Medicaid Monitor
Policy Intelligence
Medicaid Monitor
Policy Intelligence
© 2026 Lanphier Ventures, LLC
Informational use only. Not legal or compliance advice.
← All stories
Federal Policy·May 27, 2026

GAO: VA Implements Nine of 13 Cybersecurity Recommendations for Veterans' Health Data

The Government Accountability Office reports that the Veterans Health Administration has fully implemented nine and partially implemented three of 13 cybersecurity recommendations made in September 2025 to protect veterans' protected health information in the Million Veteran Program system. GAO originally identified deficiencies in asset and risk management, configuration management, identity and access management, and continuous monitoring. All 73 reviewed VA business associate agreements met HIPAA Privacy Rule requirements for PHI use and disclosure. GAO will continue monitoring VA's progress on the remaining recommendations.

Why it matters for managed care

This GAO update demonstrates federal oversight of HIPAA-covered entity cybersecurity practices and sets expectations for systematic remediation of control deficiencies that Medicaid MCOs may face in their own compliance audits.

Managed Care

Read the full article at gao.gov

Share this briefing

You might also like

← All stories

Get the daily briefing.