Privacy Act of 1974; System of Records, 11531-11533 [2015-04315]

Agencies

• DEPARTMENT OF VETERANS AFFAIRS

[Federal Register Volume 80, Number 41 (Tuesday, March 3, 2015)]
[Notices]
[Pages 11531-11533]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2015-04315]


-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Department of Veterans Affairs (VA).

ACTION: Notice of amendment of system of records.

-----------------------------------------------------------------------

SUMMARY: As required by the Privacy Act of 1974, 5 U.S.C. 552a(e), 
notice is hereby given that the Department of Veterans Affairs (VA) is 
amending the system of records currently entitled ``Customer 
Relationship Management System (CRMS)-VA'' (155VA16) as set forth in 
the Federal Register 77 FR 72123. VA is amending the system by revising 
the System Number, System Location, Categories of Individuals Covered 
by the System, Categories of Records in the System, Safeguards, and 
System Managers and Address. VA is republishing the system of records 
notice in its entirety.

DATES: Comments on this amended system of records must be received no 
later than April 2, 2015. If no public comment is received during the 
period allowed for comment or unless otherwise published in the Federal 
Register by the VA, the new system of records will become effective 
April 2, 2015.

ADDRESSES: Written comments concerning the proposed amended system of 
records may be submitted by: mail or hand-delivery to Director, 
Regulations Management (02REG), Department of Veterans Affairs, 810 
Vermont Avenue NW., Room 1068, Washington, DC 20420; fax to (202) 273-
9026; or email to https://www.Regulations.gov. All comments received 
will be available for public inspection in the Office of Regulation 
Policy and Management, Room 1063B, between the hours of 8:00 a.m. and 
4:30 p.m., Monday through Friday (except holidays). Please call (202) 
461-4902 (this is not a toll-free number) for an appointment.

FOR FURTHER INFORMATION CONTACT: Veterans Health Administration (VHA) 
Privacy Officer, Department of Veterans Affairs, 810 Vermont Avenue 
NW., Washington, DC 20420; telephone (704) 245-2492.

SUPPLEMENTARY INFORMATION: The System Number is changed from 155VA16 to 
155VA10NB to reflect the current organizational alignment.
    The System Location and the System Manager and Address sections are 
being amended to reflect a name change from Health Revenue Center to 
the Health Resource Center (HRC).
    The Categories of Individuals Covered by the System is being 
amended to include information concerning secure messaging and web 
chat.
    The Categories of Records in the System is being amended to include 
health care appointment request and general administrative pharmacy 
inquires.
    Safeguards, number one, is being amended to state that all entrance 
doors to the HRC Topeka, KS and Waco, TX locations require an 
electronic pass card to gain entry. Number four is being amended to 
replace the Statement of Commitment and Understanding with the Rules of 
Behavior.
    The Report of Intent to Amend a System of Records Notice and an 
advance copy of the system notice have been sent to the appropriate 
Congressional committees and to the Director of the Office of 
Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy 
Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000.

Signing Authority: The Secretary of Veterans Affairs, or designee, 
approved this document and authorized the undersigned to sign and 
submit the document to the Office of the Federal Register for 
publication electronically as an official document of the Department of 
Veterans Affairs. Jose D. Riojas, Chief of Staff, approved this 
document on February 10, 2015, for publication.

    Dated: February 25, 2015.
Jeffrey M. Martin,
Program Manager, Regulation Policy and Management, Office of the 
General Counsel, Department of Veterans Affairs.
155VA10NB

SYSTEM NAME:
    Customer Relationship Management System (CRMS)--VA

SYSTEM LOCATION:
    Records and magnetic media are maintained at the Health Resource 
Center (HRC), Topeka, Kansas facility or at another OI&T approved 
location. Magnetic media are also stored at an OI&T approved location 
for contingency back-up purposes.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The records include information concerning telephone, secure 
messaging and web chat inquiries from Veterans, Veteran's family 
members, members of the general public, VA customers, and VA employees.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The records may include information related to:
    1. Veteran health benefits eligibility and health care appointment 
request;
    2. Veteran medical claims processing and payments;
    3. Co-payments charged for medical care and prescriptions;
    4. General administrative pharmacy inquiries;
    5. General human resources management; e.g., employee benefits, 
recruitment/job applicants, etc.; and
    6. Other information related to Veterans, Veteran's family members, 
members of the general public, VA customers, and VA employees.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Title 38, United States Code, sections 501(a), 1705, 1710, 1722, 
1722(a), 1781 and Title 5, United States Code, section 552(a).

PURPOSE(S):
    The records and information may be used for historical reference, 
quality assurance, training, and statistical reporting.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    To the extent that records contained in the system include 
information protected by 45 CFR parts 160 and 164, i.e., individually 
identifiable health information, and 38 U.S.C. 7332, i.e., medical 
treatment information related to drug abuse, alcoholism or alcohol 
abuse, sickle cell anemia or infection with the human immunodeficiency 
virus, that information cannot be disclosed under a routine use unless 
there is also specific statutory authority in 38 U.S.C. 7332 and 
regulatory authority in 45 CFR parts 160 and 164 permitting disclosure.
    1. The record of an individual who is covered by this system of 
records may be disclosed to a Member of Congress, or a staff person 
acting for the Member, when the Member or staff person requests the 
record on behalf of and at the written request of the individual.
    2. Disclosure may be made to National Archives and Records 
Administration (NARA) and the General Services Administration (GSA) in 
records management inspections conducted under authority of Tile, 
Chapter 29, of the Unites States Code (44 U.S.C.).

[[Page 11532]]

    3. VA may disclose information in this system of records to the 
Department of Justice (DOJ), either on VA's initiative or in response 
to DOJ's request for the information, after either VA or DOJ determines 
that such information is relevant to DOJ's representation of the United 
States or any of its components in legal proceedings before a court or 
adjudicative body, provided that, in each case, the agency also 
determines prior to disclosure that release of the records to the DOJ 
is a use of the information contained in the records that is compatible 
with the purpose for which VA collected the records. VA, on its own 
initiative, may disclose records in this system of records in legal 
proceedings before a court or administrative body after determining 
that the disclosure of the records to the court or administrative body 
is a use of the information contained in the records that is compatible 
with the purpose for which VA collected the records.
    4. Disclosure of relevant information may be made to individuals, 
organizations, private or public agencies, or other entities or 
individuals with whom VA has a contract or agreement or where there is 
a subcontract to perform such services as VA may deem practicable for 
the purposes of laws administered by VA, in order for the contractor or 
subcontractor to perform the services of the contract or agreement.
    5. VA may disclose, on its own initiative, any information in this 
system, except the names and home addresses of Veterans and their 
dependents, that is relevant to a suspected or reasonably imminent 
violation of law, whether civil, criminal or regulatory in nature and 
whether arising by general or program statute or by regulation, rule or 
order issued pursuant thereto, to a Federal, State, local, tribal, or 
foreign agency charged with the responsibility of investigating or 
prosecuting such violation, or charged with enforcing or implementing 
the statute, regulation, rule or order. VA may also disclose on its own 
initiative the names and addresses of Veterans and their dependents to 
a Federal agency charged with the responsibility of investigating or 
prosecuting civil, criminal or regulatory violations of law, or charged 
with enforcing or implementing the statute, regulation, or order issued 
pursuant thereto.
    6. Disclosure to other Federal agencies may be made to assist such 
agencies in preventing and detecting possible fraud or abuse by 
individuals in their operations and programs.
    7. VA may, on its own initiative, disclose any information or 
records to appropriate agencies, entities, and persons when (1) VA 
suspects or has confirmed that the integrity or confidentiality of 
information in the system of records has been compromised; (2) the 
Department has determined that as a result of the suspected or 
confirmed compromise, there is a risk of embarrassment or harm to the 
reputations of the record subjects, harm to economic or property 
interests, identity theft or fraud, or harm to the security, 
confidentiality, or integrity of this system or other systems or 
programs (whether maintained by the Department or another agency or 
entity) that rely upon the potentially compromised information; and (3) 
the disclosure is to agencies, entities, or persons whom VA determines 
are reasonably necessary to assist or carry out the Department's 
efforts to respond to the suspected or confirmed compromise and 
prevent, minimize, or remedy such harm. This routine use permits 
disclosures by the Department to respond to a suspected or confirmed 
data breach, including the conduct of any risk analysis or provision of 
credit protection services as provided in 38 U.S.C. 5724, as the terms 
are defined in 38 U.S.C. 5727.
    8. Disclosure may be made to those officers and employees of the 
agency that maintains the record who have a need for the record in the 
performance of their duties.
    9. To disclose the information listed in 5 U.S.C. 7114(b)(4) to 
officials of labor organizations recognized under 5 U.S.C. Chapter 71 
when relevant and necessary to their duties of exclusive representation 
concerning personnel policies, practices, and matters affecting working 
conditions.
    10. To disclose information to officials of the Merit Systems 
Protection Board (MSPB), or the Office of the Special Counsel, when 
requested in connection with appeals, special studies of the civil 
service and other merit systems, review of rules and regulations, 
investigation of alleged or possible prohibited personnel practices, 
and such other functions, promulgated in 5 U.S.C. 1205 and 1206, or as 
may be authorized by law.
    11. To disclose information from this system to the Equal 
Employment Opportunity Commission (EEOC) when requested in connection 
with investigations of alleged or possible discriminatory practices, 
examination of Federal affirmative employment programs, or other 
functions of the Commission as authorized by law or regulation.
    12. To disclose to the Federal Labor Relations Authority (FLRA), 
including its General Counsel, information related to the establishment 
of jurisdiction, the investigation and resolution of allegations of 
unfair labor practices, or information in connection with the 
resolution of exceptions to arbitration awards when a question of 
material fact is raised; to disclose information in matters properly 
before the Federal Services Impasses Panel, and to investigate 
representation petitions and conduct or supervise representation 
elections.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are stored on electronic media in a VA OI&T approved 
location.

RETRIEVABILITY:
    Records are retrieved by name, social security number or other 
assigned identifiers of the individuals on whom they are maintained.

SAFEGUARDS:
    1. All entrance doors to the HRC Topeka, KS and Waco, TX locations 
require an electronic pass card to gain entry. Hours of entry to the 
facility are controlled based on position held and special needs. 
Visitors to the HRC are required to sign-in at a specified location and 
are escorted the entire time they are in the building or they are 
issued a temporary visitors badge. At the end of the visit, visitors 
are required to turn in their badge. The building is equipped with an 
intrusion alarm system which is activated when any of the doors are 
forced open or held ajar for a specified length of time. During 
business hours, the security system is monitored by the VA police and 
HRC staff. After business hours, the security system is monitored by 
the VA telephone operator(s) and VA police. The VA police conduct 
visual security checks of the outside perimeter of the building.
    2. Access to the building is generally restricted to HRC staff and 
VA police, specified custodial personnel, engineering personnel, and 
canteen service personnel.
    3. Access to computer rooms is restricted to authorized VA OI&T 
personnel and requires entry of a personal identification number (PIN) 
with the pass card swipe. PIN's must be changed periodically. All other 
persons gaining access to computer rooms are escorted. Information 
stored in the computer may be accessed by authorized VA employees at 
remote locations including the Health Eligibility Center in Atlanta, 
GA; Health

[[Page 11533]]

Administration Center in Denver, CO; Consolidated Patient Accounting 
Center in Ashville, NC; and VA health care facilities.
    4. All HRC employees receive information security and privacy 
awareness training and sign the Rules of Behavior; training is provided 
to all employees on an annual basis. The HRC Information Security 
Officer performs an annual information security audit and periodic 
reviews to ensure security of the system.
    5. For contingency purposes, database backups on magnetic media are 
stored off-site at an approve VA OI&T location.

RETENTION AND DISPOSAL:
    Electronic Service Records are purged when they are no longer 
needed for current operation. Records are maintained and disposed of in 
accordance with records disposition authority approved by the Archivist 
of the United States, National Archives and Records Administration, and 
published in the VHA Records Control Schedule 10-1.

SYSTEM MANAGER(S) AND ADDRESS:
    Official responsible for policies and procedures: Chief Business 
Officer (10NB), VA Central Office, 1722 I St. NW., Washington, DC 
20420. Official maintaining the system: Director, Health Resource 
Center, 3401 SW 21st Street Bldg. 9, Topeka, Kansas 66604.

NOTIFICATION PROCEDURE:
    Individuals who wish to determine whether this system of records 
contains information about them should contact the VA facility location 
at which they are or were employed or made or have contact. Inquiries 
should include the person's full name, social security number, dates of 
employment, date(s) of contact, and return address.

RECORD ACCESS PROCEDURE:
    Individuals seeking information regarding access to and contesting 
of records in this system may write, call or visit the VA facility 
location where they are or were employed or made contact.

CONTESTING RECORD PROCEDURES:
    (See Record Access Procedures above.)

RECORD SOURCE CATEGORIES:
    Information in this system of records is provided by Veterans, 
Veteran's family members, members of the general public, VA customers, 
and VA employees.

[FR Doc. 2015-04315 Filed 3-2-15; 8:45 am]
BILLING CODE 8320-01-P