[Congressional Record Volume 169, Number 144 (Thursday, September 7, 2023)]
[Senate]
[Pages S4326-S4328]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                    NOMINATION OF TANYA J. BRADSHER

  Mr. GRASSLEY. Mr. President, I have just learned that the majority 
leader has filed for cloture on the nomination of Ms. Tanya Bradsher to 
be Deputy Secretary at the Department of Veterans Affairs. In addition 
to my remarks on the Senate floor on July 18, I would like to provide 
more context to my decision to oppose her nomination, especially in 
light of new information that has come to my attention.
  Ms. Bradsher, if confirmed, would be second in command at a deeply 
troubled agency. Both the VA and Ms. Bradsher in her current role as 
chief of staff have shown repeated indifference to congressional 
oversight. Records show that she played a key role in the VA's 
deficient response to my investigation of VA corruption that I launched 
in 2021. Another of my investigations has revealed that she also failed 
to secure sensitive veterans' health information, PII, and 
whistleblower information in the VA's correspondence system, VA 
Integrated Enterprise Workflow Solution, also called VIEWS, which is 
under her direct authority. My oversight has shown that VIEWS exposes 
veterans' private and sensitive information to thousands of VA 
employees, only a small number of whom are authorized to see it. The VA 
and Ms. Bradsher provided misleading information about that as well, 
which I will discuss here.
  If confirmed, Ms. Bradsher would be in charge of the VA's effort to 
modernize veterans' electronic health records. This involves the 
healthcare records of millions of veterans, which obviously contain 
huge amounts of sensitive information. Ms. Bradsher's failures on 
privacy issues as chief of staff and her lack of transparency to the 
Veterans Affairs Committee show that we can't trust her to secure this 
sensitive information or to take the lead and address Agency failures, 
of which VA has many.
  As part of Ms. Bradsher's committee proceedings, she responded to 
questions for the record about veterans' medical records stored in the 
VIEWS correspondence system at the VA. Ms. Bradsher provided misleading 
and often contradictory answers to Senators' questions. When asked 
about veterans' medical records exposed in VIEWS, she responded that 
the VIEWS system doesn't ``handle'' medical records. This was deeply 
misleading, as my staff had already verified that sensitive medical 
records are stored in VIEWS, and often exposed improperly for thousands 
of VA employees to see. Ranking Member Moran, unconvinced, pressed her 
about her answer. She then admitted that these health records are 
indeed stored in VIEWS as part of VA correspondence. Either she didn't 
know this on the first round of questions or she intentionally misled 
the committee. Both of these are disqualifying for a nominee to this 
position.
  And Ms. Bradsher's remaining answers were no better. When asked 
whether she knew anyone who may have been harassed, doxed, or who may 
have had any negative consequences from their information being exposed 
in VIEWS, she answered that she didn't. That is astonishing given the 
fact that one of the internal whistleblowers approached her office just 
last year complaining of exactly that. This whistleblower told Ms. 
Bradsher's deputy that she had been harassed and feared for her safety. 
Both I and members of the committee had reminded Ms. Bradsher of that 
correspondence before she answered. Yet she apparently hadn't even 
bothered to review it before answering questions. She also repeatedly 
dodged responsibility for her failures and provided no plan at all to 
secure veterans' and whistleblower PII already exposed in VIEWS. We 
shouldn't reward a nominee and the VA for their inattention, neglect, 
and lack of candor.
  When whistleblowers last year informed the Office of Special 
Counsel--OSC--about these VIEWS privacy flaws, OSC found a 
``substantial likelihood of wrongdoing'' related to potential violation 
of Federal privacy laws. On August 2, 2022, OSC directed VA to 
investigate and report back within 60 days. The VA, however, continued 
to ask for extensions, which led to the report being released only 
recently, during the August recess.
  That report should stop this nomination in its tracks. It reveals 
that even as Ms. Bradsher and the VA attempted to deny and downplay the 
serious matters I brought to the attention of the Senate Veterans 
Affairs Committee, the VA had already determined internally that these 
allegations were true. And not only are they true, but the VA's 
internal report shows they were even worse than I thought. The VA now 
admits that more than a hundred more employees have improper access to 
sensitive data in the VIEWS system than they originally represented. 
And the report revealed that the VA knew since at least July 2019 that 
these data privacy issues existed for ``a massive number of cases [in 
VIEWS] that were improperly marked `not sensitive,' '' a full 3 years 
before whistleblowers reached out to Ms. Bradsher's office last July. 
This was, therefore, a known issue when Ms. Bradsher took office. Not 
once did Ms. Bradsher in responding to members of the Senate Veterans 
Affairs Committee even bother to mention these significant facts, nor 
apparently did she lift a finger to take care of these issues in the 16 
months she was in office before the whistleblowers spoke out to her 
deputy last year.
  The VA's report further calls Ms. Bradsher's candor into question. It 
seems to directly contradict Ms. Bradsher's answers to questions for 
the record in her committee proceedings. For example, in response to 
Senator Blackburn, Ms. Bradsher claimed that, ``the VIEWS system has 
controls in place to protect personal and sensitive information . . . 
system access is logged. Audits also are done to make sure information 
on the VIEWS system is accessed appropriately.'' Yet the VA's report to 
OSC specifically noted regarding VIEWS that, ``there is no program of 
auditing or detection in place . . . to log when a user views 
whistleblower identities and sensitive personal information without 
authority.'' It looks like Ms. Bradsher has some explaining to do.
  Democrats on the committee likewise failed in their duty to get to 
the truth of this matter. They didn't accept the whistleblowers' offer 
to speak

[[Page S4327]]

with them and answer questions about the allegations they raised with 
Ms. Bradsher's office and reported to OSC. Given the VA's record on 
whistleblower retaliation, those brave folks risked their jobs and 
livelihoods to come forward. But there was one job the committee wasn't 
willing to risk: Ms. Bradsher's promotion to Deputy Secretary. Rather 
than exercising its solemn constitutional duty to properly vet a 
Presidential nominee, the committee's majority instead took the VA's 
word on the matter and voted the nominee out without duly 
investigating, days before a report that ended up providing highly 
relevant information about the VA's data privacy failures on her watch. 
The full Senate shouldn't make an even worse mistake by confirming the 
nominee after the VA's report verified the allegations I brought to 
this body's attention.
  Even before Ms. Bradsher's committee hearing was held, the VA had 
already admitted to OSC that the VIEWS allegations raised by 
whistleblowers to Ms. Bradsher's office last year were true. It is not 
all in our imagination, as VA tried to mislead the U.S. Senate into 
thinking. The VA admitted as much in its own letter to OSC on May 26 of 
this year, before Ms. Bradsher's VA Committee hearing, stating that the 
VA's OSC-ordered investigation at the outset of its investigation had 
already ``fully substantiated'' allegations whistleblowers raised that, 
``VA officials are violating the Privacy Act of 1974 and the provisions 
of VA Directive 6502 and VA Handbook 6500 by improperly storing the 
personally identifiable information of whistleblowers, employees, and 
veterans in the Veterans Affairs Integrated Enterprise Workflow 
Solution (VIEWS) system of records because such sensitive information 
is not marked as sensitive and is therefore accessible to all VA 
employees that have access to VIEWS.'' In other words, VA admitted that 
it violated Federal privacy laws related to VIEWS by not securing 
sensitive data, but Ms. Bradsher withheld this key fact from the 
committee when questioned, and the VA insinuated otherwise in its last-
minute misleading memo circulated by the committee majority on the eve 
of her committee rubberstamp.
  Despite their legal obligation to be candid with Congress and not to 
omit material facts from their statements to this body, this deeply 
misleading memo to members of the Senate Veterans Affairs Committee 
right before their vote on Ms. Bradsher failed to even address the VA's 
preliminary findings, and it misled the committee by minimizing data 
security issues in VIEWS. The VA memo claimed that, ``[the Committee 
minority staff's conclusion] that thousands of VIEWS files are not 
being properly treated as sensitive is misguided.'' The VA's report, 
however, specifically stated that, ``[c]onsidering that over 200,000 
[VIEWS] cases were created over the past three calendar years alone, 
and the rate at which the presence of sensitive personal information 
can be found in cases, the `Not Sensitive' cases containing sensitive 
personal information before remediation actions were implemented is 
easily estimated to have been in the multi-thousands at the time the 
whistleblowers came forward with the allegations.''
  The memo also implied that a search of VIEWS conducted by the 
committee's Republican staff as part of their investigation, which 
turned up ``countless'' records responsive to the term 
``whistleblower,'' didn't ``show[] that files with the names of 
whistleblowers were not treated as sensitive,'' again ignoring the fact 
that they had already confirmed to OSC that VIEWS files did expose the 
personally identifiable information of whistleblowers. The VA report, 
dated July 21, notes that even at that time, 2 weeks after the 
minority's search, key whistleblower terms when searched still 
returned, ``cases and files containing significant whistleblower 
identification and sensitive personal information,'' although to a 
``significantly lesser degree'' than before. This contradicts the VA's 
implication in its misleading memo before Ms. Bradsher's committee vote 
that private whistleblower information did not come up at all when 
searched for.
  Accordingly, the VA's memo to the committee in advance of the 
Bradsher vote was not only misleading, but it was also arguably 
obstructive conduct meant to deceive and frustrate the Congress from 
knowing the full set of facts in this matter. Such conduct is 
indefensible. But the Democrat majority blindly and irresponsibly 
accepted it.
  Moreover, these more significant changes that the VA points to in the 
VIEWS system were made at the eleventh hour, only in response to 
significant Senate attention and public criticism. The VA's report 
noted that, ``changes applied to VIEWS CCM in July 2023 significantly 
reduced the accessibility of whistleblower identities and sensitive 
personal information contained in archived and active cases.'' Note 
carefully, July of this year, well after Ms. Bradsher's committee 
hearing. That they have made changes years after finding out about the 
problem and only after having their nominee embarrassed in a very 
public way illustrates problems of honesty and transparency that are 
illustrations of deeper systemic problems in the VA and its present 
culture of cover-up.
  And that is just the tip of the iceberg with this nominee and this 
Agency. Ms. Bradsher has failed to accept responsibility for her 
demonstrated failure to secure veterans' private data and attempted to 
deflect her responsibility by pointing to the OSC-ordered 
investigation. She has never explained why she would need to wait for 
that investigation to be complete, a full year, before complying with 
Federal privacy laws and securing any veterans' data she could as soon 
as possible. She likewise has never explained why she did nothing in 
the year-and-a-half before whistleblowers approached her office, 
despite the VA being aware of veterans' personal data being unlawfully 
exposed. As I said in my floor speech on July 18, this obfuscation is 
yet another sign that Ms. Bradsher is a ``business as usual'' nominee 
for the VA. Our veterans deserve better.
  Now to the other objection I have to this nomination. Ms. Bradsher 
also played a key role in the VA's stonewalling of my investigation 
into VA corruption. Documents obtained through the Freedom of 
Information Act--FOIA--by third parties show that Ms. Bradsher helped 
lead the VA's response to my inquiry launched in April 2021 into the 
conflicts of interest of a senior VA official, Ms. Charmain Bogue. 
Under Ms. Bradsher's leadership, the VA waited nearly nine months and 
until I had sent four letters demanding a response, before even 
answering. Even then, in late December 2021, it refused to answer any 
of my questions, citing Inspector General Missal's ongoing 
investigation.
  Well, that investigation ended early last year. The VA still hasn't 
answered those questions, despite repeated requests. Congress has a 
right and constitutional responsibility to independently investigate to 
determine how these conflicts were allowed to exist and why the VA 
berated the internal whistleblower who brought it to the Agency's 
attention rather than providing praise for exposing government 
wrongdoing. This is especially important given the fact that the 
inspector general didn't have the chance to finish his investigation 
due to Ms. Bogue's resignation from VA so she didn't have to cooperate 
and provide answers that may have implicated her in a criminal conflict 
of interest.
  I have inquired about other issues as well in this ongoing and 
largely one-sided correspondence with VA. This includes whistleblower 
retaliation, potential failure to secure information about a publicly 
traded company that may have enabled insider trading, and, most 
recently, allegations of contract irregularities, with senior officials 
who resigned under ethical cloud receiving tens of millions of dollars 
in lucrative VA contracts. The VA has failed to answer dozens of 
questions on these matters, and they will be in hot water with this 
Senator from Iowa until they do.
  I will oppose this nominee due to the well-documented stiff-arm she 
has given Congress, her failure to protect sensitive veteran 
information, and her penchant for providing misleading information to 
the Senate. I urge the Senate to reject this nomination not only 
because of the nominee's clear inability to get the job done the right 
way, but to also send a message to the VA that it must put veterans 
first.
  The PRESIDING OFFICER. The Senator from Oklahoma.

[[Page S4328]]

  

                          ____________________