Privacy Act of 1974, 56914-56917 [2012-22693]

Agencies

• DEPARTMENT OF VETERANS AFFAIRS

[Federal Register Volume 77, Number 179 (Friday, September 14, 2012)]
[Notices]
[Pages 56914-56917]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2012-22693]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974

AGENCY: Department of Veterans Affairs.

ACTION: Notice of new system of records.

-----------------------------------------------------------------------

SUMMARY: The Privacy Act of 1974 (5 U.S.C. 552(e) (4)) requires that 
all agencies publish in the Federal Register a notice of the existence 
and character of their systems of records. Notice is hereby given that 
the Department of Veterans Affairs (VA) is establishing a new system of 
records entitled ``Veteran Child Care Programs--VA'' (169VA10NC).

DATES: Comments on this new system of records must be received no later 
than October 15, 2012. If no public comment is received during the 
period allowed for comment or unless otherwise published in the Federal 
Register by VA, the new system will become effective October 15, 2012.

ADDRESSES: Written comments concerning the proposed new system of 
records may be submitted through www.regulations.gov; by mail or hand-
delivery to Director, Regulations Management (02REG), Department of 
Veterans Affairs, 810 Vermont Avenue NW., Room 1068, Washington, DC 
20420; or by fax to (202) 273-9026. All comments received will be 
available for public inspection in the Office of Regulation Policy and 
Management, Room 1063B, between the hours of 8 a.m. and 4:30 p.m., 
Monday through Friday (except holidays). Please call (202) 461-4902 for 
an appointment. In addition, during the comment period, comments may be 
viewed online through the Federal Docket Management System (FDMS) at 
www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Meri Mallard, Deputy Field Director 
Women's Health, Department of Veterans Affairs, 508 Fulton Street, 
Durham, NC, 27705, telephone (919) 416-5980.

SUPPLEMENTARY INFORMATION:

I. Description of Proposed Systems of Records

    Caregivers and Veterans Omnibus Health Services Act of 2010, Public 
Law 111-163 requires VA to carry out a program to assess the 
advisability and feasibility of providing assistance to qualified 
Veterans to obtain child care so that such Veterans can receive health 
care services. VA has established child care sites under this program 
in medical centers to provide hourly child care services to Veterans 
during their VA appointment. Children, both infants and school-age, can 
be dropped off at the VA Child Care Center (Center) for the duration of 
the Veteran's scheduled appointment, at no charge to the Veteran. This 
system of records contains information on the children who receive 
child care and the children's parents and/or guardians who are 
receiving treatment at VA.

II. Proposed Routine Use Disclosures of Data in the System

    To the extent that records contained in the system include 
information protected by 38 U.S.C. 7332, i.e., medical treatment 
information related to drug abuse, alcoholism or alcohol abuse, sickle 
cell anemia or infection with the human immunodeficiency virus, that 
information cannot be disclosed under a routine use unless there is 
also specific statutory authority permitting disclosure.
    The Veterans Health Administration (VHA) is proposing the following 
routine use disclosures of information to be maintained in the system:
    1. On its own initiative, VA may disclose information, except for 
the names and home addresses of Veterans and their dependents, to a 
Federal, State, local, tribal, or foreign agency charged with the 
responsibility of investigating or prosecuting civil, criminal or 
regulatory violations of law, or charged with enforcing or implementing 
the statute, regulation, rule or order issued pursuant thereto. On its 
own initiative, VA may also disclose the names and addresses of

[[Page 56915]]

Veterans and their dependents to a Federal agency charged with the 
responsibility of investigating or prosecuting civil, criminal or 
regulatory violations of law, or charged with enforcing or implementing 
the statute, regulation, rule or order issued pursuant thereto. VA must 
be able to comply with the requirements of agencies charged with 
enforcing the law and conducting investigations. VA must also be able 
to provide information to State or local agencies charged with 
protecting the public's health as set forth in State law.
    2. Disclosure may be made to an agency in the executive, 
legislative, or judicial branch, or the District of Columbia's 
government in response to its request or at the initiation of VA, in 
connection with disease tracking, patient outcomes or other health 
information required for program accountability.
    3. The record of an individual who is covered by a system of 
records may be disclosed to a Member of Congress, or a staff person 
acting for the Member, when the Member or staff person requests the 
record on behalf of and at the written request of the individual. 
Individuals sometimes request the help of a Member of Congress in 
resolving some issues relating to a matter before VA. The Member of 
Congress then writes to VA, and VA must be able to give sufficient 
information to give a response to the inquiry.
    4. Disclosure may be made to National Archives and Records 
Administration (NARA) and the General Services Administration (GSA) in 
records management inspections conducted under authority of Title 44, 
Chapter 29, of the U.S.C. NARA and GSA are responsible for management 
of old records no longer actively used, but which may be appropriate 
for preservation, and for the physical maintenance of the Federal 
government's records. VA must be able to provide the records to NARA 
and GSA in order to determine the proper disposition of such records.
    5. VA may disclose information from this system of records to the 
Department of Justice (DoJ), either on VA's initiative or in response 
to DoJ's request for the information, after either VA or DoJ determines 
that such information is relevant to DoJ's representation of the United 
States or any of its components in legal proceedings before a court or 
adjudicative body, provided that, in each case, the agency also 
determines prior to disclosure that release of the records to DoJ is a 
use of the information contained in the records that is compatible with 
the purpose for which VA collected the records. VA, on its own 
initiative, may disclose records in this system of records in legal 
proceedings before a court or administrative body after determining 
that the disclosure of the records to the court or administrative body 
is a use of the information contained in the records that is compatible 
with the purpose for which VA collected the records.
    6. VA may disclose information to the Equal Employment Opportunity 
Commission when requested in connection with investigations of alleged 
or possible discriminatory practices, examination of Federal 
affirmative employment programs, or for other functions of the 
Commission as authorized by law or regulation. VA must be able to 
provide information to the Commission to assist it in fulfilling its 
duties to protect employees' rights, as required by statute and 
regulation.
    7. Disclosures of relevant information may be made to individuals, 
organizations, private or public agencies, or other entities with whom 
VA has a contract or agreement or where there is a subcontract to 
perform the services as VA may deem practicable for the purposes of 
laws administered by VA, in order for the contractor or subcontractor 
to perform the services of the contract or agreement. This routine use 
includes disclosures by the individual or entity performing the service 
for VA to any secondary entity or individual to perform an activity 
that is necessary for individuals, organizations, private or public 
agencies, or other entities or individuals with whom VA has a contract 
or agreement to provide the service to VA.
    8. Disclosure to other Federal agencies may be made to assist such 
agencies in preventing and detecting possible fraud or abuse by 
individuals in their operations and programs.
    9. VA may, on its own initiative, disclose any information or 
records to appropriate agencies, entities, and persons when: (1) VA 
suspects or has confirmed that the integrity or confidentiality of 
information in the system of records has been compromised; and (2) the 
Department has determined that as a result of the suspected or 
confirmed compromise, there is a risk of embarrassment or harm to the 
reputations of the record subjects, harm to economic or property 
interests, identity theft or fraud, or harm to the security, 
confidentiality, or integrity of this system or other systems or 
programs (whether maintained by the Department or another agency or 
disclosure is to agencies, entities, or persons whom VA determines are 
reasonably necessary to assist or carry out the Department's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm. This routine use permits disclosures by the 
Department to respond to a suspected or confirmed data breach, 
including the conduct of any risk analysis or provision of credit 
protection services as provided in 38 U.S.C. 5724, as the terms are 
defined in 38 U.S.C. 5727.
    10. Information may be disclosed by appropriate VA personnel to the 
extent necessary and on a need to know basis, consistent with good 
medical-ethical practices, to family members.
    11. VA may disclose information from this system to the Federal 
Labor Relations Authority (FLRA), including its General Counsel, 
information related to the establishment of jurisdiction, 
investigation, and resolution of allegations of unfair labor practices, 
or in connection with the resolution of exceptions to arbitration 
awards when a question of material fact is raised; for it to address 
matters properly before the Federal Services Impasses Panel, 
investigate representation petitions, and conduct or supervise 
representation elections. VA must be able to provide information to 
FLRA to comply with the statutory mandate under which it operates.
    12. VA may disclose information from this system to the Merit 
Systems Protection Board (MSPB), or the Office of the Special Counsel, 
when requested in connection with appeals, special studies of the civil 
service and other merit systems, review of rules and regulations, 
investigation of alleged or possible prohibited personnel practices, 
and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as 
authorized by law. VA must be able to provide information to MSPB to 
assist it in fulfilling its duties as required by statute and 
regulation.

III. Compatibility of the Proposed Routine Uses

    The Privacy Act permits VA to disclose information about 
individuals without their consent for a routine use when the 
information will be used for a purpose that is compatible with the 
purpose for which VA collected the information. In all of the routine 
use disclosures described above, either the recipient of the 
information will use the information in connection with a matter 
relating to one of VA's programs, will use the information to provide a 
benefit to VA, or disclosure is required by law.
    Under section 264, Subtitle F of Title II of the Health Insurance 
Portability and Accountability Act of 1996 (HIPAA) Public Law 104-191, 
100 Stat. 1936, 2033-34 (1996), the United States

[[Page 56916]]

Department of Health and Human Services published a final rule, as 
amended, establishing Standards for Privacy of Individually-
Identifiable Health Information, 45 CFR parts 160 and 164. The Veterans 
Health Administration may not disclose individually-identifiable health 
information (as defined in HIPAA and the Privacy Rule, 42 U.S.C. 
1320(d)(6) and 45 CFR 164.501) pursuant to a routine use unless either: 
(a) The disclosure is required by law, or (b) the disclosure is also 
permitted or required by the Privacy Rule. The disclosures of 
individually-identifiable health information contemplated in the 
routine uses published in this new system of records notice are 
permitted under the Privacy Rule or required by law. However, to also 
have authority to make such disclosures under the Privacy Act, VA must 
publish these routine uses. Consequently, VA is publishing these 
routine uses and is adding a preliminary paragraph to the routine uses 
portion of the system of records notice stating that any disclosure 
pursuant to the routine uses in this system of records notice must be 
either required by law or permitted by the Privacy Rule before VHA may 
disclose the covered information.
    The notice of intent to publish and an advance copy of the system 
notice have been sent to the appropriate Congressional committees and 
to the Director of the Office of Management and Budget (OMB) as 
required by 5 U.S.C. 552a(r) (Privacy Act) and guidelines issued by OMB 
(65 FR 77677), December 12, 2000.

    Approved: August 15, 2012.
John R. Gingrich,
Chief of Staff, Department of Veterans Affairs.
169VA10NC

SYSTEM NAME:
    Veteran Child Care Programs--VA

SYSTEM LOCATION:
    Records are maintained at each VA health care facility where the 
child care program is in place (in most cases, backup information is 
stored at off-site locations). Subsidiary record information is 
maintained by individuals, organizations, and/or agencies with whom VA 
has a contract or agreement to perform such services, as VA may deem 
practicable.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The records contain information on children who receive child care 
and the children's parents and/or guardians who are receiving treatment 
at VA.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The records may include information related to:
    (1) Indentifying information for child (e.g. name, birth date, age, 
social security number, telephone number, child's primary care 
physician and (2) emergency contact information for parent/guardian 
(e.g. name of parent, address, relationship, telephone number, 
alternate contact person.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Title 38, U.S.C., Section 501.

PURPOSE(S):
    The records and information may be used for statistical analysis to 
produce various management, workload tracking, and follow-up reports; 
determining entitlement and eligibility for VA benefits, quality 
assurance audits and reviews, to track and evaluate the ordering and 
delivery of equipment and services for the planning, distribution and 
utilization of resources, and personnel management and evaluation. The 
data may be used for VA's extensive research programs in accordance 
with VA policy.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    To the extent that records contained in the system include 
information protected by 38 U.S.C. 7332, i.e., medical treatment 
information related to drug abuse, alcoholism or alcohol abuse, sickle 
cell anemia or infection with the human immunodeficiency virus, that 
information cannot be disclosed under a routine use unless there is 
also specific statutory authority permitting disclosure.
    VA may disclose protected health information pursuant to the 
following routine uses where required by law, or required or permitted 
by 45 CFR parts 160 and 164.
    1. On its own initiative, VA may disclose information, except for 
the names and home addresses of Veterans and their dependents, to a 
Federal, State, local, tribal, or foreign agency charged with the 
responsibility of investigating or prosecuting civil, criminal or 
regulatory violations of law, or charged with enforcing or implementing 
the statute, regulation, rule or order issued pursuant thereto. On its 
own initiative, VA may also disclose the names and addresses of 
Veterans and their dependents to a Federal agency charged with the 
responsibility of investigating or prosecuting civil, criminal or 
regulatory violations of law, or charged with enforcing or implementing 
the statute, regulation, rule or order issued pursuant thereto. VA must 
be able to comply with the requirements of agencies charged with 
enforcing the law and conducting investigations. VA must also be able 
to provide information to State or local agencies charged with 
protecting the public's health as set forth in State law.
    2. Disclosure may be made to an agency in the executive, 
legislative, or judicial branch, or the District of Columbia's 
government in response to its request or at the initiation of VA, in 
connection with disease tracking, patient outcomes or other health 
information required for program accountability.
    3. The record of an individual who is covered by a system of 
records may be disclosed to a Member of Congress, or a staff person 
acting for the Member, when the Member or staff person requests the 
record on behalf of and at the written request of the individual.
    4. Disclosure may be made to NARA and GSA in records management 
inspections conducted under authority of Title 44, Chapter 29, of the 
U.S.C.
    5. VA may disclose information from this system of records to the 
Department of Justice (DoJ), either on VA's initiative or in response 
to DoJ's request for the information, after either VA or DoJ determines 
that such information is relevant to DoJ's representation of the United 
States or any of its components in legal proceedings before a court or 
adjudicative body, provided that, in each case, the agency also 
determines prior to disclosure that release of the records to the DoJ 
is a use of the information contained in the records that is compatible 
with the purpose for which VA collected the records.
    6. VA may disclose information to the Equal Employment Opportunity 
Commission when requested in connection with investigations of alleged 
or possible discriminatory practices, examination of Federal 
affirmative employment programs, or for other functions of the 
Commission as authorized by law or regulation.
    7. Disclosures of relevant information may be made to individuals, 
organizations, private or public agencies, or other entities with whom 
VA has a contract or agreement or where there is a subcontract to 
perform the services as VA may deem practicable for the purposes of 
laws administered by VA, in order for the contractor or subcontractor 
to perform the services of the contract or agreement.
    8. Disclosure to other Federal agencies may be made to assist such 
agencies in preventing and detecting possible fraud or abuse by 
individuals in their operations and programs.

[[Page 56917]]

    9. VA may, on its own initiative, disclose any information or 
records to appropriate agencies, entities, and persons when: (1) VA 
suspects or has confirmed that the integrity or confidentiality of 
information in the system of records has been compromised; and (2) the 
Department has determined that as a result of the suspected or 
confirmed compromise, there is a risk of embarrassment or harm to the 
reputations of the record subjects, harm to economic or property 
interests, identity theft or fraud, or harm to the security, 
confidentiality, or integrity of this system or other systems or 
programs (whether maintained by the Department or another agency or 
disclosure is to agencies, entities, or persons whom VA determines are 
reasonably necessary to assist or carry out the Department's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm. This routine use permits disclosures by the 
Department to respond to a suspected or confirmed data breach, 
including the conduct of any risk analysis or provision of credit 
protection services as provided in 38 U.S.C. 5724, as the terms are 
defined in 38 U.S.C. 5727.
    10. Information may be disclosed by appropriate VA personnel to the 
extent necessary and on a need to know basis, consistent with good 
medical-ethical practices, to family members.
    11. VA may disclose information from this system to the FLRA, 
including its General Counsel, information related to the establishment 
of jurisdiction, investigation, and resolution of allegations of unfair 
labor practices, or in connection with the resolution of exceptions to 
arbitration awards when a question of material fact is raised; for it 
to address matters properly before the Federal Services Impasses Panel, 
investigate representation petitions, and conduct or supervise 
representation elections.
    12. VA may disclose information from this system to the MSPB, or 
the Office of the Special Counsel, when requested in connection with 
appeals, special studies of the civil service and other merit systems, 
review of rules and regulations, investigation of alleged or possible 
prohibited personnel practices, and such other functions promulgated in 
5 U.S.C. 1205 and 1206, or as authorized by law.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are maintained on paper, microfilm, electronic media 
including images and scanned documents, or laser optical media in the 
consolidated health record at the health care facility where care was 
rendered.

RETRIEVABILITY:
    Records are retrieved by name, social security number or other 
assigned identifiers of the individuals to whom they pertain.

SAFEGUARDS:
    1. Access to and use of national administrative databases, 
warehouses, and data marts are limited to those persons whose official 
duties require such access, and VA has established security procedures 
to ensure that access is appropriately limited. Information security 
officers and system data stewards review and authorize data access 
requests. VA regulates data access with security software that 
authenticates users and requires individually unique codes and 
passwords. VA provides information security training to all staff and 
instructs staff on the responsibility each person has for safeguarding 
data confidentiality.
    2. Physical access to computer rooms housing national 
administrative databases, warehouses, and data marts is restricted to 
authorized staff and protected by a variety of security devices. 
Unauthorized employees, contractors, and other staff are not allowed in 
computer rooms. The Federal Protective Service or other security 
personnel provide physical security for the buildings housing computer 
rooms and data centers.
    3. Data transmissions between operational systems and national 
administrative databases, warehouses, and data marts maintained by this 
system of record are protected by state of the art telecommunication 
software and hardware. This may include firewalls, intrusion detection 
devices, encryption, and other security measures necessary to safeguard 
data as it travels across the VA Wide Area Network.
    4. In most cases, copies of back-up computer files are maintained 
at off-site locations.
    5. VA maintains Business Associate Agreements and Non-Disclosure 
Agreements where appropriate with contracted resources in order to 
maintain confidentiality of the information.

RETENTION AND DISPOSAL:
    Records are maintained and disposed of in accordance with the 
records disposition authority approved by the Archivist of the United 
States.

SYSTEM MANAGER(S) AND ADDRESS:
    Official maintaining this system of records and responsible for 
policies and procedures is the Deputy, ADUSH for Clinical Operations, 
Department of Veterans Affairs, 810 Vermont Avenue NW., Washington, DC 
20420.

NOTIFICATION PROCEDURE:
    Individuals who wish to determine whether this system of records 
contains information about them or their children should submit a 
written request or apply in person where the child participated in the 
child care program. Inquiries should include the person's full name, 
social security number, location and dates of employment or location 
and dates of treatment and their return address.

RECORD ACCESS PROCEDURE:
    Individuals seeking information regarding access to and contesting 
of records in this system may write, call, or visit in person where the 
child participated in the child care program.

CONTESTING RECORD PROCEDURES:
    (See Record Access Procedures above.)

RECORD SOURCE CATEGORIES:
    Information in this system of records is provided by the Veteran or 
family members.

[FR Doc. 2012-22693 Filed 9-13-12; 8:45 am]
BILLING CODE 8320-01-P