Privacy Act of 1974; System of Records, 44905-44911 [E9-20911]

Agencies

• DEPARTMENT OF VETERANS AFFAIRS

[Federal Register Volume 74, Number 167 (Monday, August 31, 2009)]
[Notices]
[Pages 44905-44911]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E9-20911]


-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Department of Veterans Affairs (VA).

ACTION: Notice of Amendment to System of Records.

-----------------------------------------------------------------------

SUMMARY: As required by the Privacy Act of 1974, 5 U.S.C. 552a(e), 
notice is hereby given that the Department of Veterans Affairs (VA) is 
amending the system of records currently entitled ``Non-VA Fee Basis 
Records--VA (23VA163), as set forth in 67 FR 61205-61209, September 27, 
2002. VA is amending the system by revising the paragraphs for System 
Number, System Location, Categories of Individuals Covered by the 
System, Categories of Records in the System, Authority for Maintenance 
of the System; Purpose(s), Routine Uses or Records Maintained in the 
System, Including Categories of Users and the Purposes of Such Uses, 
System Manager(s) and Address; and, Record Source Categories. VA is 
republishing the system notice in its entirety.

DATES: Comments on the amendment of this system of records must be 
received no later than September 30, 2009. If no public comment is 
received, the amended system will become effective September 30, 2009.

ADDRESSES: Written comments may be submitted through https://www.Regulations.gov; by mail or hand-delivery to Director, Regulations 
Management (02REG), Department of Veterans Affairs, 810 Vermont Avenue, 
NW., Room 1068, Washington, DC 20420; or by fax to (202) 273-9026. 
Comments received will be available for public inspection in the Office 
of Regulation Policy and Management, Room 1063B, between the hours of 8 
a.m. and 4:30 p.m., Monday through Friday (except holidays). Please 
call (202) 461-4902 (this is not a toll-free number) for an 
appointment. In addition, during the comment period, comments may be 
viewed online through the Federal Docket Management System (FDMS) at 
https://www.Regulations.gov.

FOR FURTHER INFORMATION CONTACT: Veterans Health Administration (VHA) 
Privacy Officer, Department of Veterans Affairs, 810 Vermont Avenue, 
NW., Washington, DC 20420; telephone (704) 245-2492.

SUPPLEMENTARY INFORMATION: VA is renumbering the system of records from 
23VA163 to 23VA16 to reflect organizational changes in the Department. 
The system location has been redescribed to include records that will 
be maintained at the VA Health Administration Center, Denver, Colorado 
upon processing of electronic fee basis claim transactions. A statement 
is added clarifying that electronic images of Fee claims may be 
maintained at field facilities and at the VA Financial Service Center, 
Austin, Texas. Reference to Veterans Benefits Administration (VBA) 
Regional Directors and Division Offices has been deleted as a system 
location site as no information from this system of records is 
maintained at those offices.
    The Categories of Individuals Covered by the System has been 
amended to update legal citations. The authority for maintenance of the 
system has been amended to provide updated references.
    The Categories of Records in the System was amended to further 
explain the personal information contained in the system. Additional 
information was added to explain claim data information necessary to 
properly consider claims for payment, correspondence concerning 
individuals and documents pertaining to claims for medical services, 
reasons for denial of payment and appellate determinations.
    The Purpose has been updated to reflect VA's reasons for 
maintaining this system of records, including establishing and 
monitoring of eligibility for and payment of non-VA health care 
services.
    Policies and practices for storing, retrieving, accessing, 
retaining, and disposing of records in the system has been amended by 
removing specific references to automated system nomenclature and 
deleting references to Veterans Benefit Administration offices. 
Additional statements were added to describe the records stored at the 
Health Administration Center, ways to retrieve the information at the 
Allocation Resource Center, and to provide notice that paper documents 
may be destroyed following imaging. The organizational name for 
Regional Directors and Division Offices has been updated to reflect its 
current title, Veterans Integrated Service Networks.
    The system manager(s) and address has been updated to reflect the 
correct title for the official responsible for policies and procedures 
and the new address for the location of the national fee office. The 
Record Source Categories has been revised to identify the name of each 
Federal agency that is a source of information to the record system and 
removing reference to their Privacy Act system of records as the 
source.
    Routine Uses of Records Maintained in the System, including 
Categories of Users and the Purposes of Such Uses has been amended. The 
introductory paragraph was reworded to indicate compliance with the 
Health Insurance Portability and Accountability Act requirements and 
VA's statutory requirements governing confidentiality of certain 
medical records.
    Routine use one (1) has been amended by deleting the provision to 
release information to foreign government agencies. Routine uses four 
(4) and five (5) have been consolidated and amended with the addition 
of disclosing information to the Department of the Treasury for the 
purpose of debt collection. Routine uses 6 through 12 have been 
renumbered as routine uses 5 to 11. Renumbered routine use 9 has been 
amended to allow VA to disclose to the billing or collection agents of 
non-VA health care providers for payment purposes. Routine use thirteen 
(13) has been renumbered as routine use twelve (12) and amended to 
permit disclosure of payment information to any other Federal agency 
for the purpose of identifying and collecting duplicate payments 
potentially made for the same services. Routine use fourteen (14) has 
been renumbered as routine use thirteen (13).
    New routine use statements 14 through 29 have been added to permit 
disclosure of information to Federal agencies and other parties for the 
described purposes:
     Routine use fourteen (14) authorizes disclosure of 
information to attorneys, insurance companies, employers, boards, or 
commissions when needed to aid VA in the preparation, presentation, and 
prosecution of claims authorized under law and regulation. This routine 
use is necessary in order for VA to

[[Page 44906]]

properly assert its rights to prosecute and defend legal actions, in 
which VA is a party, and to realize any asset, right, and benefit that 
VA is entitled by law and regulation.
     Routine use fifteen (15) permits disclosure of information 
to Department of Justice to aid the United States in the preparation, 
presentation, and prosecution or defense of claims and actions 
involving the United States. This routine use is necessary in order for 
the government of the United States to properly assert its rights to 
prosecute and defend legal actions, in which it is named a party, and 
to realize any asset, right, and benefit so entitled or assigned by law 
and regulation. This routine use would not constitute authority to 
disclose records in response to a court order under the Privacy Act 
subsection (b)(11), 5 U.S.C. Sec.  552 (b)(11), or any other provision 
of the Privacy Act subsection (b), pursuant to the court's analysis in 
Doe v. DiGenova, 779 F.2d 74, 78-84 (D.C. Cir. 1985) and Doe v. 
Stephens, 851 F.2d 1457, 1465-67 (D.C. Cir. 1988).
     Routine use sixteen (16) allows disclosure of information 
in connection with any proceeding for the collection of a debt owed by 
an individual by virtue of his or her participation in a benefits 
program administered by VA. As required by 38 U.S.C. 5701(b)(6) the 
disclosure may be made for the purpose of collecting the debt, and to 
initiate legal action to prosecute any individual who willfully and 
fraudulently obtained VA benefits. This routine use is needed for VA to 
collect debts owed the United States.
     Routine use seventeen (17) allows disclosure of the name 
and address, and other information needed for personal identification, 
to a consumer-reporting agency, about an individual who has been 
administratively determined to be indebted to the United States by 
virtue of participating in a benefits program administered by VA. The 
purpose for VA making this disclosure is to locate the individual, to 
obtain a credit report to assess the individual's ability to pay the 
debt, and to assist in the collection of the debt. This routine use is 
needed for VA to collect debts owed the United States by virtue of a 
person's participation in a benefits program administered by VA. Any 
disclosure made under this routine use must comply with the provisions 
of 38 U.S.C. 5701(g)(2) and 38 U.S.C. 5701(g)(4).
     Routine use eighteen (18) permits VA to disclose to anyone 
upon request the amount of any VA payment received by a named 
individual. This routine use is needed by VA to comply with the 
provision of 38 U.S.C. 5701(c)(1).
     Routine use nineteen (19) authorizes the disclosure of the 
name and address of an individual to another Federal agency upon 
request for the purpose of their conducting government research to 
accomplish a statutory purpose of the agency. As permitted by statute 
certain Federal agencies, such as the Centers for Disease Control and 
Prevention, conduct research studies for the purpose of understanding 
and improving public health, safety, etc. This routine use is necessary 
in order for VA to respond to a request for the name and address of 
veterans or beneficiaries as potential research participants in the 
conduct of approved research studies.
     Routine use twenty (20) allows VA to disclose information 
relevant to a claim filed on behalf of a veteran or beneficiary to the 
individual's designated service organization, agent or attorney for the 
purpose of assisting the claimant in the preparation, presentation, and 
prosecution of his or her claim under the laws administered by VA.
     Routine use twenty-one (21) permits VA to disclose 
information to an individual's appointed Federal fiduciary or to the 
individual's guardian ad litem that they need to fulfill their 
appointed duties. This routine use is needed by VA to assist those 
veterans and beneficiaries properly determined unable to handle their 
own affairs.
     Routine use twenty-two (22) is needed by VA to report the 
amount of an individual's indebtedness waived under 38 U.S.C. 3102, the 
amount of indebtedness compromised under 4 CFR Part 103, otherwise 
forgiven, or uncollectible due to expiration of the applicable statute 
of limitations to Department of Treasury as gross income for tax 
purposes as defined by 26 U.S.C. 61(a)(12).
     Routine use twenty-three (23) authorizes VA to disclose to 
Department of Treasury information concerning an individual's 
uncollected indebtedness by virtue of his or her participation in a 
benefits program administered by VA for the purpose of collecting the 
debt by set off of the individual's Federal income tax refund. This 
routine use is necessary for VA to maximize collection of monies owed 
to the United States.
     Routine use twenty-four (24) authorizes the disclosure of 
the name, date of birth, and social security number for an individual 
applying for, or who is in receipt of VA benefits, to the Social 
Security Administration (SSA) for validation purposes, as VA benefit, 
payment, and indebtedness records are indexed using the individual's 
social security number. Verification of the individual's social 
security number ensures proper and accurate accounting and reporting 
practices. The verification of social security numbers may be 
accomplished with SSA by computer matching.
     Routine use twenty-five (25) permits VA, in response to an 
inquiry from a member of the general public, to disclose the name and 
address of any health care provider who received VA payment for 
healthcare services furnished to a veteran or beneficiary. The purpose 
of this disclosure is to assist veterans and others who have difficulty 
in finding a healthcare provider in their community who accepts VA 
payment for healthcare services.
     Routine use twenty-six (26) permits disclosure of relevant 
information by VA to an accredited Quality Review and Peer Review 
organization for the purpose of reviewing claims or other review 
activities associated with VA healthcare facility accreditation to 
professionally accepted standards. VA seeks certification by accredited 
reviewer organizations, such as The Joint Commission, Utilization 
Review Accreditation Commission (URAC) etc., to ensure compliance with 
accepted industry quality standards. Accreditation improves the quality 
of VA services delivered to veterans and beneficiaries.
     Routine use twenty-seven (27) permits disclosure of 
eligibility and claim information to a health care provider regarding 
eligibility, authorization, billing and payment for needed medical 
services. The purpose of making these disclosures is to assist the 
healthcare provider in obtaining reimbursement for claimed medical 
services, to facilitate billing processes, verify eligibility for 
requested healthcare services, and provide payment information for 
claimed services.
     Routine use twenty-eight (28) has been added to allow VA 
to conduct computer matching activities with other Federal agencies 
where necessary to assist VA in determining or verifying eligibility 
for certain benefits.
     Routine use twenty-nine (29) permits disclosure to third 
party payers or their contractors for purposes relating to payment, 
including audit of payment and claims management processes.
     Routine use thirty (30) permits disclosures by the 
Department to report a suspected incident of identity theft and provide 
information and/or documentation related to or in support of the 
reported incident.
     Routine use thirty-one (31) permits disclosures by the 
Department to

[[Page 44907]]

respond to a suspected or confirmed data breach, including the conduct 
of any risk analysis or provision of credit protection services as 
provided in 38 U.S.C. 5724, as the terms are defined in 38 U.S.C. 5727.
    The Report of Intent to Amend a System on Records Notice and an 
advance copy of the system notice have been sent to the appropriate 
Congressional committees and to the Director of the Office of 
Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy 
Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000.

    Approved: August 14, 2009.
John R. Gingrich,
Chief of Staff, Department of Veterans Affairs.
23VA16

SYSTEM NAME:
    ``Non-VA Fee Basis Records-VA.''

SYSTEM LOCATION:
    Paper and electronic records, including electronic images of fee 
claims are maintained at the authorizing VA healthcare facility and 
Federal record centers. Electronic images of fee claims processed as 
certified payments are retained at the VA Financial Service Center 
(FSC) & Austin Information Technology Center (AITC), Austin, Texas. 
Information is also stored in automated storage media records that are 
maintained at the authorizing VA healthcare facility; VA Health 
Administration Center (HAC), Denver, Colorado; Department of Veterans 
Affairs Headquarters, Washington, DC; VA Allocation Resource Center 
(ARC), Braintree, Massachusetts; VA Office of Information Field Offices 
(OIFOs); and FSC & AITC. Address locations for VA facilities are listed 
in VA Appendix 1 of the biennial Privacy Act Issuances publication.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    1. Veterans who seek healthcare services under 38 U.S.C. Chapter 
17.
    2. Beneficiaries of other Federal agencies authorized VA medical 
services.
    3. Pensioned members of allied forces seeking healthcare services 
under 38 U.S.C. 109.
    4. Healthcare providers treating individuals who receive care under 
38 U.S.C. Chapters 1 and 17.

Categories of records in the system:
    Records maintained in this system include application, eligibility, 
and claim information regarding payment determination for medical 
services provided to VA beneficiaries by non-VA healthcare institutions 
and providers. Application and eligibility data may include personal 
information of the claimant (e.g., name, address, social security 
number, date of birth, date of death, VA claim number, other health 
insurance data), description of VA adjudicated compensable or non-
compensable medical conditions, and military service data (e.g., dates, 
branch and character of service, medical information). Claim data in 
this system may include information needed to properly consider claims 
for payment such as a description of the medical conditions treated and 
services provided, authorization and treatment dates, amounts claimed 
for healthcare services, medical records including films, and payment 
information (e.g., invoice number, account number, date of payment, 
payment amount, check number, payee identifiers). Additional 
information may include the healthcare provider's name, address, and 
taxpayer identification number, correspondence concerning individuals 
and documents pertaining to claims for medical services, reasons for 
denial of payment, and appellate determinations.

Authority for maintenance of the system:
    Title 5, United States Code, section 301 and Title 38, United 
States Code, sections 109, 111, 501, 1703, 1705, 1710, 1712, 1717, 
1720, 1721, 1724, 1725, 1727, 1728, and 7105.

PURPOSE(S):
    Records may be used to establish, determine, and monitor 
eligibility to receive VA benefits and for authorizing and paying Non-
VA healthcare services furnished to veterans and beneficiaries. Other 
uses of this information include reporting healthcare provider earnings 
to the Internal Revenue Service; preparing responses to inquiries; 
performing statistical analyses for use in managerial activities, 
resource allocation and planning; processing and adjudicating 
administrative benefit claims by VBA Regional Office (RO) staff; 
conducting audits, reviews and investigations by staff of the VA 
healthcare facility, Veterans Integrated Service Network (VISN) 
Offices, VA Headquarters, and the VA Office of Inspector General (OIG); 
in the conduct of law enforcement investigations; and in the 
performance of quality assurance audits, reviews and investigations.

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    To the extent that records contained in the system include 
information protected by 45 CFR Parts 160 and 164, i.e., individually 
identifiable health information, and 38 U.S.C. 7332, i.e., medical 
treatment information related to drug abuse, alcoholism or alcohol 
abuse, sickle cell anemia or infection with the human immunodeficiency 
virus, that information cannot be disclosed under a routine use unless 
there is also specific statutory authority in 38 U.S.C. 7332 and 
regulatory authority in 45 CFR Parts 160 and 164 permitting disclosure.
    1. VA may disclose on its own initiative any information in this 
system, except the names and home addresses of veterans and their 
beneficiaries, which is relevant to a suspected or reasonably imminent 
violation of law, whether civil, criminal or regulatory in nature, and 
whether arising by general or program statute or by regulation, rule or 
order issued pursuant thereto, to a Federal, State, local, Tribal 
agency charged with the responsibility of investigating or prosecuting 
such violation, or charged with enforcing or implementing the statute, 
regulation, rule or order. VA may disclose on its own initiative the 
names and addresses of veterans and their beneficiaries to a Federal 
agency charged with the responsibility of investigating or prosecuting 
civil, criminal or regulatory violations of law, or charged with 
enforcing or implementing the statute, regulation, rule or order issued 
pursuant thereto.
    2. A record from this system of records may be disclosed to a 
Federal, State, or local government agency, maintaining civil, criminal 
or other relevant information, such as current licenses, registration 
or certification, if necessary to obtain information relevant to an 
agency decision concerning the hiring or retention of an employee, the 
use of an individual as a consultant, attending or to provide fee basis 
health care, the issuance of a security clearance, the letting of a 
contract, or the issuance of a license, grant, or other health, 
educational or welfare benefits. Any information in this system also 
may be disclosed to any of the above-listed governmental organizations 
as part of a series of ongoing computer matches to determine if VA 
healthcare practitioners and private practitioners used by the VA hold 
current, unrestricted licenses, or are currently registered in a State, 
and are board certified in their specialty, if any.
    3. VA may disclose information from this system of records to a 
Federal agency or the District of Columbia government, in response to 
its request, in connection with the hiring or retention of an employee 
and the issuance of a security clearance as

[[Page 44908]]

required by law, the reporting of an investigation of an employee, the 
issuance of a license, grant, or other benefit by the requesting 
agency, to the extent that the information is relevant and necessary to 
the requesting agency's decision.
    4. Information from this system of records may be disclosed to the 
Department of the Treasury to facilitate VA payment to physicians, 
clinics, and pharmacies for reimbursement of services rendered, to 
facilitate payments to veterans for reimbursements of authorized 
expenses, or to collect, by set off or otherwise, debts owed the United 
States.
    5. Disclosure may be made to a congressional office from the record 
of an individual in response to an inquiry from the congressional 
office made at the request of that individual.
    6. Disclosure may be made to National Archives and Records 
Administration (NARA), and General Services Administration (GSA) in 
records management inspections conducted under authority of 44 United 
States Code.
    7. Records from this system of records may be disclosed to a 
Federal agency or to a State or local government licensing board and/or 
to the Federation of State Medical Boards or a similar non-government 
entity which maintains records concerning individuals' employment 
histories or concerning the issuance, retention or revocation of 
licenses, certifications, or registration necessary to practice an 
occupation, profession or specialty, in order for the agency to obtain 
information relevant to an agency decision concerning the hiring, 
retention or termination of an employee or to inform a Federal agency 
or licensing boards or the appropriate non-government entities about 
the healthcare practices of a terminated, resigned or retired 
healthcare employee whose professional healthcare activity so 
significantly failed to conform to generally accepted standards of 
professional medical practice as to raise reasonable concern for the 
health and safety of patients in the private sector or from another 
Federal agency. These records may also be disclosed as part of an 
ongoing computer-matching program to accomplish these purposes.
    8. Identifying information in this system, including name, address, 
social security number, and other information as is reasonably 
necessary to identify such individual, may be disclosed to the National 
Practitioner Data Bank at the time of hiring and/or clinical 
privileging of healthcare practitioners, and other times as deemed 
necessary by VA, in order for VA to obtain information relevant to a 
Department decision concerning the hiring, privileging, retention or 
termination of the applicant or employee.
    9. Relevant information from this system of records may be 
disclosed to the National Practitioner Data Bank and/or State Licensing 
Board in the State(s) in which a practitioner is licensed, in which the 
VA facility is located, and/or in which an act or omission occurred 
upon which a medical malpractice claim was based when VA reports 
information concerning: (a) Any payment for the benefit of a physician, 
dentist, or other licensed healthcare practitioner which was made as 
the result of a settlement or judgment of a claim of medical 
malpractice if an appropriate determination is made in accordance with 
agency policy that payment was related to substandard care, 
professional incompetence or professional misconduct on the part of the 
individual; (b) a final decision which relates to possible incompetence 
or improper professional conduct that adversely affects the clinical 
privileges of a physician or dentist for a period longer than 30 days; 
or (c) the acceptance of the surrender of clinical privileges or any 
restriction of such privileges by a physician or dentist either while 
under investigation by the healthcare entity relating to possible 
incompetence or improper professional conduct, or in return for not 
conducting such an investigation or proceeding. These records may also 
be disclosed as part of a computer-matching program to accomplish these 
purposes.
    10. Relevant identifying and medical treatment information 
(excluding medical treatment information related to drug or alcohol 
abuse, infection with the human immunodeficiency virus or sickle cell 
anemia) may be disclosed to a Federal agency or non-VA healthcare 
provider or institution, including their billing or collection agent, 
when VA refers a patient for treatment or medical services, or 
authorizes a patient to obtain non-VA medical services and the 
information is needed by the Federal agency or non-VA institution or 
provider to perform the services, or for VA to obtain sufficient 
information in order to consider or make payment for health care 
services, to evaluate the services rendered, or to determine the need 
for additional services.
    11. Information maintained in this system concerning non-VA 
healthcare institutions and providers, including name, address, social 
security or employer's taxpayer identification numbers, may be 
disclosed to the Department of the Treasury, Internal Revenue Service, 
to report calendar year earnings of $600 or more for income tax 
reporting purposes.
    12. The name, date of birth and social security number of a veteran 
or beneficiary, and any other identifying and claim information as is 
reasonably necessary, such as provider identification, description of 
services furnished, and VA payment amount, may be disclosed to another 
Federal agency for its use in identifying potential duplicate payments 
for healthcare services paid by Department of Veteran Affairs and that 
agency. This information may also be disclosed as part of a computer 
matching agreement to accomplish this purpose.
    13. Relevant information from this system of records may be 
disclosed to individuals, organizations, or private or public agencies, 
with whom VA has a contract or agreement to perform such services as VA 
may deem practicable for the purposes of laws administered by VA, in 
order for the contractor or subcontractor to perform the services of 
the contract or agreement.
    14. Any relevant information in this system of records may be 
disclosed to attorneys, insurance companies, employers, and courts, 
boards, or commissions; such disclosures may be made only to the extent 
necessary to aid VA in the preparation, presentation, and prosecution 
of claims authorized under Federal, State, or local laws, and 
regulations promulgated thereunder.
    15. VA may disclose information from this system of records to the 
Department of Justice (DoJ), either on VA's initiative or in response 
to DoJ's request for the information, after either VA or DoJ determines 
that such information is relevant to DoJ's representation of the United 
States or any of its components in legal proceedings before a court or 
adjudicative body, provided that, in each case, the agency also 
determines prior to disclosure that release of the records to the DoJ 
is a use of the information contained in the records that is compatible 
with the purpose for which VA collected the records. VA, on its own 
initiative, may disclose records in this system of records in legal 
proceedings before a court or administrative body after determining 
that the disclosure of the records to the court or administrative body 
is a use of the information contained in the records that is compatible 
with the purpose for which VA collected the records.
    16. Any information in this system may be disclosed in connection 
with any proceeding for the collection of an amount owned to the United 
States by virtue of a person's participation in any benefit program 
administered by the Veterans Health Administration when

[[Page 44909]]

in the judgment of the Secretary, or an official generally delegated 
such authority under standard agency delegation of authority rules (38 
CFR 2.6), such disclosure is deemed necessary and proper, in accordance 
with 38 U.S.C. 5701(b)(6).
    17. The name and address of a veteran or beneficiary, and other 
information as is reasonably necessary to identify such individual, 
including personal information obtained from other Federal agencies 
through computer matching programs, and any information concerning the 
individual's indebtedness to the United States by virtue of the 
individual's participation in a benefits program administered by VA, 
may be disclosed to a consumer reporting agency for the purpose of 
locating the individual, obtaining a consumer report to determine the 
ability of the individual to repay an indebtedness, or assisting in the 
collection of such indebtedness provided that the applicable 
requirements of 38 U.S.C. 5701(g)(2) and 38 U.S.C. 5701(g)(4) have been 
met.
    18. In response to an inquiry about a named individual from a 
member of the general public, information from this system may be 
disclosed to report the amount of VA monetary benefits being received 
by the individual. This disclosure is consistent with 38 U.S.C. 
5701(c)(1).
    19. VA may disclose information from this system to a Federal 
agency for the purpose of conducting research and data analysis to 
perform a statutory purpose of that Federal agency upon the prior 
written request of that agency, provided that there is legal authority 
under all applicable confidentiality statutes and regulations to 
provide the data and VA has determined prior to the disclosure that the 
VA data handling requirements are satisfied.
    20. Any information in this system of records relevant to a claim 
of a veteran or beneficiary, such as the name, address, the basis and 
nature of a claim, amount of benefit payment information, medical 
information and military service and active duty separation information 
may be disclosed to accredited service organizations, VA approved claim 
agents and attorneys acting under a declaration of representation, so 
that these individuals can aid claimants in the preparation, 
presentation and prosecution of claims under the laws administered by 
VA. The name and address of a claimant will not, however, be disclosed 
to these individuals under this routine use if the claimant has not 
requested the assistance of an accredited service organization, claims 
agent or an attorney.
    21. Any information in this system, including medical information, 
the basis and nature of claim, the amount of benefits, and other 
personal information may be disclosed to a VA Federal fiduciary or a 
guardian ad litem in relation to his or her representation of a 
claimant, but only to the extent necessary to fulfill the duties of the 
VA Federal fiduciary or the guardian ad litem.
    22. The individual's name, address, social security number and the 
amount (excluding interest) of any indebtedness which is waived under 
38 U.S.C. 3102, compromised under 4 CFR Part 103, otherwise forgiven, 
or for which the applicable statute of limitations for enforcing 
collection has expired, may be disclosed to the Department of the 
Treasury, Internal Revenue Service, as a report of income under 26 
U.S.C. 61(a)(12).
    23. The name of a veteran or beneficiary, other information as is 
reasonably necessary to identify such individual, and any other 
information concerning the individual's indebtedness by virtue of a 
person's participation in a benefits program administered by VA, may be 
disclosed to the Department of the Treasury, Internal Revenue Service, 
for the collection of Title 38 benefit overpayments, overdue 
indebtedness, and/or costs of services provided to an individual not 
entitled to such services, by the withholding of all or a portion of 
the person's Federal income tax refund.
    24. The name, date of birth, and social security number of a 
veteran or beneficiary, and other identifying information as is 
reasonably necessary may be disclosed to Social Security Administration 
for the purpose of validating social security numbers. This information 
may also be disclosed as part of a computer matching agreement to 
accomplish this purpose.
    25. The name and address of any healthcare provider in this system 
of records who has received payment for claimed services in behalf of a 
veteran or beneficiary may be disclosed in response to an inquiry from 
a member of the general public.
    26. Relevant information from this system of records may be 
disclosed to an accrediting Quality Review and Peer Review Organization 
with which VA has an agreement or contract to conduct such reviews in 
connection with the review of claims or other review activities 
associated with VA healthcare facility accreditation to professionally 
accepted standards, such as The Joint Commission or Utilization Review 
Accreditation Commission (URAC) or American Accreditation HealthCare 
Commission.
    27. Eligibility and claim information from this system of records 
may be disclosed verbally or to a healthcare provider seeking 
reimbursement for claimed medical services to facilitate billing 
processes, verify eligibility for requested healthcare services, and 
provide payment information for claimed services. Eligibility or 
entitlement information disclosed may include the name, social security 
number, effective dates of eligibility, reasons for any period of 
ineligibility, and evidence of other health insurance information of 
the named individual. Claim information disclosed may include payment 
information such as payment identification number, date of payment, 
date of service, amount billed, amount paid, name of payee, and reasons 
for non-payment.
    28. Identifying information, including social security number of 
veterans, spouse(s) of veterans, and dependents of veterans, may be 
disclosed to other Federal agencies for purposes of conducting computer 
matches, to obtain information to determine or verify eligibility of 
veterans who are receiving VA medical care under relevant sections of 
Title 38 U.S.C.
    29. VA may disclose patient identifying information to Federal 
agencies and VA and government-wide third-party insurers responsible 
for payment of the cost of medical care for the identified patients, in 
order for VA to seek recovery of the medical care costs. These records 
may also be disclosed as part of a computer matching program to 
accomplish this purpose.
    30. Disclosure to other Federal agencies may be made to assist such 
agencies in preventing and detecting possible fraud or abuse by 
individuals in their operations and programs.
    31. VA may, on its own initiative, disclose any information or 
records to appropriate agencies, entities, and persons when (1) VA 
suspects or has confirmed that the integrity or confidentiality of 
information in the system of records has been compromised; (2) the 
Department has determined that as a result of the suspected or 
confirmed compromise, there is a risk of embarrassment or harm to the 
reputations of the record subjects, harm to economic or property 
interests, identity theft or fraud, or harm to the security, 
confidentiality, or integrity of this system or other systems or 
programs (whether maintained by the Department or another agency or 
entity) that rely upon the potentially

[[Page 44910]]

compromised information; and (3) the disclosure is to agencies, 
entities, or persons whom VA determines are reasonably necessary to 
assist or carry out the Department's efforts to respond to the 
suspected or confirmed compromise and prevent, minimize, or remedy such 
harm. This routine use permits disclosures by the Department to respond 
to a suspected or confirmed data breach, including the conduct of any 
risk analysis or provision of credit protection services as provided in 
38 U.S.C. 5724, as the terms are defined in 38 U.S.C. 5727.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    Records are maintained on paper documents or stored electronically 
by magnetic discs, magnetic tape, and optical or digital imaging at the 
authorizing VA healthcare facility. Reports and information on 
automated storage media (e.g., microfilm, microfiche, magnetic tape and 
disks, and digital and laser optical media) is stored at the 
authorizing VA healthcare facility, VA Headquarters, ARC, OIFOs, FSC & 
AITC and Veterans Integrated Service Network (VISN) offices.
    Information pertaining to electronic claims submitted to VA for 
payment consideration may be stored at the authorizing VA healthcare 
facility and at HAC. Records maintained at HAC are stored 
electronically.

Retrievability:
    Paper and electronic records pertaining to the individual may be 
retrieved by the name or Ssocial Security number of the record subject. 
Records pertaining to the healthcare provider are retrieved by the name 
or Social Security and taxpayer identification number of the non-VA 
healthcare institution or provider. Records at the ARC are retrieved 
only by Social Security number.

Safeguards:
    1. VA will maintain the data in compliance with applicable VA 
security policy directives that specify the standards that will be 
applied to protect sensitive personal information. Contractors and 
their subcontractors who access the data are required to maintain the 
same level of security as VA staff. Working spaces and record storage 
areas in VA facilities are restricted to VA employees. Generally, file 
areas are locked after normal duty hours and healthcare facilities are 
protected from outside access by security personnel. Access to the 
records is restricted to VA employees who have a need for the 
information in the performance of their official duties. Employee 
records or records of public figures or otherwise sensitive records are 
generally stored in separate locked files.
    2. Electronic data security complies with applicable Federal 
Information Processing Standards (FIPS) issued by the National 
Institute of Standards and Technology (NIST). Access to computer rooms 
at healthcare facilities is generally limited by appropriate locking 
devices and restricted to authorized VA employees and vendor personnel. 
Peripheral devices are generally placed in secure areas (areas that are 
locked or have limited access) or are otherwise protected. Access to 
file information is controlled at two levels: the system recognizes 
authorized employees by a series of individually unique passwords/codes 
that must be changed periodically by the employee, and employees are 
limited by role-based access to only that information in the file which 
is needed in the performance of their official duties. Information that 
is downloaded and maintained on personal computers is afforded similar 
storage and access protections as the data that is maintained in the 
original files. Remote access to file information by staff of the 
OIFOs, and access by OIG staff conducting an audit or investigation at 
the healthcare facility or an OIG office location remote from the 
healthcare facility is controlled in the same manner.
    3. Access to FSC and AITC is generally restricted to Center 
employees, custodial personnel and security personnel. Access to 
computer rooms is restricted to authorized operational personnel 
through electronic locking devices. All other persons gaining access to 
computer rooms are escorted. Authorized VA employees at remote 
locations, including VA healthcare facilities, OIFOs, VA Headquarters, 
VISN offices, and OIG headquarters and field staff, may access 
information stored in the computer. Access is controlled by 
individually unique passwords/codes that must be changed periodically 
by the employee.
    4. Access to records maintained at VA Headquarters, ARC, OIFOs, and 
VISN offices is restricted to VA employees who have a need for the 
information in the performance of their official duties. Access to 
information stored on automated storage media is controlled by 
individually unique passwords/codes that must be changed periodically 
by the employee. Authorized VA employees at remote locations including 
VA healthcare facilities may access information stored in the computer. 
Access is controlled by individually unique passwords/codes. Records 
are maintained in manned rooms during nonworking hours. The facilities 
are protected from outside access during working hours by security 
personnel.
    5. Information downloaded and maintained by the OIG Headquarters 
and field offices on automated storage media is secured in storage 
areas or facilities to which only OIG staff members have access. Paper 
documents are similarly secured. Access to paper documents and 
information on automated storage media is limited to OIG employees who 
have a need for the information in the performance of their official 
duties. Access to information stored on automated storage media is 
controlled by individually unique passwords/codes.
    6. Access to records maintained at HAC Office of Information and 
Technology (OI&T) is restricted to VA employees who have a need for the 
information in the performance of their official duties. Access to 
information stored on automated storage media is controlled by 
individually unique passwords/codes that must be changed periodically 
by the employee. Authorized VA employees at remote locations including 
VA healthcare facilities may access and print information stored in the 
computer. Access is controlled by individually assigned unique 
passwords/codes. Records are maintained in a secured, pass card 
protected and alarmed room. The facilities are protected from outside 
access during non-working hours by security personnel.

Retention and disposal:
    Paper and electronic documents at the authorizing healthcare 
facility related to authorizing the fee basis care and the services 
authorized, billed and paid for are maintained in ``Patient Medical 
Records--VA'' (24VA19). These records are retained at healthcare 
facilities for a minimum of three years after the last episode of care. 
After the third year of inactivity the paper records are transferred to 
a records facility for seventy-two (72) more years of storage.
    Automated storage media, imaged fee claims, and other paper 
documents that are included in this system of records and not 
maintained in ``Patient Medical Records--VA'' (24VA19) are retained and 
disposed of in accordance with disposition authority approved by the 
Archivist of the United States.
    Paper records that are imaged for viewing electronically are 
destroyed after they have been scanned, and the

[[Page 44911]]

electronic copy determined to be an accurate and complete copy of the 
paper record imaged.

System manager(s) and address:
    Official responsible for policies and procedures: Chief Business 
Officer (16), Department of Veterans Affairs, Veterans Health 
Administration, VA Central Office, 810 Vermont Avenue, NW., Washington, 
DC 20420. Official Maintaining the System: Director, National Fee 
Program Office, VHA Chief Business Office, P.O. Box 469066, Denver, CO 
80246.

Notification procedure:
    An individual who wishes to determine whether a record is being 
maintained in this system under the individual's name or other personal 
identifier, or who wants to determine the contents of such record, 
should submit a written request or apply in person to the last VA 
healthcare facility where care was authorized or rendered. Addresses of 
VA healthcare facilities may be found in VA Appendix 1 of the Biennial 
Publication of Privacy Act Issuances. All inquiries must reasonably 
identify the portion of the fee basis record involved and the place and 
approximate date that medical care was provided. Inquiries should 
include the patient's full name, social security number, and return 
address.

Record access procedure:
    Individuals seeking information regarding access to and contesting 
of VA fee basis records may write, call or visit the VA facility where 
medical care was last authorized or provided.

Contesting record procedures:
    (See Record Access Procedures above.)

Record source categories:
    The veteran or other VA beneficiary, family members or accredited 
representatives, and other third parties; military service departments; 
private medical facilities and healthcare professionals; electronic 
trading partners; other Federal agencies; Veterans Health 
Administration facilities and automated systems; Veterans Benefits 
Administration facilities and automated systems; and deployment status 
and availability.

[FR Doc. E9-20911 Filed 8-28-09; 8:45 am]
BILLING CODE 8320-01-P