Privacy Act of 1974, 25409-25412 [2011-10844]

Agencies

• DEPARTMENT OF VETERANS AFFAIRS

[Federal Register Volume 76, Number 86 (Wednesday, May 4, 2011)]
[Notices]
[Pages 25409-25412]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2011-10844]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974

AGENCY: Department of Veterans Affairs (VA).

ACTION: Notice of Amendment to System of Records.

-----------------------------------------------------------------------

SUMMARY: The Privacy Act of 1974 (5 U.S.C. 552a(e)(4)) requires that 
all agencies publish in the Federal Register a notice of the existence 
and character of their system of records. Notice is hereby given that 
VA is amending the system of records entitled ``Consolidated Data 
Information System-VA'' (97VA105) as set forth in the Federal Register 
72 FR 46130-46133 dated August 16, 2007. VA is amending the system by 
revising the System Location, Categories of Records in the System, 
Purpose, Routine Uses of Records Maintained in the System, Record 
Source Category, and Appendix 5. VA is republishing the system notice 
in its entirety.

DATES: Comments on the amendment of this system of records must be 
received no later than June 3, 2011. If no public comment is received, 
the amended system will become effective June 3, 2011.

ADDRESSES: Written comments may be submitted through https://www.Regulations.gov by mail or hand-delivery to Director, Regulations 
Management (02REG), Department of Veterans Affairs, 810 Vermont Avenue, 
NW., Room 1068, Washington, DC 20420; or by fax to (202) 273-9026. 
Comments received will be available for public inspection in the Office 
of Regulation Policy and Management, Room 1063B, between the hours of 8 
a.m. and 4:30 p.m., Monday through Friday (except holidays). Please 
call (202) 461-4902 (this is not a toll-free number) for an 
appointment. In addition, during the comment period, comments may be 
viewed online through the Federal Docket Management System (FDMS) at 
https://www.Regulations.gov.

FOR FURTHER INFORMATION CONTACT: Stephania Griffin, Veterans Health 
Administration (VHA) Privacy Officer (19F2), Department of Veterans 
Affairs, 810 Vermont Avenue, NW., Washington, DC 20420, (704) 245-2492.

SUPPLEMENTARY INFORMATION: Under Sec.  527 of title 38, U.S.C., and the 
Government Performance and Results Act of 1993, Public Law 103-62, VA 
is required to measure and evaluate, on an ongoing basis, the 
effectiveness of VA benefit programs and services. In performing this 
required function, VA must collect, collate and analyze full 
statistical data regarding participation, provision of services, 
categories of beneficiaries, and planning of expenditures for all VA 
programs. This combined database is necessary for the Veterans Health 
Administration (VHA) to accurately and timely assess the current health 
care usage by the patient population served by VA, to forecast future 
demand for VA medical care by individuals currently eligible for 
service by VA medical facilities, and to understand the numerous 
implications of cross-usage between VA and non-VA health care systems.
    As VA has widened its scope of the Centers for Medicare and 
Medicaid Services (CMS) data usage and further centralized the source 
of data in order to improve efficiency and protect privacy/security of 
data elements, it was necessary to implement changes to the management 
and use of these records. A summary of these changes follows:
    1. The purpose of this system of records has been revised to add 
the need to use the records and information for evaluation of 
Department programs, and for research as defined by Common Rule.
    2. The records will be retained at the site listed in Appendix 5.
    3. Under Categories of Records information from the Persian Gulf 
registry has been added and the types of CMS records maintained now 
includes health care utilization, demographic, enrollment, and survey/
assessment files including veteran and non-veteran data. In addition, 
information on veterans enrolled for VA health care who have 
participated in the periodic ``VHA Survey of Veteran Enrollees' Health 
and Reliance Upon VA'' is now included in the system. Additional data 
includes: Civilian Health and Medical Program of the Department of 
Veterans Affairs (CHAMPVA); VA/DOD Identity Repository (VADIR), as well 
as the OEF/OIF roster (Defense Manpower Data Center); and United States 
Renal Data System (USRDS).
    4. System Manager and Address was updated to reflect: Manager, 
Medicare and Medicaid Analysis Center, 100 Grandview Rd., Suite 114, 
Braintree, MA 02184.
    Under section 264, Subtitle F of Title II of the Health Insurance 
Portability and Accountability Act of 1996 (HIPAA) Public Law 104-191, 
100 Stat. 1936, 2033-34 (1996), the Department of Health and Human 
Services (HHS) published a final rule, as amended, establishing 
Standards for Privacy of Individually-Identifiable Health Information, 
45 CFR parts 160 and 164. VHA may not disclose individually-
identifiable health information (as defined in HIPAA and the Privacy 
Rule, 42 U.S.C. 1320(d)(6) and 45 CFR 164.501) pursuant to a routine 
use unless either: (a) the disclosure is required by law, or (b) the 
disclosure is also permitted or required by the HHS Privacy Rule. The 
disclosures of individually-identifiable health information 
contemplated in the routine uses published in this amended system of 
records notice are permitted under the Privacy Rule or required by law. 
However, to also have authority to make such disclosures under the 
Privacy Act, VA must publish these routine uses. Consequently, VA is 
adding a preliminary paragraph to the routine

[[Page 25410]]

uses portion of the system of records notice stating that any 
disclosure pursuant to the routine uses in this system of records 
notice must be either required by law or permitted by the Privacy Rule 
before VHA may disclosed the covered information. VA is also proposing 
to add the following routine use disclosure of information maintained 
in the system:
     Routine use 8 was added. The record of an individual who 
is covered by a system of records may be disclosed to a Member of 
Congress, or a staff person acting for the member, when the member or 
staff person requests the record on behalf of and at the written 
request of the individual.
     Routine use 9 was added. Disclosure to other Federal 
agencies may be made to assist such agencies in preventing and 
detecting possible fraud or abuse by individuals in their operations 
and programs.
     Routine use 10 was added. Disclosure to the Equal 
Employment Opportunity Commission when requested in connection with 
investigations of alleged or possible discrimination practices, 
examinations of Federal affirmative employment programs, compliance 
with the Uniform Guidelines of Employee Selection Procedures, or other 
functions of the Commission as authorized by law or regulation.
     Routine use 11 was added. Disclosure to a former VA 
employee or contractor, as well as the authorized representative of a 
current or former employee or contractor of VA in proceedings before 
the Merit Systems Protection Board or the Office of the Special Counsel 
in connection with appeals, special studies of the civil service and 
other merit systems, review of rules and regulations, investigation of 
alleged or possible prohibited personnel practices, and such other 
functions promulgated in 5 U.S.C. 1205 and 1206, or as otherwise 
authorized by law.
     Routine use 12 was added. Disclosure to the Federal Labor 
Relations Authority, including its General Counsel, information related 
to the establishment of jurisdiction, investigation, and resolution of 
allegations of unfair labor practices, or in connection with the 
resolution of exceptions to arbitration awards when a question of 
material fact is raised in matters before the Federal Service Impasses 
Panel.
    The Privacy Act permits VA to disclose information about 
individuals without their prior written consent for a routine use when 
the information will be used for a purpose that is compatible with the 
purpose for which we collected the information. In all of the routine 
use disclosures described above, the recipient of the information will 
use the information in connection with a matter relating to one of VA's 
programs, and will use the information to provide a benefit to VA, or 
disclosure is required by law.
    The Report of Intent to Publish an Amended System of Records Notice 
and an advance copy of the system notice have been sent to the 
appropriate Congressional committees and to the Director of Office of 
Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy 
Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000.

    Approved: March 30, 2011.
John R. Gingrich,
Chief of Staff, Department of Veterans Affairs.
97VA105

SYSTEM NAME:
    ``Consolidated Data Information System-VA''.

SYSTEM LOCATION(S):
    Records will be maintained at Department of Veteran Affairs (VA) 
Veterans Health Administration (VHA) sites for the Centers for Medicare 
& Medicaid Services (CMS) data (see VA Appendix 5).

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Records include information concerning veterans, their spouses and 
their dependents, family members, active duty military personnel, and 
individuals who are not VA beneficiaries, but who receive health care 
services from VHA.

Categories of records in the system:
    Categories of records in the system will include veterans' names, 
addresses, dates of birth, VA claim numbers, social security numbers 
(SSNs), and military service information, medical benefit application 
and eligibility information, code sheets and follow-up notes, 
sociological, diagnostic, counseling, rehabilitation, drug and alcohol, 
dietetic, medical, surgical, dental, psychological, and/or psychiatric 
medical information, prosthetic, pharmacy, nuclear medicine, social 
work, clinical laboratory and radiology information, patient scheduling 
information, family information such as next of kin, spouse and 
dependents'' names, addresses, social security numbers and dates of 
birth, family medical history, employment information, financial 
information, third-party health plan information, information related 
to registry systems, date of death, VA claim and insurance file 
numbers, travel benefits information, military decorations, disability 
or pension payment information, amount of indebtedness arising from 38 
U.S.C. benefits, applications for compensation, pension, education and 
rehabilitation benefits, information related to incarceration in a 
penal institution, medication profile such as name, quantity, 
prescriber, dosage, manufacturer, lot number, cost and administration 
instruction, pharmacy dispensing information such as pharmacy name and 
address.
    The records will include information on Medicare beneficiaries from 
CMS databases including: health care usage, demographic, enrollment, 
and survey/assessment files including veteran and non-veteran data.
    The records include information on Medicaid beneficiaries'' 
utilization and enrollment from state databases.
    The records include information on veterans enrolled for VA health 
care who have participated in the periodic ``VHA Survey of Veteran 
Enrollees'' Health and Reliance Upon VA.''
    The records also include information on: Civilian Health and 
Medical Program of the Department of Veterans Affairs (CHAMPVA), VA/DOD 
Identity Repository (VADIR), as well as the OEF/OIF roster (Defense 
Manpower Data Center), and United States Renal Data System (USRDS).

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Section 527 of 38 U.S.C. and the Government Performance and Results 
Act of 1993, Public Law 103-62.

PURPOSE(S):
    The purpose of this system of records is to conduct statistical 
studies and analyses which will support the formulation of Departmental 
policies and plans by identifying the total current health care usage 
of the VA patient population. The records and information may be used 
by VA in evaluation of Department programs. The information may be used 
to conduct research.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSE OF SUCH USES:
    VA may disclose protected health information pursuant to the 
following routine uses where required by law, or required or permitted 
by 45 CFR parts 160 and 164.
    1. VA may disclose on its own initiative any information in this 
system, except the names and home addresses of veterans and their

[[Page 25411]]

dependents, which is relevant to a suspected or reasonably imminent 
violation of law, whether civil, criminal or regulatory in nature and 
whether arising by general or program statute or by regulation, rule or 
order issued pursuant thereto, to a Federal, State, local, Tribal, or 
foreign agency charged with the responsibility of investigating or 
prosecuting such violation, or charged with enforcing or implementing 
the statute, regulation, rule or order. On its own initiative, VA may 
also disclose the names and addresses of veterans and their dependents 
to a Federal agency charged with the responsibility of investigating or 
prosecuting civil, criminal or regulatory violations of law, or charged 
with enforcing or implementing the statute, regulation, rule or order 
issued pursuant thereto.
    2. Disclosure may be made, excluding name and address (unless name 
and address are furnished by the requestor) for research purposes 
determined to be necessary and proper to epidemiological and other 
research facilities approved by the System Manager or the Under 
Secretary for Health, or designee.
    3. Any record in the system of records may be disclosed to a 
Federal agency for the conduct of research and data analysis to perform 
a statutory purpose of that Federal agency upon the prior written 
request of that agency, provided that there is legal authority under 
all applicable confidentiality statutes and regulations to provide the 
data and VHA Medicare and Medicaid Analysis Center (MAC) has determined 
prior to the disclosure that VA data handling requirements are 
satisfied. MAC may disclose limited individual identification 
information to another Federal agency for the purpose of matching and 
acquiring information held by that agency for MAC to use for the 
purposes stated for this system of records.
    4. Disclosure may be made to National Archives and Records 
Administration (NARA), General Services Administration (GSA) in records 
management inspections conducted under authority of 44 U.S.C.
    5. VA may disclose information in this system of records to the 
Department of Justice (DoJ), either on VA's initiative or in response 
to DoJ's request for the information, after either VA or DoJ determines 
that such information is relevant to DoJ's representation of the United 
States or any of its components in legal proceedings before a court or 
adjudicative body, provided that, in each case, the agency also 
determines prior to disclosure that disclosure of the records to the 
Department of Justice is a use of the information contained in the 
records that is compatible with the purpose for which VA collected the 
records. VA, on its own initiative, may disclose records in this system 
of records in legal proceedings before a court or administrative body 
after determining that the disclosure of the records to the court or 
administrative body is a use of the information contained in the 
records that is compatible with the purpose for which VA collected the 
records.
    6. Disclosure may be made to individuals, organizations, private or 
public agencies, or other entities or individuals with whom VA has a 
contract or agreement to perform such services as VA may deem 
practicable for the purposes of laws administered by VA, in order for 
the contractor, subcontractor, public or private agency, or other 
entity or individual with whom VA has an agreement or contract to 
perform the services of the contract or agreement. This routine use 
includes disclosures by the individual or entity performing the service 
for VA to any secondary entity or individual to perform an activity 
that is necessary for individuals, organizations, private or public 
agencies, or other entities or individuals with whom VA has a contract 
or agreement to provide the service to VA.
    7. Any records may be disclosed to appropriate agencies, entities, 
and persons under the following circumstances: when (1) it is suspected 
or confirmed that the security or confidentiality of information in the 
system of records has been compromised; (2) the Department has 
determined that as a result of the suspected or confirmed compromise 
there is a risk of embarrassment or harm to the reputations of the 
record subjects, harm to economic or property interests, identity theft 
or fraud, or harm to the security or integrity of this system or other 
systems or programs (whether maintained by the Department or another 
agency or entity) that rely upon the compromised information; and (3) 
the disclosure is made to such agencies, entities, and persons who are 
reasonably necessary to assist in connection with the Department's 
efforts to respond to the suspected or confirmed compromise and 
prevent, minimize, or remedy such harm.
    8. The record of an individual who is covered by a system of 
records may be disclosed to a Member of Congress, or a staff person 
acting for the member, when the member or staff person requests the 
record on behalf of and at the written request of the individual.
    9. Disclosure to other Federal agencies may be made to assist such 
agencies in preventing and detecting possible fraud or abuse by 
individuals in their operations and programs.
    10. VA may disclose information to the Equal Employment Opportunity 
Commission when requested in connection with investigations of alleged 
or possible discrimination practices, examinations of Federal 
affirmative employment programs, compliance with the Uniform Guidelines 
of Employee Selection Procedures, or other functions of the Commission 
as authorized by law or regulation.
    11. VA may disclose information to a former VA employee or 
contractor, as well as the authorized representative of a current or 
former employee or contractor of VA, in proceedings before the Merit 
Systems Protection Board or the Office of the Special Counsel in 
connection with appeals, special studies of the civil service and other 
merit systems, review of rules and regulations, investigation of 
alleged or possible prohibited personnel practices, and such other 
functions promulgated in 5 U.S.C. 1206, or as otherwise authorized by 
law.
    12. VA may disclose to the Federal Labor Relations Authority, 
including its General Counsel, information related to the establishment 
of jurisdiction, investigation, and resolution of allegations of unfair 
labor practices, or in connection with the resolution of exceptions to 
arbitration awards when a question of material fact is raised in 
matters before the Federal Service Impasses Panel.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Data are maintained on magnetic tape, disk, or laser optical media.

RETRIEVABILITY:
    Records may be retrieved by name, name and one or more criteria 
(e.g., dates of birth, death and service), SSN or VA claim number.

SAFEGUARDS:
    1. Access to and use of these records is limited to those persons 
whose official duties require such access. Personnel screening is 
employed to prevent unauthorized disclosure.
    2. Access to Automated Data Processing files is controlled at two 
levels: (1) Terminals, central processing units, and peripheral devices 
are generally placed in secure areas (areas that are locked or have 
limited access) or are otherwise protected; and (2) the system 
recognizes authorized users by

[[Page 25412]]

means of an individually unique password entered in combination with an 
individually unique user identification code.
    3. Access to automated records concerning identification codes and 
codes used to access various VA automated communications systems and 
records systems, as well as security profiles and possible security 
violations is limited to designated automated systems security 
personnel who need to know the information in order to maintain and 
monitor the security of VA's automated communications and veterans' 
claim records systems. Access to these records in automated form is 
controlled by individually unique passwords and codes. Agency personnel 
may have access to the information on a need to know basis when 
necessary to advise agency security personnel or for use to suspend or 
revoke access privileges or to make disclosures authorized by a routine 
use.
    4. Access to VA facilities where identification codes, passwords, 
security profiles and possible security violations are maintained is 
controlled at all hours by the Federal Protective Service, VA or other 
security personnel and security access control devices.

RETENTION AND DISPOSAL:
    Copies of back-up computer files will be maintained at primary and 
secondary VA recipient sites for CMS data (see Appendix 5). Records 
will be maintained and disposed of in accordance with the records 
disposal authority approved by the Archivist of the United States, the 
National Archives and Records Administration, and published in Agency 
Records Control Schedules.

SYSTEM MANAGER AND ADDRESS:
    Manager, Medicare and Medicaid Analysis Center, 100 Grandview Rd., 
Suite 114, Braintree, MA 02184.

NOTIFICATION PROCEDURE:
    Individuals wishing to inquire whether this system of records 
contains information about them should submit a signed written request 
to the Manager, Medicare and Medicaid Analysis Center, 100 Grandview 
Rd., Suite 114, Braintree, MA 02184.

RECORDS ACCESS PROCEDURES:
    An individual who seeks access to records maintained under his or 
her name or other personal identifier may write the System Manager 
named above and specify the information being contested.

CONTESTING RECORD PROCEDURES:
    (See Records Access Procedures above).

RECORD SOURCE CATEGORIES:
    Information may be obtained from the Patient Medical Records System 
(24VA136), Patient Fee Basis Medical and Pharmacy Records (23VA136), 
Veterans and Beneficiaries Identification and Records Location 
Subsystem (38VA23), Compensation, Pension, Education and Rehabilitation 
Records (58VA21/22), all other potential VA and non-VA sources of 
veteran demographic information, and CMS databases. The records also 
include information from: Civilian Health and Medical Program of the 
Department of Veterans Affairs (CHAMPVA), VA/DOD Identity Repository 
(VADIR), as well as the OEF/OIF roster (Defense Manpower Data Center), 
and United States Renal Data System (USRDS).
VA Appendix 5
    1. VA Medicare and Medicaid Analysis Center, field unit of the 
Office of the Assistant Deputy Under Secretary for Health (ADUSH) 
for Policy and Planning, 100 Grandview Rd., Suite 114, Braintree, MA 
02184.
    2. VA Information Resource Center (VIReC), Hines VA Medical 
Center, 5th Ave & Roosevelt Ave, Hines, IL 60141. Veterans Health 
Administration (VHA), 810 Vermont Avenue, NW., Washington, DC 20420.
    3. Office of the Assistant Deputy Under Secretary for Health 
(ADUSH) for Policy and Planning, 811 Vermont Avenue, NW., 
Washington, DC 20420, Silver Springs, MD, and/or Martinsburg, WV.
    4. Austin Information Technology Center, 1615 Woodward Street, 
Austin, TX 78772.
    5. VA facilities.
 [FR Doc. 2011-10844 Filed 5-3-11; 8:45 am]
BILLING CODE P