VA Employees Impermissibly Accessed Vice Presidential Candidates’ Medical Records
A criminal investigation is underway following the discovery of unauthorized access to the medical records of vice presidential candidates Sen. JD Vance (R-OH) and Minnesota Governor Tim Walz by employees of the Department of Veteran Affairs (VA).
Both vice presidential candidates have served in the military. JD Vance served in the Marine Corps for four years and Governor Walz served in the Army National Guard for 24 years. According to the Washington Post, at least a dozen VA employees accessed the medical records of the vice presidential candidates without authorization in July and August 2024, in violation of the Health Insurance Portability and Accountability Act’s Privacy Rule. The unauthorized access was reportedly discovered by the VA during a routine review of the medical record access logs for high-profile individuals. The campaign teams of both vice presidential candidates have been notified about the unauthorized access and the VA has referred the matter to federal prosecutors.
Following the discovery of potential unauthorized access, VA Secretary Denis McDonough sent a memo to VA personnel reminding them of the VA and HIPAA Rules regarding medical record access. “Veteran information should only be accessed when necessary to accomplish officially authorized and assigned duties as an employee, contractor, volunteer, or other personnel,” wrote McDonough in the Aug. 30 memo. “Viewing a Veteran’s records out of curiosity or concern — or for any purpose that is not directly related to officially authorized and assigned duties — is strictly prohibited.”
The investigation into the unauthorized access is ongoing and it is unclear at this stage why the medical records were accessed and if they have been further disclosed. The Washington Post has reported that two of the individuals found to have accessed the records for an extended period of time were a physician and a contractor. Any individuals who are confirmed to have impermissibly accessed the records will face disciplinary action per the VA’s sanctions policy. That could involve termination and potentially criminal prosecution, which could result in a civil monetary penalty of up to $50,000 and up to a year in jail.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
VA Press Secretary Terrence Hayes issued a statement to the New York Post about the incident. “We reported to law enforcement allegations that VA personnel may have improperly accessed Veteran records. We take the privacy of the Veterans we serve very seriously and have strict policies in place to protect their records.”
