report noted that DoD holds information on large numbers of people, including its own civilian and military personnel, veterans and dependents. That information is subject to both internal DoD controls and privacy protections under the Health Insurance Portability and Accountability Act.
Some DoD personnel have access to these records to perform their official duties but also “could attempt to access health information on acquaintances or well known DoD beneficiaries without a need to know, which violates the personal privacy of the affected individuals . . . Government personnel could also access health information for purposes of extortion, public embarrassment, or sale to others,” it said.
The audit, triggered by the public release of health information on several well-known persons, examined access of health information of 38 such persons and found that more than 1,400 individuals had accessed information on at least one of them over time.
The IG focused on 44 who had accessed information on 18 of them for indicators of possible misuse including a difference in locations of the viewers and the well known individuals and information being accessed immediately after high-media incidents and then asked the Defense Health Agency and military services to examine whether the incidents were authorized.
The answer was no in at least 15 of the cases, while only seven definitely were authorized; while there was a question about the rest, the IG said it “was likely unauthorized.”
While one of the recommendations—and management’s response—was redacted, the report did disclose that management agreed to examine the incidents the IG identified and those “found to be in violation of unauthorized access or disclosure, will be dealt with in accordance with applicable laws and DoD guidance.”
Potential penalties for misuse of access to such records include removal from federal service, it added. However, among the redacted information was support for the IG’s conclusion that “DoD components may not have adequately held personnel accountable for HIPAA violations.”
Biden Reaffirms Intent for 2.7 Percent Raise; 0.5 Would be Split Off as Locality Pay
FDA Vaccine Approval Raises Likelihood of More Mandates for Feds
Feds Could Face Discipline for Refusing Covid Tests; Not just False Statements
Guidance Fills in Details of Covid Testing Program for Federal Workforce
Discipline Possible for False Statements on Vaccine Attestation
