Skip to main content

tv   Key Capitol Hill Hearings  CSPAN  September 22, 2014 8:00pm-10:01pm EDT

8:00 pm
gubernatorial. we appreciate both of you coming out. senator davis thank you for your time and insight and general greg abbott thank you as well. we appreciate you both coming. and this is all about arming our viewers with the information they need to make an informed decision when they hit the polls. it is worth reiterating the last day to register to vote is october 6th. early voting starts october 20th and the big day where we will decide a new governor in texas will be on november 4th. i want to bring in, if is okay, carlos, the editor of the "the monitor" newspaper. your thats on this historic debate? >> thank you for your participation. as the post-debate begins about who won we should be mind full there is one clear winner and that is the voters of the rio grande valley.
8:01 pm
we appreciate your willingness to come here. >> your final thoughts to our spanish viewers: [speaking spanish] we want to thank doctors hospital at renaissance for this beautiful venue tonight. and also the crew that worked on the set designs. thank you so much for that. senator wendy davis and general greg abbott thank you to both of you. for everybody watching at home, have a great night. >> up next, "the communicators" features wade baker security director at verizon. then the house veterans affair committee examines the ig's
8:02 pm
report on the phoenix va health care system. >> no doubt you heard thuabout data breaches at places like home depot, target, sony play station. we are going to discuss data breach reports with wade baker who is the chief director with vires. what do you do? >> guest: we research technology and try to bring them into the
8:03 pm
our are products. >> host: what is the definition of a data breach? >> guest: an unauthorized person or group gains access to private information. could be personal information, e-mails or anything you don't want the public to see. >> host: what some major conclusion of the data breach report? >> guest: this thing is getting more and more complex every year. we see a wider variety of attackers. ten years ago in the security space we mainly worried about network worms that roamed around and knocked servers off line. now we worry about large scale attacks, eastern european attacks, advanced threats
8:04 pm
centered on espionage. >> wade, the focus has been on the big point of sale attacks that are happening between when you swipe your card and with when the information goes to the company. why are these seeming more prevalent? are we particularly vulnerable at that moment? >> guest: we are. a lot of people are aware when they buy something online i need to make sure this sight is legit and a little worried about entering a payment card but we don't think about it when we swipe it at the terminal. as soon as you swipe the card, that data transfers on a network inside that store, it is community communicated outside to aruthorize the payments.
8:05 pm
>> the home depot and target attack last year are big ones but your report says as of 2013 these are decreasing. is that right? >> guest: we have been doing this report for seven years but we have ten years of data. you can see changes in the threat landscape over that time. several years ago we saw a large bank and payment processors that were compromised. then we had an era where a lot of small and medium businesses were compromised and now it is shifting back to larger retailers. so numerically speaking we saw fewer but as far as the mount of data compromised it is larger.
8:06 pm
>> most of the time when it happens it doesn't seem like the store itself but this third party the hackers are able to get in through and access all of this information. can you explain the whole big eco system and is there a way to make it safe? >> it is a frightening web once you start digging into it. it doesn't just exist in retailers. just the supply chains we are all a part of it are increasingly large and complex. a point of sale system is in a store and that store is part of many other stores. it could be across multiple changes. under one umbrella management and these are going to be networked very often in retailers and there is not a local security team to take care of that point of system.
8:07 pm
you hire a third party and their responsibility and managing and protecting that point of sales system. any time you add a third party to the mix you add a way they need to be able to access, usually remotely, and that opens the door to a hacker or whatever to exploit that vector and that is what is happening in a lot of these. stay steal the password of the third party that is managing the system and access them just as they were the ones authorized to do so. >> in the case of target, the h-vac company was the inroad. and you don't expect them to have the best internet. is there a way to force overall security on the eco system? >> guest: there has been many attempts. you bring up another interesting point of not only are there more
8:08 pm
third parties and that makes more vectors to attack what we are putting more on the internet. the fact an h vack is connect today one network and that is connect today the payment and that is something we forget about as we add to the complexity. and it is supposed to be firewalled off and isolated. but networks have grown and it is like in a house when you knock down a wall and find out it is connected. >> host: has wireless added to the problem? >> guest: absolutely. you have the wireline network and wireless systems for employees, inventory, blue tooth
8:09 pm
and other things that automatically register. absolutely an attacker could sit in a parking lot and if that is not secured they can gain access sitting there. >> host: your report, which is online on our week site, you talk about nine different attacks. one is an app attack. what is that? >> guest: we have been on the web and used an application. and we call it a website or something. but a lot of people don't realize it looks like a bunch of words but that is a web application running in the back. they will return the information back to you and let you manage the bank account and play with facebook or whatever you do
8:10 pm
online. so these web applications run on code and any time you have softwear or code there can be vulnerabilities. they need to be upgraded over time. so they stay on the internet and are not patched. people are familiar with the updates on their computer. it is the same thing with a web server and application. if you don't take care of them they get holes and the bad guys know where the holes are. >> you mentioned there were nine categories in the report and they run a huge gamut. one nation state attacking together to attacks on banks and point of sales hacks to the syrian electronic army stealing the ap twitter account. are they related when you tie the knot? >> guest: one of the things we
8:11 pm
came up with the nine patterns was because we were having difficulty getting our arms around this. many organizations said forget it. i cannot keep up with the amount of threats. we did analysis and i will not go into the math but basically all of the hundred thousand incidents fit more or less within one of those nine buckets. and we have a pattern called crime ware which is malicious so software that gets installed on a computer and does things. we have denial service attacks. and you would not think a code on a computer and is relate today denial of service attacks. but the fact of the matter is that often malware gets installed on the system and joins that one system to a
8:12 pm
network of other systems that have the same malware on them. as a unit, the hundreds of thousands systems all -- >> that is called a? >> guest: distributed denial atta attack. it is pointed at a website where maybe you don't like their stance and they will knock it off the market and you will not see it. >> are there cases in which it is the same people hitting the defense department and trying to steal intelligence who are also trying to steal your bank account information? >> guest: there is a lot of that. there is a lot of shadow underworld that is difficult to attract. there are people that do business to hack into bank and retailers and want to steal payment information so they can translate that into cash. there are others that are rooted in the espionage working for the
8:13 pm
government phase. then there is a middle ground with movement in between and shared tools they use and shared people as far as we can tell. so, yes, there is a connection and i think that is one of the things that we as security rough researchers try to know. the better we know the ad vusauries the better we can p protect. >> host: is this a government sponsored entity? is the people in the basement of their house? >> guest: we have worked with people and law enforcement has busted down the door and dragged them from the basement literally. and participated in full-scale arrest of multiply individuals
8:14 pm
who are well-organized and have rules and someone to write malicious software and the others know thhow to wash the money like organized crime. and others are definitely working on behalf of the government. they have an office, pictures and recon photos and going in and out to work and they go to that building. that is their job. to hack into companies and steal on behalf of the government. >> host: is this profitable? >> guest: it seems to be very much so. there are places have seen photos of eastern european towns, for instance, that were just an insane number of people drive nice cars and a lot of that is the spam, the fake pharmaceuticals, the financial fraud and tax and medicare fraud.
8:15 pm
all of these things equate to staggering amounts of money that are somewhere along the line traced back to data stolen >> host: verizon is a wireless provider. what kind of measures does your company take to prevented attacks on your system? >> guest: we are in many ways the playing ground that a lot of this takes place over. so it is important to us to protect it. i will go back to the denial of service attacks that are an attempt to knock a country offline. could be government or a company and that takes place over the network in many places. we jump win the company being attacked and work with them tightly because the more they are attacked it is slowing down traffic on the network and
8:16 pm
affecting other customers. we try to shut it off as close to the source as we can and preserve the company and the netwo network. from a data breach perspective we are trying to find malicious communication taking place. and we work with companies to protect them from every having intrusions into the network but also have a team who helps respond when something does go wrong and responds quickly to work with law enforcement or whatever is needed. >> when you find someone on a network like that can you give us the play by play of how you get them off? kick them off right away or check them out? >> guest: it depends. a lot depends on the customer and what we know about it. if it looks like there is a system infected with malware and
8:17 pm
beaconing outside of the network we will recommend to take it offline, wipe it and go from there. but in the more complex attacks we need to watch and see what is going on. we have worked with customers to set almost like network cameras on their networks to see what exactly is going on and now we have evidence in the same way you would in the physical world. you need to catch them in the act so to speak. so if we can do that, many times it is putting evidence together almost like digital finger prints. you can tell certain attackers by the way they do things and the artifacts they leave behind and that traces back to certain groups and a lot of time we will work with law enforcement to go disrupt it at that level. unfortunately, it is a whack a mole situation in the company. you may only know about one system on the network that is
8:18 pm
compromised but there maybe hundreds or thousands that are. so you clean this up and pop up here and here and here and that is one of the most difficult parts of responding to a wide spread incident. >> how can they compromise so many within one company? >> guest: very often there is a vector of infection. >> what is a vector of infection? >> guest: it is just a way in the door. if you think about i want to get in a house how do i do it? i could go through the door, break a window or if i need something hard i could come up through the floor. but you are going to take the easy way. sometimes in this realm it is a fishing e-mail, they click on it and the system is infected and it opens the doorway for the attacker to come in.
8:19 pm
once they have a foothold or established ground inside the network then they could spread around. we know how internal networks they, they just plug it in and hop from computer to computer. they will go from the domain server that has all of the user accounts and steal hundreds or thousands of passwords. so that lateral spread throughout the network happens after the initial compromise takes place. the idea is to get deeply rooted and entrenched as you can so you can see everything from the attacker's perspective. >> are the fishing e-mails like click here to enter a sweepstake? >> guest: some are not as che e
8:20 pm
cheesey. the good ones do a well crafted e-mail. they might know we are meeting and say thanks for your time today here is an interesting article. they can make it believable knowing you attended a conference at this time. but once you open the document you are infected and don't know about it. >> a lot of this is technology but it is also social engineering. >> guest: absolutely. almost of all of these ad fobs evangelica -- advanced attacks start with tricking someone to click on something. >> host: wade baker, are there any regulations on the federal level that apply to this? >> guest: there are standards
8:21 pm
and regulations on how we protect systems. many depend on processing payments, storing government and classified data there is a set of standards. so there is those. and increasing discussion on when an incident occurs what you are responsible to report or disclose about it. if you have information stored on individuals and that is compromised you have to report that publically and notify the individuals. and there is more and more of this discussion taking place. a lot of this isn't regulated into law. there is this idea that if we can share information we are better aware of the situation going on and we can spond better. we as defenders got to share.
8:22 pm
>> what about the eye sacks? >> guest: they are vol and you can join but they don't require you have to tell me these thicks on every single bit. i think it is better this way because you will get better information that way and get to the root issues. if we make a law about sharing then it has to be updated and changed and this situation we are in is fluid and changes quite drastically over time. something needs to adapt to that fairly regularly. same thing with controls. if i say here are ten things everybody needs to do today one of the problems we have in
8:23 pm
security is they don't get updated fast enough so there is a lot of complaint about that in the retail and financial sector. but information sharing is important and there is a lot of very good reasons to do it that organizations are latching on to. because they realize if i share and get information that is very helpful to me and i am also reaping the benefits and so are my peers when we do this. the last several years especially is really increasing as far as i can tell. >> are there concerns from the other side that when you share information you are giving up your own trade secrets for property or violating your agreement with a client? >> guest: absolutely. the things i hear on concerns of information sharing is i am violating client privilege and i know this and should ab able to
8:24 pm
share that or extraction of that with others so they can prepare for a similar attack. concern about brand. if i share this and say that we had an incident is this going to reflect negative on me and look like i am not prepared to deal with security. on that note, we are under the impression the difference between secure organizations and non-secure organizations isn't often whether or not they had a compromise just because it is a fact of doing business but it is how well you prepare and respond to those things. you see organizations that take forever to figure out what happened and some very quickly let everyone know about it and are open and honest and deal with the situation and that is the difference between good and bad in that case. but there are concerns. >> did you think that model is understood by the public?
8:25 pm
that you can be breached well or breached badly and are companies explaining that to the public well enough and is the public gr grasping it >> guest: i don't know. i have done experiments with family at gartherings. when there is a breach it is big on my radar. and i will ask did you hear about the such and such breach and for years i get no, what are you talking about. but i have to say every the last year as i ask the question they have heard of this. so somehow it is getting down on their level far more than it has in the past. i don't know if that is because we are all tired of having our credit cards swapped out so many times a year or getting the breach notices or what it is but there is definitely an awareness and i think some of that is the companies themselves driving
8:26 pm
that government regulation seems to have more buzz. >> do you attend the black death conferences health every -- black cat -- to talk to the hackers. >> guest: i attend black cat this year >> host: was it good for you? >> guest: yes, i like to go to black cat because you can see people look at this attack i just figured out and they are trying to get publicity for themselves and that is not great and might be part of the problem depending on who you talk to it does give you perspective on these things and you see the attacks and the trends going because as soon as they are talked about in the public forum is just a matter of time before the criminals are using the same
8:27 pm
techniques. it is a way to keep up and stay ahead of the game. >> on a personal level, how often do you change your passwords and do you bank online or wireless? >> i do bank online and on my mobile device. i change my passwords pretty regularly. maybe every six months to be honest with you. so it really isn't that often. i use a password manager. i don't try to make up my own passwords because i will forget them or use an easy one. so i outsource to my brain and a lot of those programs are freely available to download. i recommend one. they will let you know there has been a breach with such and such and we see you have an account with this and you might want to change your password. so that is a tip i tell
8:28 pm
everyone. change that. and also always enable two-fact two-factor >> host: final question. >> every two or three months is seems thebe to be the password is dead. is it going to die any time soon? >> guest: i hope so. it will probably not completely die. but we have the means of getting over this if you think about it. this is a collective thing we as consu consume and industries need to
8:29 pm
get together and solve this. think about in the password, we have to remember and look it up and that is how we gain asses to the important accounts. there is a lot of information we could do passively. most of us have microphones, the way i type is unique. mobile devices have finger print readers and cameras which is creepy but we could look at it and say you are wade. we know where the device is and if that is by your computer that is a good match. there are many ways we can verify someone but we got used to the password and it is like a crutch. >> host: wade baker and joe
8:30 pm
marks thank you very much. up next, the house veteran looks over the va report from the phoenix health care. we hear from general richard griffin and whistle blower and former director sam foot. then the new va secretary gives an update at changes at the va and that is followed by va and phoenix va health officials answering questions on the final report. president obama relayed the security council meeting on the
8:31 pm
threats formed by foreign terrorist groups. on washington journal we will talk about the meeting and then we will discuss "city of rivals" which examines washington gridlock. and later purdue university president mitch daniels looks at higher education cost and academic standards. plus your phone calls, facebook comments and tweets. washington journal is live every morning at 7 eastern on c-span. 2014 debate coverage continues on thursday between lee terry and brad ashford and then sunday the iowa debate happens. then campaign 2014 more than a hundred debate for the control of congress.
8:32 pm
hearing on the inspector general's final report. the house veteran affair committee heard from general richard griffin and whistle blower and former va director sam foot. this panel is two hours and 40 minutes. this hearing will come to order and i thank everybody for attending this hearing which will dpam examine the oig report on the phoenix va issue.
8:33 pm
i would like to ask consent, who is not here, that our colleague from arizona be allowed to join us here to address this issue. without objection so ordered. also, members, we do have a series of votes that will start at 1:00. i apologize for that. this hearing was moved from its original time because of the joint session of congress to hear the president of ukraine. after the final vote, we will y resume the hearing as quickly as possible so we will not keep the witnesses waiting any longer than absolutely necessary. on the 26th of august the va office of inspector general released its final report on the phoenix va hilary clinton system that vaulted to national attention after our hearing on april the 9th. the oig confirmed that
8:34 pm
inappropriate scheduling practices were a problem and access barriers adversely affected the veterans care at the phoenix va center. based on the large number of employees who used scheduling practices contrary to the system there are 93 investigations going on and have found over 3400 veterans who may have experienced delays in care from wait list manipulate at the phoenix va center alone. they concluded by providing the va with 24 recommendations for improvement to avoid these problems from reoccurring. they should be implemented immediately and this committee
8:35 pm
will work tirelessly to make sure they are implemented. mr. griffin, i spend you on the past work and the months ahead. with that said, i am discouraged and concerned about the manner with which the oig final report was released along with the statements contained within it. notablely prior to the release of the report, selective information was leaked to the media which i believe purposeally misled the public there was no evidence at phoenix linking veterans death with lack of care. as the days progressed, that falseho falsehood became obviously.
8:36 pm
what the oig reports and what is the discussion of much discussion today is the statement by the oig quote we are unable to conclusiveally assert that the access of timely quality care caused the death of these veterans. end quote. what is more concerning is the statement -- once they release this report, which causes delays in care and poor quality of care and the staff was breached by the oig. regarding its findings that were chosen throughout the drafting process. prior to the meeting we requested that they provide us with the draft report in the form it was provided to va three weeks before the release of the
8:37 pm
final report. after initially expressing reservation, the oig provided us with the draft. what we found was that the statement that i just quoted was not in the draft report at all. another discrepancy we found at all the centers. oig stated in the briefing to the committee staff that va inquired why such a statement was not in the report. further, additional information on numerous list provided by all sources throughout the investigation that oig counted for 44 deaths on the electronic
8:38 pm
wait list alone and an asstonishing 293 total veteran deaths on all of the list providing through multiple sources from this review. to be clear, it is not, nor was not my attention to offend the inspector general and the hard working people within the agency he employs. however, i would be remised in my duty to conduct oversight in the department of affairs if i didn't ask these questions. no one within the department or other members of the committee is beyond having a record scrutinized. the community will ask the questions that need to be asked to perform our duties. it is important everything is
8:39 pm
preserved and full meeting like this will make sure that is the case. i turn to the ranking member for his opening statement. >> thank you, mr. chairman for having this hearing. i would like to thank the panelist for coming as well. today's hearing provide the community to support the patient wait times and scheduling practices within the phoenix va health care system. this report didn't state a direct casual relationship between the long patient wait times and veterans death. for some that is a concern of undue influence by the va on the inspector general's report which will be discussed at length today. the report shows there were serious laps in the va's
8:40 pm
follow-up and continued care of veterans. they concluded the inappropriate scheduling practices demonstrated in phoenix are a nationwide systemmatic problem. i do not need more evidence or analysis there was no doubt in my mind veterans were harmed by the scheduling practice across the nation. the bottom line is this behavior and the affect of veterans is not acceptable. my heart goes out to the families of the veterans who didn't receive the health care they receive in phoenix and around the country. we will understand what went wrong, fix and hold those accou accou accountab accountable. my questions are what went wrong, what are you doing to fix the problems, how will you make
8:41 pm
sure this doesn't happen again and how are you holding those accountab accountable. i applaud secretary mcdonald. i believe that such reforms must be guided by a higher level national veterans strategy that outlines a clear vision of what america owes its veterans in a set of outcomes that every component of american society can align and work towards. i sent a letter to president obama early this week asking him to asking a working group to engage all relevant members of the society in drafting this national strategy. we know from experience that va
8:42 pm
cannot do it alone. we must develop a well defined idea on how the entire country, government, industry, non-profits, foundations, communities and individuals will meet this obligation to the veterans. va needs to be a veteran-focused customer service organization. it needs to be realigned to become the integrated organization. it should do what it does best and partner for the rest. it needs to be the government model for honestly, integrity and discipline. we need to complete our investigation of these problems. and provide oversight on the solutions. i look forward to today's additional testimony about what happened in phoenix and how the va is working to ensure it never happens again. i want to thank you again, mr. examination, for holding this.
8:43 pm
>> i would ask all members wave their opening statements. thank you to the witnesses at the table and those who are sitti sitting behind the principles. jay griffin and here and dr. jay junior who is inspector general for health care inspections and linda holiday and more rene higgins. we will hear from samuel foot. former va physician and dr. catherine mitchell current whistle blower and medical corrector for the iraq and afghanistan post deployment center at the va center. i would ask the witnesses to stand so we can swear you in. raise your right hand.
8:44 pm
[swearing in] let the record reflect all of the witnesses are affirming they will tell the truth and the whole truth and nothing but the truth. >> mr. chairman, members of the community and ranking member, thank you for allowing me to discuss the results. our august 26th, 2014 report expands upon information previously provided in the may 2014 interim reports and included the results of the clinical staff of patient medical records.
8:45 pm
we started the review in response to allegations first reported through the oig hotline on october 24th, 2013 from dr. foot who alleged gross mismanagement of va resources, criminal misconduct by va senior hospital leadership, systemic patient safety issues, and possible wrongful death at phoenix. the transcript of the interview with dr. foot has been provided to the committee and i request it be included in the record. >> without objection. >> we would like to thank all of the individuals who brought forward their allegations about issues occurring at phoenix and at other va medical facilities to the attention of the oig, the congress, and the nation. an august 19th, 2014, the chairman of the subcommittee on
8:46 pm
oversight and investigation sent a letter to the oig requesting the original copy of our draft report prior to va's comments and adopted changes to the report. on september 2nd, a committee staff member made a similar request for a written copy of the original unaltered draft as first provided to va on behalf of the chairman. concerns come from the inclusion of the sentence in a following draft report. the sentence reads while the case reviews in this report document poor quality care, we are unable to assert the absence of timely care caused the death of these veterans.
8:47 pm
this sentence was inserted for clarity to summarize the results of our clinical case reviews performed by the board certified physical physicians. it replaced the sentence of a death of a veteran on a wait list doesn't indicate causality. this change was made by the oig strictly on our own initiative. neither the language or concept was suggested by anyone at va to any of my people. in the course of our many internal vevireviews of the con on the draft report, on july
8:48 pm
22nd, almost a full week before the draft was sent to the department, one of our senior executives wrote this question: this is key, gentlemen and ladies. i quote. did we identify any deaths attributed to significant delays? this was on july 22nd. if we can't attribute any deaths to the wait list problems. this type of deliberation to ensure clarity continued, as it should, after the initial draft was sent to the department. in the last six years we have issued more than 1700 reports.
8:49 pm
this same review and comment process has been used throughout oig history to provide the va secretary and members of congress with independent, unbias, fact-based program reviews to correct and identify deficiency and improve va's program. these reports serve as the bases for 67 congressional oversight hearing including 48 before this committee. during the same six years, our work has been recognized by the ig community with 25 awards for exce excel
8:50 pm
excelle excell excellence. the loss of faith family members have with the health care system that could not respond to the timely manner. we did not apply the standards of determining medical negligence the findings don't stop a veteran from filing a complaint under the federal tort claims act with the v. decisions regarding the va's
8:51 pm
liability in these matters lies with the va, the department of justice, the judicial system under the federal tort claims act. this concludes my statement. and i would be happy to answer any questions you or other members of the committee may have. >> thank you very much. mr. griffin and dr. foot you are recognized for your opening statement for five minutes. >> i started my internal medicine training in 1981 at the phoenix program and finished and became certified in internal medicine and worked in east mesa and runed to the va in 1990. i ran the va's medical departme department, i was a medical service teacher after that, and i became an outpatient clinic director in december of 1994 a
8:52 pm
position i held until retiring in december of 2013. while i have views on many aspects on what is now known as the va scandal i would like to use this statement to comment on the downplaying of the inspector general's office. this continues in the report issued on august 26th which i fear is designed to minimize standards rather than provide closure to the families affected by it. all of the employees receive training on duty to report waste, fraud and abuse. to the inspector general whose job is to investigate this i did this in 2011 and results in gabriel perez being placed on leave within two weeks of the ig receiving my letter and his his termination two weeks later. i sent another letter in april
8:53 pm
of 2013 and made claims brad curry created a hostile work place and discriminated against certain classes of employees. as far as i can tell, the ig never investigated this complaint and turned it over to susan bowers who can not take action against him without running the list the entire wait list scandal would be exposed. i sent a third later informing them of the secret waiting list where ten patients died on the list waiting for appointments. i talked about senior staff wrongs and advised them of a second hidden back log of patients. and an unknown number of veterans parished on it.
8:54 pm
i employed the ig and at that time i told others about the unaddressed schedule consults and that is being used as the prior holding clinics to mass the demand for this showing that 22 patients have been removed because they had died.
8:55 pm
the last talk was on december 23 when i received on out of the office reply. i offered to fax or mail the names we had at the time but they were unable to give me a working fax number or address to mail it to. fax and standard mail but not encrypted e-mails are acceptable ways to transmit hippa sensitive material. i got no response and also no response after advising them several more veterans died. with lack of action by the ig, even though we were informing them of deaths, i sent out letter number four with copies of everyone i thought would be able to help. the only response i got was a conferivation they received the
8:56 pm
letter. a friend suggested i contact the house veterans and i found the help i needed. i was advised the only way to get the ig to investigate my issues was to make them public. this was a conspiracy in my potential perpetrated by the phoenix leaders. from the bonus performances for the top players to the harassment of employees to the destruction of document and the harm down to the veterans not able to receive health care. nothing is more scandalous than the fact that 293 veterans died in phoenix. in this report, inspector general tries to minimize the damage done by saying none of the deaths can be died to delays. i have red the report many times
8:57 pm
and several things bother me about it. throughout the case reports, the authors appeared to downplay the facts and minimize the harm. this is true in cases six and seven where i have knowledge. after reading the cases, it leaves me wondering what happened in the rest. in case number 29, how could anyone conclude the death wasn't related to the delay when a patient needs a fib relateer to avoid death didn't get one. and in addition a critical element to proving this was a con spearies was the reported tampering of the software list. the data showed a difference from the numbers reported to washington and what the numbers actually were on the secret electronic waiting list. they minimized this crucial point treating it as a trivial
8:58 pm
error rather than exploring who tampered with it in the first place. the report states 4, 900 vet were waiting for 3, 500 were not on a list and 1, 400 were on the knout reported secret electronic waiting list and 293 are now deceased. this vastly exceeds by suggest at first that 40 plus vets have died. this is designed to diminish the public out rage. at its best this report is white
8:59 pm
wash and at its worst it is a cover-up. ignores
9:00 pm
>> >> specifically in a minimum of five cases there was causal relationship between federal and death and care. in addition related to the quality of life that were terminally ill. looking at the report there are four cases no cause of death listed in a wonder how that relationship could be 19 pelerines on the waiting list for a referral to the
9:01 pm
primary care clinic if they were not aware the process then they've recently said that is the only way to get medical care even if symptoms were worsening. into cases i.g. gave evidence that veterans had acute instability the and hospitalization. i believe they contributed to their death but the i.g. did not give a cause of death with mental health treatment there are veterans waiting for primary care that just wanted of mental health consoles. but died right before they got the appointment they never said that itself was in case number 29 of veteran needed a life-saving medical device that puts the car
9:02 pm
into a normal rhythm if it stops community standards would touche to do this immediately after the v.a. he did not have an appointment and his heart did stop thing he had to wait for paramedics to arrive but unfortunately his family had to withdraw life9uh support three days later. it mayçbcç have solved his death" end quote. because the device is exactly what is used to treat is a legal heart rhythm he died of complica$çykñ of prolonged heart stoppage. he was denied access to specialty care. in case number 39 of veteran came to the e.r. with stressors including being homeless and resign
9:03 pm
medication then discharge back to the street and committed suicide 24 hours later. the standard would be to limit him. i.g. said it will be better between inappropriate mental health dischargee and suicide number 31 he died from the seven month period that the v.a. did not act to pull labs. but the treatments would have started the slowdown of the degrees sid difficultly preventing the spread to his ball because of the labs in appointments he was denied access to specialty care to delay his death by months. of number 36 this veteran did that seem -- is seen for quality care.
9:04 pm
number 40 image your discharge for psychiatricmx3x ward that then enable the death from suicide 48 hours later. there many cases in written testimony i could not distinguish between deaths from those in the system or on the waiting list but death is a death.f7hç the purpose of my testimony is not to undermine the v.a. but to get them to with apprentices to improve the quality of health care for veterans. think you very much for your time. >> thanks for your testimony. mr. griffin, the liberation you provided to the committee, those 28 veterans of the list the new enrollee
9:05 pm
request meaning they died waiting to get their foot in the door. since they were not yet in the system aerostat use social security record set only showed they died but not how. correct? >> i would say we saw lots of additional information from social security, us death records from the coroner's office, we explored who might be getting treatment under a and a medicare program. but with the specifics that would refer to the doctor. >> can you answer that question? >> determination of death was from the medical record and of the death certificate
9:06 pm
how we could identify how he had died and by reading those medical records and from the local hospital. >> is their medical record at the hospital? would try to enroll in may not have never been seen. you are right. anybody on the list did not get seen does not have a medical record i cannot look at. for those folks i cannot examine. >> if that is true then how can you conclusively or otherwise determine if the debt -- the death is related to delay of care? >> but of those we could actually review. >> the report conclusively says this is where we have
9:07 pm
some problems mr. griffin. there were people that were looked at in the report and your report says conclusively that there is no link to delays of care but yet there are individuals that you were not able to go back to look at definitively over the medical records to determine what the cause of death was or if there was the delay of care? is that correct? >> and the report we try to redress the patient that we identified that had a delay of care then had for quality care as a result >> but if you were on this list is that a delay of care? if you did not getting into the system is that the delay? >> so how can you conclusively say that none
9:08 pm
of the delays were a cause of death? >> we were looking at the patients we could look at. >> you did not look at all of them. >> i provided your staff >> dr. daigh, could you look conclusively and all those on the wait list? >> i could look at 3,000. >> yes or no? >> were you able to conclusively look at all of the people on the wait list? >> no. >> i want to directln6st you to an e-mail on page 38 of your report of a veteran who died while waiting for care. this has already been talked about. you stated he was seen by a urologist within three days of presenting to the e are so it was not included in
9:09 pm
the 45 case reviews in the report. however there was notification yesterday that the mistake had been made by the i.g. actually he was not seen after he presented at the er. after informing this the delay of care did not contribute to his staff to explain to me how i.g. came to this conclusion? >> the patient in question had bladder cancer for many and then the emergency room initiallyyñ but then he had retiree -- rheumatoid arthritis with imitation of the late.
9:10 pm
also he did need to see rheumatologist and did not have primary care professional. so he had some several consulates surgical surgical, urologist, and this is the source of the confusion. the records state he had an appointment made for urology on october 22, 2013 but he called to reschedule november 6, 2013. but he was a no show. so with our discussion some people would say he had a appointment and did not keep
9:11 pm
that. >> right. i apologize. but nobody here in this room has any faith in what was going on on that time. >> in then he appeared to have cancer in his longc-z-ñ and then in those sixth three weeks he died at all but their primary care providerá# would have felt. look at page 75. >> so that request? >> but if i may the
9:12 pm
testimony was given to us as the hearing already started. we have not had a chance to look at it. it was just handed to us. after the gavel dropped. >> it was sent up to make sure the truth was on the record having seen other witnesses' testimony to make sure that we were firmly -- fully aware to have a taped transcript people should make a hard look at that. by your staff told us there was a formatting problem getting it to the committee and that is why we just got it. >> referring to the
9:13 pm
transcript of dr. foote? >> yes. any others i need to be aware of? >> i believe we sent all the information. >> let me ask you that dr. foote original obligation for the veterans may have died while awaiting care. and everybodye knew he was referring to patients on the electronic wait list. it was of conclusive so between those two source©" there are 83 patients, more than double the original allocation. i have a couple of questions but why was that not
9:14 pm
included in the executive summary that v.a.? but you did find room to include that we pursued this allegation but the whistle blower could not provide us with the list of 40 patient names" end quote. >> i believe you does us chairman received the same thing we did thatac there were 22 who died on the electronic waitlist. and 18 who died on the consulate list. and to find out what happened which was the exhaustive pursued still on going because of the urology issues we discovered, the obvious first question in our interview is give us the
9:15 pm
don't miss any of these 40 because it was so definitive. here very careful to say potentially 40 in the hearing. as time passed it became declare it is by some others said at least 40. so that spawned eight -- 800 reports of 40 veterans died waiting for care in phoenix. that was the story. but to not address that with the amount of coverage and the millions of readers who would have read that wouldm
9:16 pm
9:17 pm
9:18 pm
>> >> >> we ask for the draft that you gave so the v.a. can make the determination of it was factual or not. you knew that is what it was. wait a minute. my time. you knew what the request was what we were trying to
9:19 pm
get. from the draft to the final. now we have testimony from dr. daigh they did not conclusively will get all causes of death. so i still make a statement that i will yield and i apologize. we have to be honest and open with each other what is going on whether or not any other committee has asked for a draft report shame on them whether or not i.g. has sat at a table with anybody other than the o.i.g. office this committee will get the truth about all of the facts >> may i respond? this is the crux of the whole allegation.
9:20 pm
>> we were asked to provide the initial you did not want to or three iterations but the first draft report that was clear to us. >> show me anywhere we asked for the first draft. >> i would refer to new the drafts of our report spec where did we ask for the first draft report? >> let me find the e-mail and i will respond to your question. it showed a lack of awareness. >> you are out of order.
9:21 pm
>> mr. griffin all of the reports if i understand you correctly, it did provide the first draft report but there may have been other additional drabs? >> that's correct. >> see you provided the first draft that was requested. >> but there was others giraffes -- draft. >> it is a deliberative process to get concurrence from the department we have to put a draft in front of them. if we had a factual error error, that they could convince us then it was incumbent upon us to make whenever edits are required so that at the end of the process with its final issuance speaks the truth.
9:22 pm
>> when the o.i.g. does its reporting conceivably whether from the of whistle-blower that might not be taxable once you get information that is when you change the report. >> we had the of blood pressure numbers. to me that is not a substantive change. we had them wrong when they were reviewed and it was pointed out so we put them back. that is not a substantive change. >> you said dr. foote talked about the alleged veterans did you ever receive tsm/'jt the -- those on the list?
9:23 pm
>> i would refer you to the interview that addresses that clearly that suggest perhaps some of them may have been run over by a bus he did not know the cause of death. >>. >> understood and i apologize for our by being late but it does need to re-read by everybody because it was a taped transcript. >> can i respond? >> no. >> maya other question is how many have been closed out and went you believe that will be completed? >> we have 12th we have turned over to the department that we would
9:24 pm
anticipate administrative action being taken with what we have completed would have addressed specific allegations. the department and the proceedings to make determinations if they come across additional information and not part of the focus we will do additional work. not to be with any intent the other 81 will be published those that do not get accepted for any criminal action we will turn those over to the department >> dr. mitchell you talked
9:25 pm
about how good the team is but how did the phoenix v.a. talk about their staffing needs? what was done if anything? >> i'll have a communication between the pain management team but what i do have is direct knowledge from those who were on a long-term dosage of narcotics and they needed additional mentoring or follow-up but they needed to review that. in the community that patients that are in their long term referred to a pain
9:26 pm
management specialist and monitored for side effects. unfortunately that was not followed up. >> thank you for having this important hearing. just briefly on page 15 dr. mitchell you pulled out case number 35 from the the ig report as the special circumstance and explained that. >> i did not add access to the records of o.i.g. but typically i was told the of patients that i was familiar with but in the o.i.g. report he was seeking mental health care and evaluated and declined admission and discharging committed
9:27 pm
suicide the next day. what was not in the report that he actually had problems with depression he called his parents they brought him in but because he was not enrolled in phoenix v.a. he was diverted to the clinic where he waited for hours by the time he was enrolled to wetback to the mental health clinic it was too late to be seen so then they were diverted to the er before they were seen by a psychiatric bears and by that time the people involved said he was tired and wanted to go home and declined discharge but then was to have follow-up the next day at the same clinic that would not see him earlier. >> thank you for that clarification. >> sharing your draft report
9:28 pm
whydah v.a. did it propose any changes? >> they did they requested that we removed several of those case reviews% and we refused to remove them. day suggest we put the blood pressure numbers and we changed that one involved a date that was inconsequential to the case review so we fix that. there a few verb tenses changed that and no way whatsoever affected the intent of the recommendation. then of the case reviews were substantively changed
9:29 pm
and to have all 24 recommendations. >> how often does the department and ask for changes? >> i suspect there never has been a report that there was not a minor change. they have to implement what they found so they will scrutinize such a would get those types of errors. >> so the language you cannot conclusively assert there is a connection do you know, who leaked that report that was made public? >> i have no idea.
9:30 pm
it should not have been leaked that the fact is. >> was it someone in your office? >> absolutely not. >> i do not think so verge conclusively is not a medical term and not a legal term. but where does that fall on the spectrum. >> reflection of the professional judgment that the board certified physicians the number of suggestions as to how we should do this we perceived one from the committee that we should unequivocally prove the way it causes staff we have received that
9:31 pm
on april 9. we did a review of the quality of care that the veterans received. we do that with all health care reviews and that is what the charter calls for. >> but thered could be less than conclusive? >> some of them we said it might have improved but to say definitively this person would not have died if they had gotten sooner is the bridge too far but it dr. daigh can expand on that. >> there is a problem it is difficult to know why somebody died. i am not clear voice and to. also looking at the testimony from dr. davis that supported the methodology used like a birth certificates or death certificates but case 29
9:32 pm
where the individual died after failing to get the heart device quickly, the report said i will read exactly. >> we indicate he should have got a more timely i don't know why exactly. but he added a reason yet to his heart maybe it would have saved his life but i don't know that is why he died.j there are other things not included in this report. the reason he came to visa attention he was on a wait list for the endocrine
9:33 pm
clinic not cardiology. and those that have delayed care he is on the list that had substandard care that when reviewing these cases that they did not meet the veterans quality of care so getting them between phoenix and tucson. i cannot assert why he died. >> my time is up. >> thank you, mr. chairman. mr. griffin and i did read through much of the of material last night. i try to understand what the controversy is the charge made by the majority including your integrity of a understand@ that is the
9:34 pm
heart of the allegation. so what is the charge and what is the response? >> my response is there is a lack of understanding. that is understandable because it is the first time. because other members of the team to review the document to get it correct. the fact it went without that statement is the ongoing process over the
9:35 pm
course of five different drafts there were minor changes made. the minute the draft report came out because they're subject to interpretation. but here is proof that it is not approved it just means that you don't understand the process.lw and as i mentioned six days before the initial draft was released we had discussions that we don't declare that delay was the cause of death we need to say so.
9:36 pm
with the causality mine was included but on may 15 a senate hearing the question of the original 70 names received came up. we had a chance to review those. i said yes. being on a wait list for care does not demonstrate causality of a person's death.56 fed is 3.five months before the final report. it does not demonstrate causality. the last statement for the record that i hope everybody will be because the witness is not here, so somebody would ask why did your son go there if not ready?
9:37 pm
>> we knew the department had 24 recommendations to convince us they got it and would fix it. they would need time to do that to make the commitment to the congress as a result to cut off some work with the business of writing the report that is why the staff has these urology patients subject to review. >> dr. daigh those 45 cases with the evidence of care or bad continuity of care, for them to be notified most
9:38 pm
king and pursues litigation i imagine? and they could be found culpable? >> correct. >>
9:39 pm
critical impact on that delay. and of those cases six had died but to know why they die is difficult. you get down to the individual committing suicide on the third day i would like to say it has something to do with the suicide or that going to the primary care doctor would not have occurred. but in the world where we try to prove we have a hard time knowing that. that second group of patients is the quality of care. the other point important to understand is a response to the congress and undersecretary of the
9:40 pm
quality of medical care the v.a. provides. we look at an issue and they're all different. but this was is there a direct relationship between the deployment? we were forced to redress that. so once we determined those that have poor quality of care we have always switched to the system issues to get v.a. to change their practices. going to the issue of exactly what the v.a. for the other hospital down the street or the nursing home what did they contribute?
9:41 pm
that is a matter for the courts for the v.a. internal process so i get to the point of quality of care than i alwaysññ shift what can i do to work with v.a. to make sure we fix that. in the last written testimony i outlined 15 reports where veterans were injured or harmed reworked with v.a. as partners. >> my time is up. >> my question for dr. foote you talked about software where the central office differed from the other numbers. how is it that those
9:42 pm
appointments0: could be overridden with their previous appointments and were audit controls deliberately disabled? >> yes. either one was reporting and a graph showed it was a small number and not correct or they had us second to wis to disable the reporting function or it was the reporting software to not give an accurate number of sales of 200 but the data shows with that inception and never gave the right number. they have said the time was 55 days but the actual loss reporting shows 1600 with the wait time of six months if you threw in 320-0500
9:43 pm
scattered around on scattered appointments on pieces of paper it was closer between one and a half and two years.$z but i know the fbi is taking a look they could find that forensic evidence to support that. >> mr. griffin in the language included in the o.i.g. final report has no relation at all to the accepted standard of measure. it does not schedule appointments early enough to treat a decide -- diseases is highly likely it will be fatal conditions and they will possibly die. does that make sense to you and do you agree with that statement?
9:44 pm
>> i agree. the premise is if care is delayed you will very likely be harmed. when i started to review it seemed that is what we find over and over but we did not find that. we ask why? there are two cases in here that's you could say the patient on though wait list had diabetes and other with critical part care intervened. it is clear preference5é have access to other sources of care. so in retrospect people must be diligent day new veterans -- the trains did not run on time to make sure they had
9:45 pm
follow-up. >> was this measure applied with the veterans that died waiting for care in south carolina and georgia? >> i normally go to the point to where care is provided. >> was the same measure applied of veterans that died in south carolina or georgia? >> it is usually of fact pattern based decision. i am not sure what you were referring to. but it is usually a different fact pattern and we try to look at systemic issues for quality of care. >> that report discussing theoó colonoscopy?
9:46 pm
answer that question. >> does that same standard applied? >> give the columbia case case, the same standard was not because it was entirely different. in colombia v.a. found delays of colonoscopy is with a large population of veterans so a large number developed colon cancer that could had been prevented if the colonoscopy was done and v.a. admitted they had died. but my report looked at why did this happen or how was it possible? will we determine is v.a. does not have a way to ensure that nurses if a nurse leaves a clinic that is critical to the performance of that clinic
9:47 pm
to fill that position is given to a board where administrators decide whether or not they will fill the adverse position or teaching position or research position. so what can v.a. do to make sure this does not have been? the same standard was not applied because of the fact pattern back. >> i apologize. of boat has been called by want you to ask your questions before we leave. >> mr. griffin has me and my colleagues i am eagerly
9:48 pm
>> >> >> >>
9:49 pm
so this does not happen again? i would it agree with your assessment they do not have facilities. v.a. would be the first to estimate they need additional clinical space and clinicians and a new scheduling process and of methodology they can monitor the wait times from any other place in the country with the medical center. they are aware and the new secretary with what he is assembling is serious about addressing those things. wait to follow-up on the recommendations we have things for what are to be completed and certainly will follow a progressively with these recommendations and
9:50 pm
already have the initial discussions how we might scopa future project to verify everything is working according to the plan. >> they will not just sit on the shelf? >> they will be followed up with the orderly basis. >> with the secretary said changing of the attitude of the v.a. to make these specific reforms, and reducing the bill we just had the compromise bill will be useful to address the 24 recommendations? >> i am afraid i am not totally versed on the bill. there has been a number of legislative changes made to assist the department to
9:51 pm
accomplish the mission. i will state that for the record. >> we do need to pause. i apologize to the witnesses. it may be 30 minutes. we will let you know, when we start back. the meeting is in recess and tall or immediately following the third vote. [inaudible conversations] >> thanks for joining us again i apologize for the delay. mr. griffin and would ask a couple of things. you asked that we put dr. foote testimony from his deposition into the record and we did that without
9:52 pm
unanimous consent. we have not had an opportunity to review it and you had reductions and we made an agreement we will not put this into the record and tell we had an opportunity to look at other information that needs to be redacted. and share it back with you so we don't put something into the record that could release personal identical -- and identifiable information is that space. >> their reductions that you see we're done by the privacy officer so there were no names. but that is fine to double check. >> we had not had a chance to look at it first the councils have said we will agree to the reductions and
9:53 pm
share that with you. i would like to yield the floor for your questions. you are recognized. >> dr. daigh, you brought up an interesting point of a criminal process and a civil process if causation is found as a result of the wait time is your understanding there is the ongoing criminal investigation by the arizona attorney general, of the fbi and department of justice? >> there is no criminal investigation. if it involves a criminal investigators from the o.i.g. office and fbi and attorney's office in phoenix
9:54 pm
>> so there is a process. >> absolutely. criminal behavior is determined. >> to your knowledge are you aware of any cases filed under the tort claims act as a result? >> i am not aware of that. >> we did not find anything filed on those 45. >> dr. foote thanks for being here and coming forward. i appreciate your courage because all of us on this committee are united to care for veterans to make sure they have the access.
9:55 pm
so we introduced the whistle-blower protection act that was in place for years but will hopefully be made better for future whistle-blowers. so it is a number that people can call it goes directly to the secretary in hopes there is no retaliation. this committee is committed to access for care for the veteran san there was a bipartisan conference committee appointed in the summer. we passed the veterans access accountability act of 2014 of primary piece is the new choice card that allows veterans who live more than 40 miles from fisa v.a.
9:56 pm
facility or who have had to wait 30 days to schedule an appointment to go to their local provider and i was concerned when you said you did not know how many people on the wait list had the knowledge they could go to the aside provider. to think that choice card going out in november to get that option would help to improve that? give me to clarify the had the option to walk into the the a primary-care clinic but if they were not involved there would not pay for care anywhere else but that idea is wonderful. they said they had a choice between er or hospital or private doctor but they don't have a choice many don't have insurance. if they don't go to a
9:57 pm
physician i don't know about other members here but they would have fought hard time to pay for that er visit. many veterans let their cases get worse and in two cases they kept pouring to do that e.r. that is the only way to get the symptoms to take care of that puts out the fire but does not prevent it from starting. >> our hope is with the choice card many are 40 miles or more away from the facility. i have 12 tribes most of my district is native american. here is a piece of the reform act. thank you for your testimony
9:58 pm
to guide this for reform. i yield back my time. >> mr. griffin will you provide us with emails with regard to this report? >> i can provide the o.i.g. emails from our risk officer. >> mr. griffith does you are aware the department of justice is trying to prosecute 17 people of criminal investigations by
9:59 pm
your office has referred. what are some of the reasons the department of justice has decided to not prosecute? >> it includes it was notú÷ determined in some of the cases with more rigorous standards that arise to the level of prosecution. some of them the fact of death as a result some said
10:00 pm
it is a systemic problem allowing to perpetuate itself. and to demonstrate some one knowingly and willingly >> were you surprised at the response? >> working with these prosecutors everyday, last year we arrested over 500 individuals. rearrested 94 employees last year. frankly our investigators would like every case to be prosecuted but that is not the real world.


info Stream Only

Uploaded by TV Archive on