After a highly publicized laptop theft and a series of other security issues that brought on some bad press, the Veterans Health Administration in the last three years has dedicated more resources to data security and created more of an agency-wide focus on protecting health information.

"Security is the responsibility of everyone. We have an information security officer at each of our facilities, and they are the primary leads for the security program," General Kearney Jr. (yes, that's his real name), CIO of Veterans Integrated Service Network (VISN) 11, covering seven VA medical centers in Michigan, Indiana and Illinois, says in an interview with FierceCIO. "Each of my facilities also has a facility CIO, and they have system administrators. We all work in tangent with the information security officers. Even though the ISO is the lead person, we all do continuous monitoring.

"It's an effort by the whole team. It's massive, ongoing and continuous," Kearney added.

Of note, the network has locked computers to desks, added screen protectors to monitors in common areas to discourage prying eyes and encrypted all laptops and other portable computers. "On the logical side, one application we use is called CimTrak (from Cimcor Inc.), which provides us with auditing and risk management tools," Kearney explains. "It goes in and takes a snapshot of our configuration on a server or workstation and stores that information on a repository. If anyone tries to change a file, the application will pick it up. If a system administrator goes in and makes a change, CimTrak provides a log of who made the change and when."

To learn more:
- check out this Q&A with Kearney in FierceCIO

Related Articles:
Laptops stolen from Veterans Affairs, N.M., Medicaid contractors were not encrypted
VA pledges better data security