Representatives Edward J. Markey (D-Mass.), Joe Barton (R-Texas), Cliff Stearns (R-Fla.), Diana DeGette (D-Colo.) and Robert Andrews (D-N.J.), today sent a letter to the TRICARE Management Agency (TMA) after one of the company's contractors, Science Applications International Corporation (SAIC), was involved in a major breach of personal and confidential health information of 4.9 million military clinic and hospital patients. Computer backup tapes containing patient data such as Social Security numbers, addresses and health diagnoses were stolen from the vehicle of an SAIC employee in San Antonio, Texas on September 14, putting patients at risk of identity theft. SAIC, the recipient of $20 billion in federal contracts over the previous three fiscal years despite complaints from federal officials, has had at least six prior security incidents including one last year that also involved stolen computer backup tapes. In the letter the lawmakers ask what steps TMA has taken since these breaches as well as what future action will occur to prevent future data leaks.
BREAK IN TRANSCRIPT
"This breach by a firm responsible for handling the military health provider's patient data represents an extremely serious and substantial lapse in security," write the lawmakers in the letter.
The lawmakers ask TRICARE to respond to questions that include:
* What security precautions and protections does TMA require SAIC or other technology contractors to utilize in the handling of patients' personal health information?
* Does TMA require SAIC or other contractors to have a formal documented policy that requires personal health information to be encrypted or otherwise be made indecipherable to unauthorized individuals?
* Was TMA aware of SAIC's prior data breaches before awarding this contract?
* Will TMA require SAIC and its other contractors to eliminate the physical transport of backup tapes containing personal health information in favor of a more secure and reliable method?
* Why does TMA continue to contract with SAIC for its data handling and IT needs despite these major performance problems?