Baker tells VA vendors they must meet certification requirements

22,000 vendors will get a letter notifying them of cyber guidance

The Veterans Affairs Department is contacting the chief executives of the department’s 22,000 vendors to remind them to certify that they are meeting the VA’s requirements for protecting sensitive medical information, Roger Baker, assistant secretary for information and technology, said today.

Baker said he decided to send the letter because of initial findings of a VA audit that determined that 10 to 25 percent of vendors at some VA facilities are not in compliance with the certification requirement.

“The main intent is that everyone gets the message,” Baker said. “If they are not certifying, we will take action.”

Those certification requirements apply only to VA vendors that have access to personal medical data, which Baker estimated was the case for approximately one-third of the 22,000 vendors.

The audit is not yet complete, and the letter is intended to help vendors meet those requirements as quickly as possible, Baker said in a conference call with reporters.

So far, the audit has found that many VA facilities are fully in compliance, and for those that are not, the noncompliance rate is 10 to 25 percent, he said.

“A lot of this is education about which companies have to have" the certification, Baker said. “Guidance has gone out a number of times, and yet we still have facilities that have not fully addressed it.”

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Reader Comments

Mon, Sep 20, 2010 Fernie

This article was of limited value. You spoke to the certification requirements but as one of the possible vendors I would like to know which certification is being required. Is it HIPPA or NIAP or DITSCAP/DODIIS, or STIG or what? Please consider that the Government has MANY certifications which really stress out the vendor community. Some of these certifications are for software and are done by thrid parties. They cost about $300K per product and can take a year to complete. The resultant "certified" product is then one year old and headed to obsolensence to be replaced with the latest version so the Government end user gets to implement a product which is about a year old. Anyway, please consider including more details in the future. These comments are my own and don't represent official comments by the company I work for.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here


  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.