Privacy Act of 1974; System of Records, 55207-55211 [05-18728]

Agencies

• DEPARTMENT OF VETERANS AFFAIRS

[Federal Register Volume 70, Number 181 (Tuesday, September 20, 2005)]
[Notices]
[Pages 55207-55211]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 05-18728]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Department of Veterans Affairs (VA).

ACTION: Notice of amendment to system of records.

-----------------------------------------------------------------------

SUMMARY: As required by the Privacy Act of 1974, 5 U.S.C. 552a(e), 
notice is hereby given that the Department of Veterans Affairs (VA) is 
amending the system of records currently entitled ``The Revenue 
Program--Billing and Collections Records-VA'' (114VA16) as set forth in 
the Federal Register 69 FR 4205. VA is amending the system of records 
by revising the Categories of Records in the System, Purpose and 
Routine Uses of Records Maintained in the System. VA is republishing 
the system notice in its entirety.

DATES: Comments on the amendment of this system of records must be 
received no later than October 20, 2005. If no public comment is 
received, the amended system will become effective October 20, 2005.

ADDRESSES: Written comments concerning the proposed amended system of 
records may be submitted by: mail or hand-delivery to Director, 
Regulations Management (00REG1), Department of Veterans Affairs, 810 
Vermont Avenue, NW., Room 1068, Washington, DC 20420; fax to (202) 273-
9026; or e-mail to VAregulations@mail.va.gov. All comments received 
will be available for public inspection in the Office of Regulation 
Policy and Management, Room 1063B, between the hours of 8 a.m. and 4:30 
p.m., Monday through Friday (except holidays). Please call (202) 273-
9515 for an appointment.

FOR FURTHER INFORMATION CONTACT: Veterans Health Administration (VHA) 
Privacy Act Officer, Department of Veterans Affairs, 810 Vermont 
Avenue, NW., Washington, DC 20420; telephone (727) 320-1839.

SUPPLEMENTARY INFORMATION: VA is amending ``The Revenue Program--
Billing and Collections Records-VA'' (114VA16) to allow for the 
collection of the National Provider Identifier (NPI) of healthcare 
providers in order for the NPI to be submitted on claims for payment of 
healthcare services provided by VA. The Categories of Records in the 
System is amended to add the NPI to the other demographic data 
collected on healthcare providers. Purpose(s) is amended to reflect how 
the data may be used to make application for a NPI, as required under 
the Health Insurance Portability and Accountability Act (HIPAA) 
Administrative Simplification Rule on Standard Unique Health Identifier 
for Healthcare Providers which includes participation in pilot testing 
of NPI enumeration system by the Centers for Medicare and Medicaid 
Services (CMS).
    We are proposing to amend and establish the following Routine Use 
disclosure of information maintained in the system:
    Routine Use ten (10) is amended to add NPI to the list of 
healthcare provider demographic data that may be disclosed to a third 
party where the third party requires the Department provide that 
information before it will pay for medical care provided by VA.
    Routine Use thirteen (13) is amended to replace ``Patient 
identifying information may be disclosed'' to ``Relevant information 
may be disclosed.'' Identifying information on a spouse sometimes must 
be disclosed to a third party payer in order for VA to be reimbursed 
for services.
    A new Routine Use seventeen (17) is added. Provider identifying 
information may be disclosed from this System of Records to CMS to test 
the enumeration system for the NPI and, once the system is operational, 
to obtain a NPI for any eligible healthcare professional providing 
examination or treatment within VA healthcare facilities.
    VA needs the NPI to be able to bill for services provided by the 
healthcare provider.
    The Privacy Act permits VA to disclose information about 
individuals without their consent for a routine use when the 
information will be used for a purpose that is compatible with the 
purpose for which we collected the

[[Page 55208]]

information. In all of the routine use disclosures described above, the 
recipient of the information will use the information in connection 
with a matter relating to one of VA's programs, will use the 
information to provide a benefit to VA, or disclosure is required by 
law.
    The Report of Intent to Amend a System of Records Notice and an 
advance copy of the system notice have been sent to the appropriate 
Congressional committees and to the Director of the Office of 
Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy 
Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000.

    Approved: September 1, 2005.
Gordon H. Mansfield,
Deputy Secretary of Veterans Affairs.
114VA16

SYSTEM NAME:
    The Revenue Program--Billing and Collections Records-VA.

SYSTEM LOCATION:
    Records are maintained at each VA healthcare facility. In most 
cases, back-up computer tape information is stored at off-site 
locations. Address locations for VA facilities are listed in VA 
Appendix 1 of the biennial publication of VA Privacy Act Issuances. In 
addition, information from these records or copies of records may be 
maintained at the Department of Veterans Affairs (VA), 810 Vermont 
Avenue, NW, Washington, DC; the VA Austin Automation Center (AAC), 
Austin, Texas; Veterans Integrated Service Network (VISN) Offices; VA 
Allocation Resource Center (ARC), Boston, Massachusetts, and contractor 
facilities.

Categories of individuals covered by the system:
    1. Veterans who have applied for healthcare services under Title 
38, United States Code, Chapter 17, and in certain cases members of 
their immediate families.
    2. Beneficiaries of other Federal agencies.
    3. Individuals examined or treated under contract or resource 
sharing agreements.
    4. Individuals examined or treated for research or donor purposes.
    5. Individuals who have applied for Title 38 benefits but who do 
not meet the requirements under Title 38 to receive such benefits.
    6. Individuals who were provided medical care under emergency 
conditions for humanitarian reasons.
    7. Pensioned members of allied forces (Allied Beneficiaries) who 
are provided healthcare services under Title 38, United States Code, 
Chapter 1.
    8. Healthcare professionals providing examination or treatment to 
any individuals within VA healthcare facilities.
    9. Healthcare professionals providing examination or treatment to 
individuals under contract or resource sharing agreements.

Categories of records in the system:
    The records may include information related to:
    1. The social security number and insurance policy number of the 
veteran and/or veteran's spouse. The record may include other 
identifying information (e.g., name, date of birth, age, sex, marital 
status) and address information (e.g., home and/or mailing address, 
home telephone number).
    2. Insurance company information specific to coverage of the 
veteran and/or spouse to include annual deductibles and benefits.
    3. Diagnostic codes (ICD9-CM, CPT-4, and any other coding system) 
pertaining to the individual's medical, surgical, psychiatric, dental 
and/or psychological examination or treatment.
    4. Charges claimed to a third party payer, including insurance 
companies, other Federal agencies, or foreign governments, based on 
treatment/services provided to the patient.
    5. Charges billed to those veterans who are required to meet co-
payment obligations for treatment/services rendered by VA.
    6. The name, social security number, universal personal 
identification number, National Provider Identifier (NPI) and 
credentials including provider's degree, licensure, certification, 
registration or occupation of healthcare providers.

Authority for maintenance of the system:
    Title 38, United States Code (U.S.C.), sections 1710 and 1729.

PURPOSE(S):
    The records and information are used for the billing of, and 
collections from, a third-party payer, including insurance companies, 
other Federal agencies, or foreign governments, for medical care or 
services received by a veteran for a nonservice-connected condition or 
from a first party veteran required to make co-payments. The records 
and information are also used for the billing of and collections from 
other Federal agencies for medical care or services received by an 
eligible beneficiary. The data may be used to identify and/or verify 
insurance coverage of a veteran or veteran's spouse prior to submitting 
claims for medical care or services. The data may be used to support 
appeals for non-reimbursement of claims for medical care or services 
provided to a veteran. The data may be used to enroll healthcare 
providers with health plans and VA's healthcare clearinghouse in order 
to electronically file third-party claims. For the purposes of 
healthcare billing and payment activities to and from third party 
payers, VA will disclose information in accordance with the 
legislatively-mandated transaction standard and code sets promulgated 
by the United States Department of Health and Human Services (HHS) 
under the Health Insurance Portability and Accountability Act (HIPAA). 
The records and information may be used for statistical analyses to 
produce various management, tracking and follow-up reports, to track 
and trend the reimbursement practices of insurance carriers, and to 
track billing and collection information.
    The data may be used to enroll healthcare providers with health 
plans and VA's healthcare clearinghouse in order to electronically file 
third party claims. The data may be used to make application for a NPI, 
as required HIPAA Administrative Simplification Rule on Standard Unique 
Health Identifier for Healthcare Providers, 45 CFR Part 162, for all 
healthcare professionals providing examination or treatment within VA 
healthcare facilities, including participation in pilot test of NPI 
enumeration system by the Centers of Medicare and Medicaid Services 
(CMS). The records and information may be used for statistical analyses 
to produce various management, tracking and follow-up reports, to track 
and trend the reimbursement practices of insurance carriers, and to 
track billing and collection information.

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    To the extent that records contained in the system include 
information protected by 45 CFR parts 160 and 164, i.e., individually-
identifiable health information, and 38 U.S.C. 7332; i.e., medical 
treatment information related to drug abuse, alcoholism or alcohol 
abuse, sickle cell anemia or infection with the human immunodeficiency 
virus, that information cannot be disclosed under a routine use unless 
there is also specific statutory authority in 38 U.S.C. 7332 and 
regulatory authority in 45 CFR parts 160 and 164 permitting disclosure.
    1. On its own initiative, VA may disclose information, except for 
the names and home address of veterans

[[Page 55209]]

and their dependents, to a Federal, state, local, tribal or foreign 
agency charged with the responsibility of investigating or prosecuting 
civil, criminal or regulatory violations of law, or charged with 
enforcing or implementing the statute, regulation, rule or order issued 
pursuant thereto. On its own initiative, VA may also disclose the names 
and addresses of veterans and their dependents to a Federal agency 
charged with the responsibility of investigating or prosecuting civil, 
criminal or regulatory violations of law, or charged with enforcing or 
implementing the statute, regulation, rule or order issued pursuant 
thereto.
    2. Disclosure may be made to an agency in the executive, 
legislative, or judicial branch, or the District of Columbia government 
in response to its request or at the initiation of VA, in connection 
with the letting of a contract, other benefits by the requesting 
agency, or the lawful statutory, administrative, or investigative 
purpose of the agency to the extent that the information is relevant 
and necessary to the requesting agency's decision. However, names and 
addresses of veterans and their dependents will be released only to 
Federal entities.
    3. Disclosure may be made to a Congressional office from the record 
of an individual in response to an inquiry from the Congressional 
office made at the request of that individual.
    4. Disclosure may be made to National Archives and Records 
Administration (NARA) in records management inspections conducted under 
authority of Title 44 U.S.C.
    5. Disclosure may be made to the Department of Justice and United 
States attorneys in defense or prosecution of litigation involving the 
United States, and to Federal agencies upon their request in connection 
with review of administrative tort claims filed under the Federal Tort 
Claims Act, 28 U.S.C. 2672.
    6. Any information in this system of records, including personal 
information obtained from other Federal agencies through computer-
matching programs, may be disclosed for the purposes identified below 
to any third party, except consumer reporting agencies, in connection 
with any proceeding for the collection of an amount owed to the United 
States by virtue of a person's participation in any benefit program 
administered by VA. Information may be disclosed under this routine use 
only to the extent that it is reasonably necessary for the following 
purposes: (a) To assist VA in collection of Title 38 overpayments, 
overdue indebtedness, and/or costs of services provided individuals not 
entitled to such services; and (b) to initiate civil or criminal legal 
actions for collecting amounts owed to the United States and/or for 
prosecuting individuals who willfully or fraudulently obtain Title 38 
benefits without entitlement. This disclosure is consistent with 38 
U.S.C. 5701(b)(6).
    7. The name and address of a veteran, other information as is 
reasonably necessary to identify such veteran, including personal 
information obtained from other Federal agencies through computer 
matching programs, and any information concerning the veteran's 
indebtedness to the United States by virtue of the person's 
participation in a benefits program administered by VA may be disclosed 
to a consumer reporting agency for purposes of assisting in the 
collection of such indebtedness, provided that the provisions of 38 
U.S.C. 5701(g)(4) have been met.
    8. The name of a veteran, or other beneficiary, other information 
as is reasonably necessary to identify such individual, and any 
information concerning the individual's indebtedness by virtue of a 
person's participation in a medical care and treatment program 
administered by VA, may be disclosed to the Treasury Department, 
Internal Revenue Service, for the collection of indebtedness arising 
from such program by the withholding of all or a portion of the 
person's Federal income tax refund. These records may be disclosed as 
part of a computer-matching program to accomplish these purposes.
    9. Relevant information (excluding medical treatment information 
related to drug or alcohol abuse, infection with the human 
immunodeficiency virus or sickle cell anemia) may be disclosed to HHS 
for the purpose of identifying improper duplicate payments made by 
Medicare fiscal intermediaries where VA was authorized and was 
responsible for payment for medical services obtained at non-VA 
healthcare facilities.
    10. The social security number, universal personal identification 
number, NPI, credentials, and other identifying information of a 
healthcare provider may be disclosed to a third party where the third 
party requires the Department provide that information before it will 
pay for medical care provided by VA.
    11. Relevant information may be disclosed to individuals, 
organizations, private or public agencies, etc., with whom VA has a 
contract or agreement to perform such services as VA may deem practical 
for the purposes of laws administered by VA, in order for the 
contractor and/or subcontractor to perform the services of the contract 
or agreement.
    12. Relevant information from this system of records may be 
disclosed to the National Practitioner Data Bank and/or State Licensing 
Board in the State(s) in which a practitioner is licensed, in which the 
VA facility is located, and/or in which an act or omission occurred 
upon which a medical malpractice claim was based when VA reports 
information concerning: (a) Any payment for the benefit of a physician, 
dentist, or other licensed healthcare practitioner which was made as 
the result of a settlement or judgment of a claim of medical 
malpractice if an appropriate determination is made in accordance with 
agency policy that payment was related to substandard care, 
professional incompetence or professional misconduct on the part of the 
individual; (b) a final decision which relates to possible incompetence 
or improper professional conduct that adversely affects the clinical 
privileges of a physician, dentist or other licensed healthcare 
practitioner for a period longer than 30 days; or, (c) the acceptance 
of the surrender of clinical privileges, or any restriction of such 
privileges by a physician, dentist, or other licensed healthcare 
practitioner either while under investigation by the healthcare entity 
relating to possible incompetence or improper professional conduct, or 
in return for not conducting such an investigation or proceeding. These 
records may also be disclosed as part of a computer-matching program to 
accomplish these purposes.
    13. Relevant information may be disclosed from this system of 
records to any third party or Federal agency such as the Department of 
Defense, Office of Personnel Management, HHS and government-wide third-
party insurers responsible for payment of the cost of medical care for 
the identified patients, in order for VA to seek recovery of the 
medical care costs. These records may also be disclosed as part of a 
computer-matching program to accomplish these purposes.
    14. Relevant information, including the nature and amount of a 
financial obligation, may be disclosed in order to assist VA in the 
collection of unpaid financial obligations owed VA, to a debtor's 
employing agency or commanding officer, so that the debtor-employee may 
be counseled by his or her Federal employer or commanding officer. This 
purpose is consistent with 5 U.S.C. 5514, 4 CFR 102.5, and section 206 
of Executive Order 11222 of May 8, 1965 (30 FR 6469).

[[Page 55210]]

    15. Identifying information such as name, address, social security 
number and other information as is reasonably necessary to identify 
such individual, may be disclosed to the National Practitioner Data 
Bank at the time of hiring and/or clinical privileging/re-privileging 
of healthcare practitioners, and at other times as deemed necessary by 
VA, in order for VA to obtain information relevant to a Department 
decision concerning the hiring, privileging/re-privileging, retention 
or termination of the applicant or employee.
    16. Disclosure of individually-identifiable health information 
including billing information for the payment of care may be made by 
appropriate VA personnel, to the extent necessary and on a need-to-know 
basis consistent with good medical-ethical practices, to family members 
and/or the person(s) with whom the patient has a meaningful 
relationship.
    17. Provider identifying information may be disclosed from this 
System of Records to CMS to test the enumeration system for the NPI and 
once the system is operational, to obtain an NPI for any eligible 
healthcare professional providing examination or treatment with VA 
healthcare facilities.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:
    Pursuant to 5 U.S.C. 552a(b)(12), VA may disclose records from this 
system to consumer reporting agencies as defined in the Fair Credit 
Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act 
of 1966 (31 U.S.C. 3701(a)(3)).

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are maintained on paper or electronic media.

RETRIEVABILITY:
    Records are retrieved by name, social security number or other 
assigned identifier of the individuals on whom they are maintained, or 
by specific bill number assigned to the claim of the individuals on 
whom they are maintained.

SAFEGUARDS:
    1. Access to VA working and storage areas is restricted to VA 
employees on a ``need-to-know'' basis; strict control measures are 
enforced to ensure that disclosure to these individuals is also based 
on this same principle. Generally, VA file areas are locked after 
normal duty hours and the facilities are protected from outside access 
by the Federal Protective Service or other security personnel.
    2. Information in VistA may only be accessed by authorized VA 
personnel. Access to file information is controlled at two levels. The 
systems recognize authorized personnel by series of individually unique 
passwords/codes as a part of each data message, and personnel are 
limited to only that information in the file, which is needed in the 
performance of their official duties. Information that is downloaded 
from VistA and maintained on personal computers is afforded similar 
storage and access protections as the data that is maintained in the 
original files. Access to information stored on automated storage media 
at other VA locations is controlled by individually unique passwords/
codes. Access by Office of Inspector General (OIG) staff conducting an 
audit, investigation, or inspection at the healthcare facility, or an 
OIG office location remote from the healthcare facility, is controlled 
in the same manner.
    3. Information downloaded from VistA and maintained by the OIG 
headquarters and Field Offices on automated storage media is secured in 
storage areas for facilities to which only OIG staff have access. Paper 
documents are similarly secured. Access to paper documents and 
information on automated storage media is limited to OIG employees who 
have a need for the information in the performance of their official 
duties. Access to information stored on automated storage media is 
controlled by individually unique passwords/codes.
    4. Access to the VA Austin Automation Center (AAC) is generally 
restricted to AAC employees, custodial personnel, Federal Protective 
Service and other security personnel. Access to computer rooms is 
restricted to authorized operational personnel through electronic 
locking devices. All other persons gaining access to computer rooms are 
escorted. Information stored in the AAC databases may be accessed.
    5. Access to records maintained at the VA Allocation Resource 
Center (ARC) and the VISN Offices is restricted to VA employees who 
have a need for the information in the performance of their official 
duties. Access to information stored in electronic format is controlled 
by individually unique passwords/codes. Records are maintained in 
manned rooms during working hours. The facilities are protected from 
outside access during non-working hours by the Federal Protective 
Service or other security personnel.

RETENTION AND DISPOSAL:
    Paper records and information stored on electronic storage media 
are maintained and disposed of in accordance with records disposition 
authority approved by the Archivist of the United States.

SYSTEM MANAGER(S) AND ADDRESS:
    The official responsible for policies and procedures is the Chief 
Business Officer, Chief Business Office (16), Department of Veterans 
Affairs, 810 Vermont Avenue, NW., Washington, DC 20420. The local 
officials responsible for maintaining the system are the Director of 
the facility where the individual is or was associated.

NOTIFICATION PROCEDURE:
    An individual who wishes to determine whether a record is being 
maintained in this system under his or her name or other personal 
identifier, or wants to determine the contents of such record, should 
submit a written request or apply in person to the last VA healthcare 
facility where care was rendered. Addresses of VA healthcare facilities 
may be found in VA Appendix 1 of the biennial publication of VA Privacy 
Act Issuances. All inquiries must reasonably identify the place and 
approximate date that medical care was provided. Inquiries should 
include the patient's full name, social security number, insurance 
company information, policyholder and policy identification number as 
well as a return address.

RECORD ACCESS PROCEDURE:
    Individuals seeking information regarding access to and contesting 
of records in this system may write, call or visit the VA facility 
location where they were treated.

CONTESTING RECORD PROCEDURES:
    (See Record Access Procedures above.)

RECORD SOURCE CATEGORIES:
    The patient, family members or guardian, and friends, employers or 
other third parties when otherwise unobtainable from the patient or 
family; health insurance carriers; private medical facilities and 
healthcare professionals; state and local agencies; other Federal 
agencies; VA regional offices; Veterans Benefits Administration 
automated record systems, including Veterans and Beneficiaries 
Identification and Records Location Subsystem-VA (38VA23) and the 
Compensation, Pension, Education and Rehabilitation Records-VA (58VA21/
22); and various automated systems providing clinical and

[[Page 55211]]

managerial support at VA healthcare facilities to include Health Care 
Provider Credentialing and Privileging Records-VA (77VA10Q) and 
Veterans Health Information Systems and Technology Architecture (VistA) 
(79VA19).

[FR Doc. 05-18728 Filed 9-19-05; 8:45 am]
BILLING CODE 8320-01-P