By Mary Mosquera
Government Health IT
May 19, 2010
The Veterans Affairs Department will step up enforcement of its
contractors to make certain that they meet information security
requirements in protecting veterans. personal health data.
VA includes a clause in its contracts requiring information security
safeguards, including encryption and policies limiting who can access
personal data. But that is no guarantee that vendors follow through,
said VA senior IT and procurement officials at a hearing May 19 of the
House Veterans Affair Committee subcommittee on oversight and
The challenge lies in verifying that over 22,000 VA contractors with
whom the department shares veteran information adhere to security
requirements, said Roger Baker, VA's CIO. These vendors help VA provide
healthcare and benefits.
"Our policy, which is stronger than any similarly sized private sector
organization that I'm aware of, is that supply chain partners must
follow VA's information protection policies, including encryption of
mobile devices," he said.
Best Selling Security Books and More!
Shop InfoSec News