House to Defense Top Doc: What's Up With TRICARE Theft?

Four members of the House Energy and Commerce Committee and one member of the House Armed Services Committee want some answers from Dr. Jonathan Woodson, the Pentagon's top medical official, about how the Defense Department handled the September theft of computer tapes containing the records of 4.9 million TRICARE beneficiaries from the car of an SAIC employee in San Antonio, Texas. Woodson is the assistant secretary of Defense for health affairs and director of the TRICARE Management Activity, which was responsible for the data.

Woodson has been mum on this debacle since it unfolded, and in fact gave a speech in San Antonio the week after the theft was reported and, as far as I can determine, never addressed the issue.

In a letter to Woodson today, the lawmakers want some answers from the top doc, including why Defense keeps handing contracts and big bucks to SAIC, despite the fact that the company has mishandled health care data in a series of losses and thefts that go back to 2005.

At least two of those breaches involved military personnel: In July 2007, the company failed to encrypt online transmissions of Social Security numbers and personal health records for 900,000 troops, family members and other government employees; in February 2005, SAIC notified 45,000 individuals, including top military and intelligence officials, that they risked identity theft after computers containing Social Security numbers, financial transaction records and other personnel were stolen from an administrative building in San Diego.

Edward Markey, D-Mass., Joe Barton, R-Texas, Diana DeGette, D-Colo., and Cliff Stearns, R-Fla., members of the Energy and Commerce Committee, and Robert Andrews, D-N.J., a member of the Armed Services Committee, signed the letter and included a list of 17 question related to the data theft and security policies that apply to personal and health information.

They include this key question: Why, in the Internet and cloud computing era, was an SAIC employee physically hauling around computer tapes when the information could be transferred electronically?

I have asked TRICARE many of the questions the Congress folks asked, and I hope they have better luck in getting answers. Woodson needs to reply by Feb. 2, 2012.

Last month, TRICARE directed SAIC to offer credit monitoring services to patients whose information was stored on the stolen tapes. Dr. Deborah Peel, founder of Patient Privacy Rights, an advocacy group based in Austin, Texas, says this does nothing to insure the safety of health care information on those tapes.

Peel, who sent me the Congressional letter to Woodson, said those patients should also be provided with new technology that allows them to monitor all health insurance claims before they are submitted, so they can prevent fraud as well as other people's health data from being added to their health records.