Privacy Act of 1974; System of Records, 17229-17233 [E7-6233]

Download as PDF Federal Register / Vol. 72, No. 66 / Friday, April 6, 2007 / Notices Written comments should be received on or before June 6, 2007, to be assured of consideration. ADDRESSES: Direct all written comments to Bureau of the Public Debt, Vicki S. Thorpe, 200 Third Street, A4–A, Parkersburg, WV 26106–5312, or Vicki.Thorpe@bpd.treas.gov. DEPARTMENT OF THE TREASURY FOR FURTHER INFORMATION CONTACT: SUMMARY: The Department of the Treasury, as part of its continuing effort to reduce paperwork and respondent burden, invites the general public and other Federal agencies to take this opportunity to comment on proposed and/or continuing information collections, as required by the Paperwork Reduction Act of 1995, Public Law 104–13 (44 U.S.C. 3506(c)(2)(A). Currently the Bureau of the Public Debt within the Department of the Treasury is soliciting comments concerning the Subscription for purchase of Treasury Securities—State and Local Government Series One-Day Certificates of Indebtedness. DATES: Written comments should be received on or before June 6, 2007, to be assured of consideration. ADDRESSES: Direct all written comments to Bureau of the Public Debt, Vicki S. Thorpe, 200 Third Street, A4–A, Parkersburg, WV 26106–5312, or Vicki.Thorpe@bpd.treas.gov. DATES: pwalker on PROD1PC71 with NOTICES Requests for additional information or copies of the form and instructions should be directed to Vicki S. Thorpe, Bureau of the Public Debt, 200 Third Street, A4–A, Parkersburg, WV 26106– 5312, (304) 480–8150. SUPPLEMENTARY INFORMATION: Title: Request for Redemption of U.S. Treasury Securities State and Local Government Series One-Day Certificates of Indebtedness Demand Deposit. OMB Number: 1535–0083. Form Number: PD F 5238. Abstract: The information is requested to process redemption for State and Local Government entities. Current Actions: None. Type of Review: Extension. Affected Public: State or Local Government. Estimated Number of Respondents: 69. Estimated Time Per Respondent: 3 minutes. Estimated Total Annual Burden Hours: 3. Request for Comments: Comments submitted in response to this notice will be summarized and/or included in the request for OMB approval. All comments will become a matter of public record. Comments are invited on: (a) Whether the collection of information is necessary for the proper performance of the functions of the agency, including whether the information shall have practical utility; (b) the accuracy of the agency’s estimate of the burden of the collection of information; (c) ways to enhance the quality, utility, and clarity of the information to be collected; (d) ways to minimize the burden of the collection of information on respondents, including through the use of automated collection techniques or other forms of information technology; and (e) estimates of capital or start-up costs and costs of operation, maintenance, and purchase of services to provide information. Dated: April 2, 2007. Vicki S. Thorpe, Manager, Graphics, Printing and Records Branch. [FR Doc. E7–6453 Filed 4–5–07; 8:45 am] BILLING CODE 4810–39–P VerDate Aug<31>2005 19:56 Apr 05, 2007 Jkt 211001 Bureau of the Public Debt Proposed Collection: Comment Request Notice and request for comments. ACTION: 17229 comments will become a matter of public record. Comments are invited on: (a) Whether the collection of information is necessary for the proper performance of the functions of the agency, including whether the information shall have practical utility; (b) the accuracy of the agency’s estimate of the burden of the collection of information; (c) ways to enhance the quality, utility, and clarity of the information to be collected; (d) ways to minimize the burden of the collection of information on respondents, including through the use of automated collection techniques or other forms of information technology; and (e) estimates of capital or start-up costs and costs of operation, maintenance, and purchase of services to provide information. Dated: April 2, 2007. Vicki S. Thorpe, Manager, Graphics, Printing and Records Branch. [FR Doc. E7–6454 Filed 4–5–07; 8:45 am] BILLING CODE 4810–39–P DEPARTMENT OF VETERANS AFFAIRS Privacy Act of 1974; System of Records AGENCY: FOR FURTHER INFORMATION CONTACT: Requests for additional information or copies of the form and instructions should be directed to Vicki S. Thorpe, Bureau of the Public Debt, 200 Third Street, A4–A, Parkersburg, WV 26106– 5312, (304) 480–8150. SUPPLEMENTARY INFORMATION: Title: Subscription for Purchase of U.S. Treasury Securities State and Local Government Series One-Day Certificates of Indebtedness. OMB Number: 1535–0082. Form Number: PD F 5237. Abstract: The information is requested to establish an account for State and Local Government entities wishing to purchase Treasury Securities. Current Actions: None. Type of Review: Extension. Affected Public: State or Local Government. Estimated Number of Respondents: 64. Estimated Time Per Respondent: 8 minutes. Estimated Total Annual Burden Hours: 9. Request for Comments: Comments submitted in response to this notice will be summarized and/or included in the request for OMB approval. All Department of Veterans Affairs (VA). ACTION: PO 00000 Frm 00139 Fmt 4703 Sfmt 4703 Notice of amendment to system of records. SUMMARY: As required by the Privacy Act of 1974 (5 U.S.C. 552a(e) notice is hereby given that the Department of Veterans Affairs is amending the system of records currently entitled ‘‘Veterans, Dependents of Veterans, and VA Beneficiary Survey Records (43VA008)’’ as set forth in the Federal Register 65 FR 61022–61025. VA is amending the system by revising the System Name, Categories of Individuals on Whom Records are Maintained in the System; Categories of Records in the System; Authority for Maintenance of the System, Routine Uses of Records Maintained in the System, including Categories of Users and the Purpose of Such Uses, the Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System; System Manager(s); and Record Source Categories. VA is publishing the system notice in its entirety. Comments on this new system of records must be received no later than May 7, 2007. If no public comment is received, the new system of records will become effective May 7, 2007. DATES: E:\FR\FM\06APN1.SGM 06APN1 17230 Federal Register / Vol. 72, No. 66 / Friday, April 6, 2007 / Notices Written comments may be submitted through www.Regulations.gov; by mail or handdelivery to the Director, Regulations Management (00REG), Department of Veterans Affairs, 810 Vermont Ave., NW., Room 1068, Washington, DC 20420; or by fax to (202) 273–9026. Copies of comments received will be available for public inspection in the Office of Regulation Policy and Management, Room 1063B, between the hours of 8 a.m. and 4:30 p.m. Monday through Friday (except holidays) by May 7, 2007. Please call (202) 273–9515 for an appointment. In addition, during the comment period, comments may be viewed online through the Federal Docket Management System. FOR FURTHER INFORMATION CONTACT: Christine Elnitsky, Senior Policy Analyst, Policy Analysis Service, (008A1), U.S. Department of Veterans Affairs, 810 Vermont Avenue, NW., Washington, DC 20420, (202) 273–9179. SUPPLEMENTARY INFORMATION: ADDRESSES: pwalker on PROD1PC71 with NOTICES I. Description of Proposed System of Records The system name is changed from ‘‘Veterans, Dependents of Veterans, and VA Beneficiary Survey Records-VA’’ to ‘‘Veterans, Service Members, Family Members, and VA Beneficiary Survey Records’’ to be consistent with Congress’ intent (as reflected in Pub. L. 108–454, sections 211 and 805) that VA also include service members and families of service members in surveys conducted by VA. The term ‘‘Service Members’’ includes active duty Armed Forces and members of the National Guard and Reserve Force, regardless of whether they are on active duty. The category entitled ‘‘Categories of individuals on whom records are maintained in the system’’ is amended to more accurately reflect the population from which VA may conduct surveys, to include service members and families of service members. VA beneficiaries, such as a spouse from a previous marriage, have and continue to be an included category of individuals. The records covered by the heading entitled ‘‘Categories of records maintained in the system’’ are clarified by providing more details concerning the records contained in some of the categories of records described in the current system of records notice. VA is not adding any new categories of records maintained. VA is amending the authority for maintenance of records in this system to more precisely state that authority and to include statutory authority enacted since the last publication of this system VerDate Aug<31>2005 18:39 Apr 05, 2007 Jkt 211001 notice. Previously, VA cited all of Public Law 103–62 as authority to maintain these records when only the portion codified at 5 U.S.C. section 306 is applicable. The reference to planning in the current and proposed Purposes for this system of records includes (and included) use in VA strategic planning under section 306. VA also is adding sections 211 and 805 of Public Law 108–454 as authority for maintenance of the records in this system of records. VA is amending the Policies and Practices for Storing, Retrieving Accessing, Retaining and Disposing of Records in the System as follows. VA is amending the ‘‘Retrievability’’ and ‘‘Safeguards’’ paragraphs to reflect requirements for protecting the confidentiality of protected health information obtained from the Veterans Health Administration (VHA) in compliance with requirements of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. The amendments to the ‘‘Safeguards’’ paragraph also more fully describe security procedures for protecting the records, as well as procedures adopted since the last publication. VA is amending the retention and disposal paragraph to more fully describe the statutory requirement. VA is amending the system manager paragraph to reflect the change in the agency official responsible for maintaining the system of records. The Department has made minor edits to the System Notice to use plain language, and for grammar and clarity purposes, including changes to routine uses. These changes are not, and are not intended to be, substantive, and consequently, are not further discussed or enumerated. II. Proposed Amendments to Routine Use Disclosures of Data in the System The Agency is adding a preliminary statement before the routine uses clarifying that the routine use disclosure statements in this system of records do not provide authority for VA to disclose individually-identifiable health information protected by 38 U.S.C. 7332, the HIPAA Privacy Rule. This means you must have disclosure authority under 38 U.S.C. 7332, HIPAA, or both, where applicable, before disclosure under any routine use for data covered by these provisions. Further, routine uses are amended to provide consistency with the standards defined by Department of Health and Human Services (HHS) under HIPAA. Routine use number 1 and 2 are subsumed in the new routine use number 4. The combined routine use PO 00000 Frm 00140 Fmt 4703 Sfmt 4703 permits all disclosures previously authorized under the two previous routine uses. Routine use number 3 is renumbered as routine use number 1 and is clarified as to the scope of records that can be disclosed. Routine use number 4 is renumbered as routine use number 2 and is amended to clarify the persons who may receive records under this routine use. VA retains ownership of all individuallyidentifiable records provided under this routine use or created by the recipient pursuant to the agreement underlying this routine use. Recipients of records under this routine use shall be required to comply with the Privacy Act of 1974, as amended, pursuant to 5 U.S.C. 552a(m). OPP will ensure the appropriateness of disclosure of health information to contractors. Safeguards are to be provided in the underlying contract or agreement prohibiting the contractor from using or disclosing the information for any purpose other than that described in the contract or agreement. Routine use number 3 is a new routine use. The routine use states when OPP, on its own initiative, may disclose individually-identifiable information to law enforcement entities for investigations. Routine use number 4 is a new routine use. It provides authority for VA to provide information to other Federal agencies for statutorily permitted or required research and analyses. The routine use also permits VA to disclose limited individually-identified information to another Federal agency where that agency needs the information in order to locate, identify and provide information to OPP for OPP’s purposes provided in this system of records notice. For example, this disclosure would include use in statistical studies such as describing VA’s role in total benefit coverage and forecasting future demand for VA benefits or services or to receive summary business data to study the growth of veteran-owned businesses by area and industry. The privacy requirements and information use safeguards as required by OPP when records are shared with other Federal agencies for their use or for OPP information matching needs are specified. Routine use number 5 is a new routine use. The routine use provides that VA may disclose individuallyidentifiable information about a constituent of a Member of Congress to that Member or his or her staff when the Member is acting on behalf of the constituent at the constituent’s request. E:\FR\FM\06APN1.SGM 06APN1 Federal Register / Vol. 72, No. 66 / Friday, April 6, 2007 / Notices Routine use number 6 is a new routine use that states when the Department may disclose records to the Department of Justice or may itself disclose records in litigation involving the United States. In determining whether to disclose records under this routine use, VA will comply with the guidance promulgated by the Office of Management and Budget in a May 24, 1985, memorandum entitled ‘‘Privacy Act Guidance—Update’’, currently posted at https://www.whitehouse.gov/ omb/inforeg/guidance1985.pdf. Routine use number 7 is a new routine use that states the circumstances, and to whom, VA may disclose records in order to respond to, and minimize possible harm to individuals as a result of a data breach. This routine use is promulgated in order to meet VA’s duties under 38 U.S.C. 5724 and the Privacy Act. III. Compatibility of the Proposed Routine Uses The Privacy act permits VA to disclose information about individuals without their authorization for routine uses when the information will be used for purposes that are compatible with the purposes for which VA collected the information. In all the routine use disclosures described above, either the recipient of the information will use the information in connection with a matter relating to one of VA’s programs, will use the information to provide a benefit to VA, or disclosure is required by law. The notice of intent to publish and an advance copy of the system notice have been sent to the appropriate Congressional committees and to the Director of the Office of Management and Budget (OMBN) as required by 5 U.S.C. 552a(r) (Privacy Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000. Approved: March 22, 2007. Gordon H. Mansfield, Deputy Secretary of Veterans Affairs. 43VA008 SYSTEM NAME: Veterans, Service Members, Family Members, and VA Beneficiary Survey Records. pwalker on PROD1PC71 with NOTICES SYSTEM LOCATION: Computerized records will be maintained at the following computer site locations: VA Austin Automation Center, 1615 Woodward Street, Austin, Texas 78722; VA Central Office, 810 Vermont Avenue, NW., Washington, DC 20420; or with private contractors acting as agents of the VA. Paper records are stored at the Washington National VerDate Aug<31>2005 18:39 Apr 05, 2007 Jkt 211001 Records Center (WNRC) or with private contractors acting as agents of the VA. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: (1) Veterans, (2) Family members of veterans, (3) Military service members, (4) Family members of service members, and (5) Other VA beneficiaries. CATEGORIES OF RECORDS IN THE SYSTEM: The categories of records in the system may include: 1. Personal identifiers (e.g., respondents’ names, addresses, phone numbers, social security numbers, employer identification numbers); 2. Demographic and socioeconomic characteristics (e.g., date of birth, sex, race/ethnicity, education, marital status, employment and earnings, financial information, business ownership information); 3. Military service information (e.g., military occupational specialties, periods of active duty, branch of service including National Guard or Reserves, date of separation, rank); 4. Health status information (e.g., diagnostic, health care utilization, cost, and third-party health plan information); 5. Benefit and service information (e.g., data on transition assistance services, VA medical and other benefit eligibility, awareness, knowledge, understanding, and use; data on access and barriers to VA benefits or services; data about satisfaction with VA outreach, benefits, or services); 6. The records may also include information about DoD military personnel from DoD files (e.g., utilization files that contain inpatient and outpatient medical records, and eligibility files from the Defense Eligibility Enrollment Reporting System (DEERS)); 7. The records may include information on Medicare beneficiaries from Health Care Financing Administration (HCFA) databases (e.g., Denominator file identifies the population being studied; Standard Analytical files on inpatient, outpatient, physician supplier, nursing home, hospice, home care, durable medical equipment; and Group and other Health Plans). AUTHORITY FOR MAINTENANCE OF THE SYSTEM: 5 U.S.C. 306, 38 U.S.C. 527, and Sections 211 and 805 of Public Law 108–454. PURPOSE(S): The purpose of this system of records is to collect data about the PO 00000 Frm 00141 Fmt 4703 Sfmt 4703 17231 characteristics of America’s veteran, service member, family member, and beneficiary population through surveys that may be augmented with information from several existing VA systems of records and with information from non-VA sources to: 1. Conduct statistical studies and analyses relevant to VA programs and services. 2. Plan and improve services provided; 3. Decide about VA policies, programs, and services; 4. Study the VA’s role in the use of VA and non-VA benefits and services; and 5. Study the relationship between the use of VA benefits and services and the use of related benefits and services from non-VA sources. These types of studies are needed for VA to forecast future demand for VA benefits and services. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSE OF SUCH USES: To the extent that records contained in the system include information protected by 45 CFR parts 160 and 164, i.e., individually identifiable health information, and 38 U.S.C. 7332, i.e., medical treatment information related to drug abuse, alcoholism, or alcohol abuse, sickle cell anemia, or infection with the human immunodeficiency virus, that information cannot be disclosed under a routine use unless there is also specific statutory authority in 38 U.S.C. 7332 and regulatory authority in 45 CFR parts 160 and 164 permitting disclosure. 1. Any system records may be disclosed to the National Archives and Records Administration (NARA), and General Services Administration (GSA) for records management inspections conducted under the authority of 44 United States Code. 2. Any system records may be disclosed to individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement for the performance of the services identified in the contract or agreement. The person performing the agreement or contract (or employees of the person) also may disclose records covered by the contract or agreement to any secondary entity or individual to perform an activity necessary to provide to VA the service identified in the contract or agreement as permitted under the contract or agreement. 3. VA may disclose on its own initiative any information in this system, except the names and home addresses of veterans and their E:\FR\FM\06APN1.SGM 06APN1 pwalker on PROD1PC71 with NOTICES 17232 Federal Register / Vol. 72, No. 66 / Friday, April 6, 2007 / Notices dependents, which is relevant to a suspected or reasonably imminent violation of law, whether civil, criminal or regulatory in nature and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, to a Federal, State, local, tribal, or foreign agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule or order. On its own initiative, VA may also disclose the names and addresses of veterans and their dependents to a Federal agency charged with the responsibility of investigating or prosecuting civil, criminal or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, rule or order issued pursuant thereto. 4. Any system records may be disclosed to a Federal agency for the conduct of research and data analysis to perform a statutory purpose of that Federal agency upon the prior written request of that agency, provided that there is legal authority under all applicable confidentiality statutes and regulations to provide the data and OPP has determined prior to the disclosure that OPP data handling requirements are satisfied. OPP may disclose limited individual identification information to another Federal agency for the purpose of matching and acquiring information held by that agency for OPP to use for the purposes stated for this system of records. 5. Any system records may be disclosed to a Member of Congress or to a Congressional staff member in response to an inquiry of the Congressional Office made at the written request of the constituent about whom the record is maintained. 6. VA may disclose information in this system of records to the Department of Justice (DoJ), either on VA’s initiative or in response to DoJ’s request for the information, after either VA or DoJ determines that such information is relevant to DoJ’s representation of the United States or any of its components in legal proceedings before a court or adjudicative body, provided that, in each case, the agency also determines prior to disclosure that disclosure of the records to the Department of Justice is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. VA, on its own initiative, may disclose records in this system of records in legal proceedings before a court or administrative body after determining that the disclosure of the records to the court or administrative body is a use of the information VerDate Aug<31>2005 18:39 Apr 05, 2007 Jkt 211001 contained in the records that is compatible with the purpose for which VA collected the records. 7. VA may, on its own initiative, disclose information when VA reasonably believes that there may have been a data breach with respect to information in the system such that the confidentiality or integrity of information in the system of records may have been compromised to such agencies, entities, and persons who are reasonably necessary to assist in connection with the Department’s efforts to respond to the suspected or confirmed data breach and prevent, minimize, or remedy such harm, including conduct of any risk analysis, or provision of credit protection services as provided in 38 U.S.C. 5724. POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING AND DISPOSING OF RECORDS IN THE SYSTEM STORAGE: VA sensitive information includes health information that is stored on electronic media, laser optical media, on a segregated secure server or in paper form. Electronic media, or laser optical media data are kept locked in a safe when not in immediate use. The data is located in a combination-locked safe which is secured inside a key-accessed room at the U.S. Department of Veterans Affairs, 810 Vermont Avenue, NW., Washington, DC 20420. Information stored on paper is kept locked in file cabinets when not in immediate use. Databases are temporarily placed on a secured server inside a restricted network area for data match purposes only. Information that resides on a segregated server is kept behind cipher locked doors with limited access. Requestors of OPP stored health information within VA, or from external individuals, contractors, organizations, and/or agencies with whom VA has a contract or agreement, must provide an equivalent level of security protection and comply with current VA policies and procedures for storage and transmission as codified in VA directives such as but not limited to VA Directive 6504. RETRIEVABILITY: Health care information is kept separate from individual identifiers. Unique codes are assigned to individual health information. A codebook for decoding is stored in a safe for name, social security number or other assigned identifiers of the individuals on whom they are maintained. These records may be retrieved by name, address, social security number, date of birth, military service number, claim or file number, PO 00000 Frm 00142 Fmt 4703 Sfmt 4703 DoD’s identification numbers, or other personal identifiers. SAFEGUARDS: 1. This list of safeguards furnished in this System of Record is not an exclusive list of measures that has been, or will be, taken to protect individuallyidentifiable information. HIPAA guidelines for protecting health information will be followed by adopting health care industry best practices in order to provide adequate safeguards. Further, VA policy directives that specify the standards that will be applied to protect health information will be reviewed by VA staff and contractors through mandatory data privacy and security training. 2. Access to data storage areas is restricted to authorized VA employee or contract staff who have been cleared to work by the VA Office of Security and Law Enforcement. Health information file areas are locked after normal duty hours. VA facilities are protected from outside access by the Federal Protective Service and/or other security personnel. 3. Access to health information provided by the Veterans Health Administration (VHA) pursuant to a Business Associate Agreement (BAA) is restricted to those OPP employees and contractors who have a need for the information in the performance of their official duties. As a general rule, full sets of health care information are not provided for use unless authorized by the Assistant Secretary. File extracts provided for specific official uses will be limited to contain only the information fields needed for the analysis. Data used for analyses will have individual identifying characteristics removed whenever possible. 4. Security complies with applicable Federal Information Processing Standards (FIPS) issued by the National Institute of Standards and Technology (NIST). Health information files containing unique identifiers such as social security numbers are encrypted to NIST verified FIPS 140–2 standard or higher for storage, transport, or transmission. All files stored or transmitted on laptops, workstations, data storage devices and media are encrypted. Files are kept encrypted at all times except when data is in immediate use. These methods are applied in accordance with HIPAA regulations [45 CFR 164.514] and VA Directive 6504. 5. Contractors and their subcontractors are required to maintain the same level of security as VA staff for health care information that has been disclosed to them. Any data disclosed to E:\FR\FM\06APN1.SGM 06APN1 Federal Register / Vol. 72, No. 66 / Friday, April 6, 2007 / Notices pwalker on PROD1PC71 with NOTICES a contractor or subcontractor to perform authorized analyses requires the use of Data Use Agreements, Non-Disclosure Statements and Business Associates Agreements (BAA’s) to protect health information. Unless explicitly authorized in writing by the VA, sensitive or protected data made available to the contractor and subcontractors shall not be divulged or made known in any manner to any person. Other federal or state agencies requesting health care information need to provide Data Use Agreements to protect data. 6. OPP’s work area is accessed for business-only needs. The data is stored in a combination-protected safe which is secured inside a limited access room. Direct access to the safe is controlled by select individuals who possess background security clearances. Only a few employees with strict business needs or ‘‘need-to-know’’ access and completed background checks will ever handle the data once it is removed from the safe for data match purposes. 7. Data matches are conducted on a secured server which is housed in a restricted access network area with appropriate locking devices. Access to such records are controlled by three measures: The application of a VA security identification card coded with special permissions network area’s key pad; the proper input of a series of individually-unique passwords/codes by a recognized user; and the entrance of those select individuals for the performance of their official information technology-related duties. 8. Access to Automated Data Processing (ADP) files is controlled by using an individually unique password entered in combination with an individually unique user identification code. 9. Access to VA facilities where identification codes, passwords, security profiles and possible security violations are maintained is controlled at all hours by the Federal Protective Service, VA, or other security personnel and security access control devices. VerDate Aug<31>2005 18:39 Apr 05, 2007 Jkt 211001 10. Public use files prepared for purposes of research and analysis are purged of personal identifiers. 11. Paper records, when they exist, are maintained in a locked room at the WNRC. The Federal Protective Service protects paper records from unauthorized access. RETENTION AND DISPOSAL: Records are maintained and disposed of in accordance with the records disposition authority approved by the Archivist of the United States and the National Archives and Records Administration (NARA) and published in Agency Records Control Schedules. If the Archivist has not approved disposition authority for any records covered by the system notice, the System Manager will take immediate action to have the disposition of records in the system reviewed in accordance with VA Handbook 6300.1, Records Management Procedures. The records may not be destroyed until VA obtains an approved records disposition authority. See Records Control Schedule (RCS) 10–1 for further guidance. OPP destroys electronic files when no longer needed for administrative, legal, audit, or other operational purposes. In accordance with title 36 CFR, Section 1234.34, Destruction of Electronic Records, ‘‘electronic records may be destroyed only in accordance with a records disposition schedule approved by the Archivist of the United States, including General Records Schedules.’’ SYSTEM MANAGER(S) AND ADDRESS(ES): Director, Policy Analysis Service (008A1), 810 Vermont Avenue, NW., Washington, DC 20420. NOTIFICATION PROCEDURE: An individual who wants to determine whether the Director, Policy Analysis Service (008A1) is maintaining a record under the individual’s name or other personal identifier or wants to determine the content of such records must submit a written request to the Director, Program Analysis Service (008A1). The individual seeking this information must prove his or her PO 00000 Frm 00143 Fmt 4703 Sfmt 4703 17233 identity and provide the name of the survey in question, approximate date of the survey, social security number, full name, and date of birth, telephone number, and return address. All inquiries must reasonably identify the health care information involved and the approximate date that medical care was provided. RECORDS ACCESS PROCEDURES: Individual seeking information regarding access to and contesting of records maintained by the Office of Policy and Planning under his or her name or other personal identifier may write the System Manager named above and specify the information being requested or contested. CONTESTING RECORD PROCEDURES: (See Records Access Procedures.) RECORDS SOURCE CATEGORIES: Information in this system of records is obtained from survey questionnaire data provided by veterans, veteran family members, military service members, families of service members, or VA beneficiaries in a survey sample and from veterans, family members, military service members, or beneficiaries on specific VA benefit rolls. Information may also be obtained from the Patient Medical Records System (24VA19), the Patient Fee Basis Medical and Pharmacy Records (23VA19); Veterans and Beneficiaries Identification and Records Location Subsystem (38VA23); Compensation, Pension, Education, and Rehabilitation Records (58VA21/22); Health Care Eligibility Center Records (89VA19); DoD utilization files and DEERS files; and HCFA Denominator file or its successor, Standard Analytical files (inpatient, outpatient, physician supplier, nursing home, hospice, home care, durable medical equipment) and Group Health Plan, and other public or private health provider, federal agency, or insurance programs and plans. [FR Doc. E7–6233 Filed 4–5–07; 8:45 am] BILLING CODE 8320–01–P E:\FR\FM\06APN1.SGM 06APN1

Agencies

[Federal Register Volume 72, Number 66 (Friday, April 6, 2007)]
[Notices]
[Pages 17229-17233]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E7-6233]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Department of Veterans Affairs (VA).

ACTION: Notice of amendment to system of records.

-----------------------------------------------------------------------

SUMMARY: As required by the Privacy Act of 1974 (5 U.S.C. 552a(e) 
notice is hereby given that the Department of Veterans Affairs is 
amending the system of records currently entitled ``Veterans, 
Dependents of Veterans, and VA Beneficiary Survey Records (43VA008)'' 
as set forth in the Federal Register 65 FR 61022-61025. VA is amending 
the system by revising the System Name, Categories of Individuals on 
Whom Records are Maintained in the System; Categories of Records in the 
System; Authority for Maintenance of the System, Routine Uses of 
Records Maintained in the System, including Categories of Users and the 
Purpose of Such Uses, the Policies and Practices for Storing, 
Retrieving, Accessing, Retaining, and Disposing of Records in the 
System; System Manager(s); and Record Source Categories. VA is 
publishing the system notice in its entirety.

DATES: Comments on this new system of records must be received no later 
than May 7, 2007. If no public comment is received, the new system of 
records will become effective May 7, 2007.

[[Page 17230]]


ADDRESSES: Written comments may be submitted through 
www.Regulations.gov; by mail or hand-delivery to the Director, 
Regulations Management (00REG), Department of Veterans Affairs, 810 
Vermont Ave., NW., Room 1068, Washington, DC 20420; or by fax to (202) 
273-9026. Copies of comments received will be available for public 
inspection in the Office of Regulation Policy and Management, Room 
1063B, between the hours of 8 a.m. and 4:30 p.m. Monday through Friday 
(except holidays) by May 7, 2007. Please call (202) 273-9515 for an 
appointment. In addition, during the comment period, comments may be 
viewed online through the Federal Docket Management System.

FOR FURTHER INFORMATION CONTACT: Christine Elnitsky, Senior Policy 
Analyst, Policy Analysis Service, (008A1), U.S. Department of Veterans 
Affairs, 810 Vermont Avenue, NW., Washington, DC 20420, (202) 273-9179.

SUPPLEMENTARY INFORMATION:

I. Description of Proposed System of Records

    The system name is changed from ``Veterans, Dependents of Veterans, 
and VA Beneficiary Survey Records-VA'' to ``Veterans, Service Members, 
Family Members, and VA Beneficiary Survey Records'' to be consistent 
with Congress' intent (as reflected in Pub. L. 108-454, sections 211 
and 805) that VA also include service members and families of service 
members in surveys conducted by VA. The term ``Service Members'' 
includes active duty Armed Forces and members of the National Guard and 
Reserve Force, regardless of whether they are on active duty.
    The category entitled ``Categories of individuals on whom records 
are maintained in the system'' is amended to more accurately reflect 
the population from which VA may conduct surveys, to include service 
members and families of service members. VA beneficiaries, such as a 
spouse from a previous marriage, have and continue to be an included 
category of individuals.
    The records covered by the heading entitled ``Categories of records 
maintained in the system'' are clarified by providing more details 
concerning the records contained in some of the categories of records 
described in the current system of records notice. VA is not adding any 
new categories of records maintained.
    VA is amending the authority for maintenance of records in this 
system to more precisely state that authority and to include statutory 
authority enacted since the last publication of this system notice. 
Previously, VA cited all of Public Law 103-62 as authority to maintain 
these records when only the portion codified at 5 U.S.C. section 306 is 
applicable. The reference to planning in the current and proposed 
Purposes for this system of records includes (and included) use in VA 
strategic planning under section 306. VA also is adding sections 211 
and 805 of Public Law 108-454 as authority for maintenance of the 
records in this system of records.
    VA is amending the Policies and Practices for Storing, Retrieving 
Accessing, Retaining and Disposing of Records in the System as follows. 
VA is amending the ``Retrievability'' and ``Safeguards'' paragraphs to 
reflect requirements for protecting the confidentiality of protected 
health information obtained from the Veterans Health Administration 
(VHA) in compliance with requirements of the Health Insurance 
Portability and Accountability Act (HIPAA) Privacy and Security Rules. 
The amendments to the ``Safeguards'' paragraph also more fully describe 
security procedures for protecting the records, as well as procedures 
adopted since the last publication. VA is amending the retention and 
disposal paragraph to more fully describe the statutory requirement.
    VA is amending the system manager paragraph to reflect the change 
in the agency official responsible for maintaining the system of 
records.
    The Department has made minor edits to the System Notice to use 
plain language, and for grammar and clarity purposes, including changes 
to routine uses. These changes are not, and are not intended to be, 
substantive, and consequently, are not further discussed or enumerated.

II. Proposed Amendments to Routine Use Disclosures of Data in the 
System

    The Agency is adding a preliminary statement before the routine 
uses clarifying that the routine use disclosure statements in this 
system of records do not provide authority for VA to disclose 
individually-identifiable health information protected by 38 U.S.C. 
7332, the HIPAA Privacy Rule. This means you must have disclosure 
authority under 38 U.S.C. 7332, HIPAA, or both, where applicable, 
before disclosure under any routine use for data covered by these 
provisions. Further, routine uses are amended to provide consistency 
with the standards defined by Department of Health and Human Services 
(HHS) under HIPAA.
    Routine use number 1 and 2 are subsumed in the new routine use 
number 4. The combined routine use permits all disclosures previously 
authorized under the two previous routine uses.
    Routine use number 3 is renumbered as routine use number 1 and is 
clarified as to the scope of records that can be disclosed.
    Routine use number 4 is renumbered as routine use number 2 and is 
amended to clarify the persons who may receive records under this 
routine use. VA retains ownership of all individually-identifiable 
records provided under this routine use or created by the recipient 
pursuant to the agreement underlying this routine use. Recipients of 
records under this routine use shall be required to comply with the 
Privacy Act of 1974, as amended, pursuant to 5 U.S.C. 552a(m). OPP will 
ensure the appropriateness of disclosure of health information to 
contractors. Safeguards are to be provided in the underlying contract 
or agreement prohibiting the contractor from using or disclosing the 
information for any purpose other than that described in the contract 
or agreement.
    Routine use number 3 is a new routine use. The routine use states 
when OPP, on its own initiative, may disclose individually-identifiable 
information to law enforcement entities for investigations.
    Routine use number 4 is a new routine use. It provides authority 
for VA to provide information to other Federal agencies for statutorily 
permitted or required research and analyses. The routine use also 
permits VA to disclose limited individually-identified information to 
another Federal agency where that agency needs the information in order 
to locate, identify and provide information to OPP for OPP's purposes 
provided in this system of records notice. For example, this disclosure 
would include use in statistical studies such as describing VA's role 
in total benefit coverage and forecasting future demand for VA benefits 
or services or to receive summary business data to study the growth of 
veteran-owned businesses by area and industry. The privacy requirements 
and information use safeguards as required by OPP when records are 
shared with other Federal agencies for their use or for OPP information 
matching needs are specified.
    Routine use number 5 is a new routine use. The routine use provides 
that VA may disclose individually-identifiable information about a 
constituent of a Member of Congress to that Member or his or her staff 
when the Member is acting on behalf of the constituent at the 
constituent's request.

[[Page 17231]]

    Routine use number 6 is a new routine use that states when the 
Department may disclose records to the Department of Justice or may 
itself disclose records in litigation involving the United States. In 
determining whether to disclose records under this routine use, VA will 
comply with the guidance promulgated by the Office of Management and 
Budget in a May 24, 1985, memorandum entitled ``Privacy Act Guidance--
Update'', currently posted at https://www.whitehouse.gov/omb/inforeg/
guidance1985.pdf.
    Routine use number 7 is a new routine use that states the 
circumstances, and to whom, VA may disclose records in order to respond 
to, and minimize possible harm to individuals as a result of a data 
breach. This routine use is promulgated in order to meet VA's duties 
under 38 U.S.C. 5724 and the Privacy Act.

III. Compatibility of the Proposed Routine Uses

    The Privacy act permits VA to disclose information about 
individuals without their authorization for routine uses when the 
information will be used for purposes that are compatible with the 
purposes for which VA collected the information. In all the routine use 
disclosures described above, either the recipient of the information 
will use the information in connection with a matter relating to one of 
VA's programs, will use the information to provide a benefit to VA, or 
disclosure is required by law.
    The notice of intent to publish and an advance copy of the system 
notice have been sent to the appropriate Congressional committees and 
to the Director of the Office of Management and Budget (OMBN) as 
required by 5 U.S.C. 552a(r) (Privacy Act) and guidelines issued by OMB 
(65 FR 77677), December 12, 2000.

    Approved: March 22, 2007.
Gordon H. Mansfield,
Deputy Secretary of Veterans Affairs.
43VA008

SYSTEM NAME:
    Veterans, Service Members, Family Members, and VA Beneficiary 
Survey Records.

SYSTEM LOCATION:
    Computerized records will be maintained at the following computer 
site locations: VA Austin Automation Center, 1615 Woodward Street, 
Austin, Texas 78722; VA Central Office, 810 Vermont Avenue, NW., 
Washington, DC 20420; or with private contractors acting as agents of 
the VA. Paper records are stored at the Washington National Records 
Center (WNRC) or with private contractors acting as agents of the VA.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    (1) Veterans,
    (2) Family members of veterans,
    (3) Military service members,
    (4) Family members of service members, and
    (5) Other VA beneficiaries.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The categories of records in the system may include:
    1. Personal identifiers (e.g., respondents' names, addresses, phone 
numbers, social security numbers, employer identification numbers);
    2. Demographic and socioeconomic characteristics (e.g., date of 
birth, sex, race/ethnicity, education, marital status, employment and 
earnings, financial information, business ownership information);
    3. Military service information (e.g., military occupational 
specialties, periods of active duty, branch of service including 
National Guard or Reserves, date of separation, rank);
    4. Health status information (e.g., diagnostic, health care 
utilization, cost, and third-party health plan information);
    5. Benefit and service information (e.g., data on transition 
assistance services, VA medical and other benefit eligibility, 
awareness, knowledge, understanding, and use; data on access and 
barriers to VA benefits or services; data about satisfaction with VA 
outreach, benefits, or services);
    6. The records may also include information about DoD military 
personnel from DoD files (e.g., utilization files that contain 
inpatient and outpatient medical records, and eligibility files from 
the Defense Eligibility Enrollment Reporting System (DEERS));
    7. The records may include information on Medicare beneficiaries 
from Health Care Financing Administration (HCFA) databases (e.g., 
Denominator file identifies the population being studied; Standard 
Analytical files on inpatient, outpatient, physician supplier, nursing 
home, hospice, home care, durable medical equipment; and Group and 
other Health Plans).

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 306, 38 U.S.C. 527, and Sections 211 and 805 of Public Law 
108-454.

PURPOSE(S):
    The purpose of this system of records is to collect data about the 
characteristics of America's veteran, service member, family member, 
and beneficiary population through surveys that may be augmented with 
information from several existing VA systems of records and with 
information from non-VA sources to:
    1. Conduct statistical studies and analyses relevant to VA programs 
and services.
    2. Plan and improve services provided;
    3. Decide about VA policies, programs, and services;
    4. Study the VA's role in the use of VA and non-VA benefits and 
services; and
    5. Study the relationship between the use of VA benefits and 
services and the use of related benefits and services from non-VA 
sources. These types of studies are needed for VA to forecast future 
demand for VA benefits and services.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSE OF SUCH USES:
    To the extent that records contained in the system include 
information protected by 45 CFR parts 160 and 164, i.e., individually 
identifiable health information, and 38 U.S.C. 7332, i.e., medical 
treatment information related to drug abuse, alcoholism, or alcohol 
abuse, sickle cell anemia, or infection with the human immunodeficiency 
virus, that information cannot be disclosed under a routine use unless 
there is also specific statutory authority in 38 U.S.C. 7332 and 
regulatory authority in 45 CFR parts 160 and 164 permitting disclosure.
    1. Any system records may be disclosed to the National Archives and 
Records Administration (NARA), and General Services Administration 
(GSA) for records management inspections conducted under the authority 
of 44 United States Code.
    2. Any system records may be disclosed to individuals, 
organizations, private or public agencies, or other entities or 
individuals with whom VA has a contract or agreement for the 
performance of the services identified in the contract or agreement. 
The person performing the agreement or contract (or employees of the 
person) also may disclose records covered by the contract or agreement 
to any secondary entity or individual to perform an activity necessary 
to provide to VA the service identified in the contract or agreement as 
permitted under the contract or agreement.
    3. VA may disclose on its own initiative any information in this 
system, except the names and home addresses of veterans and their

[[Page 17232]]

dependents, which is relevant to a suspected or reasonably imminent 
violation of law, whether civil, criminal or regulatory in nature and 
whether arising by general or program statute or by regulation, rule or 
order issued pursuant thereto, to a Federal, State, local, tribal, or 
foreign agency charged with the responsibility of investigating or 
prosecuting such violation, or charged with enforcing or implementing 
the statute, regulation, rule or order. On its own initiative, VA may 
also disclose the names and addresses of veterans and their dependents 
to a Federal agency charged with the responsibility of investigating or 
prosecuting civil, criminal or regulatory violations of law, or charged 
with enforcing or implementing the statute, regulation, rule or order 
issued pursuant thereto.
    4. Any system records may be disclosed to a Federal agency for the 
conduct of research and data analysis to perform a statutory purpose of 
that Federal agency upon the prior written request of that agency, 
provided that there is legal authority under all applicable 
confidentiality statutes and regulations to provide the data and OPP 
has determined prior to the disclosure that OPP data handling 
requirements are satisfied. OPP may disclose limited individual 
identification information to another Federal agency for the purpose of 
matching and acquiring information held by that agency for OPP to use 
for the purposes stated for this system of records.
    5. Any system records may be disclosed to a Member of Congress or 
to a Congressional staff member in response to an inquiry of the 
Congressional Office made at the written request of the constituent 
about whom the record is maintained.
    6. VA may disclose information in this system of records to the 
Department of Justice (DoJ), either on VA's initiative or in response 
to DoJ's request for the information, after either VA or DoJ determines 
that such information is relevant to DoJ's representation of the United 
States or any of its components in legal proceedings before a court or 
adjudicative body, provided that, in each case, the agency also 
determines prior to disclosure that disclosure of the records to the 
Department of Justice is a use of the information contained in the 
records that is compatible with the purpose for which VA collected the 
records. VA, on its own initiative, may disclose records in this system 
of records in legal proceedings before a court or administrative body 
after determining that the disclosure of the records to the court or 
administrative body is a use of the information contained in the 
records that is compatible with the purpose for which VA collected the 
records.
    7. VA may, on its own initiative, disclose information when VA 
reasonably believes that there may have been a data breach with respect 
to information in the system such that the confidentiality or integrity 
of information in the system of records may have been compromised to 
such agencies, entities, and persons who are reasonably necessary to 
assist in connection with the Department's efforts to respond to the 
suspected or confirmed data breach and prevent, minimize, or remedy 
such harm, including conduct of any risk analysis, or provision of 
credit protection services as provided in 38 U.S.C. 5724.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING 
AND DISPOSING OF RECORDS IN THE SYSTEM
STORAGE:
    VA sensitive information includes health information that is stored 
on electronic media, laser optical media, on a segregated secure server 
or in paper form. Electronic media, or laser optical media data are 
kept locked in a safe when not in immediate use. The data is located in 
a combination-locked safe which is secured inside a key-accessed room 
at the U.S. Department of Veterans Affairs, 810 Vermont Avenue, NW., 
Washington, DC 20420. Information stored on paper is kept locked in 
file cabinets when not in immediate use. Databases are temporarily 
placed on a secured server inside a restricted network area for data 
match purposes only. Information that resides on a segregated server is 
kept behind cipher locked doors with limited access. Requestors of OPP 
stored health information within VA, or from external individuals, 
contractors, organizations, and/or agencies with whom VA has a contract 
or agreement, must provide an equivalent level of security protection 
and comply with current VA policies and procedures for storage and 
transmission as codified in VA directives such as but not limited to VA 
Directive 6504.

RETRIEVABILITY:
    Health care information is kept separate from individual 
identifiers. Unique codes are assigned to individual health 
information. A codebook for decoding is stored in a safe for name, 
social security number or other assigned identifiers of the individuals 
on whom they are maintained. These records may be retrieved by name, 
address, social security number, date of birth, military service 
number, claim or file number, DoD's identification numbers, or other 
personal identifiers.

SAFEGUARDS:
    1. This list of safeguards furnished in this System of Record is 
not an exclusive list of measures that has been, or will be, taken to 
protect individually-identifiable information. HIPAA guidelines for 
protecting health information will be followed by adopting health care 
industry best practices in order to provide adequate safeguards. 
Further, VA policy directives that specify the standards that will be 
applied to protect health information will be reviewed by VA staff and 
contractors through mandatory data privacy and security training.
    2. Access to data storage areas is restricted to authorized VA 
employee or contract staff who have been cleared to work by the VA 
Office of Security and Law Enforcement. Health information file areas 
are locked after normal duty hours. VA facilities are protected from 
outside access by the Federal Protective Service and/or other security 
personnel.
    3. Access to health information provided by the Veterans Health 
Administration (VHA) pursuant to a Business Associate Agreement (BAA) 
is restricted to those OPP employees and contractors who have a need 
for the information in the performance of their official duties. As a 
general rule, full sets of health care information are not provided for 
use unless authorized by the Assistant Secretary. File extracts 
provided for specific official uses will be limited to contain only the 
information fields needed for the analysis. Data used for analyses will 
have individual identifying characteristics removed whenever possible.
    4. Security complies with applicable Federal Information Processing 
Standards (FIPS) issued by the National Institute of Standards and 
Technology (NIST). Health information files containing unique 
identifiers such as social security numbers are encrypted to NIST 
verified FIPS 140-2 standard or higher for storage, transport, or 
transmission. All files stored or transmitted on laptops, workstations, 
data storage devices and media are encrypted. Files are kept encrypted 
at all times except when data is in immediate use. These methods are 
applied in accordance with HIPAA regulations [45 CFR 164.514] and VA 
Directive 6504.
    5. Contractors and their subcontractors are required to maintain 
the same level of security as VA staff for health care information that 
has been disclosed to them. Any data disclosed to

[[Page 17233]]

a contractor or subcontractor to perform authorized analyses requires 
the use of Data Use Agreements, Non-Disclosure Statements and Business 
Associates Agreements (BAA's) to protect health information. Unless 
explicitly authorized in writing by the VA, sensitive or protected data 
made available to the contractor and subcontractors shall not be 
divulged or made known in any manner to any person. Other federal or 
state agencies requesting health care information need to provide Data 
Use Agreements to protect data.
    6. OPP's work area is accessed for business-only needs. The data is 
stored in a combination-protected safe which is secured inside a 
limited access room. Direct access to the safe is controlled by select 
individuals who possess background security clearances. Only a few 
employees with strict business needs or ``need-to-know'' access and 
completed background checks will ever handle the data once it is 
removed from the safe for data match purposes.
    7. Data matches are conducted on a secured server which is housed 
in a restricted access network area with appropriate locking devices. 
Access to such records are controlled by three measures: The 
application of a VA security identification card coded with special 
permissions network area's key pad; the proper input of a series of 
individually-unique passwords/codes by a recognized user; and the 
entrance of those select individuals for the performance of their 
official information technology-related duties.
    8. Access to Automated Data Processing (ADP) files is controlled by 
using an individually unique password entered in combination with an 
individually unique user identification code.
    9. Access to VA facilities where identification codes, passwords, 
security profiles and possible security violations are maintained is 
controlled at all hours by the Federal Protective Service, VA, or other 
security personnel and security access control devices.
    10. Public use files prepared for purposes of research and analysis 
are purged of personal identifiers.
    11. Paper records, when they exist, are maintained in a locked room 
at the WNRC. The Federal Protective Service protects paper records from 
unauthorized access.

RETENTION AND DISPOSAL:
    Records are maintained and disposed of in accordance with the 
records disposition authority approved by the Archivist of the United 
States and the National Archives and Records Administration (NARA) and 
published in Agency Records Control Schedules. If the Archivist has not 
approved disposition authority for any records covered by the system 
notice, the System Manager will take immediate action to have the 
disposition of records in the system reviewed in accordance with VA 
Handbook 6300.1, Records Management Procedures. The records may not be 
destroyed until VA obtains an approved records disposition authority. 
See Records Control Schedule (RCS) 10-1 for further guidance. OPP 
destroys electronic files when no longer needed for administrative, 
legal, audit, or other operational purposes. In accordance with title 
36 CFR, Section 1234.34, Destruction of Electronic Records, 
``electronic records may be destroyed only in accordance with a records 
disposition schedule approved by the Archivist of the United States, 
including General Records Schedules.''

SYSTEM MANAGER(S) AND ADDRESS(ES):
    Director, Policy Analysis Service (008A1), 810 Vermont Avenue, NW., 
Washington, DC 20420.

NOTIFICATION PROCEDURE:
    An individual who wants to determine whether the Director, Policy 
Analysis Service (008A1) is maintaining a record under the individual's 
name or other personal identifier or wants to determine the content of 
such records must submit a written request to the Director, Program 
Analysis Service (008A1). The individual seeking this information must 
prove his or her identity and provide the name of the survey in 
question, approximate date of the survey, social security number, full 
name, and date of birth, telephone number, and return address. All 
inquiries must reasonably identify the health care information involved 
and the approximate date that medical care was provided.

RECORDS ACCESS PROCEDURES:
    Individual seeking information regarding access to and contesting 
of records maintained by the Office of Policy and Planning under his or 
her name or other personal identifier may write the System Manager 
named above and specify the information being requested or contested.

CONTESTING RECORD PROCEDURES:
    (See Records Access Procedures.)

RECORDS SOURCE CATEGORIES:
    Information in this system of records is obtained from survey 
questionnaire data provided by veterans, veteran family members, 
military service members, families of service members, or VA 
beneficiaries in a survey sample and from veterans, family members, 
military service members, or beneficiaries on specific VA benefit 
rolls. Information may also be obtained from the Patient Medical 
Records System (24VA19), the Patient Fee Basis Medical and Pharmacy 
Records (23VA19); Veterans and Beneficiaries Identification and Records 
Location Subsystem (38VA23); Compensation, Pension, Education, and 
Rehabilitation Records (58VA21/22); Health Care Eligibility Center 
Records (89VA19); DoD utilization files and DEERS files; and HCFA 
Denominator file or its successor, Standard Analytical files 
(inpatient, outpatient, physician supplier, nursing home, hospice, home 
care, durable medical equipment) and Group Health Plan, and other 
public or private health provider, federal agency, or insurance 
programs and plans.

[FR Doc. E7-6233 Filed 4-5-07; 8:45 am]
BILLING CODE 8320-01-P