Is the Veterans Administration doing enough in mitigating breaches? One veteran says “No.” Here’s why.
Benjamin Krause, an investigative reporter, Veterans law attorney, and a disabled veteran of the US Air Force, has a site called DisabledVeterans.org. One of his posts showed up in one of my searches, and I thought it was worth noting here.
In the context of discussing a recent VA breach and government accountability, Benjamin writes:
I personally had VA VocRehab mistakenly mail an entire copy of my file to my old address from two years earlier – a large apartment complex in a major American city. There is no telling where the files ended up.
Veterans Affairs indignantly declined to proactively retrieve the documents and told me to call the cops if I was worried about it. I repeat, the agency made me do the leg work to try to recover my files that were mistakenly delivered to the wrong address.
I did call the cops. They were confused why VA would not take charge of the recovery of my files and said their was little they could do unless a crime was committed.
VA offered me one year of identity protection. That was it. Meanwhile, over 1,000 pages of files containing everything about me were misplaced and now floating around somewhere in the United States.
Did anyone get reprimanded for the cockup? No. Did I get the records back? No.
What a crock. How is it that we live in a country where the Federal government is not held accountable?
It’s an excellent question. All a-flutter over the OPM breach, Congress is trying to enact legislation that will provide longer credit monitoring and greater liability protection to those affected by that breach, but as Benjamin notes, after-the-fact credit monitoring is often not sufficient nor satisfactory.
Should the VA have gone to the apartment complex or attempted to track down Benjamin’s errant files if they erred by not updating his mailing address? According to the VA’s monthly reports to Congress, mailing errors happen (there were 161 paper mis-mailing incidents in June, 2015). Indeed, paper incidents account for the bulk of VA breaches that result in the exposure of personally identifiable or protected health information.
But if the VA sends out literally millions of mailings each month (over 7 million in June, 2015), is 161 an acceptable error rate? If not, should the VA reduce paper mailings where electronic transmission is a viable alternative? Or should it use a more costly mailing system – of requiring a signature for delivery – when a veterans’ files with sensitive information are being mailed?
Mistakes will happen either way, and Benjamin raises a valid question: what should the VA do to mitigate or remediate? Could they have at least initiated a trace request with the post office? Why should Benjamin – or any other veteran – have the burden and worry of trying to track down their personal and sensitive information when the VA makes a mistake? Don’t our veterans have enough problems without being told that the VA won’t even try to track down their mis-mailed records?