The Veterans Administration (VA) Privacy Services office protects your private data when you interact with the VA online. Private data includes any information that can identify you, like your name, address and social security number. It also includes your health information. There are general rules that apply to all VA online information and rules for web and mobile apps. This page describes these rules as they apply to the VA Web and the Mobile apps listed on the VA App Store.
About Federal Web Data Privacy Protection
All U.S. Federal web pages that you view, or interact with, in a browser must comply with a set of general rules to protect your private data. These include all pages in the .gov domain, including web sites like this one on mobile.va.gov, and the VA Web apps (apps that run on any device in a browser), and VA Mobile apps that run on Apple or Android devices, listed in the VA App Store. These rules include:
- Rules under the Privacy Act rights
- Information collected and stored automatically
- Registration and log in
- Password protection
- Saving of passwords by browser
- Logging out
- Information sharing
- Digital analytics
You can read more about how the VA Privacy Services addresses these issues, here: www.va.gov/privacy-policy.
About Google Analytics
Veterans Health Administration (VHA) Office of Connected Care (OCC) apps do not employ Google Analytics. These are apps in the VA App Store that have VA Health in their logo.
Some Federal agencies may participate in the Digital Analytics Program (DAP). As part of this program, Federal web sites may analyze their web traffic with Google Analytics 360 tools. DAP forbids passing any personally identifiable information -- including health information -- to Google Analytics. Information is "anonymized" (scrambled) before Google Analytics receives it. Users can receive recommendations related to personal privacy by accessing the Google Privacy Checkup. Google Analytics also has an opt-out tool to prevent sharing of information from web browsers.
About VA Apps Privacy Protection
In addition to the general federal rules listed above, The VA's Privacy Service ensures that all VA online applications listed on the VA App Store comply with rules specific to web or mobile apps. These rules include:
- Passing data to or from the VA, like health records.
- Terms protecting private data are included in the End User License Agreement (EULA)
- How a device may store private data
You can read an overview of these topics from an app developer's perspective, here: Privacy and Application Data Security.
Protecting Personal Health Information
The Veterans Health Administration (VHA) also ensures that the apps developed by the Office of Connected Care OCC further protect your personal health information. Apps with the padlock symbol on their app logos protect any online exchange by requiring they must occur over a secure connection within the VA network. Veterans and their designated Caregivers typically need a DS-Logon, ID.ME or My HealtheVet subscription to satisfy this requirement. VA Providers and Staff must be logged into the VA network via their Personal Identification Verification (PIV) card to review any user data.
About Third Party Apps Privacy Protection
The VA App Store includes apps from three sources: Veterans Health Administration (VHA) Office of Connected Care (OCC) apps, VA-Sponsored apps, and suggested Third Party Apps. (See OCC App Ownership for more information about these app types. Third Party apps are only recommendations: VA does not test them.) The VA Privacy Services office tests and certifies that OCC apps and VA-Sponsored apps have passed its rules to ensure that the apps cannot reveal private information to unapproved parties.