#IntegrityFirst: Senator Grassley Fights For Veterans’ Privacy
Senator Grassley demands answers from the Department of Veterans Affairs following inaction in a potential privacy breach investigation impacting veterans and whistleblowers in the VIEWS system.
A demand letter from Sen. Chuck Grassley’s office Friday demanded answers about possible “wrongdoing” in a “major breach of public trust” under VA Chief of Staff (COS) Tanya Bradsher.
Subscribe to our weekly newsletter and stay up to date.
Bradsher’s confirmation process is underway at the Senate Committee on Veterans Affairs. She was nominated to serve as the deputy secretary, replacing the recently resigned Donald Remy, who lasted under two years in that position. She is responsible for oversight of a computer system called VA Integrated Enterprise Workflow Solution (VIEWS). The Office of Special Counsel (OSC) ordered VA and Bradsher to investigate allegations of a “potential data breach” after an OSC finding of a “substantial likelihood of wrongdoing” implicating VIEWS.
VIEWS is a Salesforce-reliant customer complaint system originally created as a customer complaint tracking system for the White House VA Hotline, created under former President Donald Trump in 2017.
The hotline was created as a way for veterans to complain about VA leadership and personnel without interference.
Shortly after the White House hotline’s rollout, veterans noticed their complaints were sometimes not handled confidentially but routed back to the same leaders at the source of the complaint.
Subsequent independent investigations suggest VIEWS was expanded and now houses protected health information and personally identifiable information on veterans and whistleblowers that may be a “potential violation of federal privacy laws.”
Since OSC ordered VA to complete an investigation into VIEWS and its usage ten months ago, VA has repeatedly delayed releasing the investigation results, and numerous whistleblowers believe VA failed to address the alleged breaches fully.
According to VIEWS literature from the vendor responsible for implementing the Salesforce system at VA, Chief of Staff Bradsher is presently the responsible party.
The inquiry from Sen Grassley is based on the results of a detailed VIEWS audit by a VA-certified fraud investigator.
Sen Grassley’s inquiry letter was filed two days after the Senate Committee on Veterans Affairs opened its confirmation process for COS Bradsher to become the next VA deputy secretary.
RELATED: Non-MSM Background On Bradsher
If confirmed, there are strong odds COS Bradsher would also succeed current VA secretary Denis McDonough when he resigns from his position.
Rumors have swirled for some time that McDonough, the second non-veteran in history to run VA, is anxious to depart the agency. It appears COS Bradsher has been groomed for the past two years to take over the top slots despite her historical lack of experience leading an agency or organization like VA.
However, her resume contains the same National Security Council pedigree the Biden Administration has relied on to control the agency narrative for the past two years by keeping a lid on whistleblower allegations.
A recent audit of the agency’s whistleblower litigation found the agency has enjoyed destroying whistleblowers, allowing a successful settlement outcome less than 1% of the time when retaliation is alleged.
RELATED: GOA Report, Resolution Process For Retaliation Claims
Odds are COS Bradsher will get confirmed because most stakeholders like her despite being overwhelmingly underqualified for either role. VA and Bradsher’s supporters are rolling out a public relations campaign to garner support for Bradsher’s nomination to spin her lack of experience.
COS Bradsher enjoys over 20 years of working in a propaganda/public affairs capacity for the Pentagon and other agencies. However, she was shifted into a leadership role in management and operations at VA in 2021 in preparation for her present assentation.
SEE IT: Grassley VA VIEWS Investigation Letter PDF
Grassley Inquiry Letter Into VIEWS / Salesforce Investigation
I have received legally protected disclosures from multiple credible whistleblowers that VA has mishandled sensitive, private information in the VA’s Integrated Enterprise Workflow Solution (VIEWS) system, the system VA uses to manage and track its correspondence. This system, as you know, contains sensitive personal information on countless veterans, VA employees, inquiries from members of Congress, and even VA whistleblowers. The VIEWS system is under the authority of Chief of Staff Tanya Bradsher’s office.1 Based on reports that are supported by documents in my possession, a VA certified fraud examiner and certified auditing professional notified Ms. Bradsher’s office last year that personal identifiable information (PII), protected health information (PHI), and whistleblower information was widely accessible across VA to the thousands of VA employees with access to VIEWS, regardless of their need to know.2 The whistleblower also alerted the Office of Special Counsel (OSC) of this potential data breach. In response, OSC found a “substantial likelihood of wrongdoing,” including potential violation of federal privacy laws.3 OSC then ordered VA to investigate the matter, which it asked be completed within 60 days.4 According to these whistleblowers, the data vulnerabilities are still present in the VIEWS system and threaten the privacy of countless people who trust the VA to safeguard their private information, including members of Congress who pass sensitive constituent information to the agency
According to documents in my possession, the VIEWS system is hosted on the Salesforce platform.6 However, VA’s Inspector General in an audit report in 2021 noted sensitive information such as PHI should not be hosted on Salesforce, a moderate-risk cloud environment, but rather on a cloud environment rated for high risk.7 The IG reported that the VA did not properly consider the risk to PHI it hosted on a different VA software system that also operated on the Salesforce platform. VA needs to explain why it continues to host sensitive information on this system. It appears from the OIG’s report that even if the proper sensitivity tags were being applied, which is not the case, the system still would not be appropriate to store this sensitive information.
According to whistleblowers, the VA has requested extensions from OSC that have left its report on this serious matter still unfinished ten months after OSC ordered VA to investigate. As you know, Ms. Tanya Bradsher, whose office has authority over the VIEWS system and promised to look into the matter nearly 11 months ago, is currently before the Senate as a nominee to the position of Deputy Secretary. In that position, she would have a key role in the VA’s electronic health records (EHR) modernization.8 However, the VIEWS system that is under her authority contains names, social security numbers, dates of birth, and apparently even medical records of many veterans, accessible to thousands of VA employees and not restricted to those with a direct need to know.
VA and Ms. Bradsher must immediately explain their failure to protect this information for so long, even after being notified of these potential violations of federal data privacy laws. VA must also explain its delays in investigating the matter, while this sensitive information apparently remains available to those who should not have access to it. Accordingly, so that Congress may conduct thorough and independent oversight of the VIEWS system and what appears to be a major breach of the public trust by Ms. Bradsher’s office and senior leadership at VA, please provide the following information no later than June 16, 2023:
- All records9 sufficient to show when VA first became aware of potential issues with the security of VIEWS data, including all correspondence following notification of the Chief of Staff’s Office in 2022 about vulnerabilities in the VIEWS system.
- All records related to data vulnerabilities in the VIEWS system, including any forensic or other analysis of how the information was used, potential access by those without a need to know, potential misuse of VIEWS information, and potential use of information for whistleblower retaliation.
- All policies and procedures for when information in VIEWS should be marked sensitive, PII, or PHI, and restricted from dissemination within VA.
- All records related to the investigation requested by OSC, including any and all correspondence related to delays in the report.
- Any records or correspondence showing Ms. Bradsher’s role in overseeing the VIEWS system, including any emails, memoranda, or other instances where she instructed anyone at VA to follow up on reports of data vulnerability in the system.
- Provide in detail all steps Chief of Staff Bradsher took when she was notified of this major data vulnerability in 2022, along with records detailing and documenting each step.
If you have any questions, please reach out to James Layne, on my Committee staff, at (202) 224-0642.
Sincerely,
Charles E. Grassley Ranking Member Committee on the Budget
Grassley Letter Footnotes
1 Liberty IT Solutions (the company that implemented the VIEWS system at VA), summary, VA integrated Enterprise Workflow Solution (VIEWS) Salesforce Development (last accessed May 31, 2023), https://appexchange.salesforce.com/partners/servlet/servlet.FileDownload?file=00P3A00000iHXXiUAO (noting that while operationally, correspondence management falls under the Office of the Secretary of the VA (OSVA) Secretariat (ExecSec), the VIEWS system is under the authority of the Chief of Staff).
2 Email from Peter Rizzo, Senior Program Manager, Quality Assurance Service, Office of Construction & Facilities Management, U.S. Dep’t of Veterans Affairs, to Ms. Maureen Elias, Deputy Chief of Staff, July 13, 2022, on file with Committee staff.
3 Letter from Leslie J. Gogan, Attorney, Disclosure Unit, Office of Special Counsel, to Mr. Peter Rizzo (August 2, 2022), on file with Committee staff.
4 Id. (citing OSC’s legal authority under 5 U.S.C. § 1213(c)).
5Documents showing apparently sensitive information still marked not sensitive as of June 2023 in the VIEWS system are on file with Committee staff.
6 Liberty IT Solutions, supra n. 1.
7 Dep’t of Veterans Affairs, Office of Inspector General, Office of Audits and Evaluations, Veterans Health Administration, Program of Comprehensive Assistance for Family Caregivers: IT System Development Challenges Affect Expansion, Report #20-00178-24 (June 8, 2021), https://www.va.gov/oig/pubs/VAOIG-20-00178-24.pdf.
8 Dep’t of Veterans Affairs, EHR Modernization (last accessed May 31, 2023), https://digital.va.gov/ehr- modernization/.
9 “Records” include any written, recorded, or graphic material of any kind, including letters, memoranda, reports, notes, electronic data (e-mails, email attachments, and any other electronically-created or stored information), calendar entries, inter-office communications, meeting minutes, phone/voice mail or recordings/records of verbal communications, and drafts (whether or not they resulted in final documents).
Two 55 gallon drums full of C-4 will solve any problem. Just remember that. Everything else is bullshit.
One doctor said I had PTSD..I got benefits.. went to another VA and they said I had the same thing as Charles Manson instead and that I shouldn’t be getting any benefits or care. I said, “Oh yeah? Allow me to refute and retort… second opinion”…heel kick to the top of the head, close fisted backhand to the mouth, football punt the the cunt. Outta there you fucking bitch! When and if they catch me I’ll claim I was never there. I wore a corona mask. Eat it you mother fuckers.
Ben,
I received this letter from the VA today, 9 Jun 2023, about a pharmaceutical company going bankrupt and they’re recalling ALL of their medications.
The pharmaceutical company’s name is;
Acorn Operating Company LLC
The list is long! 52 different medications.
My questions are;
Did the VA pay?
What happened to the money?
What’s going on!
What makes the VA different from other hospitals and healthcare systems? It’s politics man! That’s what’s fking it all up… these political troops on all levels are battling it out and using you as a weapon…even sometimes you are the victim of these nuts. It’s a gd free for all! These kinds of things happen a lot less in private practice and the VA has a large amount of legal immunity on top of that so they can do as they please. It’s slack and you have very little recourse if they fk you.
Yeah there’s also people at VA who will search your criminal records, your Facebook, and smear you inside and outside of the system if you’re what they deem to be “a problem.” Gotta lotta mental problems and left there because they are full of sht? They gonna send the cops to do “welfare check.” Don’t answer door? They will break it down even if no threat or emergency I swear to God and baby Jesus. All it takes is for an employee to assume. All this is a Fourth Amendment violation.
As a VA whistleblower I continue to be disgusted by the actions of the VA and the D.C. cronies that allow continued mistreatment of those individuals who come forward. The VA system needs to be overhauled from the top down. Our veterans deserve so much better.
Grassley should have retired twenty
years ago.
No the Senator should not retire, MORE SENATORS SHOULD stand up and be counted to fix or get rid of the
Veteran Administrations incompetent morons they call leaders. The VA hates the Veterans and just are there to keep their jobs at all costs not wanting to be bothered by Veterans Needs
Yes
Until people go to jail or fired nothing will be done.
Amen. Make rights violations at least a misdemeanor and take these people to the county jail.
AGAIN< NO ONE DOES CRAP! The VA needs to be dissolved and a new ID card issued to each Veteran according to his disability rating which can be used anywhere to receive medical care authorized by that veterans rating. That means the veteran can go to any doctor, hospital for care, period. The VA ceases to be involved with the direct care of medical treatment for any Veteran, No more VA leadership protecting the VA from the Veteran, the Veteran is NOT the enemy here it is the VA Administration, jobs for their life and caring nothing for the Veteran. The VA is what counts the hell with the Veteran!
I wonder what it took for a republican to give a damn about a Veteran. I am TOTALLY SHOCKED that grassley would give a damn about how horrible a Veteran is treated! grassley is one of the absolute worse about caring about what happens to Veterans! Me thinks he is only trying to gain voters!
I have noticed that there is absolutely no way possible for a Veteran or a caregiver to complain about anything the v.a. does to not only neglect but severely harm Veterans on a daily basis.
INSTALL AN EFFING VIABLE COMPLAINT SYSTEM!!!!!!!!!!!!!!!!!!!!!!!! No complaint system means they do whatever they want and get away with it!
GOP is anti-federal government.. therefore they will side with veterans over grievances while at the same time they try to choke funding you see? Meanwhile, you got conservatives at VA wrecking the place from the inside.
You got that right. Both parties are rotten. When I needed medical care at the VA, I turned to Democrat Mark Udahl and within 48 hours I got the care that I needed. The same thing with Michael Bennett. He has a great guy that works for him who takes up veterans issues and fights for us. As for Republicans they always act like they are pro veterans. They are all liars. They are pro cut all of our healthcare and our disability pensions. The sooner we die the better those punks like it. They are constantly defunding the VA and cutting our VA disability pensions by not giving us a raise or giving as little as they can get away with it. We always get better when the Democrats are in controll.