Privacy Act of 1974, 72117-72121 [E8-28183]

Download as PDF Federal Register / Vol. 73, No. 229 / Wednesday, November 26, 2008 / Notices Submit written comments on the collection of information through the Federal Docket Management System (FDMS) www.Regulations.gov; or to Arita Tillman, Acquisition Policy Division (049P1), Department of Veterans Affairs, 810 Vermont Avenue, NW., Washington, DC 20420; or e-mail: arita.tillman@va.gov. Please refer to ‘‘OMB Control No. 2900–0688’’ in any correspondence. During the comment period, comments may be viewed online through FDMS. FOR FURTHER INFORMATION CONTACT: Arita Tillman at (202) 461–6859, FAX 202–273–6229. SUPPLEMENTARY INFORMATION: Under the PRA of 1995 (Pub. L. 104–13; 44 U.S.C. 3501–21), Federal agencies must obtain approval from the Office of Management and Budget (OMB) for each collection of information they conduct or sponsor. This request for comment is being made pursuant to Section 3506(c)(2)(A) of the PRA. With respect to the following collection of information, (OM) invites comments on: (1) Whether the proposed collection of information is necessary for the proper performance of (OM)’s functions, including whether the information will have practical utility; (2) the accuracy of (OM)’s estimate of the burden of the proposed collection of information; (3) ways to enhance the quality, utility, and clarity of the information to be collected; and (4) ways to minimize the burden of the collection of information on respondents, including through the use of automated collection techniques or the use of other forms of information technology. Titles: a. Department of Veterans Affairs Acquisition Regulation (VAAR) 832.006–4, Procedures. b. Department of Veterans Affairs Acquisition Regulation (VAAR) 832.202–4, Security for Government Financing. OMB Control Number: 2900–0688. Type of Review: Extension of a currently approved collection. Abstract: Data collected under VAAR 832.006–4 will be used to assess a contractor’s overall financial condition, and ability to continue contract performance if payments are reduced or suspended upon a finding of fraud. VA will use the data collected under VAAR 832.202–4 to determine whether or not a contractor has adequate security to warrant an advance payment. Affected Public: Businesses or other for-profits. Estimated Annual Burden: a. VAAR 832.006–4, Procedures—50 hours. mstockstill on PROD1PC66 with NOTICES ADDRESSES: VerDate Aug<31>2005 17:30 Nov 25, 2008 Jkt 217001 72117 b. VAAR 832.202–4, Security for Government Financing—10 hours. Estimated Average Burden Per Respondent: a. VAAR 832.006–4, Procedures—5 hours. b. VAAR 832.202–4, Security for Government Financing—1 hour. Frequency of Response: On occasion. Estimated Number of Respondents: a. VAAR 832.006–4, Procedures—10. b. VAAR 832.202–4, Security for Government Financing—10. Dated: November 19, 2008. By direction of the Secretary. Denise McLamb, Program Analyst, Records Management Service. [FR Doc. E8–28185 Filed 11–25–08; 8:45 am] Dated: November 19, 2008. By direction of the Secretary. Denise McLamb, Program Analyst, Records Management Service. [FR Doc. E8–28190 Filed 11–25–08; 8:45 am] Privacy Act of 1974 Veterans Affairs, 810 Vermont Avenue, NW., Washington, DC 20420, at 202– 461–7485. BILLING CODE 8320–01–P DEPARTMENT OF VETERANS AFFAIRS AGENCY: Department of Veterans Affairs (VA). Notice of New System of Records. BILLING CODE 8320–01–P ACTION: DEPARTMENT OF VETERANS AFFAIRS SUMMARY: The Privacy Act of 1974 (5 U.S.C. 552(e)(4)) requires that all agencies publish in the Federal Register a notice of the existence and character of their systems of records. Notice is hereby given that the Department of Veterans Affairs (VA) is establishing a new system of records entitled ‘‘Administrative Data Repository—VA’’ (150VA19). [OMB Control No. 2900–0671] Proposed Information Collection (Traumatic Injury Protection (TSGLI)) Activity; Comment Request; Withdrawal Veterans Benefits Administration, Department of Veterans Affairs. ACTION: Notice; withdrawal of request for comments. AGENCY: SUMMARY: In compliance with the Paperwork Reduction Act of 1995 (44 U.S.C. 3501–3521), the Department of Veterans Affairs (VA) published a collection of information notice in the Federal Register on October 23, 2008, at 73 FR 63229, announcing an opportunity for public comment on the proposed collection of certain information by the agency. The notice solicited comments on information needed to determine servicemembers’ eligibility requirements for payment of traumatic injury protection benefits covered under Servicemembers’ Group Live Insurance. With respect to the collection of information in that notice, we are withdrawing our request for comments because it was necessary to seek an immediate OMB approval on an emergency basis under 44 U.S.C. 3507(j). VA has submitted a copy of the amended TSGLI form (Servicemembers’ Group Life Insurance Traumatic Injury Protection Application for TSGLI Benefits) to OMB for an emergency approval. This document withdraws the October 23, 2008 notice. FOR FURTHER INFORMATION CONTACT: Denise McLamb, Records Management Service (005R1B), Department of PO 00000 Frm 00095 Fmt 4703 Sfmt 4703 Comments on this new system of records must be received no later than December 26, 2008. If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by VA, the new system will become effective December 26, 2008. DATES: Written comments may be submitted through https:// www.Regulations.gov; by mail or handdelivery to the Director, Regulations Management (02REG), Department of Veterans Affairs, 810 Vermont Ave., NW., Room 1068, Washington, DC 20420; or by fax to (202) 273–9026. Copies of comments received will be available for public inspection in the Office of Regulation Policy and Management, Room 1063B, between the hours of 8 a.m. and 4:30 p.m. Monday through Friday (except holidays). Please call (202) 461–4902 for an appointment. In addition, during the comment period, comments may be viewed online through the Federal Docket Management System (FDMS). ADDRESSES: FOR FURTHER INFORMATION CONTACT: Stephania H, Putt, Veterans Health Administration (VHA) Privacy Officer, Department of Veterans Affairs, 810 Vermont Avenue, NW., Washington, DC 20420, telephone (704) 245–2492. SUPPLEMENTARY INFORMATION: E:\FR\FM\26NON1.SGM 26NON1 72118 Federal Register / Vol. 73, No. 229 / Wednesday, November 26, 2008 / Notices I. Description of Proposed Systems of Records VHA Administrative Data Repository, ADR, is the enterprise data store for VHA persons. It includes identity, demographic and other administrative data for patients and non-patients, including employees, providers, IT users, etc. The Administrative Data Repository (ADR) has been established to provide support for those cross-cutting administrative data elements relative to multiple categories of a person entity. Although, initially focused on the computing needs of VHA, the ADR is positioned to provide identity management and demographics support for all IT systems within the Department of Veterans Affairs. As the authoritative data store for cross cutting administrative person data, the ADR will establish and manage this data as a VHA corporate asset. State-of-the-art security methodology will be implemented to ensure the integrity and confidentiality of person data administered by the ADR. mstockstill on PROD1PC66 with NOTICES II. Proposed Routine Use Disclosures of Data in the System To the extent that records contained in the system include information protected by 38 U.S.C. 7332, i.e., medical treatment information related to drug abuse, alcoholism, or alcohol abuse, sickle cell anemia or infection with the human immunodeficiency virus, that information cannot be disclosed under a routine use unless there is also specific statutory authority permitting disclosure. Data stored in ADR is used as the source of identity, demographic and other administrative data for VHA enterprise. The routine uses of records maintained in the system, including categories of users and the purposes of such uses are described below: VHA is proposing the following routine use disclosures of information to be maintained in the system: 1. The record of an individual who is covered by a system of records may be disclosed to a Member of Congress, or a staff person acting for the Member, when the Member or staff person requests the record on behalf of and at the written request of the individual. 2. Disclosure may be made to National Archives and Records Administration (NARA) and the General Services Administration (GSA) in records management inspections conducted under authority of Title 44, Chapter 29, of the United States Code (U.S.C). NARA and GSA are responsible for management of old records no longer VerDate Aug<31>2005 17:30 Nov 25, 2008 Jkt 217001 actively used, but which may be appropriate for preservation, and for the physical maintenance of the Federal government’s records. VA must be able to provide the records to NARA and GSA in order to determine the proper disposition of such records. 3. Disclosure may be made to other Government agencies in support of data exchanges of electronic medical record information approved by the individual. 4. VA may disclose on its own initiative any information in this system, except the names and home addresses of veterans and their dependents, that is relevant to a suspected or reasonably imminent violation of law, whether civil, criminal or regulatory in nature and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, to a Federal, State, local, tribal, or foreign agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule or order. VA may also disclose on its own initiative the names and addresses of veterans and their dependents to a Federal agency charged with the responsibility of investigating or prosecuting civil, criminal or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, rule or order issued pursuant thereto. 5. VA may disclose information from this system of records to the Department of Justice (DoJ), either on VA’s initiative or in response to DoJ’s request for the information, after either VA or DoJ determines that such information is relevant to DoJ’s representation of the United States or any of its components in legal proceedings before a court or adjudicative body, provided that, in each case, the agency also determines prior to disclosure that release of the records to the DoJ is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. VA, on its own initiative, may disclose records in this system of records in legal proceedings before a court or administrative body after determining that the disclosure of the records to the court or administrative body is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. 6. Disclosures of relevant information may be made to individuals, organizations, private or public agencies, or other entities with whom VA has a contract or agreement or where there is a subcontract to perform the services as VA may deem practicable for the purposes of laws administered by PO 00000 Frm 00096 Fmt 4703 Sfmt 4703 VA, in order for the contractor or subcontractor to perform the services of the contract or agreement. This routine use includes disclosures by the individual or entity performing the service for VA to any secondary entity or individual to perform an activity that is necessary for individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to provide the service to VA. 7. Disclosure to other Federal agencies may be made to assist such agencies in preventing and detecting possible fraud or abuse by individuals in their operations and programs. 8. VA may disclose information to the Equal Employment Opportunity Commission when requested in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, or for other functions of the Commission as authorized by law or regulation. VA must be able to provide information to the Commission to assist it in fulfilling its duties to protect employee’s rights, as required by statute and regulation. 9. VA may disclose to the Fair Labor Relations Authority (FLRA) (including its General Counsel) information related to the establishment of jurisdiction, the investigation and resolution of allegations of unfair labor practices, or information in connection with the resolution of exceptions to arbitration awards when a question of material fact is raised; to disclose information in matters properly before the Federal Services Impasse Panel, and to investigate representation petitions and conduct or supervise representation elections. VA must be able to provide information to FLRA to comply with the statutory mandate under which it operates. 10. VA may disclose information to officials of the Merit Systems Protection Board (MSPB), or the Office of Special Counsel, when requested in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and such other functions, promulgated in 5 U.S.C. 1205 and 1206, or as authorized by law. 11. VA may, on its own initiative, disclose any information or records to appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that the integrity or confidentiality of information in the system of records has been compromised; (2) the Department has determined that as a result of the suspected or confirmed compromise, E:\FR\FM\26NON1.SGM 26NON1 Federal Register / Vol. 73, No. 229 / Wednesday, November 26, 2008 / Notices there is a risk of embarrassment or harm to the reputations of the record subjects, harm to economic or property interests, identity theft or fraud, or harm to the security, confidentiality, or integrity of this system or other systems or programs (whether maintained by the Department or another agency or disclosure is to agencies, entities, or persons whom VA determines are reasonably necessary to assist or carry out the Department’s efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. This routine use permits disclosures by the Department to respond to a suspected or confirmed data breach, including the conduct of any risk analysis or provision of credit protection services as provided in 38 U.S.C. 5724, as the terms are defined in 38 U.S.C. 5727. III. Compatibility of the Proposed Routine Uses The Privacy Act permits VA to disclose information about individuals without their consent for a routine use when the information will be used for a purpose that is compatible with the purpose for which VA collected the information. In all of the routine use disclosures described above, either the recipient of the information will use the information in connection with a matter relating to one of VA’s programs, will use the information to provide a benefit to VA, or disclosure is required by law. The notice of intent to publish and an advance copy of the system notice have been sent to the appropriate Congressional committees and to the Director of the Office of Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000. Approved: November 7, 2008. Gordon H. Mansfield, Deputy Secretary of Veterans Affairs. SYSTEM NAME: Administrative Data Repository—VA. mstockstill on PROD1PC66 with NOTICES SYSTEM LOCATION: Records are maintained in the Corporate Franchise Data Center. Address locations for VA AAC are 1615 Woodward Street, Austin, Texas 78772– 001. In addition, information from these records or copies of records may be maintained at the Department of Veterans Affairs, 810 Vermont Avenue, NW., Washington, DC, VA Data Processing Centers, VA CIO Field Offices, Veterans Integrated Service 17:30 Nov 25, 2008 Jkt 217001 CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: The records include information concerning current and former VHA patients, employees, providers, volunteers, trainees and contractors, as well as individuals working collaboratively with VHA. CATEGORIES OF RECORDS IN THE SYSTEM: The records may include information related to: 1. Administrative assignments or categorization of duties of certain VHA personnel; 2. The record may include identifying demographic information (e.g., name, date of birth, gender, social security number, taxpayer identification number); and other demographic information such as address (e.g., home and/or mailing address, home telephone number, emergency contact information such as name, address, telephone number, and relationship); education and continuing education (e.g., name and address of schools and dates of attendance, courses attended and scheduled to attend, grades, type of degree, certificate, etc.); information related to military service and status; qualifications for employment (e.g., license, degree, registration or certification, experience); veteran enrollment and eligibility information including financial assessments. 3. Electronic messages used for network communication between VHA systems; and 4. Health care providers’ social security number and National Provider Identifier. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: Title 38, United States Code, Section 501.and Section 7304. PURPOSE (S): 150VA19 VerDate Aug<31>2005 Network Offices, and Employee Education Systems. The main purpose of the Administrative Data Repository is to establish person identity throughout the VHA enterprise. The purpose of the system of records is to provide a repository for the administrative information that is used to accomplish the purposes described within this document including determining veteran benefits and eligibility. The records include information provided by patients, providers, employees, volunteers, trainees, contractors and others that receive IT access to our computer systems and information obtained in the course of routine work done including VHA patient care provided. Quality assurance information that is protected by 38 U.S.C. 7311 and PO 00000 Frm 00097 Fmt 4703 Sfmt 4703 72119 38 CFR 17.500–17.511 is not within the scope of the Privacy Act and, therefore, is not included in this system of records or filed in a manner in which the information may be retrieved by reference to an individual identifier. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: To the extent that records contained in the system include information protected by 38 U.S.C. 7332, i.e., medical treatment information related to drug abuse, alcoholism, or alcohol abuse, sickle cell anemia or infection with the human immunodeficiency virus, that information cannot be disclosed under a routine use unless there is also specific statutory authority permitting disclosure. Data stored in ADR is used as the source of identity, demographic and other administrative data for VHA enterprise. The routine uses of records maintained in the system, including categories of users and the purposes of such uses are described below: 1. The record of an individual who is covered by a system of records may be disclosed to a Member of Congress, or a staff person acting for the Member, when the Member or staff person requests the record on behalf of and at the written request of the individual. 2. Disclosure may be made to National Archives and Records Administration (NARA) and the General Services Administration (GSA) in records management inspections conducted under authority of Title 44, Chapter 29, of the United States Code (U.S.C). 3. Disclosure may be made to other Government agencies in support of data exchanges of electronic medical record information approved by the individual. 4. VA may disclose on its own initiative any information in this system, except the names and home addresses of veterans and their dependents, that is relevant to a suspected or reasonably imminent violation of law, whether civil, criminal or regulatory in nature and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, to a Federal, State, local, tribal, or foreign agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule or order. VA may also disclose on its own initiative the names and addresses of veterans and their dependents to a Federal agency charged with the responsibility of investigating or prosecuting civil, criminal or regulatory violations of law, or charged with enforcing or E:\FR\FM\26NON1.SGM 26NON1 mstockstill on PROD1PC66 with NOTICES 72120 Federal Register / Vol. 73, No. 229 / Wednesday, November 26, 2008 / Notices implementing the statute, regulation, rule or order issued pursuant thereto. 5. VA may disclose information from this system of records to the Department of Justice (DoJ), either on VA’s initiative or in response to DoJ’s request for the information, after either VA or DoJ determines that such information is relevant to DoJ’s representation of the United States or any of its components in legal proceedings before a court or adjudicative body, provided that, in each case, the agency also determines prior to disclosure that release of the records to the DoJ is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. VA, on its own initiative, may disclose records in this system of records in legal proceedings before a court or administrative body after determining that the disclosure of the records to the court or administrative body is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. 6. Disclosures of relevant information may be made to individuals, organizations, private or public agencies, or other entities with whom VA has a contract or agreement or where there is a subcontract to perform the services as VA may deem practicable for the purposes of laws administered by VA, in order for the contractor or subcontractor to perform the services of the contract or agreement. 7. Disclosure to other Federal agencies may be made to assist such agencies in preventing and detecting possible fraud or abuse by individuals in their operations and programs. 8. VA may disclose information to the Equal Employment Opportunity Commission when requested in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, or for other functions of the Commission as authorized by law or regulation. 9. VA may disclose to the Fair Labor Relations Authority (FLRA) (including its General Counsel) information related to the establishment of jurisdiction, the investigation and resolution of allegations of unfair labor practices, or information in connection with the resolution of exceptions to arbitration awards when a question of material fact is raised; to disclose information in matters properly before the Federal Services Impasse Panel, and to investigate representation petitions and conduct or supervise representation elections. 10. VA may disclose information to officials of the Merit Systems Protection VerDate Aug<31>2005 17:30 Nov 25, 2008 Jkt 217001 Board (MSPB), or the Office of Special Counsel, when requested in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and such other functions, promulgated in 5 U.S.C. 1205 and 1206, or as authorized by law. 11. VA may, on its own initiative, disclose any information or records to appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that the integrity or confidentiality of information in the system of records has been compromised; (2) the Department has determined that as a result of the suspected or confirmed compromise, there is a risk of embarrassment or harm to the reputations of the record subjects, harm to economic or property interests, identity theft or fraud, or harm to the security, confidentiality, or integrity of this system or other systems or programs (whether maintained by the Department or another agency or disclosure is to agencies, entities, or persons whom VA determines are reasonably necessary to assist or carry out the Department’s efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. This routine use permits disclosures by the Department to respond to a suspected or confirmed data breach, including the conduct of any risk analysis or provision of credit protection services as provided in 38 U.S.C. 5724, as the terms are defined in 38 U.S.C. 5727. POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM: STORAGE: Records are maintained at the Corporate Franchise Data Center which is a VA operated facility. Information is stored on disk media. RETRIEVABILITY: Records are retrieved by person identifying traits such as name, social security number and other assigned unique identifiers of the individuals on whom they are maintained. Federal Protective Service or other security personnel. 2. Access to file information is controlled at two levels; the systems recognize authorized employees by series of individually unique passwords/codes as a part of each data message, and the employees are limited to only that information in the file which is needed in the performance of their official duties. Information that is downloaded from ADR and maintained on personal computers is afforded similar storage and access protections as the data that is maintained in the original files. Access to information stored on automated storage media at other VA locations is controlled by individually unique passwords/codes. 3. Access to the Austin Automation Center is generally restricted to Center employees, custodial personnel, Federal Protective Service and other security personnel. Access to computer rooms is restricted to authorized operational personnel through electronic locking devices. All other persons gaining access to computer rooms are escorted. Information stored in the computer may be accessed by authorized VA employees at remote locations including VA health care facilities, Information Systems Centers, VA Central Office, and Veteran Integrated Service Networks. Access is controlled by individually unique passwords/codes which must be changed periodically by the employee. RETENTION AND DISPOSAL: The records must be disposed of in accordance with the records retention standards authorized by the National Archives and Records Administration General Records Schedule 14, item 6, and published in the Veterans Health Administration Records Control Schedule 10–1, Item XLV. SYSTEM MANAGER(S) AND ADDRESS: Official responsible for policies and procedures; Chief Information Officer (19), Department of Veterans Affairs, 810 Vermont Avenue, NW., Washington, DC 20420. Official maintaining this system of record: Director National Data Systems (19F–4), Corporate Franchise Center, 1615 Woodward Street, Austin, Texas 78772. NOTIFICATION PROCEDURE: SAFEGUARDS: 1. Access to VA working and storage areas is restricted to VA employees on a ‘‘need-to-know’’ basis; strict control measures are enforced to ensure that disclosure to these individuals is also based on this same principle. Generally, VA file areas are locked after normal duty hours and the facilities are protected from outside access by the PO 00000 Frm 00098 Fmt 4703 Sfmt 4703 Individuals who wish to determine whether this system of records contains information about them should contact the VA facility location at which they are or were employed or treated or made or have contact. Inquiries should include the person’s full name, social security number, dates of treatment, dates of employment, date(s) of contact, and/or return address. E:\FR\FM\26NON1.SGM 26NON1 Federal Register / Vol. 73, No. 229 / Wednesday, November 26, 2008 / Notices RECORD ACCESS PROCEDURE: Individuals seeking information regarding access to and contesting of records in this system may write, call or visit the VA facility location where they are or were employed or treated or made contact. CONTESTING RECORD PROCEDURES: (See Record Access Procedures above.) RECORD SOURCE CATEGORIES: Information in this system of records is provided by patients, employees, providers, IT users, and others that work collaboratively with VHA. [FR Doc. E8–28183 Filed 11–25–08; 8:45 am] BILLING CODE 8320–01–P DEPARTMENT OF VETERANS AFFAIRS Privacy Act of 1974 Department of Veteran Affairs. Notice of amendment to an existing system of records AGENCY: mstockstill on PROD1PC66 with NOTICES ACTION: SUMMARY: The Privacy Act of 1974 (5 U.S.C. 552(e)(4)) requires that all agencies publish in the Federal Register a notice of the existence and character of their systems of records. Notice is hereby given that the Department of Veterans Affairs (VA) is amending the system of records entitled ‘‘Individual Correspondence Records—VA’’ (05VA026) as set forth in the Federal Register on January 13, 1982 [47 FR 1462]. VA is amending the system by revising the routine uses of records maintained in the system, and adding seven new routine uses. VA is also making minor editorial changes to reflect the transition of Office of General Counsel from District Offices to Regional Offices, and to revise the list of those covered by the system of records to reflect current OGC correspondence. VA is republishing the system notice in its entirety. DATES: Interested persons are invited to submit comments, suggestions, or objections regarding these changes. To assure consideration, written comments on this revised system of records must be postmarked no later than December 26, 2008, and written comments hand delivered to the Department and comments submitted electronically must be received as provided below, no later than 5 p.m. Eastern Time on December 26, 2008. If no public comment is received, the system will become effective December 26, 2008. ADDRESSES: Written comments may be submitted through https:// VerDate Aug<31>2005 17:30 Nov 25, 2008 Jkt 217001 www.Regulations.gov; by mail or handdelivery to the Director, Regulations Management (02REG), Department of Veterans Affairs, 810 Vermont Ave., NW., Room 1068, Washington, DC 20420; or by fax to (202) 273–9026. Copies of comments received will be available for public inspection in the Office of Regulation Policy and Management, Room 1063B, between the hours of 8 a.m. and 4:30 p.m. Monday through Friday (except holidays). Please call (202) 461–4902 for an appointment. In addition, during the comment period, comments may be viewed online through the Federal Docket Management System (FDMS). FOR FURTHER INFORMATION CONTACT: Susan Sokoll, Privacy Officer, (202) 461–7623, Office of the General Counsel (026C), Department of Veterans Affairs, 810 Vermont Avenue, NW., Washington, DC 20420. SUPPLEMENTARY INFORMATION: The system of records, ‘‘Individual Correspondence Records—VA’’ (05VA026), was amended January 13, 1982, at 47 FR 1462. I. Description of the System of Records ‘‘Individual Correspondence Records—VA’’ contains letters written by veterans, beneficiaries of veterans, dependents of veterans, non-profit organizations, businesses, attorneys, and other individuals, to Office of General Counsel (OGC). These files contain the initial inquiry, subsequent information, all supporting documents from whatever source, and the response or opinion of the OGC attorney answering the inquiry. II. Proposed Amendments to Routine Use Disclosures of Data in the System VA is amending, deleting, rewriting and reorganizing the order of the routine uses in this system of records. Accordingly, the following changes are made to the current routine uses and are incorporated into the amended system of records notice. The wording for current routine use 1 was revised. Current routine uses 2 through 4 are being combined and revised into new routine use 4. This routine use is amended to more accurately reflect the conditions under which VA, on its own initiative, may disclose information from this system of records for law enforcement purposes. New routine use number 2 is being added to authorize disclosure to the National Archives and Records Administration and General Services Administration for records management inspections conducted under authority PO 00000 Frm 00099 Fmt 4703 Sfmt 4703 72121 of Title 44, Chapter 29, of the United States Code. New routine use 3 is added to reflect VA’s authorization to disclose individually-identifiable information to contractors or other entities that will provide services to VA for which the recipient needs that information in order to perform the services. Current routine use number 5 is being renumbered as routine use number 10. New routine use 5 is added to state when VA may disclose information in legal proceedings, and when VA may disclose information to the Department of Justice. In determining whether to disclose records under this routine use, VA will comply with the guidance promulgated by the Office of Management and Budget (OMB) in a May 24, 1985, memorandum entitled ‘‘Privacy Act Guidance—Update’’ currently posted at https:// www.whitehouse.gov/omb/inforeg/ guidance1985.pdf. VA is adding a new routine use 6 that authorizes the circumstances, and to whom, VA may disclose records in order to respond to, and minimize possible harm to, individuals as a result of a data breach. This routine use is promulgated in order to meet VA’s statutory duties under 38 U.S.C. 5724 and the Privacy Act, 5 U.S.C. 552a, as amended. VA is adding new routine use 7 to disclose information to the Merit Systems Protection Board or the Office of Special Counsel, where officials of those agencies determine, or VA determines the disclosure is necessary to perform duties imposed by 5 U.S.C. sections 1205 and 1206, or as may be authorized by law. VA is adding new routine use 8 to disclose information to the Equal Employment Opportunity Commission when requested in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, or for other functions of the Commission as authorized by law or regulation. VA is adding new routine use 9 to disclose information to the Federal Labor Relations Authority, where officials of those agencies determine, or VA determines the disclosure is necessary to perform duties imposed by the enabling statutes and legislation of that agency. III. Compatibility of the Proposed Routine Uses Release of information from these records, pursuant to routine uses, will be made only in accordance with the provisions of the Privacy Act of 1974. E:\FR\FM\26NON1.SGM 26NON1

Agencies

[Federal Register Volume 73, Number 229 (Wednesday, November 26, 2008)]
[Notices]
[Pages 72117-72121]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E8-28183]


-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974

AGENCY: Department of Veterans Affairs (VA).

ACTION: Notice of New System of Records.

-----------------------------------------------------------------------

SUMMARY: The Privacy Act of 1974 (5 U.S.C. 552(e)(4)) requires that all 
agencies publish in the Federal Register a notice of the existence and 
character of their systems of records. Notice is hereby given that the 
Department of Veterans Affairs (VA) is establishing a new system of 
records entitled ``Administrative Data Repository--VA'' (150VA19).

DATES: Comments on this new system of records must be received no later 
than December 26, 2008. If no public comment is received during the 
period allowed for comment or unless otherwise published in the Federal 
Register by VA, the new system will become effective December 26, 2008.

ADDRESSES: Written comments may be submitted through https://
www.Regulations.gov; by mail or hand-delivery to the Director, 
Regulations Management (02REG), Department of Veterans Affairs, 810 
Vermont Ave., NW., Room 1068, Washington, DC 20420; or by fax to (202) 
273-9026. Copies of comments received will be available for public 
inspection in the Office of Regulation Policy and Management, Room 
1063B, between the hours of 8 a.m. and 4:30 p.m. Monday through Friday 
(except holidays). Please call (202) 461-4902 for an appointment. In 
addition, during the comment period, comments may be viewed online 
through the Federal Docket Management System (FDMS).

FOR FURTHER INFORMATION CONTACT: Stephania H, Putt, Veterans Health 
Administration (VHA) Privacy Officer, Department of Veterans Affairs, 
810 Vermont Avenue, NW., Washington, DC 20420, telephone (704) 245-
2492.

SUPPLEMENTARY INFORMATION:

[[Page 72118]]

I. Description of Proposed Systems of Records

    VHA Administrative Data Repository, ADR, is the enterprise data 
store for VHA persons. It includes identity, demographic and other 
administrative data for patients and non-patients, including employees, 
providers, IT users, etc.
    The Administrative Data Repository (ADR) has been established to 
provide support for those cross-cutting administrative data elements 
relative to multiple categories of a person entity. Although, initially 
focused on the computing needs of VHA, the ADR is positioned to provide 
identity management and demographics support for all IT systems within 
the Department of Veterans Affairs. As the authoritative data store for 
cross cutting administrative person data, the ADR will establish and 
manage this data as a VHA corporate asset. State-of-the-art security 
methodology will be implemented to ensure the integrity and 
confidentiality of person data administered by the ADR.

II. Proposed Routine Use Disclosures of Data in the System

    To the extent that records contained in the system include 
information protected by 38 U.S.C. 7332, i.e., medical treatment 
information related to drug abuse, alcoholism, or alcohol abuse, sickle 
cell anemia or infection with the human immunodeficiency virus, that 
information cannot be disclosed under a routine use unless there is 
also specific statutory authority permitting disclosure.
    Data stored in ADR is used as the source of identity, demographic 
and other administrative data for VHA enterprise. The routine uses of 
records maintained in the system, including categories of users and the 
purposes of such uses are described below:
    VHA is proposing the following routine use disclosures of 
information to be maintained in the system:
    1. The record of an individual who is covered by a system of 
records may be disclosed to a Member of Congress, or a staff person 
acting for the Member, when the Member or staff person requests the 
record on behalf of and at the written request of the individual.
    2. Disclosure may be made to National Archives and Records 
Administration (NARA) and the General Services Administration (GSA) in 
records management inspections conducted under authority of Title 44, 
Chapter 29, of the United States Code (U.S.C). NARA and GSA are 
responsible for management of old records no longer actively used, but 
which may be appropriate for preservation, and for the physical 
maintenance of the Federal government's records. VA must be able to 
provide the records to NARA and GSA in order to determine the proper 
disposition of such records.
    3. Disclosure may be made to other Government agencies in support 
of data exchanges of electronic medical record information approved by 
the individual.
    4. VA may disclose on its own initiative any information in this 
system, except the names and home addresses of veterans and their 
dependents, that is relevant to a suspected or reasonably imminent 
violation of law, whether civil, criminal or regulatory in nature and 
whether arising by general or program statute or by regulation, rule or 
order issued pursuant thereto, to a Federal, State, local, tribal, or 
foreign agency charged with the responsibility of investigating or 
prosecuting such violation, or charged with enforcing or implementing 
the statute, regulation, rule or order. VA may also disclose on its own 
initiative the names and addresses of veterans and their dependents to 
a Federal agency charged with the responsibility of investigating or 
prosecuting civil, criminal or regulatory violations of law, or charged 
with enforcing or implementing the statute, regulation, rule or order 
issued pursuant thereto.
    5. VA may disclose information from this system of records to the 
Department of Justice (DoJ), either on VA's initiative or in response 
to DoJ's request for the information, after either VA or DoJ determines 
that such information is relevant to DoJ's representation of the United 
States or any of its components in legal proceedings before a court or 
adjudicative body, provided that, in each case, the agency also 
determines prior to disclosure that release of the records to the DoJ 
is a use of the information contained in the records that is compatible 
with the purpose for which VA collected the records. VA, on its own 
initiative, may disclose records in this system of records in legal 
proceedings before a court or administrative body after determining 
that the disclosure of the records to the court or administrative body 
is a use of the information contained in the records that is compatible 
with the purpose for which VA collected the records.
    6. Disclosures of relevant information may be made to individuals, 
organizations, private or public agencies, or other entities with whom 
VA has a contract or agreement or where there is a subcontract to 
perform the services as VA may deem practicable for the purposes of 
laws administered by VA, in order for the contractor or subcontractor 
to perform the services of the contract or agreement. This routine use 
includes disclosures by the individual or entity performing the service 
for VA to any secondary entity or individual to perform an activity 
that is necessary for individuals, organizations, private or public 
agencies, or other entities or individuals with whom VA has a contract 
or agreement to provide the service to VA.
    7. Disclosure to other Federal agencies may be made to assist such 
agencies in preventing and detecting possible fraud or abuse by 
individuals in their operations and programs.
    8. VA may disclose information to the Equal Employment Opportunity 
Commission when requested in connection with investigations of alleged 
or possible discriminatory practices, examination of Federal 
affirmative employment programs, or for other functions of the 
Commission as authorized by law or regulation. VA must be able to 
provide information to the Commission to assist it in fulfilling its 
duties to protect employee's rights, as required by statute and 
regulation.
    9. VA may disclose to the Fair Labor Relations Authority (FLRA) 
(including its General Counsel) information related to the 
establishment of jurisdiction, the investigation and resolution of 
allegations of unfair labor practices, or information in connection 
with the resolution of exceptions to arbitration awards when a question 
of material fact is raised; to disclose information in matters properly 
before the Federal Services Impasse Panel, and to investigate 
representation petitions and conduct or supervise representation 
elections. VA must be able to provide information to FLRA to comply 
with the statutory mandate under which it operates.
    10. VA may disclose information to officials of the Merit Systems 
Protection Board (MSPB), or the Office of Special Counsel, when 
requested in connection with appeals, special studies of the civil 
service and other merit systems, review of rules and regulations, 
investigation of alleged or possible prohibited personnel practices, 
and such other functions, promulgated in 5 U.S.C. 1205 and 1206, or as 
authorized by law.
    11. VA may, on its own initiative, disclose any information or 
records to appropriate agencies, entities, and persons when (1) VA 
suspects or has confirmed that the integrity or confidentiality of 
information in the system of records has been compromised; (2) the 
Department has determined that as a result of the suspected or 
confirmed compromise,

[[Page 72119]]

there is a risk of embarrassment or harm to the reputations of the 
record subjects, harm to economic or property interests, identity theft 
or fraud, or harm to the security, confidentiality, or integrity of 
this system or other systems or programs (whether maintained by the 
Department or another agency or disclosure is to agencies, entities, or 
persons whom VA determines are reasonably necessary to assist or carry 
out the Department's efforts to respond to the suspected or confirmed 
compromise and prevent, minimize, or remedy such harm. This routine use 
permits disclosures by the Department to respond to a suspected or 
confirmed data breach, including the conduct of any risk analysis or 
provision of credit protection services as provided in 38 U.S.C. 5724, 
as the terms are defined in 38 U.S.C. 5727.

III. Compatibility of the Proposed Routine Uses

    The Privacy Act permits VA to disclose information about 
individuals without their consent for a routine use when the 
information will be used for a purpose that is compatible with the 
purpose for which VA collected the information. In all of the routine 
use disclosures described above, either the recipient of the 
information will use the information in connection with a matter 
relating to one of VA's programs, will use the information to provide a 
benefit to VA, or disclosure is required by law.
    The notice of intent to publish and an advance copy of the system 
notice have been sent to the appropriate Congressional committees and 
to the Director of the Office of Management and Budget (OMB) as 
required by 5 U.S.C. 552a(r) (Privacy Act) and guidelines issued by OMB 
(65 FR 77677), December 12, 2000.

    Approved: November 7, 2008.
Gordon H. Mansfield,
Deputy Secretary of Veterans Affairs.
150VA19

SYSTEM NAME:
    Administrative Data Repository--VA.

SYSTEM LOCATION:
    Records are maintained in the Corporate Franchise Data Center. 
Address locations for VA AAC are 1615 Woodward Street, Austin, Texas 
78772-001. In addition, information from these records or copies of 
records may be maintained at the Department of Veterans Affairs, 810 
Vermont Avenue, NW., Washington, DC, VA Data Processing Centers, VA CIO 
Field Offices, Veterans Integrated Service Network Offices, and 
Employee Education Systems.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The records include information concerning current and former VHA 
patients, employees, providers, volunteers, trainees and contractors, 
as well as individuals working collaboratively with VHA.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The records may include information related to:
    1. Administrative assignments or categorization of duties of 
certain VHA personnel;
    2. The record may include identifying demographic information 
(e.g., name, date of birth, gender, social security number, taxpayer 
identification number); and other demographic information such as 
address (e.g., home and/or mailing address, home telephone number, 
emergency contact information such as name, address, telephone number, 
and relationship); education and continuing education (e.g., name and 
address of schools and dates of attendance, courses attended and 
scheduled to attend, grades, type of degree, certificate, etc.); 
information related to military service and status; qualifications for 
employment (e.g., license, degree, registration or certification, 
experience); veteran enrollment and eligibility information including 
financial assessments.
    3. Electronic messages used for network communication between VHA 
systems; and
    4. Health care providers' social security number and National 
Provider Identifier.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Title 38, United States Code, Section 501.and Section 7304.

PURPOSE (S):
    The main purpose of the Administrative Data Repository is to 
establish person identity throughout the VHA enterprise. The purpose of 
the system of records is to provide a repository for the administrative 
information that is used to accomplish the purposes described within 
this document including determining veteran benefits and eligibility. 
The records include information provided by patients, providers, 
employees, volunteers, trainees, contractors and others that receive IT 
access to our computer systems and information obtained in the course 
of routine work done including VHA patient care provided. Quality 
assurance information that is protected by 38 U.S.C. 7311 and 38 CFR 
17.500-17.511 is not within the scope of the Privacy Act and, 
therefore, is not included in this system of records or filed in a 
manner in which the information may be retrieved by reference to an 
individual identifier.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    To the extent that records contained in the system include 
information protected by 38 U.S.C. 7332, i.e., medical treatment 
information related to drug abuse, alcoholism, or alcohol abuse, sickle 
cell anemia or infection with the human immunodeficiency virus, that 
information cannot be disclosed under a routine use unless there is 
also specific statutory authority permitting disclosure.
    Data stored in ADR is used as the source of identity, demographic 
and other administrative data for VHA enterprise. The routine uses of 
records maintained in the system, including categories of users and the 
purposes of such uses are described below:
    1. The record of an individual who is covered by a system of 
records may be disclosed to a Member of Congress, or a staff person 
acting for the Member, when the Member or staff person requests the 
record on behalf of and at the written request of the individual.
    2. Disclosure may be made to National Archives and Records 
Administration (NARA) and the General Services Administration (GSA) in 
records management inspections conducted under authority of Title 44, 
Chapter 29, of the United States Code (U.S.C).
    3. Disclosure may be made to other Government agencies in support 
of data exchanges of electronic medical record information approved by 
the individual.
    4. VA may disclose on its own initiative any information in this 
system, except the names and home addresses of veterans and their 
dependents, that is relevant to a suspected or reasonably imminent 
violation of law, whether civil, criminal or regulatory in nature and 
whether arising by general or program statute or by regulation, rule or 
order issued pursuant thereto, to a Federal, State, local, tribal, or 
foreign agency charged with the responsibility of investigating or 
prosecuting such violation, or charged with enforcing or implementing 
the statute, regulation, rule or order. VA may also disclose on its own 
initiative the names and addresses of veterans and their dependents to 
a Federal agency charged with the responsibility of investigating or 
prosecuting civil, criminal or regulatory violations of law, or charged 
with enforcing or

[[Page 72120]]

implementing the statute, regulation, rule or order issued pursuant 
thereto.
    5. VA may disclose information from this system of records to the 
Department of Justice (DoJ), either on VA's initiative or in response 
to DoJ's request for the information, after either VA or DoJ determines 
that such information is relevant to DoJ's representation of the United 
States or any of its components in legal proceedings before a court or 
adjudicative body, provided that, in each case, the agency also 
determines prior to disclosure that release of the records to the DoJ 
is a use of the information contained in the records that is compatible 
with the purpose for which VA collected the records. VA, on its own 
initiative, may disclose records in this system of records in legal 
proceedings before a court or administrative body after determining 
that the disclosure of the records to the court or administrative body 
is a use of the information contained in the records that is compatible 
with the purpose for which VA collected the records.
    6. Disclosures of relevant information may be made to individuals, 
organizations, private or public agencies, or other entities with whom 
VA has a contract or agreement or where there is a subcontract to 
perform the services as VA may deem practicable for the purposes of 
laws administered by VA, in order for the contractor or subcontractor 
to perform the services of the contract or agreement.
    7. Disclosure to other Federal agencies may be made to assist such 
agencies in preventing and detecting possible fraud or abuse by 
individuals in their operations and programs.
    8. VA may disclose information to the Equal Employment Opportunity 
Commission when requested in connection with investigations of alleged 
or possible discriminatory practices, examination of Federal 
affirmative employment programs, or for other functions of the 
Commission as authorized by law or regulation.
    9. VA may disclose to the Fair Labor Relations Authority (FLRA) 
(including its General Counsel) information related to the 
establishment of jurisdiction, the investigation and resolution of 
allegations of unfair labor practices, or information in connection 
with the resolution of exceptions to arbitration awards when a question 
of material fact is raised; to disclose information in matters properly 
before the Federal Services Impasse Panel, and to investigate 
representation petitions and conduct or supervise representation 
elections.
    10. VA may disclose information to officials of the Merit Systems 
Protection Board (MSPB), or the Office of Special Counsel, when 
requested in connection with appeals, special studies of the civil 
service and other merit systems, review of rules and regulations, 
investigation of alleged or possible prohibited personnel practices, 
and such other functions, promulgated in 5 U.S.C. 1205 and 1206, or as 
authorized by law.
    11. VA may, on its own initiative, disclose any information or 
records to appropriate agencies, entities, and persons when (1) VA 
suspects or has confirmed that the integrity or confidentiality of 
information in the system of records has been compromised; (2) the 
Department has determined that as a result of the suspected or 
confirmed compromise, there is a risk of embarrassment or harm to the 
reputations of the record subjects, harm to economic or property 
interests, identity theft or fraud, or harm to the security, 
confidentiality, or integrity of this system or other systems or 
programs (whether maintained by the Department or another agency or 
disclosure is to agencies, entities, or persons whom VA determines are 
reasonably necessary to assist or carry out the Department's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm. This routine use permits disclosures by the 
Department to respond to a suspected or confirmed data breach, 
including the conduct of any risk analysis or provision of credit 
protection services as provided in 38 U.S.C. 5724, as the terms are 
defined in 38 U.S.C. 5727.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are maintained at the Corporate Franchise Data Center which 
is a VA operated facility. Information is stored on disk media.

RETRIEVABILITY:
    Records are retrieved by person identifying traits such as name, 
social security number and other assigned unique identifiers of the 
individuals on whom they are maintained.

SAFEGUARDS:
    1. Access to VA working and storage areas is restricted to VA 
employees on a ``need-to-know'' basis; strict control measures are 
enforced to ensure that disclosure to these individuals is also based 
on this same principle. Generally, VA file areas are locked after 
normal duty hours and the facilities are protected from outside access 
by the Federal Protective Service or other security personnel.
    2. Access to file information is controlled at two levels; the 
systems recognize authorized employees by series of individually unique 
passwords/codes as a part of each data message, and the employees are 
limited to only that information in the file which is needed in the 
performance of their official duties. Information that is downloaded 
from ADR and maintained on personal computers is afforded similar 
storage and access protections as the data that is maintained in the 
original files. Access to information stored on automated storage media 
at other VA locations is controlled by individually unique passwords/
codes.
    3. Access to the Austin Automation Center is generally restricted 
to Center employees, custodial personnel, Federal Protective Service 
and other security personnel. Access to computer rooms is restricted to 
authorized operational personnel through electronic locking devices. 
All other persons gaining access to computer rooms are escorted. 
Information stored in the computer may be accessed by authorized VA 
employees at remote locations including VA health care facilities, 
Information Systems Centers, VA Central Office, and Veteran Integrated 
Service Networks. Access is controlled by individually unique 
passwords/codes which must be changed periodically by the employee.

RETENTION AND DISPOSAL:
    The records must be disposed of in accordance with the records 
retention standards authorized by the National Archives and Records 
Administration General Records Schedule 14, item 6, and published in 
the Veterans Health Administration Records Control Schedule 10-1, Item 
XLV.

SYSTEM MANAGER(S) AND ADDRESS:
    Official responsible for policies and procedures; Chief Information 
Officer (19), Department of Veterans Affairs, 810 Vermont Avenue, NW., 
Washington, DC 20420. Official maintaining this system of record: 
Director National Data Systems (19F-4), Corporate Franchise Center, 
1615 Woodward Street, Austin, Texas 78772.

NOTIFICATION PROCEDURE:
    Individuals who wish to determine whether this system of records 
contains information about them should contact the VA facility location 
at which they are or were employed or treated or made or have contact. 
Inquiries should include the person's full name, social security 
number, dates of treatment, dates of employment, date(s) of contact, 
and/or return address.

[[Page 72121]]

RECORD ACCESS PROCEDURE:
    Individuals seeking information regarding access to and contesting 
of records in this system may write, call or visit the VA facility 
location where they are or were employed or treated or made contact.

CONTESTING RECORD PROCEDURES:
    (See Record Access Procedures above.)

RECORD SOURCE CATEGORIES:
    Information in this system of records is provided by patients, 
employees, providers, IT users, and others that work collaboratively 
with VHA.

 [FR Doc. E8-28183 Filed 11-25-08; 8:45 am]
BILLING CODE 8320-01-P