As if physicians didn’t have enough trouble with paperwork, now they have a whole new record-keeping worry. Some highly sensitive personal information on 1.3 million physicians who have billed Medicaid and Medicare – the list includes some who are deceased – has been lost by the Department of Veterans Affairs. The VA can’t say whether the data have been stolen or misplaced and who might have access to it; Congress, witnessing the third major loss of private information from the VA, should do more than worry.

A recent letter to the secretary of the VA, Jim Nicholson, from Rep. Artur Davis of Alabama confirms that a VA facility in Birmingham, Ala., was the site of a security breach last month, in which a department employee reported the loss of a hard drive containing confidential information about the physicians in addition to data on patients. According to news stories, the employee was doing research with the information and used the hard drive as a backup for the data, which were not believed to be encrypted.

The VA experienced similar security crises last May, when files on millions of patients were lost. A laptop, improperly taken to an employee’s home, was stolen, and yet another, smaller breach occurred four months later when information on 38,000 people was put at risk. Given the House report that emerged from those missteps – it found widespread losses and misuse of data throughout the federal government – and ongoing examples, such as the inspector general for the Justice Department concluding recently that three or four laptops are lost or stolen from the FBI every month and that this is an improvement over past practices, Congress must step in, take the time to more fully understand the problem, its effects and possible effects, and remake what seem to be inadequate security procedures.

Rep. Mike Michaud, a member of the Veterans Affairs Committee, said the committee had passed legislation last year that was supposed to address this problem. “We have been pressing VA on this issue for years,” he said the other day. “It is unacceptable that VA has not fully encrypted and protected its information.”

The VA losses come after years of warning by the Government Accountability Office of inadequate security at the VA and a further plea from the GAO late last year that Congress give computer security governmentwide more attention.

This issue will grow more serious as the federal government gathers more and more computerized data. Unless Congress confronts the failures in a multitude of agency systems for many different reasons, the public will have little reason to believe the federal government should be entrusted with any more personal data of any type.