Privacy Act of 1974; System of Records, 26766-26769 [E9-12954]

Agencies

• DEPARTMENT OF VETERANS AFFAIRS

[Federal Register Volume 74, Number 105 (Wednesday, June 3, 2009)]
[Notices]
[Pages 26766-26769]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E9-12954]



[[Page 26766]]

=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Department of Veterans Affairs (VA).

ACTION: Notice of amendment to system of records.

-----------------------------------------------------------------------

SUMMARY: As required by the Privacy Act of 1974, 5 U.S.C. 552a(e), 
notice is hereby given that the Department of Veterans Affairs (VA) is 
amending the system of records currently entitled ``Patient 
Representation Program Records--VA'' (100VA10NS10) as set forth in the 
Federal Register 67 FR 211 dated October 31, 2002. VA is amending the 
system by changing the system name to Patient Advocate Tracking System 
(PATS); Supplementary Information, Routine Uses of Records Maintained 
in the System, Including Categories of Users and the Purposes of Such 
Uses, the System Location; Categories of Records in the System; 
Safeguards; System Manager and Address. VA is republishing the system 
notice in its entirety.

DATES: Comments on the amendment of this system of records must be 
received no later than July 6, 2009. If no public comment is received, 
the amended system will become effective July 6, 2009.

ADDRESSES: Written comments may be submitted through https://www.Regulations.gov; by mail or hand-delivery to Director, Regulations 
Management (02REG), Department of Veterans Affairs, 810 Vermont Avenue, 
NW., Room 1068, Washington, DC 20420; or by fax to (202) 273-9026. 
Comments received will be available for public inspection in the Office 
of Regulation Policy and Management, Room 1063B, between the hours of 8 
a.m. and 4:30 p.m., Monday through Friday (except holidays). Please 
call (202) 461-4902 (this is not a toll-free number) for an 
appointment. In addition, during the comment period, comments may be 
viewed online through the Federal Docket Management System (FDMS) at 
https://www.Regulations.gov.

FOR FURTHER INFORMATION CONTACT: Veterans Health Administration (VHA) 
Privacy Officer, Department of Veterans Affairs, 810 Vermont Avenue, 
NW., Washington, DC 20420; telephone (704) 245-2492.

SUPPLEMENTARY INFORMATION: 

I. Description of Proposed System of Records

    Amendments to this System of Records are the result of the 
improvement of the tracking system from the Veterans Health Information 
Systems and Technology Architecture (VistA) to the utilization of a 
centralized Web based system, Patient Advocate Tracking System (PATS).
    The primary function of the Patient Advocate Program is to serve as 
a direct channel of communication and mediation between VA healthcare 
facility management and individual patients, veterans who have applied 
for care, their friends, their families, VA healthcare providers and 
members of the community. A VA healthcare provider is anyone hired by 
VA and working at a VA facility be it a VA medical center (VAMC), 
Outpatient Clinic or Community-Based Outpatient Clinic. An employee may 
be full-time, part-time, or intermittent and includes temporary 
workers. Members of the community include congressional liaisons, 
veteran's service organizations and attorneys. The program functions as 
the liaison between the patient and the healthcare system, ensures that 
patients receive entitled healthcare benefits and services in a 
dignified and compassionate manner, and ensures that healthcare 
facility policies and practices are in conformance with the VA 
Patients' Rights and Responsibilities. The program is the primary 
source for response when veteran patients' expectations are not met 
within the VA healthcare system. The Patient Advocates' activities 
cross all organizational lines of authority at the healthcare 
facilities for the purpose of expressing patient concerns and 
resolution of patient complaints. Information collected from the 
program is integrated into the overall quality improvement plans and 
activities of the healthcare facility. The purpose of the system of 
records is to establish a repository for the information that is 
collected to accomplish the purposes described. Records are maintained 
at the local VA level on behalf of the veteran making the complaint or 
compliment so improvements may be made at the VA healthcare facility.

II. Proposed Routine Use Disclosures of Data in the System

    A new Routine Use 15 is added. VA may disclose information from 
this system to the Equal Employment Opportunity Commission (EEOC) when 
requested in connection with investigations of alleged or possible 
discriminatory practices, examination of Federal affirmative employment 
programs, or other functions of the Commission as authorized by law or 
regulation. This routine use enables VA to provide information to EEOC 
to assist it in fulfilling its duties to protect employees' rights, as 
required by statute and regulation.
    A new Routine Use 16 is added. VA may disclose information from 
this system to the Merit Systems Protection Board (MSPB), or the Office 
of the Special Counsel, when requested in connection with appeals, 
special studies of the civil service and other merit systems, review of 
rules and regulations, investigation of alleged or possible prohibited 
personnel practices, and such other functions promulgated in 5 U.S.C. 
1205 and 1206, or as authorized by law. This routine use enables VA to 
provide information to MSPB to assist it in fulfilling its duties as 
required by statute and regulation.
    A new Routine Use 17 is added. Disclosure to other Federal agencies 
may be made to assist such agencies in preventing and detecting 
possible fraud or abuse by individuals in their operations and 
programs.
    This routine use permits disclosures by the Department to report a 
suspected incident of identity theft and provide information and/or 
documentation related to or in support of the reported incident.
    A new Routine Use 18 is added. VA may, on its own initiative, 
disclose any information or records to appropriate agencies, entities, 
and persons when (1) VA suspects or has confirmed that the integrity or 
confidentiality of information in the system of records has been 
compromised; (2) the Department has determined that as a result of the 
suspected or confirmed compromise, there is a risk of embarrassment or 
harm to the reputations of the record subjects, harm to economic or 
property interests, identity theft or fraud, or harm to the security, 
confidentiality, or integrity of this system or other systems or 
programs (whether maintained by the Department or another agency or 
entity) that rely upon the potentially compromised information; and (3) 
the disclosure is to agencies, entities, or persons whom VA determines 
are reasonably necessary to assist or carry out the Department's 
efforts to respond to the suspected or confirmed compromise and 
prevent, minimize, or remedy such harm. This routine use permits 
disclosures by the Department to respond to a suspected or confirmed 
data breach, including the conduct of any risk analysis or provision of 
credit protection services as provided in 38

[[Page 26767]]

U.S.C. 5724, as the terms are defined in 38 U.S.C. 5727.

III. Compatibility of the Proposed Routine Uses

    The Privacy Act permits VA to disclose information about 
individuals without their consent for a routine use when the 
information will be used for a purpose that is compatible with the 
purpose for which VA collected the information. In all of the routine 
use disclosures described above, the recipient of the information will 
use the information in connection with a matter relating to one of VA's 
programs, will use the information to provide a benefit to VA, or 
disclosure is required by law.
    The notice of intent to publish and an advance copy of the system 
notice have been sent to the appropriate Congressional committees and 
to the Director of the Office of Management and Budget (OMB) as 
required by 5 U.S.C. 552a(r) (Privacy Act) and guidelines issued by OMB 
(65 FR 77677), December 12, 2000.

    Approved: May 18, 2009.
John R. Gingrich,
Chief of Staff, Department of Veterans Affairs.
100VA10NS10

SYSTEM NAME:
    Patient Advocate Tracking System (PATS)-VA.

SYSTEM LOCATION:
    PATS application is installed on a centrally located system at 
Falling Waters. The backup system in case of disaster recovery scenario 
is located at Hines. The data entered into the application also resides 
on this central system. A limited set of information is transferred 
from this central system in Falling Waters to Austin Automation Center. 
This limited set of information transferred to Austin Automation Center 
is utilized to run specific reports for central business office.
    Patient contacts are coded in order to facilitate tracking of these 
contacts to show where system improvements might be made. Aggregate 
data are maintained at the Network and Headquarters levels for the 
development of reports to make system wide changes. Records are 
collected and stored electronically for ease of retrieval by individual 
patient names and ease in compiling aggregate data.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The records include information concerning individual patients, 
veterans who have applied for care, their friends, their families, VA 
healthcare providers and members of the community. Members of the 
community include congressional liaisons, veterans service 
organizations and attorneys.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The records may include information maintained in paper records, 
and entered into a centralized Web based system, Patient Advocate 
Tracking System (PATS) related to concerns and complaints regarding an 
individual's medical care, VA benefits, and/or encounters with 
healthcare facility personnel. The records include information that is 
compiled to review, investigate, and resolve these issues.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Title 38, United States Code, chapter 73, section 7301 (b).

PURPOSE(S):
    The records may be used for such purposes as producing various 
management and patient follow-up reports; responding to patient and 
other inquiries; conducting healthcare-related studies, statistical 
analysis, and resource allocation planning; providing clinical and 
administrative support to patient medical care; audits, reviews and 
investigations conducted by the staff of the healthcare facility, VISN, 
VHA Headquarters, and VA's Office of Inspector General (OIG); law 
enforcement investigations; quality improvement reviews and 
investigations; personnel management and evaluation; employee ratings 
and performance evaluations; employee disciplinary or other adverse 
action, including discharge; advising healthcare professional licensing 
or monitoring bodies or similar entities or activities of VA and former 
VA healthcare personnel; accreditation of a facility by an entity such 
as the Joint Commission; and, notifying medical schools of medical 
students' performance. The information is integrated into the overall 
quality improvement plans and activities of the facility and used to 
improve services and communications, as well as, to track categories of 
complaints and the locations of complaints in order to improve the 
delivery of healthcare.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    To the extent that records contained in the system include 
information protected by 45 CFR Parts 160 and 164, i.e., individually 
identifiable health information, and 38 U.S.C. 7332, i.e., medical 
treatment information related to drug abuse, alcoholism or alcohol 
abuse, sickle cell anemia or infection with the human immunodeficiency 
virus, that information cannot be disclosed under a routine use unless 
there is also specific statutory authority in 38 U.S.C. 7332 and 
regulatory authority in 45 CFR Parts 160 and 164 permitting disclosure.
    1. The record of an individual who is covered by a system of 
records may be disclosed to a Member of Congress, or a staff person 
acting for the Member, when the Member or staff person requests the 
record on behalf of and at the written request of the individual.
    2. Disclosure may be made to the National Archives and Record 
Administration and the General Services Administration for records 
management inspections conducted under authority of Title 44, Chapter 
29, of the United States Code (U.S.C.).
    3. VA may disclose information from this system of records to the 
Department of Justice (DoJ), either on VA's initiative or in response 
to DoJ's request for the Information, after either VA or DoJ determines 
that such information is relevant to DoJ's representation of the United 
States or any of its components in legal proceedings before a court or 
adjudicative body, provided that, in each case, the agency also 
determines prior to disclosure that release of the records to the DoJ 
is a use of the information contained in the records that is compatible 
with the purpose for which VA collected the records. VA, on its own 
initiative, may disclose records in this system of records in legal 
proceedings before a court or administrative body after determining 
that the disclosure of the records to the court or administrative body 
is a use of the information contained in the records that is compatible 
with the purpose for which VA collected the records.
    4. Disclosure may be made to any facility regarding the hiring, 
performance, or other personnel-related information with which there 
is, or there is proposed to be, an affiliation, sharing agreement, 
contract, or similar arrangement for purposes of establishing, 
maintaining, or expanding any such relationship.
    5. Disclosure may be made to a Federal agency or to a State or 
local government licensing board and/or to the Federation of State 
Medical Boards or a similar non-government entity which maintains 
records concerning individual employment histories or concerning the 
issuance, retention or revocation of licenses, certifications, or 
registration necessary to practice an occupation, profession or 
specialty, in order for the Department to obtain information relevant 
to a Department decision concerning the hiring, retention or 
termination of an employee

[[Page 26768]]

or to inform Federal agencies, licensing boards or the appropriate non-
government entities about the healthcare practices of employees who 
resigned, were terminated, or retired and whose professional healthcare 
activity so significantly failed to conform to generally accepted 
standards of professional medical practice as to raise reasonable 
concern for the health and safety of patients receiving medical care in 
the private sector or from another Federal agency. These records may 
also be disclosed as part of an ongoing computer-matching program to 
accomplish these purposes.
    6. For program review purposes and the seeking of accreditation 
and/or certification, disclosure may be made to survey teams of the 
Joint Commission, College of American Pathologists, American 
Association of Blood Banks, and similar national accreditation agencies 
or boards with whom VA has a contract or agreement to conduct such 
reviews, but only to the extent that the information is necessary and 
relevant to the review.
    7. Disclosure may be made to a State or local government entity or 
national certifying body which has the authority to make decisions 
concerning the issuance, retention or revocation of licenses, 
certifications or registrations required to practice a healthcare 
profession, when requested in writing by an investigator or supervisory 
official of the licensing entity or national certifying body for the 
purpose of making a decision concerning the issuance, retention or 
revocation of the license, certification or registration of a named 
healthcare professional.
    8. Disclosure of information to the Federal Labor Relations 
Authority (including its General Counsel) when requested in connection 
with the investigation and resolution of allegations of unfair labor 
practices, in connection with the resolution of exceptions to 
arbitration awards when a question of material fact is raised, in 
connection with matters before the Federal Service Impasses Panel, and 
to investigate representation petitions and conduct or supervise 
representation elections.
    9. Disclosure of relevant information may be made to individuals, 
organizations, private or public agencies, or other entities with whom 
VA has a contract or agreement or where there is a subcontract to 
perform such services as VA may deem practicable for the purposes of 
laws administered by VA, in order for the contractor or subcontractor 
to perform the services of the contract or agreement.
    10. Disclosure may be made to a Federal agency, in response to its 
request, in connection with the hiring or retention of an employee, the 
issuance of a security clearance, the reporting of an investigation of 
an employee, the letting of a contract, or the issuance of a license, 
grant, or other benefit by the requesting agency, to the extent that 
the information is relevant and necessary to the requesting agency's 
decision on the matter.
    11. Disclosure may be made to a Federal, State or local agency 
maintaining civil, criminal or other relevant information such as 
current licenses, if necessary to obtain information relevant to any 
agency decision concerning the hiring or retention of an employee, the 
issuance of a security clearance, the letting of a contract, or the 
issuance of a license, grant or other health, educational or welfare 
benefit.
    12. Disclosure of information may be made to the next-of-kin and/or 
the person(s) with whom the patient has a meaningful relationship to 
the extent necessary and on a need-to-know basis consistent with good 
medical-ethical practices.
    13. A record containing the name(s) and address(es) of present or 
former members of the armed services and/or their dependents may be 
disclosed under certain circumstances to any criminal or civil law 
enforcement governmental agency or instrumentality charged under 
applicable law with the protection of the public's health or safety, if 
a qualified representative of such organization, agency or 
instrumentality has made a standing written request that such name(s) 
or address(es) be provided for a purpose authorized by law; provided 
that the record(s) will not be used for any purpose other than that 
stated in the request and that organization, agency or instrumentality 
is aware of the penalty provision of 38 U.S.C. 5701(f).
    14. VA may disclose on its own initiative any information in this 
system, except the names and home addresses of veterans and their 
dependents, which is relevant to a suspected or reasonably imminent 
violation of law, whether civil, criminal or regulatory in nature and 
whether arising by general or program statute or by regulation, rule or 
order issued pursuant thereto, to a Federal, State, local, Tribal, or 
foreign agency charged with the responsibility of investigating or 
prosecuting such violation, or charged with enforcing or implementing 
the statute, regulation, rule or order. On its own initiative, VA may 
also disclose the names and addresses of veterans and their dependents 
to a Federal agency charged with the responsibility of investigating or 
prosecuting civil, criminal or regulatory violations of law, or charged 
with enforcing or implementing the statute, regulation, rule or order 
issued pursuant thereto.
    15. VA may disclose information from this system to the Equal 
Employment Opportunity Commission (EEOC) when requested in connection 
with investigations of alleged or possible discriminatory practices, 
examination of Federal affirmative employment programs, or other 
functions of the Commission as authorized by law or regulation.
    16. VA may disclose information from this system to the Merit 
Systems Protection Board (MSPB), or the Office of the Special Counsel, 
when requested in connection with appeals, special studies of the civil 
service and other merit systems, review of rules and regulations, 
investigation of alleged or possible prohibited personnel practices, 
and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as 
authorized by law.
    17. Disclosure to other Federal agencies may be made to assist such 
agencies in preventing and detecting possible fraud or abuse by 
individuals in their operations and programs.
    18. VA may, on its own initiative, disclose any information or 
records to appropriate agencies, entities, and persons when (1) VA 
suspects or has confirmed that the integrity or confidentiality of 
information in the system of records has been compromised; (2) the 
Department has determined that as a result of the suspected or 
confirmed compromise, there is a risk of embarrassment or harm to the 
reputations of the record subjects, harm to economic or property 
interests, identity theft or fraud, or harm to the security, 
confidentiality, or integrity of this system or other systems or 
programs (whether maintained by the Department or another agency or 
entity) that rely upon the potentially compromised information; and (3) 
the disclosure is to agencies, entities, or persons whom VA determines 
are reasonably necessary to assist or carry out the Department's 
efforts to respond to the suspected or confirmed compromise and 
prevent, minimize, or remedy such harm. This routine use permits 
disclosures by the Department to respond to a suspected or confirmed 
data breach, including the conduct of any risk analysis or provision of 
credit protection services as provided in 38 U.S.C. 5724, as the terms 
are defined in 38 U.S.C. 5727.

[[Page 26769]]

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are maintained on paper, microfilm, magnetic tape, disk, or 
laser optical media. In most cases, copies of back-up computer files 
are maintained at off-site locations.

RETRIEVABILITY:
    Records are retrieved by name, social security number or other 
assigned identifiers of the individuals on whom they are maintained.

SAFEGUARDS:
    1. Access to VA working and storage areas is restricted to VA 
employees on a ``need-to-know'' basis; strict control measures are 
enforced to ensure that disclosure to these individuals is also based 
on this same principle. Generally, VA file areas are locked after 
normal duty hours and the facilities are protected from outside access 
by the Federal Protective Service or other security personnel.
    2. Patient Advocate Tracking System (PATS) is a Web based 
application installed on central computer systems in a data center at 
Falling Waters, WV. The systems are maintained by authorized personnel. 
The end users access the application using the Web browser installed on 
their desktops. Additionally, access to computer rooms at health care 
facilities is generally limited by appropriate locking devices and 
restricted to authorized VA employees and vendor personnel. ADP 
peripheral devices are placed in secure areas (areas that are locked or 
have limited access) or are otherwise protected. Information in VistA 
may be accessed by authorized VA employees. Access to PATS application 
and data in the application is controlled at two levels; the systems 
recognize authorized employees by series of individually unique 
passwords/codes as a part of each data message, and the employees are 
limited to only that information in the application which is needed in 
the performance of their official duties. Information that is 
downloaded from PATS and maintained on personal computers is afforded 
similar storage and access protections as the data that is maintained 
in the original files. Access to information stored on automated 
storage media at other VA locations is controlled by individually 
unique passwords/codes.
    3. Access to the Austin VA Data Processing Center is generally 
restricted to Center employees, custodial personnel, Federal Protective 
Service and other security personnel. Access to computer rooms is 
restricted to authorized operational personnel through electronic 
locking devices. All other persons gaining access to computer rooms are 
escorted. Information stored in the computer may be accessed by 
authorized VA employees at remote locations including VA health care 
facilities, Information Systems Centers, VA Central Office, and Veteran 
Integrated Service Networks. Access is controlled by individually 
unique passwords/codes which must be changed periodically by the 
employee.

RETENTION AND DISPOSAL:
    Paper records and information stored on electronic storage media 
are maintained and disposed of in accordance with Records Control 
Schedule 10-1, Section XLV, as authorized by the National Archives and 
Records Administration of the United States.

SYSTEM MANAGER(S) AND ADDRESS:
    Official responsible for policies and procedures; Director, 
National Veteran Service and Advocacy Program, Department of Veterans 
Affairs, 810 Vermont Avenue, NW., Washington, DC 20420. Officials 
maintaining the system are the Director at the facility where the 
individual were associated.

NOTIFICATION PROCEDURE:
    Individuals who wish to determine whether this system of records 
contains information about them should contact the VA facility location 
at which they are or were employed or made or have contact. Inquiries 
should include the person's full name, social security number, dates of 
employment, date(s) of contact, and return address.

RECORD ACCESS PROCEDURE:
    Individuals seeking information regarding access to and contesting 
of records in this system may write, call or visit the VA facility 
location where they are or were employed or made contact.

CONTESTING RECORD PROCEDURES:
    (See Record Access Procedures above.)

RECORD SOURCE CATEGORIES:
    The patient, family members, and friends, employers or other third 
parties when otherwise unobtainable from the patient or family; Patient 
Medical Records--VA (24VA136); private medical facilities and 
healthcare professionals; State and local agencies; other Federal 
agencies; VISNs, Veterans Benefits Administration automated record 
systems (including Veterans and Beneficiaries Identification and 
Records Location Subsystem--VA (38VA23) and the Compensation, Pension, 
Education and Rehabilitation Records--VA (58VA21/22); and various 
automated systems providing clinical and managerial support at VA 
healthcare facilities.

 [FR Doc. E9-12954 Filed 6-2-09; 8:45 am]
BILLING CODE 8320-01-P