Fast Facts
Veterans Affairs relies on IT systems to receive and maintain sensitive data, including medical records. Federal law establishes requirements for protecting personally identifiable information and securing IT systems.
VA partially implemented certain key privacy practices. For instance, it still needs to ensure that it is hiring and training enough staff to protect the privacy of its data. In addition, VA has struggled to safeguard its information and protect its IT systems from unauthorized access.
Our 8 prior recommendations to VA could help address these issues. As of February 2023, VA had implemented 5 of these recommendations.
