The full Senate is expected to vote on President Joe Biden’s nominee for the number-two spot at the Department of Veterans Affairs, shortly after the completion of a scathing review that shows a VA recordkeeping system that she oversees risks exposing sensitive personal information on veterans and agency employees.
Last month, the Senate Veterans Affairs Committee advanced the nomination of Tanya Bradsher, current chief of staff to VA Secretary Denis McDonough, to be deputy secretary by a vote of 13-6. The Senate came back into session this week.
In her current role, Bradsher has had authority over the VA Integrated Enterprise Workflow Solution Case and Correspondence Management, also known as the VIEWS CCM system, which a recent review conducted by the department’s Office of Information Technology determined had serious flaws — but was improving.
Peter C. Rizzo, a certified fraud examiner and former VA program manager, was one three VA whistleblowers who raised concerns about the system.
‘The president nominated this individual who was responsible for maintaining this system,’ Rizzo told Fox News Digital. ‘I certainly wouldn’t want someone of her caliber in the number-two spot at the VA. The VA and our nation’s veterans deserve better.’
Nevertheless, Senate Majority Leader Chuck Schumer, D-N.Y., scheduled a cloture vote on Bradsher for 5:30 p.m. on Monday.
Sen. Chuck Grassley, R-Iowa, issued a statement late Thursday explaining his opposition to the nomination that he has previously blocked.
‘If confirmed, Ms. Bradsher would be in charge of the VA’s effort to modernize veterans’ electronic health record,’ Grassley said. ‘This involves the healthcare records of millions of veterans, which obviously contain huge amounts of sensitive information. Ms. Bradsher’s failures on privacy issues as chief of staff and her lack of transparency to the Veterans Affairs Committee show that we can’t trust her to secure this sensitive information or to take the lead and address agency failures, of which VA has many.’
In August 2022, the Office of Special Counsel — an independent agency that investigates whistleblower disclosures — requested the VA investigate privacy concerns about the VIEWS system. The VA’s Office of Information Technology conducted the investigation and submitted its report in July of this year to the Office of Special Counsel. The report has not yet been made public, but the OSC is expected to issue the report at a later date. A VA spokesperson did not comment on the record for this story.
The more than 2,000 VA employees who have access to the VIEWS have the option of marking documents ‘sensitive’ or ‘not sensitive’ for veterans and employees. According to congressional sources, the VA internal review estimates that the number of ‘not sensitive’ records with personal information that should have been marked ‘sensitive’ were in the ‘multi-thousands.’
The department’s internal review says that VA employees with access to the VIEWS systems ‘can view, download, copy, screenshot, or otherwise share sensitive information – e.g., whistleblower and veteran social security numbers, dates of birth, home addresses and phone numbers and medical and financial information.’
The internal review determined that remediation measures in July 2023 ‘significantly reduced the accessibility of whistleblower identities and sensitive personal information.’
However, it also noted that ‘there is no program of auditing or detection in place to measure the effectiveness of applied changes, or to flag when a user views whistleblower identities and sensitive personal information without authority or fails to protect such information by not setting the appropriate case sensitivity marker.’
Bradsher wrote to Sen. Marsha Blackburn, R-Tenn., a member of the Senate Veterans Affairs Committee, in a May saying: ‘the VIEWS system has controls in place to protect personal and sensitive information . . . system access is logged. Audits also are done to make sure information on the VIEWS system is accessed appropriately.’
This answer clearly conflicts with the report’s assertion that no audit system is in place, Grassley said in a statement.
‘The VA’s report further calls Ms. Bradsher’s candor into question. It seems to directly contradict Ms. Bradsher’s answers to questions for the record in her committee proceedings,’ Grassley said. ‘It looks like Ms. Bradsher has some explaining to do.’
The review stated: ‘Privacy issues with VIEWS CCM have been reported to VA officials responsible for VIEWS CCM by multiple persons and offices since 2019.’ However, in her written response to questions from Moran, Bradsher said she ‘first became aware there were concerns about the VIEWS systems shortly after certain VA employees approached the deputy chief of staff in July 2022.’
The internal VA report says that ‘there has been no effort to hold violators accountable.’
The review further says department whistleblowers believe that ‘sharing of this information has resulted in the mistreatment by managers and co-workers.’ However, the review also says that ‘there is no evidence that VIEWS vulnerabilities discussed in this report resulted in a privacy breach or have caused harm to veterans, whistleblowers, or their families.’
But Rizzo contends that the privacy breach from VIEWS facilitated the attempt to silence department whistleblowers. Last year, he notified colleague Kristen Ruell, a 15-year veteran of the VA, that her information could be found in the VIEWS system. Ruell has been a whistleblower in cases of duplicate payments, exposing improper shredding of mail and reported improper treatment of employees.
VIEWS showed her whistleblower communications to members of Congress, the VA Office of Inspector General and other VA officials. She also noted that her Social Security number, date of birth and other sensitive and personal information had been published in VIEWS and marked not sensitive, so that other VA employees could access the information.
‘When I whistleblew in the past, I always thought it was strange that the people I reported found out that I reported them within hours,’ Ruell said. ‘One person actually contacted me and asked why I reported them. Now it all makes sense. The emails that I sent are still in VIEWS and as of the date of the report still viewable to any VIEWS user.’
Bradsher was a 20-year Army veteran and has been a public affairs official for the White House National Security Council, the Department of Defense and the Department of Homeland Security.