State investigation finds Veterans Affairs didn't violate medical privacy laws with cellphone access
A state investigation has concluded the Oklahoma Department of Veterans Affairs did not violate privacy laws when it allowed medical aides to search patients' records on their cellphones.
Mark Gower, the state's chief information security officer, wrote in a memo Thursday that the practice did not violate state or federal privacy laws.
Veterans Affairs had requested that the state investigate the matter after three Democratic lawmakers claimed the incident could cost Oklahoma millions of dollars in federal funding. The lawmakers — Reps. Brian Renegar, Chuck Hoskin and David Perryman — also called for the firing of two Veterans Affairs leaders this week.
Gower found that on July 25, a scheduled internet outage had the unintended effect of preventing employees at Veterans Affairs centers in Norman and Lawton from accessing medical records.
The agency coped by granting employees authority to access its medical records system on smartphones during the outage. Gower found the access was secure and limited to a small number of authorized Veterans Affairs employees.
"The (records system) does not store a local copy of data on the device when it is accessed and it does not cache data on the device, meeting security requirements," Gower wrote in the memo to Veterans Affairs Executive Director Doug Elliott.
The matter is also being reviewed by the U.S. Department of Health and Human Services at Elliott's request. The lawmakers say they forwarded their concerns to the U.S. Department of Veterans Affairs and a federal prosecutor, as well.
“The federal government's going to be the one to determine this, not some state agency helping another state agency wash their hands of what they did," Renegar said Thursday.
“I don't care who from a state agency gets up and says they didn't do anything wrong. It's not a state issue, it's a federal issue, and we'll find out.”
In an interview Thursday, Elliott praised his employees for switching to mobile access during the computer outage, saying it allowed hundreds of patients to continue receiving crucial medications. He said 150 Veterans Affairs employees registered for medical privacy training after the incident was scrutinized this week.
Elliott criticized those Democratic legislators who raised the issue, calling it "unconscionable" for them to suggest Veterans Affairs employees violated privacy laws.
"It's an environment of no tolerance and it's clearly motivated by something other than caring for veterans," Elliott said.
The executive director's actions have been under scrutiny since a state audit last week found the agency suffers from toxic leadership. Elliott, who took over Veterans Affairs in February, deserved much of the blame, according to auditors. Elliott has accused auditors of bias and cherry-picking negative comments from disgruntled employees.
"This is some agenda they have," Elliott said of the lawmakers' call for him to be fired, "and I can only guess the agenda is to subvert the relocation of Talihina."
The Talihina Veterans Center is slated for closure and relocation, a policy Elliott supports and some lawmakers strongly oppose. Renegar, who represents that area, is among those opposed.
“I don't have a political agenda," said Renegar, who is restricted by term limits from running for re-election. "His statement would have some validity if I was going to be serving some more but on Nov. 15, I will be a has-been."
The Democrat from McAlester says his opposition to Elliott and Veterans Affairs Secretary Myles Deering, who were formerly the top brass in the Oklahoma National Guard, is not personal.
“I've told them, ‘You're exemplary soldiers but unfortunately, you don't have any health care experience.' That would be like putting me over a human medical hospital," said Renegar, who is a veterinarian.