(Internal VA address.)
The Veterans Health Administration (VHA) Healthcare Security Requirements (HCSR) Office reviews your mobile application (App) to ensure that it meets VA software data security standards. We ensure that your App complies with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Security Rule specifications for protecting electronic Protected Health Information (ePHI). Additionally, we ensure that you implement sufficient security control during development to protect the Veteran’s PHI and personally identifiable information (PII) data. The objective of the data security reviews are to protect the Veteran’s ePHI/PII data from compromise or breach, be it of an intentional or unintentional nature, by ensuring the proper security control measures are implemented to prevent the theft, interception or alteration of the data.
We ensure that if your App is designed or developed to transmit, store or process a Veteran’s ePHI/PII data has the appropriate security control measures to:
We review your Business Requirement Documents (BRDs), application user stories and technical development documents, such as Requirements Specification Documents (RSDs) and System Design Documents (SDDs), if they are available.
The VHA HCSR Office conducts the data security compliance reviews in accordance with the provisions of the HIPAA Security Rule and VA Handbook 6500, Risk Management Framework for VA Information Systems - Tier 3: VA Information Security Program.
Veterans Crisis Line:
1-800-273-8255 (Press 1)
U.S. Department of Veterans Affairs | 810 Vermont Avenue, NW Washington DC 20420
Last reviewed/updated July 29, 2014