In a letter sent Wednesday to Health and Human Services Secretary Mike Leavitt, 30 privacy groups belonging to the Consumer Coalition for Health Privacy expressed their concerns about the recent theft of personal data at the VA.

The data, which included names, Social Security numbers and addresses belonging to 26.5 million veterans, also included protected health information such as medical diagnostic codes and disability ratings. The data was included in a laptop and disks that were stolen May 3 during a burglary at the home of a VA analyst who had improperly taken the data of the office.

The incident raises serious questions about the "nature and the extent" of violations by the VA of the security and privacy requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) the letter said.

"Regardless of how the data was stolen, who stole it and for what purpose it was taken, the fact that this individually identifiable health information was removed without authorization from a U.S. government facility is key and alone signals the need for a compliance review," the letter noted.

Paul Feldman, deputy director of the Health Privacy Project in Washington, which sent the letter to Leavitt on behalf of the 30 organizations, said the move was prompted by concerns that privacy violations may be widespread at the VA.