Security Breach Déjà Vu at VA

Oh my, when will they ever learn at the Veterans Affairs Department?

I have heard from well placed sources that an employee at the VA medical center in Atlanta downloaded patient clinical data to a personal laptop, and an investigation may be pending.

Details are sparse on this breaking story, but I was told the employee -- a physician assistant nurse practitioner -- downloaded 18 years worth of clinical data on an unknown number of patients to conduct research.

If this all sounds eerily familiar, it is. In 2006 a VA data analyst downloaded information on 26.5 million records -- or practically every living veteran -- onto the hard drive on his personal laptop, which was later stolen.

The good news in the current situation is that the laptop was not stolen. The bad news is that none of the downloaded data in 2006 included clinical information, while all the current case involved a whole mess of medical data.

The timing on this could not be worse. The Obama administration is trying to sell the American public on the need for a national electronic health record system. That's a tough sell if folks find out that their supposedly private electronic records are subject to downloads for research.

Does VA have policies and procedures that bar the download of veteran data to personal laptops? You bet. But the best policies and procedures don't do much in the face of human ignorance.