|Title:||Audit of VA’s Systems Interconnections with Research and University Affiliates|
|VA Office:||Veterans Health Administration (VHA)
Office of Information and Technology (OIT)
|Report Author:||Office of Audits and Evaluations
|Report Type:||Audits, Reviews & Evaluations
We conducted this audit to determine the effectiveness of VA’s management of its systems interconnections and data exchanges with external research and university affiliates. We found VA has not effectively managed its network interconnections and data exchanges with its external research partners. VA could not readily account for various systems linkages and sharing arrangements. VA also could not provide an accurate inventory of research data exchanged, where data were hosted, or the sensitivity levels of the data. We also identified unsecured electronic and hardcopy research data at VAMCs and in co-located research facilities. VA’s data governance approach has been ineffective to ensure that research data exchanged are adequately controlled and protected throughout the data life cycle. We recommended OIT and VHA implement a centralized data governance model and ensure formal agreements are established requiring research partners to implement controls commensurate with VA standards for securing and protecting sensitive data.