89 FR 86 pgs. 35929-35932 - Privacy Act of 1974; System of Records
Type: NOTICEVolume: 89Number: 86Pages: 35929 - 35932
Pages: 35929, 35930, 35931, 35932FR document: [FR Doc. 2024-09529 Filed 5-1-24; 8:45 am]
Agency: Veterans Affairs Department
Official PDF Version: PDF Version
[top]
DEPARTMENT OF VETERANS AFFAIRS
Privacy Act of 1974; System of Records
AGENCY:
Veterans Health Administration (VHA), Department of Veterans Affairs (VA).
ACTION:
Notice of a modified system of records.
SUMMARY:
Pursuant to the Privacy Act of 1974, notice is hereby given that the VA is modifying the system of records titled, "Investigative Database-OMI-VA" (162VA10E1B). This system is used to document the investigative activities of the Office of the Medical Inspector (OMI).
DATES:
Comments on this amended system of records must be received no later than June 3, 2024. If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by the VA, the modified system of records will become effective a minimum of 30 days after date of publication in the Federal Register . If VA receives public comments, VA shall review the comments to determine whether any changes to the notice are necessary.
ADDRESSES:
Comments may be submitted through www.Regulations.gov or mailed to VA Privacy Service, 810 Vermont Avenue NW, (005X6F), Washington, DC 20420. Comments should indicate that they are submitted in response to "Investigative Database-OMI-VA" (162VA10E1B). Comments received will be available at regulations.gov for public viewing, inspection or copies.
FOR FURTHER INFORMATION CONTACT:
Stephania Griffin, VHA Chief Privacy Officer, Department of Veterans Affairs, 810 Vermont Avenue NW, Washington, DC 20420; telephone (704) 245-2492 ( Note: this is not a toll-free number).
SUPPLEMENTARY INFORMATION:
VA is amending the system of records by revising the System Number; System Location; System Manager; Purpose; Categories of Individuals Covered by the System; Categories of Records in the System; Records Source Categories; Policies and Practices for Storage of Records; Policies and Practices for Retention and Disposal of Records; Safeguards; Record Access Procedure; Contesting Records Procedures; and Notification Procedure. VA is republishing the system notice in its entirety.
The System Number is being updated from 162VA10E1B to 162VA10 to reflect the current VHA organizational routing symbol.
The System Location is being updated to remove, "Additional records are maintained by the Austin Information Technology Center, 1615 Woodward Street, Austin, Texas 78772, and subject to their security control."
The System Manager is being updated to replace Correspondence Analyst, with Executive Assistant.
The Purpose is being updated to remove, "to perform statistical analysis to produce various management and follow-up reports. The data may be used for VA's extensive quality improvement programs in accordance with VA policy. In addition, the data may be used for law enforcement investigations. Survey data will be collected for the purpose of measuring and monitoring various aspects and outcomes of National, Veterans Integrated Service Network (VISN) and Facility-Level performance. Results of the survey data analysis are shared throughout the Veterans Health Administration (VHA) system."
The Categories of Individuals Covered by the System is being updated to remove, "their immediate family members, members of the armed services, subcontractors, consultants, volunteers."
The Categories of Records in the System is being updated to replace 24VA10P2 with 24VA10A7. Number 3 is being removed, "Medical benefit and eligibility information." Renumbering as number 4 is now number 3, and so on. Number 5 is also being removed "Patient Satisfaction Survey Data which include questions and responses."
The Records Source Categories is being updated to remove, "VA Health Eligibility Center, the Food and Drug Administration, the Department of Defense, "Income Verification Records-VA" (89VA10NB), VA Veterans Benefits Administration automated record systems (including the "Veterans and Beneficiaries Identification and Records Location Subsystem-VA" (38VA23), and subsequent iterations of those systems of records." 24VA10P2 will be replaced with 24VA10A7 and 33VA113 will be replaced with 33VA10.
Policies and Practices for Storage of Records is being updated to remove, "paper, magnetic tape, disk, encrypted flash memory, and laser optical media".
Policies and Practices for Retention and Disposal of Records is being updated to include Item Numbers 1160.1 and 1160.2.
Administrative, Technical and Physical Safeguards is being updated to remove from number 4 "an elevator card reader for floor access and a separate VHA card reader for access to the office area; and in locked storage (paper)."
Record Access Procedure is being updated to reflect the following language: "Individuals seeking information on the existence and content of records in this system pertaining to them should contact the system manager in writing as indicated above or write or visit the VA facility location where they normally receive their care. A request for access to records must contain the requester's full name, address, telephone number, be signed by the requester, and describe the records sought in sufficient detail to enable VA personnel to locate them with a reasonable amount of effort."
[top] Contesting Records Procedures is being updated to reflect the following language, "Individuals seeking to contest or amend records in this system pertaining to them should contact the system manager in writing as indicated above, or may write or visit the VA facility location where they normally
Notification Procedure is being updated to state, "Generalized notice is provided by the publication of this notice. For specific notice, see Record Access Procedure, above."
The Report of Intent to Amend a System of Records Notice and an advance copy of the system notice have been sent to the appropriate Congressional committees and to the Director of the Office of Management and Budget (OMB) as required by the Privacy Act and guidelines issued by OMB, December 12, 2000.
Signing Authority
The Senior Agency Official for Privacy, or designee, approved this document and authorized the undersigned to sign and submit the document to the Office of the Federal Register for publication electronically as an official document of the Department of Veterans Affairs. Kurt D. DelBene, Assistant Secretary for Information and Technology and Chief Information Officer, approved this document on March 26, 2024 for publication.
Dated: April 29, 2024.
Amy L. Rose,
Government Information Specialist, VA Privacy Service, Office of Compliance, Risk and Remediation, Office of Information and Technology, Department of Veterans Affairs.
SYSTEM NAME:
"Investigative Database-OMI-VA" (162VA10).
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Records are located at the Office of the Medical Inspector (OMI) in secure files within the OMI and indexed on a secure document management server within the Department of Veterans Affairs (VA) Central Office firewall.
SYSTEM MANAGER(S):
Official responsible for maintaining this system of records: Executive Assistant, OMI, Department of Veterans Affairs, 810 Vermont Avenue NW, Washington, DC 20420. Telephone 202-815-9508 (this is not a toll-free number).
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
38 U.S.C. 501.
PURPOSE(S) OF THE SYSTEM:
The purpose of this system is to document the investigative activities of the OMI, and to monitor the activities of VA Medical Centers in fulfilling action plans developed in response to OMI reports.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The records contain information for individuals (1) Receiving health care from the Veterans Health Administration (VHA), and (2) VHA providers that are providing the health care. Individuals encompass Veterans, current and former employees, trainees, contractors, and other individuals working collaboratively with VA.
CATEGORIES OF RECORDS IN THE SYSTEM:
The records may include information and health information related to:
1. Patient medical record abstract information including information from "Patient Medical Record-VA" (24VA10A7);
2. Identifying information ( e.g., name, birth date, death date, admission date, discharge date, gender, Social Security Number, taxpayer identification number); address information ( e.g., home and/or mailing address, home and/or cell telephone number, emergency contact information such as name, address, telephone number and relationship); prosthetic and sensory aid serial numbers; medical record numbers; integration control numbers; information related to medical examination or treatment ( e.g., location of VA medical facility providing examination or treatment, treatment dates, medical conditions treated or noted on examination); information related to military service and status;
3. Patient aggregate workload data such as admissions, discharges and outpatient visits; resource utilization such as laboratory tests, x-rays and prescriptions;
4. Data captured from various VA databases. According to VHA Directive 1038, Role of the Office of the Medical Inspector, Paragraph 4k., "OMI, as a component of VHA, has legal authority under applicable Federal privacy laws and regulations to access and use any information, including health information, maintained in VHA records for the purposes of health care operations and health care oversight."; and
5. Documents and reports produced and received by OMI in the course of its investigations.
RECORD SOURCE CATEGORIES:
Information in this system of records is provided by Veterans, VA employees, VA computer systems, Veterans Health Information Systems and Technology Architecture (VistA), VA medical centers, VA program offices, Veterans Integrated Service Networks (VISNs), Austin Information Technology Center, the Department of Defense, Survey of Healthcare Experiences of Patients, External Peer Review Program, and the following Systems of Records: "Patient Medical Records-VA" (24VA10A7) and "National Prosthetics Patient Database- VA" (33VA10).
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
To the extent that records contained in the system include information protected by 45 CFR parts 160 and 164, i.e., individually identifiable health information, and 38 U.S.C. 7332, i.e., medical treatment information related to drug abuse, alcoholism or alcohol abuse, sickle cell anemia or infection with the human immunodeficiency virus, that information cannot be disclosed under a routine use unless there is also specific statutory authority in 38 U.S.C. 7332 and regulatory authority in 45 CFR parts 160 and 164 permitting disclosure.
1. Congress: To a Member of Congress or staff acting upon the Member's behalf when the Member or staff requests the information on behalf of, and at the request of, the individual who is the subject of the record.
2. National Archives and Records Administration (NARA): To the NARA in records management inspections conducted under 44 U.S.C. 2904 and 2906, or other functions authorized by laws and policies governing NARA operations and VA records management responsibilities.
3. Department of Justice (DoJ), Litigation, Administrative Proceeding: To the DoJ, or in a proceeding before a court, adjudicative body or other administrative body before which VA is authorized to appear, when:
(a) VA or any component thereof;
(b) Any VA employee in his or her official capacity;
(c) Any VA employee in his or her individual capacity where DoJ has agreed to represent the employee; or
(d) The United States, where VA determines that litigation is likely to affect the agency or any of its components,
is a party to such proceedings or has an interest in such proceedings, and VA determines that use of such records is relevant and necessary to the proceedings.
[top] 4. Governmental Agencies, for VA Hiring, Security Clearance, Contract, License, Grant: To a Federal, state, local or other governmental agency maintaining civil or criminal violation
5. Law Enforcement: To a Federal, State, local, territorial, Tribal or foreign law enforcement authority or other appropriate entity charged with the responsibility of investigating or prosecuting a violation or potential violation of law, whether civil, criminal, or regulatory in nature, or charged with enforcing or implementing such law, provided that the disclosure is limited to information that, either alone or in conjunction with other information, indicates such a violation. The disclosure of the names and addresses of Veterans and their dependents from VA records under this routine use must also comply with the provisions of 38 U.S.C. 5701.
6. Attorneys Representing Clients: To assist attorneys in representing their clients, any information in this system may be disclosed to attorneys representing subjects of investigations, including Veterans, Federal Government employees, retirees, volunteers, contractors, subcontractors or private citizens.
7. Federal Labor Relations Authority (FLRA): To the FLRA in connection with the investigation and resolution of allegations of unfair labor practices, the resolution of exceptions to arbitration awards when a question of material fact is raised; matters before the Federal Service Impasses Panel; and the investigation of representation petitions and the conduct or supervision of representation elections.
8. Equal Employment Opportunity Commission (EEOC): To the EEOC in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, or other functions of the Commission as authorized by law.
9. Merit Systems Protection Board (MSPB): To the MSPB in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as otherwise authorized by law.
10. Guardians, Courts, for Incompetent Veterans: To a court, magistrate or administrative tribunal in matters of guardianship, inquests, and commitments; to private attorneys representing Veterans rated incompetent in conjunction with issuance of Certificates of Incompetency; or to probation and parole officers in connection with court-required duties.
11. State Licensing Board, for Licensing: To a Federal agency, a State or local government licensing board, the Federation of State Medical Boards, or a similar non-governmental entity that maintains records concerning individuals' employment histories or concerning the issuance, retention or revocation of licenses, certifications or registration necessary to practice an occupation, profession or specialty, to inform such non-governmental entities about the health care practices of a terminated, resigned or retired health care employee whose professional health care activity so significantly failed to conform to generally accepted standards of professional medical practice as to raise reasonable concern for the health and safety of patients in the private sector or from another Federal agency. These records may also be disclosed as part of an ongoing computer matching program to accomplish these purposes.
12. Contractors: To contractors, grantees, experts, consultants, students and others performing or working on a contract, service, grant, cooperative agreement or other assignment for VA, when reasonably necessary to accomplish an agency function related to the records.
13. Federal Agencies, Fraud and Abuse: To other Federal agencies to assist such agencies in preventing and detecting possible fraud or abuse by individuals in their operations and programs.
14. Data Breach Response and Remediation, for VA: To appropriate agencies, entities and persons when (1) VA suspects or has confirmed that there has been a breach of the system of records; (2) VA has determined that as a result of the suspected or confirmed breach there is a risk to individuals, VA (including its information systems, programs and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities or persons is reasonably necessary to assist in connection with VA efforts to respond to the suspected or confirmed breach or to prevent, minimize or remedy such harm.
15. Data Breach Response and Remediation, for Another Federal Agency: To another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.
16. Office of Special Counsel: To the Office of the Special Counsel for investigation and inquires of alleged or possible prohibited personnel practices.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained on electronic storage media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrieved by name, Social Security Number or other assigned identifiers of the individuals on whom they are maintained.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records in this system are retained and disposed of in accordance with the schedule approved by the Archivist of the United States, VA Records Control Schedule (RCS) 10-1, Item Numbers 1160.1 and 1160.2.
ADMINISTRATIVE, TECHNICAL AND PHYSICAL SAFEGUARDS:
1. Access to and use of national administrative databases, warehouses and data marts are limited to those persons whose official duties require such access, and VA has established security procedures to ensure that access is appropriately limited. Information security officers and system data stewards review and authorize data access requests. VA regulates data access with security software that authenticates users and requires individually unique codes and passwords. VA provides information security training to all staff and instructs staff on the responsibility each person has for safeguarding data confidentiality.
2. VA maintains Business Associate Agreements and Non-Disclosure Agreements where appropriate with contracted resources in order to maintain confidentiality of the information.
[top] 3. Physical access to computer rooms housing national administrative databases, warehouses and data marts are restricted to authorized staff and
4. All materials containing real or scrambled Social Security numbers are kept only on secure, encrypted VHA servers, personal computers, laptops or media. All email transmissions of such files use Public Key Infrastructure (PKI) encryption. If a recipient does not have PKI, items are mailed or sent to a secure fax. Paper records containing Social Security numbers are secured in locked cabinets or offices within the OMI area. Access to OMI requires passing a security officer. All materials, both paper and electronic, that are no longer required are shredded/obliterated in accordance with VHA guidelines. Materials required for case documentation and follow up are archived in our secure document management server (electronic).
5. In most cases, copies of back-up computer files are maintained at off-site locations.
RECORD ACCESS PROCEDURES:
Individuals seeking information on the existence and content of records in this system pertaining to them should contact the system manager in writing as indicated above or write or visit the VA facility location where they normally receive their care. A request for access to records must contain the requester's full name, address, telephone number, be signed by the requester, and describe the records sought in sufficient detail to enable VA personnel to locate them with a reasonable amount of effort.
CONTESTING RECORD PROCEDURES:
Individuals seeking to contest or amend records in this system pertaining to them should contact the system manager in writing as indicated above. A request to contest or amend records must state clearly and concisely what record is being contested, the reasons for contesting it, and the proposed amendment to the record.
NOTIFICATION PROCEDURES:
Generalized notice is provided by the publication of this notice. For specific notice, see Record Access Procedure, above.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
85 FR 7404 (February 7, 2020).
[FR Doc. 2024-09529 Filed 5-1-24; 8:45 am]
BILLING CODE 8320-01-P