President Bush has signed into law the "Veterans Benefits, Health Care, and Information Technology Act of 2006" (S. 3421) which upgrades a number of programs and benefits within the Department of Veteran Affairs to boost the security of sensitive information held for veterans and their families. The bill, which was passed by the House on Dec. 8, also authorizes VA healthcare facility construction programs across the country and also should bolster telehealth initiatives for veterans in rural areas and increase the number of community-based outpatient clinics available to treat issues related to mental illnesses.
The impetus behind the bill was the widely reported theft in May of a VA employee’s laptop computer which contained sensitive information for over 25 million veterans and 2.2 million people actively serving in the National Guard and Reserves. Though the computer was eventually found and no information seemed to have been breached, the issue was a lightning rod and showcased the substantial shortcomings within the VA’s security infrastructure.
The bill mandates notifications to veterans impacted by data breaches, as well as updates to Congress when data security issues arise. The legislations also calls for the establishment of fraud alerts, analysis of security issues, and the availability of credit monitoring assistance and identify theft insurance. VA will also now have an Information Security Assistance program that help the department draw professionals with the proper training and skill in information management now called for, according to comments from VA Secretary R. James Nicholson relating to changes to the VA’s Information Technology system.