Published: May 05, 2007 11:57 pm      

Theft of VA computer hard drive puts local doctor at risk

CUMBERLAND - A local doctor is more than miffed that she may be at risk for identify fraud, after a computer hard drive with sensitive information was stolen from the Birmingham (Ala.) Veterans Administration Medical Center.

"I feel like I have been bludgeoned with HIPAA and privacy regulations and then I find out the government that lowers the boom on privacy has no privacy itself," Dr. Heather Peirce, a Cumberland endocrinologist, said. Peirce was referring to the federal Health Insurance Portability and Accountability Act that is designed to protect patients' personal information.

Peirce recently re-ceived word via an official form letter from the Department of Veterans Affairs that a portable hard drive missing from the Alabama medical site may have contained her Social Security number - but the theft occurred more than three months ago. The lapse in time also has Peirce upset, who said the public "should be notified right away when something like that happens."

Peirce is probably no more upset than the high-level officials who are clamoring for answers about this most recent VA faux pas. As reported in a Feb. 12 article in The Birmingham News, U.S. Reps. Artur Davis and Spencer Bachus, as well as U.S. Sen. Richard Shelby, all of Alabama, are outraged that less than one year after data on 26.5 million veterans was reported stolen, the VA is still not encrypting its information.

"None of the data given to the VA was encrypted," Peirce said.

The VA was informed of the theft of the external hard drive Jan. 23, one day after it was discovered missing. The hard drive was used to back up information contained on a VA employee's office computer related to research projects with which the employee was involved.

A file on the portable hard drive has billing information for 1.3 million doctors and included information from the 2004 Unique Physician Identification Number Directory. Obtained from the Centers for Medicare and Medicaid Services for the purpose of conducting research on veterans' health care, it also contained data on more than 500,000 war vets.

Peirce said this highlights the problems with storing sensitive information on computers. "Anyone could break into an office computer and everything could be accessed." As a result, Peirce said, "my whole office is paper ... I am not - not - going to computerize. I will take it to the Supreme Court ... There's nothing more private than paper records kept in one location."

Frustrated and weary from trying to get answers, Peirce complained about telephone numbers the VA provided that only take her to an automated voice system. When they do lead to a real person, the doctor said the woman on the other end of the phone "read by rote" a prepared statement, and wouldn't answer any of Peirce's questions.

The incident remains under investigation as the VA Office of Inspector General and the FBI, along with a separate review by the VA Office of Information and Technology, are on the case. An administrative review is being conducted by the VA, according to a Feb. 2 article published by Media General News Service.

As the investigation continues, the VA is notifying individuals that their personal information may have been on the missing hard drive. That April 27 letter told Peirce that free credit monitoring is being provided to potential victims.

"VA will contact you shortly by mail to offer a credit monitoring service at no cost to you. In the meantime, one precaution we recommend is for you to request a free credit report from one or more of the three national credit bureaus," the letter read.

"We at VA take information security and privacy very seriously. We apologize for any inconvenience or concern this situation may cause, but we believe it is important for you to be fully informed of any potential risk to you," the letter concluded.

Jo Schuda of the VA's Office of Public Affairs said that 664,165 medical providers are at potential risk from the theft of information.

"If the government that is telling you you have to have HIPAA gives away your information, (then) it can't protect you," Peirce said.

Other area doctors who were contacted were not aware of the VA issue.

Times-News staff writer Jeff Alderton contributed to this story.