The purpose of this memorandum is to notify you that we are initiating the subject audit. The objective of this audit is to determine whether the DoD prevented users of DoD health care information systems from improperly: (1) extracting DoD beneficiary protected health information, and (2) accessing protected health information of well-known individuals. We may revise the objective as the audit proceeds, and we will also consider suggestions from management for additional or revised objectives. We plan to perform this audit in accordance with the Government Accountability Office’s generally accepted government auditing standards.
We will perform the audit at the Defense Health Agency, Falls Church, Virginia. We may identify additional locations during the audit.