Privacy Act of 1974, 46130-46133 [E7-16046]

Download as PDF 46130 Federal Register / Vol. 72, No. 158 / Thursday, August 16, 2007 / Notices DEPARTMENT OF THE TREASURY Internal Revenue Service Proposed Collection; Comment Request for Form 8867 Internal Revenue Service (IRS), Treasury. ACTION: Notice and request for comments. AGENCY: SUMMARY: The Department of the Treasury, as part of its continuing effort to reduce paperwork and respondent burden, invites the general public and other Federal agencies to take this opportunity to comment on proposed and/or continuing information collections, as required by the Paperwork Reduction Act of 1995, Public Law 104–13 (44 U.S.C. 3506(c)(2)(A)). Currently, the IRS is soliciting comments concerning Form 8867, Paid Preparer’s Earned Income Credit Checklist. DATES: Written comments should be received on or before October 15, 2007 to be assured of consideration. ADDRESSES: Direct all written comments to R. Joseph Durbala, Internal Revenue Service, room 6512, 1111 Constitution Avenue, NW., Washington, DC 20224. FOR FURTHER INFORMATION CONTACT: Requests for additional information or copies of the form and instructions should be directed to Larnice Mack at Internal Revenue Service, room 6512, 1111 Constitution Avenue, NW., Washington, DC 20224, or at (202) 622– 3179, or through the Internet at (Larnice.Mack@irs.gov). rwilkins on PROD1PC63 with NOTICES SUPPLEMENTARY INFORMATION: Title: Paid Preparer’s Earned Income Credit Checklist. OMB Number: 1545–1629. Form Number: 8867. Abstract: Form 8867 helps preparers meet the due diligence requirements of Internal Revenue Code section 6695(g), which was added by section 1085(a)(2) of the Taxpayer Relief Act of 1997. Paid preparers of Federal Income tax returns or claims for refund involving the earned income credit (EIC) must meet the due diligence requirements in determining if the taxpayer is eligible for the RIC and the amount of the credit. Failure to do so could result in a $100 penalty for each failure. Completion of Form 8867 is one of the due diligence requirements. Current Actions: There are no changes being made to the form at this time. Type of Review: Extension of a currently approved collection. Affected Public: Business or other forprofit organizations. VerDate Aug<31>2005 17:27 Aug 15, 2007 Jkt 211001 Estimated Number of Responses: 8,368,447. Estimated Time per Respondent: 1 hour, 20 minutes. Estimated Total Annual Burden Hours: 11,130,035. The following paragraph applies to all of the collections of information covered by this notice: An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless the collection of information displays a valid OMB control number. Books or records relating to a collection of information must be retained as long as their contents may become material in the administration of any internal revenue law. Generally, tax returns and tax return information are confidential, as required by 26 U.S.C. 6103. Request for Comments: Comments submitted in response to this notice will be summarized and/or included in the request for OMB approval. All comments will become a matter of public record. Comments are invited on: (a) Whether the collection of information is necessary for the proper performance of the functions of the agency, including whether the information shall have practical utility; (b) the accuracy of the agency’s estimate of the burden of the collection of information; (c) ways to enhance the quality, utility, and clarity of the information to be collected; (d) ways to minimize the burden of the collection of information on respondents, including through the use of automated collection techniques or other forms of information technology; and (e) estimates of capital or start-up costs and costs of operation, maintenance, and purchase of services to provide information. Approved: August 1, 2007. R. Joseph Durbala, IRS Reports Clearance Officer. [FR Doc. E7–16083 Filed 8–15–07; 8:45 am] BILLING CODE 4830–01–P DEPARTMENT OF VETERANS AFFAIRS Privacy Act of 1974 AGENCY: Department of Veterans Affairs (VA). Notice of amendment to system of records. ACTION: SUMMARY: The Privacy Act of 1974 (5 U.S.C. 552a(e)(4)) requires that all agencies publish in the Federal Register a notice of the existence and character of their system of records. Notice is hereby given that VA is amending the PO 00000 Frm 00099 Fmt 4703 Sfmt 4703 system of records entitled ‘‘Consolidated Data Information SystemVA’’ (97VA105) as set forth in the Federal Register 66 FR 3650–3653 dated January 16, 2001. VA is amending the system by revising the System Location, Categories of Records Maintained in the System, Purpose(s), Routine Uses of Records Maintained in the System, Retention and Disposal, System Manager and Record Source Categories. VA is republishing the system notice in its entirety. DATES: Comments on the amendment of this system of records must be received no later than September 17, 2007. If no public comment is received, the amended system will become effective September 17, 2007. ADDRESSES: Written comments may be submitted through https:// www.Regulations.gov; by mail or handdelivery to the Director, Regulations Management (00REG), Department of Veterans Affairs, 810 Vermont Ave., NW., Room 1068, Washington, DC 20420; or by fax to (202) 273–9026. Copies of comments received will be available for public inspection in the Office of Regulation Policy and Management, Room 1063B, between the hours of 8 a.m. and 4:30 p.m. Monday through Friday (except holidays). Please call (202) 273–9515 for an appointment. In addition, during the comment period, comments may be viewed online through the Federal Docket Management System (FDMS). FOR FURTHER INFORMATION CONTACT: Stephania H. Putt, Veterans Health Administration (VHA) Privacy Officer (19F2), Department of Veterans Affairs, 810 Vermont Avenue, NW., Washington, DC 20420, (727) 320–1839. SUPPLEMENTARY INFORMATION: Under section 527 of Title 38, U.S.C., and the Government Performance and Results Act of 1993, Public Law 103–62, VA is required to measure and evaluate, on an ongoing basis, the effectiveness of VA benefit programs and services. In performing this required function, VA must collect, collate and analyze full statistical data regarding participation, provision of services, categories of beneficiaries, and planning of expenditures for all VA programs. This combined database is necessary for the Veterans Health Administration (VHA) to accurately and timely assess the current health care usage by the patient population served by VA, to forecast future demand for VA medical care by individuals currently eligible for service by VA medical facilities, and to understand the numerous implications of cross-usage between VA and non-VA health care systems. E:\FR\FM\16AUN1.SGM 16AUN1 rwilkins on PROD1PC63 with NOTICES Federal Register / Vol. 72, No. 158 / Thursday, August 16, 2007 / Notices As VA has widened its scope of the Centers for Medicare and Medicaid Services (CMS) data usage and further centralized the source of data in order to improve efficiency and protect privacy/security of data elements, it was necessary to implement changes to the management and use of these records. A summary of these changes follows: 1. The purpose of this system of records has been revised to add the need to use the records and information for audit and evaluation of Department programs, for determinations of eligibility for benefits and for research as defined by Common Rule. 2. The records are now maintained and retained at the primary and secondary VA recipient CMS data site locations listed in Appendix 5. 3. Under Categories of Records information from the Persian Gulf registry has been added and the types of CMS records maintained now includes health care utilization, demographic, enrollment, and survey/assessment files including veteran and non-veteran data. In addition, information on veterans enrolled for VA health care who have participated in the periodic ‘‘VHA Survey of Veteran Enrollees’ Health and Reliance Upon VA’’ is now included in the system. 4. System Manager and Address was updated to reflect: Manager, Medicare and Medicaid Analysis Center, 100 Grandview Rd., Suite 114, Braintree, MA 02184. Under section 264, Subtitle F of Title II of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Public Law 104–191, 100 STAT. 1936, 2033–34 (1996), the United States Department of Health and Human Services (HHS) published a final rule, as amended, establishing Standards for Privacy of Individually-Identifiable Health Information, 45 CFR Parts 160 and 164. VHA may not disclose individually-identifiable health information (as defined in HIPAA and the Privacy Rule, 42 U.S.C. 1320(d)(6) and 45 CFR 164.501) pursuant to a routine use unless either: (a) The disclosure is required by law, or (b) the disclosure is also permitted or required by the HHS Privacy Rule. The disclosures of individually-identifiable health information contemplated in the routine uses published in this amended system of records notice are permitted under the Privacy Rule or required by law. However, to also have authority to make such disclosures under the Privacy Act, VA must publish these routine uses. Consequently, VA is adding a preliminary paragraph to the routine uses portion of the system of records notice stating that any VerDate Aug<31>2005 17:27 Aug 15, 2007 Jkt 211001 disclosure pursuant to the routine uses in this system of records notice must be either required by law or permitted by the Privacy Rule before VHA may disclosed the covered information. VA is also proposing to amend the following routine use disclosures of information maintained in the system: • Routine use 3 has been amended in its entirety. On its own initiative, the VA may disclose information, except for the names and home addresses of veterans and their dependents, to a Federal, State, local, tribal or foreign agency charged with the responsibility of investigating or prosecuting civil, criminal or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, rule or order issued pursuant thereto. On its own initiative, the VA may also disclose the names and addresses of veterans and their dependents to a Federal agency charged with the responsibility of investigating or prosecuting civil, criminal or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, rule or order issued pursuant thereto. • Routine uses 4, 5, 7, and 8 have revised for ease of readability and clarification. VA is also proposing to add the following routine use disclosure of information maintained in the system: • Routine use 9 was added to disclose to appropriate agencies, entities, and persons under the following circumstances: When (1) It is suspected or confirmed that the security or confidentiality of information in the system of records has been compromised; (2) the Department has determined that as a result of the suspected or confirmed compromise there is a risk of embarrassment or harm to the reputations of the record subjects, harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by the Department or another agency or entity) that rely upon the compromised information; and (3) the disclosure is made to such agencies, entities, and persons who are reasonably necessary to assist in connection with the Department’s efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. The Privacy Act permits VA to disclose information about individuals without their prior written consent for a routine use when the information will be used for a purpose that is compatible with the purpose for which we collected the information. In all of the routine use PO 00000 Frm 00100 Fmt 4703 Sfmt 4703 46131 disclosures described above, the recipient of the information will use the information in connection with a matter relating to one of VA’s programs, will use the information to provide a benefit to VA, or disclosure is required by law. The Report of Intent to Publish an Amended System of Records Notice and an advance copy of the system notice have been sent to the appropriate Congressional committees and to the Director of Office of Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000. Approved: August 1, 2007. Gordon H. Mansfield, Deputy Secretary of Veterans Affairs. 97VA105 SYSTEM NAME: Consolidated Data Information System-VA. SYSTEM LOCATION(S): Records will be maintained at primary and secondary Department of Veteran Affairs (VA) recipient sites for the Centers for Medicare & Medicaid Services (CMS) data (see VA Appendix 5). CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Records include information concerning veterans, their spouses and their dependents, family members, active duty military personnel, and individuals who are not VA beneficiaries, but who receive health care services from the Veterans Health Administration (VHA). CATEGORIES OF RECORDS IN THE SYSTEM: Categories of records in the system will include veterans’ names, addresses, dates of birth, VA claim numbers, social security numbers (SSNs), and military service information; medical benefit application and eligibility information; code sheets and follow-up notes; sociological, diagnostic, counseling, rehabilitation, drug and alcohol, dietetic, medical, surgical, dental, psychological, and/or psychiatric medical information; prosthetic, pharmacy, nuclear medicine, social work, clinical laboratory and radiology information; patient scheduling information; family information such as next of kin, spouse and dependents’ names, addresses, social security numbers and dates of birth; family medical history; employment information; financial information; third-party health plan information; information related to registry systems, E:\FR\FM\16AUN1.SGM 16AUN1 46132 Federal Register / Vol. 72, No. 158 / Thursday, August 16, 2007 / Notices such as Ionizing Radiation, Gulf War and Agent Orange; date of death; VA claim and insurance file numbers; travel benefits information; military decorations; disability or pension payment information; amount of indebtedness arising from 38 U.S.C. benefits; medical and dental treatment in the Armed Forces and claim information; applications for compensation, pension, education and rehabilitation benefits; information related to incarceration in a penal institution; medication profile such as name, quantity, prescriber, dosage, manufacturer, lot number, cost and administration instruction; pharmacy dispensing information such as pharmacy name and address. The records will include information on the Department of Defense (DoD) military personnel from two categories of DoD files: (1) Utilization files that contain inpatient and outpatient records, and (2) eligibility files from the Defense Eligibility Enrollment Reporting System (DEERS) containing data on all military personnel including those discharged from the Armed Services since 1972. The records will include information on Medicare beneficiaries from CMS databases including: Health care usage, demographic, enrollment, and survey/ assessment files including veteran and non-veteran data. The records include information on Medicaid beneficiaries’ utilization and enrollment from State databases. The records will include information on veterans enrolled for VA health care who have participated in the periodic ‘‘VHA Survey of Veteran Enrollees’’ Health and Reliance Upon VA.’’ AUTHORITY FOR MAINTENANCE OF THE SYSTEM: Section 527 of 38 U.S.C. and the Government Performance and Results Act of 1993, Public Law 103–62. PURPOSE(S): rwilkins on PROD1PC63 with NOTICES The purpose of this system of records is to conduct statistical studies and analyses which will support the formulation of Departmental policies and plans by identifying the total current health care usage of the VA patient population. The records and information may be used by VA for audit and evaluation of Department programs and for determinations of eligibility for benefits. The information may be used to conduct research. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSE OF SUCH USES: VA may disclose protected health information pursuant to the following VerDate Aug<31>2005 17:27 Aug 15, 2007 Jkt 211001 routine uses where required by law, or required or permitted by 45 CFR Parts 160 and 164. 1. Disclosure of identifying information, such as names, SSNs, demographic and utilization data, may be made to Federal, State, local, or tribal agencies such as the DoD, CMS, and Medicare Payment Advisory Commission (MedPAC), as part of statistical matching programs for the purpose of better identifying the total current health care usage of the patient population served by VA in order to forecast future demand for VA medical care by VA medical facilities. 2. Disclosure may be made to Federal, State, local, and tribal government agencies and national health organizations in order to assist in the development of programs that will be beneficial to claimants and assure that they are receiving all benefits to which they are entitled. 3. VA may disclose on its own initiative any information in this system, except the names and home addresses of veterans and their dependents, which is relevant to a suspected or reasonably imminent violation of law, whether civil, criminal or regulatory in nature and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, to a Federal, State, local, tribal, or foreign agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule or order. On its own initiative, VA may also disclose the names and addresses of veterans and their dependents to a Federal agency charged with the responsibility of investigating or prosecuting civil, criminal or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, rule or order issued pursuant thereto. 4. Disclosure may be made, excluding name and address (unless name and address are furnished by the requestor) for research purposes determined to be necessary and proper, to epidemiological and other research facilities approved by the System Manager or the Under Secretary for Health, or designee. 5. Any record in the system records may be disclosed to a Federal agency for the conduct of research and data analysis to perform a statutory purpose of that Federal agency upon the prior written request of that agency, provided that there is legal authority under all applicable confidentiality statutes and regulations to provide the data and the VHA Medicare and Medicaid Analysis Center (MAC) has determined prior to PO 00000 Frm 00101 Fmt 4703 Sfmt 4703 the disclosure that VA data handling requirements are satisfied. MAC may disclose limited individual identification information to another Federal agency for the purpose of matching and acquiring information held by that agency for MAC to use for the purposes stated for this system of records. 6. Disclosure may be made to National Archives and Records Administration (NARA), General Services Administration (GSA) in records management inspections conducted under authority of 44 U.S.C. 7. VA may disclose information in this system of records to the Department of Justice (DoJ), either on VA’s initiative or in response to DoJ’s request for the information, after either VA or DoJ determines that such information is relevant to DoJ’s representation of the United States or any of its components in legal proceedings before a court or adjudicative body, provided that, in each case, the agency also determines prior to disclosure that disclosure of the records to the Department of Justice is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. VA, on its own initiative, may disclose records in this system of records in legal proceedings before a court or administrative body after determining that the disclosure of the records to the court or administrative body is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. 8. Disclosure may be made to individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to perform such services as VA may deem practicable for the purposes of laws administered by VA, in order for the contractor, subcontractor, public or private agency, or other entity or individual with whom VA has an agreement or contract to perform the services of the contract or agreement. This routine use includes disclosures by the individual or entity performing the service for VA to any secondary entity or individual to perform an activity that is necessary for individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to provide the service to VA. 9. Any records may be disclosed to appropriate agencies, entities, and persons under the following circumstances: When (1) It is suspected or confirmed that the security or confidentiality of information in the E:\FR\FM\16AUN1.SGM 16AUN1 Federal Register / Vol. 72, No. 158 / Thursday, August 16, 2007 / Notices system of records has been compromised; (2) the Department has determined that as a result of the suspected or confirmed compromise there is a risk of embarrassment or harm to the reputations of the record subjects, harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by the Department or another agency or entity) that rely upon the compromised information; and (3) the disclosure is made to such agencies, entities, and persons who are reasonably necessary to assist in connection with the Department’s efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING AND DISPOSING OF RECORDS IN THE SYSTEM: STORAGE: Data are maintained on magnetic tape, disk, or laser optical media. RETRIEVABILITY: Records may be retrieved by name, name and one or more criteria (e.g., dates of birth, death and service), SSN or VA claim number. SAFEGUARDS: rwilkins on PROD1PC63 with NOTICES 1. Access to and use of these records is limited to those persons whose official duties require such access. Personnel screening is employed to prevent unauthorized disclosure. 2. Access to Automated Data Processing files is controlled at two levels: (1) Terminals, central processing units, and peripheral devices are generally placed in secure areas (areas that are locked or have limited access) or are otherwise protected; and (2) the system recognizes authorized users by means of an individually unique password entered in combination with an individually unique user identification code. 3. Access to automated records concerning identification codes and codes used to access various VA VerDate Aug<31>2005 17:27 Aug 15, 2007 Jkt 211001 automated communications systems and records systems, as well as security profiles and possible security violations is limited to designated automated systems security personnel who need to know the information in order to maintain and monitor the security of VA’s automated communications and veterans’ claim records systems. Access to these records in automated form is controlled by individually unique passwords/codes. Agency personnel may have access to the information on a need to know basis when necessary to advise agency security personnel or for use to suspend or revoke access privileges or to make disclosures authorized by a routine use. 4. Access to VA facilities where identification codes, passwords, security profiles and possible security violations are maintained is controlled at all hours by the Federal Protective Service, VA or other security personnel and security access control devices. RETENTION AND DISPOSAL: Copies of back-up computer files will be maintained at primary and secondary VA recipient sites for CMS data (see Appendix 5). Records will be maintained and disposed of in accordance with the records disposal authority approved by the Archivist of the United States, the National Archives and Records Administration, and published in Agency Records Control Schedules. SYSTEM MANAGER AND ADDRESS: Manager, Medicare and Medicaid Analysis Center, 100 Grandview Rd., Suite 114, Braintree, MA 02184. NOTIFICATION PROCEDURE: Individuals wishing to inquire whether this system of records contains information about them should submit a signed written request to the Manager, Medicare and Medicaid Analysis Center, 100 Grandview Rd., Suite 114, Braintree, MA 02184. RECORDS ACCESS PROCEDURES: An individual who seeks access to records maintained under his or her PO 00000 Frm 00102 Fmt 4703 Sfmt 4703 46133 name or other personal identifier may write the System Manager named above and specify the information being contested. CONTESTING RECORD PROCEDURES: (See Records Access Procedures above.) RECORD SOURCE CATEGORIES: Information may be obtained from the Patient Medical Records System (24VA136); Patient Fee Basis Medical and Pharmacy Records (23VA136); Veterans and Beneficiaries Identification and Records Location Subsystem (38VA23); Compensation, Pension, Education and Rehabilitation Records (58VA21/22); all other potential VA and non-VA sources of veteran demographic information; DoD utilization files and DEERS files; and CMS databases. VA Appendix 5 Primary and Secondary VA Recipient Sites of CMS Data 1. Primary Site: Medicare and Medicaid Analysis Center, 100 Grandview Rd., Suite 114, Braintree, MA 02184. 2. Secondary Site: Veterans Health Administration (VHA) Office of the Assistant Deputy Under Secretary for Health (ADUSH) for Policy and Planning, 810 Vermont Avenue, NW., Washington, DC, 20420. Location of data for ADUSH at 811 Vermont Avenue, NW., Washington, DC, 20420; Silver Springs, MD; and/or Martinsburg, WV. 3. Secondary Site: VA Information Resource Center (VIReC), Hines VA Medical Center, 5th Ave & Roosevelt Ave, Hines, IL, 60141. 4. Secondary Site: VA Office of the Inspector General (OIG), 53CT, 1615 Woodward Street, Austin, TX, 78772. 5. Secondary Site: VA Austin Automation Center (AAC), 1615 Woodward Street, Austin, TX, 78722. 6. Secondary Site: VA Chief Business Office (CBO), Director of Business Development, 810 Vermont Ave, NW., Washington, DC, 20420. 7. Secondary Site: VISN Support Service Center (VSSC), 1615 Woodward Street, Austin, TX, 78722. [FR Doc. E7–16046 Filed 8–15–07; 8:45 am] BILLING CODE 8320–01–P E:\FR\FM\16AUN1.SGM 16AUN1

Agencies

[Federal Register Volume 72, Number 158 (Thursday, August 16, 2007)]
[Notices]
[Pages 46130-46133]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E7-16046]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974

AGENCY: Department of Veterans Affairs (VA).

ACTION: Notice of amendment to system of records.

-----------------------------------------------------------------------

SUMMARY: The Privacy Act of 1974 (5 U.S.C. 552a(e)(4)) requires that 
all agencies publish in the Federal Register a notice of the existence 
and character of their system of records. Notice is hereby given that 
VA is amending the system of records entitled ``Consolidated Data 
Information System-VA'' (97VA105) as set forth in the Federal Register 
66 FR 3650-3653 dated January 16, 2001. VA is amending the system by 
revising the System Location, Categories of Records Maintained in the 
System, Purpose(s), Routine Uses of Records Maintained in the System, 
Retention and Disposal, System Manager and Record Source Categories. VA 
is republishing the system notice in its entirety.

DATES: Comments on the amendment of this system of records must be 
received no later than September 17, 2007. If no public comment is 
received, the amended system will become effective September 17, 2007.

ADDRESSES: Written comments may be submitted through https://
www.Regulations.gov; by mail or hand-delivery to the Director, 
Regulations Management (00REG), Department of Veterans Affairs, 810 
Vermont Ave., NW., Room 1068, Washington, DC 20420; or by fax to (202) 
273-9026. Copies of comments received will be available for public 
inspection in the Office of Regulation Policy and Management, Room 
1063B, between the hours of 8 a.m. and 4:30 p.m. Monday through Friday 
(except holidays). Please call (202) 273-9515 for an appointment. In 
addition, during the comment period, comments may be viewed online 
through the Federal Docket Management System (FDMS).

FOR FURTHER INFORMATION CONTACT: Stephania H. Putt, Veterans Health 
Administration (VHA) Privacy Officer (19F2), Department of Veterans 
Affairs, 810 Vermont Avenue, NW., Washington, DC 20420, (727) 320-1839.

SUPPLEMENTARY INFORMATION: Under section 527 of Title 38, U.S.C., and 
the Government Performance and Results Act of 1993, Public Law 103-62, 
VA is required to measure and evaluate, on an ongoing basis, the 
effectiveness of VA benefit programs and services. In performing this 
required function, VA must collect, collate and analyze full 
statistical data regarding participation, provision of services, 
categories of beneficiaries, and planning of expenditures for all VA 
programs. This combined database is necessary for the Veterans Health 
Administration (VHA) to accurately and timely assess the current health 
care usage by the patient population served by VA, to forecast future 
demand for VA medical care by individuals currently eligible for 
service by VA medical facilities, and to understand the numerous 
implications of cross-usage between VA and non-VA health care systems.

[[Page 46131]]

    As VA has widened its scope of the Centers for Medicare and 
Medicaid Services (CMS) data usage and further centralized the source 
of data in order to improve efficiency and protect privacy/security of 
data elements, it was necessary to implement changes to the management 
and use of these records. A summary of these changes follows:
    1. The purpose of this system of records has been revised to add 
the need to use the records and information for audit and evaluation of 
Department programs, for determinations of eligibility for benefits and 
for research as defined by Common Rule.
    2. The records are now maintained and retained at the primary and 
secondary VA recipient CMS data site locations listed in Appendix 5.
    3. Under Categories of Records information from the Persian Gulf 
registry has been added and the types of CMS records maintained now 
includes health care utilization, demographic, enrollment, and survey/
assessment files including veteran and non-veteran data. In addition, 
information on veterans enrolled for VA health care who have 
participated in the periodic ``VHA Survey of Veteran Enrollees' Health 
and Reliance Upon VA'' is now included in the system.
    4. System Manager and Address was updated to reflect: Manager, 
Medicare and Medicaid Analysis Center, 100 Grandview Rd., Suite 114, 
Braintree, MA 02184.
    Under section 264, Subtitle F of Title II of the Health Insurance 
Portability and Accountability Act of 1996 (HIPAA) Public Law 104-191, 
100 STAT. 1936, 2033-34 (1996), the United States Department of Health 
and Human Services (HHS) published a final rule, as amended, 
establishing Standards for Privacy of Individually-Identifiable Health 
Information, 45 CFR Parts 160 and 164. VHA may not disclose 
individually-identifiable health information (as defined in HIPAA and 
the Privacy Rule, 42 U.S.C. 1320(d)(6) and 45 CFR 164.501) pursuant to 
a routine use unless either: (a) The disclosure is required by law, or 
(b) the disclosure is also permitted or required by the HHS Privacy 
Rule. The disclosures of individually-identifiable health information 
contemplated in the routine uses published in this amended system of 
records notice are permitted under the Privacy Rule or required by law. 
However, to also have authority to make such disclosures under the 
Privacy Act, VA must publish these routine uses. Consequently, VA is 
adding a preliminary paragraph to the routine uses portion of the 
system of records notice stating that any disclosure pursuant to the 
routine uses in this system of records notice must be either required 
by law or permitted by the Privacy Rule before VHA may disclosed the 
covered information. VA is also proposing to amend the following 
routine use disclosures of information maintained in the system:
     Routine use 3 has been amended in its entirety. On its own 
initiative, the VA may disclose information, except for the names and 
home addresses of veterans and their dependents, to a Federal, State, 
local, tribal or foreign agency charged with the responsibility of 
investigating or prosecuting civil, criminal or regulatory violations 
of law, or charged with enforcing or implementing the statute, 
regulation, rule or order issued pursuant thereto. On its own 
initiative, the VA may also disclose the names and addresses of 
veterans and their dependents to a Federal agency charged with the 
responsibility of investigating or prosecuting civil, criminal or 
regulatory violations of law, or charged with enforcing or implementing 
the statute, regulation, rule or order issued pursuant thereto.
     Routine uses 4, 5, 7, and 8 have revised for ease of 
readability and clarification. VA is also proposing to add the 
following routine use disclosure of information maintained in the 
system:
     Routine use 9 was added to disclose to appropriate 
agencies, entities, and persons under the following circumstances: When 
(1) It is suspected or confirmed that the security or confidentiality 
of information in the system of records has been compromised; (2) the 
Department has determined that as a result of the suspected or 
confirmed compromise there is a risk of embarrassment or harm to the 
reputations of the record subjects, harm to economic or property 
interests, identity theft or fraud, or harm to the security or 
integrity of this system or other systems or programs (whether 
maintained by the Department or another agency or entity) that rely 
upon the compromised information; and (3) the disclosure is made to 
such agencies, entities, and persons who are reasonably necessary to 
assist in connection with the Department's efforts to respond to the 
suspected or confirmed compromise and prevent, minimize, or remedy such 
harm.
    The Privacy Act permits VA to disclose information about 
individuals without their prior written consent for a routine use when 
the information will be used for a purpose that is compatible with the 
purpose for which we collected the information. In all of the routine 
use disclosures described above, the recipient of the information will 
use the information in connection with a matter relating to one of VA's 
programs, will use the information to provide a benefit to VA, or 
disclosure is required by law.
    The Report of Intent to Publish an Amended System of Records Notice 
and an advance copy of the system notice have been sent to the 
appropriate Congressional committees and to the Director of Office of 
Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy 
Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000.

    Approved: August 1, 2007.
Gordon H. Mansfield,
Deputy Secretary of Veterans Affairs.
97VA105

SYSTEM NAME:
    Consolidated Data Information System-VA.

SYSTEM LOCATION(S):
    Records will be maintained at primary and secondary Department of 
Veteran Affairs (VA) recipient sites for the Centers for Medicare & 
Medicaid Services (CMS) data (see VA Appendix 5).

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Records include information concerning veterans, their spouses and 
their dependents, family members, active duty military personnel, and 
individuals who are not VA beneficiaries, but who receive health care 
services from the Veterans Health Administration (VHA).

CATEGORIES OF RECORDS IN THE SYSTEM:
    Categories of records in the system will include veterans' names, 
addresses, dates of birth, VA claim numbers, social security numbers 
(SSNs), and military service information; medical benefit application 
and eligibility information; code sheets and follow-up notes; 
sociological, diagnostic, counseling, rehabilitation, drug and alcohol, 
dietetic, medical, surgical, dental, psychological, and/or psychiatric 
medical information; prosthetic, pharmacy, nuclear medicine, social 
work, clinical laboratory and radiology information; patient scheduling 
information; family information such as next of kin, spouse and 
dependents' names, addresses, social security numbers and dates of 
birth; family medical history; employment information; financial 
information; third-party health plan information; information related 
to registry systems,

[[Page 46132]]

such as Ionizing Radiation, Gulf War and Agent Orange; date of death; 
VA claim and insurance file numbers; travel benefits information; 
military decorations; disability or pension payment information; amount 
of indebtedness arising from 38 U.S.C. benefits; medical and dental 
treatment in the Armed Forces and claim information; applications for 
compensation, pension, education and rehabilitation benefits; 
information related to incarceration in a penal institution; medication 
profile such as name, quantity, prescriber, dosage, manufacturer, lot 
number, cost and administration instruction; pharmacy dispensing 
information such as pharmacy name and address.
    The records will include information on the Department of Defense 
(DoD) military personnel from two categories of DoD files: (1) 
Utilization files that contain inpatient and outpatient records, and 
(2) eligibility files from the Defense Eligibility Enrollment Reporting 
System (DEERS) containing data on all military personnel including 
those discharged from the Armed Services since 1972.
    The records will include information on Medicare beneficiaries from 
CMS databases including: Health care usage, demographic, enrollment, 
and survey/assessment files including veteran and non-veteran data.
    The records include information on Medicaid beneficiaries' 
utilization and enrollment from State databases.
    The records will include information on veterans enrolled for VA 
health care who have participated in the periodic ``VHA Survey of 
Veteran Enrollees'' Health and Reliance Upon VA.''

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Section 527 of 38 U.S.C. and the Government Performance and Results 
Act of 1993, Public Law 103-62.

PURPOSE(S):
    The purpose of this system of records is to conduct statistical 
studies and analyses which will support the formulation of Departmental 
policies and plans by identifying the total current health care usage 
of the VA patient population. The records and information may be used 
by VA for audit and evaluation of Department programs and for 
determinations of eligibility for benefits. The information may be used 
to conduct research.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSE OF SUCH USES:
    VA may disclose protected health information pursuant to the 
following routine uses where required by law, or required or permitted 
by 45 CFR Parts 160 and 164.
    1. Disclosure of identifying information, such as names, SSNs, 
demographic and utilization data, may be made to Federal, State, local, 
or tribal agencies such as the DoD, CMS, and Medicare Payment Advisory 
Commission (MedPAC), as part of statistical matching programs for the 
purpose of better identifying the total current health care usage of 
the patient population served by VA in order to forecast future demand 
for VA medical care by VA medical facilities.
    2. Disclosure may be made to Federal, State, local, and tribal 
government agencies and national health organizations in order to 
assist in the development of programs that will be beneficial to 
claimants and assure that they are receiving all benefits to which they 
are entitled.
    3. VA may disclose on its own initiative any information in this 
system, except the names and home addresses of veterans and their 
dependents, which is relevant to a suspected or reasonably imminent 
violation of law, whether civil, criminal or regulatory in nature and 
whether arising by general or program statute or by regulation, rule or 
order issued pursuant thereto, to a Federal, State, local, tribal, or 
foreign agency charged with the responsibility of investigating or 
prosecuting such violation, or charged with enforcing or implementing 
the statute, regulation, rule or order. On its own initiative, VA may 
also disclose the names and addresses of veterans and their dependents 
to a Federal agency charged with the responsibility of investigating or 
prosecuting civil, criminal or regulatory violations of law, or charged 
with enforcing or implementing the statute, regulation, rule or order 
issued pursuant thereto.
    4. Disclosure may be made, excluding name and address (unless name 
and address are furnished by the requestor) for research purposes 
determined to be necessary and proper, to epidemiological and other 
research facilities approved by the System Manager or the Under 
Secretary for Health, or designee.
    5. Any record in the system records may be disclosed to a Federal 
agency for the conduct of research and data analysis to perform a 
statutory purpose of that Federal agency upon the prior written request 
of that agency, provided that there is legal authority under all 
applicable confidentiality statutes and regulations to provide the data 
and the VHA Medicare and Medicaid Analysis Center (MAC) has determined 
prior to the disclosure that VA data handling requirements are 
satisfied. MAC may disclose limited individual identification 
information to another Federal agency for the purpose of matching and 
acquiring information held by that agency for MAC to use for the 
purposes stated for this system of records.
    6. Disclosure may be made to National Archives and Records 
Administration (NARA), General Services Administration (GSA) in records 
management inspections conducted under authority of 44 U.S.C.
    7. VA may disclose information in this system of records to the 
Department of Justice (DoJ), either on VA's initiative or in response 
to DoJ's request for the information, after either VA or DoJ determines 
that such information is relevant to DoJ's representation of the United 
States or any of its components in legal proceedings before a court or 
adjudicative body, provided that, in each case, the agency also 
determines prior to disclosure that disclosure of the records to the 
Department of Justice is a use of the information contained in the 
records that is compatible with the purpose for which VA collected the 
records. VA, on its own initiative, may disclose records in this system 
of records in legal proceedings before a court or administrative body 
after determining that the disclosure of the records to the court or 
administrative body is a use of the information contained in the 
records that is compatible with the purpose for which VA collected the 
records.
    8. Disclosure may be made to individuals, organizations, private or 
public agencies, or other entities or individuals with whom VA has a 
contract or agreement to perform such services as VA may deem 
practicable for the purposes of laws administered by VA, in order for 
the contractor, subcontractor, public or private agency, or other 
entity or individual with whom VA has an agreement or contract to 
perform the services of the contract or agreement. This routine use 
includes disclosures by the individual or entity performing the service 
for VA to any secondary entity or individual to perform an activity 
that is necessary for individuals, organizations, private or public 
agencies, or other entities or individuals with whom VA has a contract 
or agreement to provide the service to VA.
    9. Any records may be disclosed to appropriate agencies, entities, 
and persons under the following circumstances: When (1) It is suspected 
or confirmed that the security or confidentiality of information in the

[[Page 46133]]

system of records has been compromised; (2) the Department has 
determined that as a result of the suspected or confirmed compromise 
there is a risk of embarrassment or harm to the reputations of the 
record subjects, harm to economic or property interests, identity theft 
or fraud, or harm to the security or integrity of this system or other 
systems or programs (whether maintained by the Department or another 
agency or entity) that rely upon the compromised information; and (3) 
the disclosure is made to such agencies, entities, and persons who are 
reasonably necessary to assist in connection with the Department's 
efforts to respond to the suspected or confirmed compromise and 
prevent, minimize, or remedy such harm.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Data are maintained on magnetic tape, disk, or laser optical media.

RETRIEVABILITY:
    Records may be retrieved by name, name and one or more criteria 
(e.g., dates of birth, death and service), SSN or VA claim number.

SAFEGUARDS:
    1. Access to and use of these records is limited to those persons 
whose official duties require such access. Personnel screening is 
employed to prevent unauthorized disclosure.
    2. Access to Automated Data Processing files is controlled at two 
levels: (1) Terminals, central processing units, and peripheral devices 
are generally placed in secure areas (areas that are locked or have 
limited access) or are otherwise protected; and (2) the system 
recognizes authorized users by means of an individually unique password 
entered in combination with an individually unique user identification 
code.
    3. Access to automated records concerning identification codes and 
codes used to access various VA automated communications systems and 
records systems, as well as security profiles and possible security 
violations is limited to designated automated systems security 
personnel who need to know the information in order to maintain and 
monitor the security of VA's automated communications and veterans' 
claim records systems. Access to these records in automated form is 
controlled by individually unique passwords/codes. Agency personnel may 
have access to the information on a need to know basis when necessary 
to advise agency security personnel or for use to suspend or revoke 
access privileges or to make disclosures authorized by a routine use.
    4. Access to VA facilities where identification codes, passwords, 
security profiles and possible security violations are maintained is 
controlled at all hours by the Federal Protective Service, VA or other 
security personnel and security access control devices.

RETENTION AND DISPOSAL:
    Copies of back-up computer files will be maintained at primary and 
secondary VA recipient sites for CMS data (see Appendix 5). Records 
will be maintained and disposed of in accordance with the records 
disposal authority approved by the Archivist of the United States, the 
National Archives and Records Administration, and published in Agency 
Records Control Schedules.

SYSTEM MANAGER AND ADDRESS:
    Manager, Medicare and Medicaid Analysis Center, 100 Grandview Rd., 
Suite 114, Braintree, MA 02184.

NOTIFICATION PROCEDURE:
    Individuals wishing to inquire whether this system of records 
contains information about them should submit a signed written request 
to the Manager, Medicare and Medicaid Analysis Center, 100 Grandview 
Rd., Suite 114, Braintree, MA 02184.

RECORDS ACCESS PROCEDURES:
    An individual who seeks access to records maintained under his or 
her name or other personal identifier may write the System Manager 
named above and specify the information being contested.

CONTESTING RECORD PROCEDURES:
    (See Records Access Procedures above.)

RECORD SOURCE CATEGORIES:
    Information may be obtained from the Patient Medical Records System 
(24VA136); Patient Fee Basis Medical and Pharmacy Records (23VA136); 
Veterans and Beneficiaries Identification and Records Location 
Subsystem (38VA23); Compensation, Pension, Education and Rehabilitation 
Records (58VA21/22); all other potential VA and non-VA sources of 
veteran demographic information; DoD utilization files and DEERS files; 
and CMS databases.

VA Appendix 5

Primary and Secondary VA Recipient Sites of CMS Data

    1. Primary Site: Medicare and Medicaid Analysis Center, 100 
Grandview Rd., Suite 114, Braintree, MA 02184.
    2. Secondary Site: Veterans Health Administration (VHA) Office 
of the Assistant Deputy Under Secretary for Health (ADUSH) for 
Policy and Planning, 810 Vermont Avenue, NW., Washington, DC, 20420. 
Location of data for ADUSH at 811 Vermont Avenue, NW., Washington, 
DC, 20420; Silver Springs, MD; and/or Martinsburg, WV.
    3. Secondary Site: VA Information Resource Center (VIReC), Hines 
VA Medical Center, 5th Ave & Roosevelt Ave, Hines, IL, 60141.
    4. Secondary Site: VA Office of the Inspector General (OIG), 
53CT, 1615 Woodward Street, Austin, TX, 78772.
    5. Secondary Site: VA Austin Automation Center (AAC), 1615 
Woodward Street, Austin, TX, 78722.
    6. Secondary Site: VA Chief Business Office (CBO), Director of 
Business Development, 810 Vermont Ave, NW., Washington, DC, 20420.
    7. Secondary Site: VISN Support Service Center (VSSC), 1615 
Woodward Street, Austin, TX, 78722.

 [FR Doc. E7-16046 Filed 8-15-07; 8:45 am]
BILLING CODE 8320-01-P