A criminal investigation was due after discovering that the Department of Veterans Affairs (VA) employees accessed the medical files of vice presidential candidates Minnesota Governor Tim Walz and Sen. JD Vance (R-OH) without authorization. The two candidates, who have served in the military — Walz in the Army National Guard for 24 years and Vance in the Marine Corps for four years — were reportedly targeted in July and August 2024.
A Washington Post report stated that the unauthorized data access of high-profile individuals was discovered during a scheduled inspection of VA medical records access logs. This incident is a violation of the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy Rule. The VA has notified the campaign teams of the two vice presidential candidates, and the matter has been related to federal prosecutors for further investigation.
Because of the breach, VA Secretary Denis McDonough issued a memo on August 30 to remind all VA personnel of the strict rules regarding access to veterans’ medical records. Veteran records can only be viewed when needed to accomplish officially approved and assigned responsibilities as an employee, volunteer, contractor, or other staff. Accessing information out of curiosity or for reasons unrelated to official responsibilities is prohibited under VA and HIPAA regulations.
The investigation is in progress, and details regarding the reasons for the unauthorized access or whether the medical records were further shared remain unclear. However, it has been reported that the two individuals involved were a doctor and a contractor, who accessed the information for an extended time. Under the VA’s sanctions policy, any personnel found guilty of improperly viewing the medical records will undergo disciplinary measures, which could include termination and criminal prosecution. Such HIPAA violations can lead to civil penalties of as much as $50,000 and potential jail time of up to one year.
In a statement published by the New York Post, VA Press Secretary Terrence Hayes acknowledged the seriousness of the data breach. Policies in place strictly protect the privacy of the Veterans. VA personnel who impermissibly accessed Veteran records will be reported to law enforcement. The investigation continues as the VA works with federal authorities to determine the extent of the breach and take appropriate action.
Image credit: Summit Art Creations, AdobeStock
