Privacy Act of 1974; System of Records, 7407-7411 [2020-02478]

Download as PDF Federal Register / Vol. 85, No. 26 / Friday, February 7, 2020 / Notices 12. Disclosure may be made to individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to perform such services as VA may deem practicable for the purposes of laws administered by VA, in order for the contractor, subcontractor, public or private agency, or other entity or individual with whom VA has an agreement or contract to perform the services of the contract or agreement. 13. Disclosure to other Federal agencies may be made to assist such agencies in preventing and detecting possible fraud or abuse by individuals in their operations and programs. 14. VA may disclose any information or records to appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that there has been a breach of the system of records; (2) VA has determined that as a result of the suspected or confirmed breach there is a risk to individuals, VA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, or persons is reasonably necessary to assist in connection with VA efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm. 15. VA may disclose information from this system to another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. 16. VA may disclose information from this system to the Office of the Special Counsel for investigation and inquires of alleged or possible prohibited personnel practices. jbell on DSKJLSW7X2PROD with NOTICES POLICIES AND PRACTICES FOR STORAGE OF RECORDS: Records are maintained on paper and on electronic storage media, including magnetic tape, disk, encrypted flash memory, and laser optical media. POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: Records are retrieved by name, Social Security number, or other assigned identifiers of the individuals on whom they are maintained. VerDate Sep<11>2014 17:42 Feb 06, 2020 Jkt 250001 POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: The records are disposed of in accordance with Section XXXV—Office of the Medical Inspector (10E1B) of the Veterans Health Administration Records Control Schedule 10–1 of January 2016, which stipulates that records from investigations not involving site visits will be destroyed 10 years after closure; records from investigations involving site visits will be destroyed 20 years after closure. ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: 1. Access to and use of national patient databases are limited to those persons whose official duties require such access, and VA has established security procedures to ensure that access is appropriately limited. Information security officers and system data stewards review and authorize data access requests. VA regulates data access with security software that authenticates users and requires individually unique codes and passwords. VA provides information security training to all staff and instructs staff on the responsibility each person has for safeguarding data confidentiality. 2. VA maintains Business Associate Agreements and Non-Disclosure Agreements with contracted resources in order to maintain confidentiality of the information. 3. Physical access to computer rooms housing national patient databases is restricted to authorized staff and protected by a variety of security devices. Unauthorized employees, contractors, and other staff are not allowed in computer rooms. The Federal Protective Service or other security personnel provide physical security for the buildings housing computer rooms and data centers. 4. All materials containing real or scrambled Social Security numbers are kept only on secure, encrypted VHA servers, personal computers, laptops, or media. All email transmissions of such files use Public Key Infrastructure (PKI) encryption. If a recipient does not have PKI, items are mailed or sent to a secure fax. Paper records containing Social Security numbers are secured in locked cabinets or offices within the OMI area. Access to OMI requires passing a security officer, an elevator card reader for floor access and a separate VHA card reader for access to the office area. All materials, both paper and electronic, that are no longer required are shredded/obliterated in accordance with VHA guidelines. Materials required for case documentation and follow up are PO 00000 Frm 00143 Fmt 4703 Sfmt 4703 7407 archived in our secure document management server (electronic) and in locked storage (paper). 5. In most cases, copies of back-up computer files are maintained at off-site locations. RECORD ACCESS PROCEDURE: Individuals seeking information regarding access to and contesting of records in this system may write or call Correspondence Analyst, OMI, 810 Vermont Avenue NW, Washington, DC 20420, 202–461–1030. CONTESTING RECORD PROCEDURES: (See Record Access Procedures). NOTIFICATION PROCEDURE: Individuals who wish to determine whether this system of records contains information about them should contact Correspondence Analyst, OMI, 810 Vermont Avenue NW, Washington, DC 20420. Inquiries should include the person’s full name, Social Security number, location and dates of employment or location and dates of treatment and return address. EXEMPTIONS PROMULGATED FOR THE SYSTEM: None. HISTORY: Last full publication provided in 75 FR 26847 dated May 12, 2010. [FR Doc. 2020–02482 Filed 2–6–20; 8:45 am] BILLING CODE 8320–01–P DEPARTMENT OF VETERANS AFFAIRS Privacy Act of 1974; System of Records AGENCY: Department of Veterans Affairs (VA). ACTION: Notice of a modified system of records. As required by the Privacy Act of 1974, notice is hereby given that the Department of Veterans Affairs (VA) is amending the system of records entitled ‘‘Agent Orange Registry—VA’’ (105VA131) as set forth in 68 FR 75025. VA is amending the system of records by revising the System Number; System Location; System Manager; Authority for Maintenance of the System; Categories of Individuals Covered by the System; Categories of Records in the System; Routine Uses of Records Maintained in the System and Policies; Policies and Practices for Storage of Records; Policies and Practices for Retention and Disposal of Records; Administrative, Technical, and Physical Safeguards; Record Access Procedure; SUMMARY: E:\FR\FM\07FEN1.SGM 07FEN1 7408 Federal Register / Vol. 85, No. 26 / Friday, February 7, 2020 / Notices and Notification Procedure. VA is republishing the system notice in its entirety. Comments on this amended system of records must be received no later than March 9, 2020. If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by the VA, the new system will become effective March 9, 2020. ADDRESSES: Written comments may be submitted through www.Regulations.gov; by mail or handdelivery to Director, Regulation Policy and Management (00REG), Department of Veterans Affairs, 810 Vermont Avenue NW, Room 1064, Washington, DC 20420; or by fax to (202) 273–9026 (Note: Not a toll-free number). Comments should indicate they are submitted in response to ‘‘Agent Orange Registry—VA’’. Copies of comments received will be available for public inspection in the Office of Regulation Policy and Management, Room 1063B, between the hours of 8:00 a.m. and 4:30 p.m., Monday through Friday (except holidays). Please call (202) 461–4902 for an appointment (Note: Not a toll-free number). In addition, comments may be viewed online at www.Regulations.gov. FOR FURTHER INFORMATION CONTACT: Veterans Health Administration (VHA) Privacy Officer, Department of Veterans Affairs, 810 Vermont Avenue NW, Washington, DC 20420; telephone (704) 245–2492 (Note: Not a toll-free number). SUPPLEMENTARY INFORMATION: The System Number is changed from 105VA131 to 105VA10P4Q to reflect the current organizational alignment. The System Location is being amended to change the Austin Automation Center (AAC) to the Austin Information Technology Center (AITC). This section is being amended to remove ‘‘narratives, signatures, etc., noted on the code sheets are not entered into this system, images of the code sheets are maintained at the Department of Veterans Affairs, Environmental Agents Service (131), 810 Vermont Avenue NW, Washington, DC 20420. These are electronic images of paper records, i.e., code sheets, medical records, questionnaires and correspondence that are stored on optical disks. The optical disk system is currently being utilized where there is no access to the secure web-based system. The optical disk system is scheduled to be discontinued in 2004 and all access to the Agent Orange Registry (AOR) system will be through the secure web-based data entry system.’’ jbell on DSKJLSW7X2PROD with NOTICES DATES: VerDate Sep<11>2014 17:42 Feb 06, 2020 Jkt 250001 System Manager is being amended to replace Director, Environmental Agents Service (131), Office of Public Health and Environmental Hazards, (clinical issues) and Management/Program Analyst, Environmental Agents Service (131) (administrative issues), with Deputy Chief Consultant, Post Deployment Health Services (10P4Q). Authority for Maintenance of the System is being amended to replace Title 38, United States Code (U.S.C.) 1710(e)(1)(B) and 1720E with Public Law 102–4, 38 U.S.C. 527, 38 U.S.C. 1116, Public Law 102–585 Section 703, and Public Law 100–687. Categories of Individuals Covered by the System is being amended to remove number 4. Have had an AOR examination at a VA medical facility. This section is being amended to include numbers 4. Exposure to Agent Orange in Vietnam Exposure on land in Vietnam or on a ship operating on the inland waterways of Vietnam between January 9, 1962 and May 7, 1975. 5. C– 123 Airplanes and Agent Orange Residue, C–123 Reservists who were assigned to flight, ground or medical crew duties at Lockbourne/ Rickenbacker Air Force Base in Ohio (906th and 907th Tactical Air Groups or 355th and 356th Tactical Airlift Squadron), Westover Air Force Base in Massachusetts (731st Tactical Air Squadron and 74th Aeromedical Evacuation Squadron) or Pittsburgh, Pennsylvania, International Airport (758th Airlift Squadron) during the period 1969 to 1986. 6. Blue Water Veterans, possible exposure on open sea ships off the shore of Vietnam during the Vietnam War. Ship categories include the following: (1) Ships operating primarily or exclusively on Vietnam’s inland waterways; (2) Ships operating temporarily on Vietnam’s inland waterways; (3) Ships that docked to shore or pier in Vietnam; (4) Ships operating on Vietnam’s close coastal waters for extended periods with evidence that crewmembers went ashore; and (5) Ships operating on Vietnam’s close coastal waters for extended periods with evidence that smaller craft from the ship regularly delivered supplies or troops ashore. The list of U.S. Navy and Coast Guard ships that operated in Vietnam can be viewed at this link: https://www.benefits.va.gov/ compensation/claims-postservice-agent_ orange.asp. 7. Korean Demilitarized Zone exposure along the demilitarized zone in Korea between April 1, 1968 and August 31, 1971 and 9. Thailand Military Bases exposure on or near the perimeters of military bases between February 28, 1961 and May 7, 1975. PO 00000 Frm 00144 Fmt 4703 Sfmt 4703 The Categories of Records in the System is being amended to add VA medical facility where the Veteran had the AOR examination. The Routine Uses of Records Maintained in the System has been amended to change Joint Commission for Accreditation of Healthcare Organizations (JCAHO) to The Joint Commission in Routine use #8. Routine Use #9 is amending the language which states that disclosure of the records to the DoJ is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. VA may disclose records in this system of records in legal proceedings before a court or administrative body after determining that the disclosure of the records to the court or administrative body is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. This routine use will now state that release of the records to the DoJ is limited to circumstances where relevant and necessary to the litigation. VA may disclose records in this system of records in legal proceedings before a court or administrative body after determining that release of the records to the court or administrative body is limited to circumstances where relevant and necessary to the litigation. Routine Use #11 is clarifying the language to state, ‘‘VA may disclose any information or records to appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that there has been a breach of the system of records; (2) VA has determined that as a result of the suspected or confirmed breach there is a risk to individuals, VA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, or persons is reasonably necessary to assist in connection with VA efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.’’ Routine use #12 is being added to state, ‘‘VA may disclose information from this system to another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or E:\FR\FM\07FEN1.SGM 07FEN1 jbell on DSKJLSW7X2PROD with NOTICES Federal Register / Vol. 85, No. 26 / Friday, February 7, 2020 / Notices national security, resulting from a suspected or confirmed breach.’’ Routine use #13 is also being added to state, ‘‘VA may disclose information from this system of records to individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to perform such services as VA may deem practicable for the purposes of laws administered by VA, in order for the contractor, subcontractor, public or private agency, or other entity or individual with whom VA has a contract or agreement to perform services under the contract or agreement.’’ This routine use includes disclosures by an individual or entity performing services for VA to any secondary entity or individual to perform an activity that is necessary for individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to provide the service to VA. Policies and Practices for Storage of Records is being amended to remove, ‘‘In 2003, the data collection process moved to a secure web-based system. Data previously recorded manually and converted to electronic format is now input through the secure VA Intranet system. In addition to electronic data, registry reports are maintained on paper documents and microfiche. The optical disk system is currently being utilized where there is no access to the secure web-based system. The optical disk system is scheduled to be discontinued in 2004 and all access to the AOR system will be through the secure webbased data entry system. Records will be maintained and disposed of in accordance with records disposition authority approved by the Archivist of the United States.’’ This section is also being amended to change the Austin Automation Center (AAC) to the Austin Information Technology Center (AITC). Policies and Practices For Retention and Disposal of Records is being amended to replace, ‘‘Records will be maintained and disposed of in accordance with records disposition authority approved by the Archivist of the United States.’’ with ‘‘Maintain these records per Record Control Schedule (RCS) 10–1 Subject Identification Code (SIC) 1203 series, these records are permanent records per N1–015–01–3, Item 3a and are to be transferred in 5 year block to the National Archives and Records Administration (NARA)’’. Administrative, Technical, and Physical Safeguards is being amended to include the registry is stored on a password protected system located in a VerDate Sep<11>2014 17:42 Feb 06, 2020 Jkt 250001 locked room. Registry application is Web-based and accessible behind the VA firewall. Access to the facility is limited by Personal Identity Verification access, security card, metal scanners at the entrance, and security guards. This section is also being amended to change the Austin Automation Center (AAC) to the Austin Information Technology Center (AITC). The Record Access Procedure and Notification Procedure are being amended to replace Director, Environmental Agents Service (131) or the Management/Program Analyst, Environmental Agents Service (131) with Deputy Chief Consultant, Post Deployment Health Services (10P4Q). The Report of Intent to Amend a System of Records Notice and an advance copy of the system notice have been sent to the appropriate Congressional committees and to the Director of the Office of Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000. Signing Authority: The Senior Agency Official for Privacy, or designee, approved this document and authorized the undersigned to sign and submit the document to the Office of the Federal Register for publication electronically as an official document of the Department of Veterans Affairs. James P. Gfrerer, Assistant Secretary for Information and Technology and Chief Information Officer, Department of Veterans Affairs, approved this document on May 13, 2019 for publication. Dated: February 4, 2020. Amy L. Rose, Program Analyst, VA Privacy Service, Department of Veterans Affairs. SYSTEM NAME AND NUMBER: Agent Orange Registry—VA (105VA10P4Q) SECURITY CLASSIFICATION: Unclassified. SYSTEM LOCATION: Character-based data from Agent Orange Registry (AOR) are maintained in a registry database at the Austin Information Technology Center (AITC), 1615 Woodward Street, Austin, Texas 78772. The secure Web-based data entry system is maintained by the AITC and provides retrievable images to users. SYSTEM MANAGER(S): Deputy Chief Consultant, Post Deployment Health Services (10P4Q), VA Central Office, 810 Vermont Avenue NW, Washington, DC 20420. PO 00000 Frm 00145 Fmt 4703 Sfmt 4703 7409 AUTHORITY FOR MAINTENANCE OF THE SYSTEM: Public Law No: 102–4, Title 38 United States Code 527, Title 38 United States Code 1116, Public Law 102–585 Section 703, and Public Law 100–687. PURPOSE(S) OF THE SYSTEM: The purpose of this AOR system of records is to provide information about: Veterans who have had an AOR examination at a VA facility; to assist in generating hypotheses for research studies; provide management with the capability to track patient demographics; reported birth defects among Veterans’ children; dioxinrelated diseases; planning and delivery of healthcare services and associated costs; and with relation to claims for compensation which may assist in the adjudication of claims possibly related to herbicide exposure although more comprehensive medical records are required for evaluation of subject claims. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Categories of individuals covered include Veterans who may have been exposed to dioxin or other toxic substance in a herbicide or defoliant during multiple periods and locations. These categories of Veterans are described below: 1. Veterans with active military service in the Republic of Vietnam between 1962 and 1975. 2. Veterans with active military service in the Republic of Korea between 1968 and 1969. 3. Veterans that may have come in contact as a result of testing, transporting or spraying herbicides for military purposes. 4. Veterans with possible exposure to Agent Orange in Vietnam on land in or on a ship operating on the inland waterways of Vietnam between January 9, 1962 and May 7, 1975. 5. Veterans with possible exposure to C–123 Airplanes and Agent Orange Residue as C–123 Reservists who were assigned to flight, ground or medical crew duties at Lockbourne/ Rickenbacker Air Force Base in Ohio (906th and 907th Tactical Air Groups or 355th and 356th Tactical Airlift Squadron), Westover Air Force Base in Massachusetts (731st Tactical Air Squadron and 74th Aeromedical Evacuation Squadron) or Pittsburgh, Pennsylvania, International Airport (758th Airlift Squadron) during the period 1969 to 1986. 6. Blue Water Veterans with possible exposure on open sea ships off the shore of Vietnam during the Vietnam War. Ship categories include the following: E:\FR\FM\07FEN1.SGM 07FEN1 7410 Federal Register / Vol. 85, No. 26 / Friday, February 7, 2020 / Notices (1) Ships operating primarily or exclusively on Vietnam’s inland waterways; (2) Ships operating temporarily on Vietnam’s inland waterways; (3) Ships that docked to shore or pier in Vietnam; (4) Ships operating on Vietnam’s close coastal waters for extended periods with evidence that crewmembers went ashore; and (5) Ships operating on Vietnam’s close coastal waters for extended periods with evidence that smaller craft from the ship regularly delivered supplies or troops ashore. The list of U.S. Navy and Coast Guard ships that operated in Vietnam can be viewed at this link: https://www.benefits.va.gov/ compensation/claims-postservice-agent_ orange.asp. 7. Veterans with Korean Demilitarized Zone exposure along the demilitarized zone in Korea between April 1, 1968 and August 31, 1971. 8. Veterans with Thailand Military Bases exposure on or near the perimeters of military bases between February 28, 1961 and May 7, 1975. CATEGORIES OF RECORDS IN THE SYSTEM: These records may contain the following information: VA facility code identifier where the Veteran was examined or treated; VA medical facility where the Veteran had the AOR examination; Veteran’s name; address; social security number; military service serial number; claim number; date of birth; race/ethnicity; marital status; sex; branch of service; periods of service; areas of service in Vietnam; list of military units where Veteran served; method of exposure to herbicides; Veteran’s self-assessment of health; date of registry examination; Veteran’s complaints/symptoms; reported birth defects among Veteran’s children; consultations; diagnoses; disposition (hospitalized, referred for outpatient treatment, etc.) and name and signature of examiner/clinician coordinator, when available. jbell on DSKJLSW7X2PROD with NOTICES RECORD SOURCE CATEGORIES: VA patient health records, various automated record systems providing clinical and managerial support to VA healthcare facilities, the Veteran, family members, and records from the Veterans Benefits Administration, Department of Defense, Department of the Army, Department of the Air Force, Department of the Navy and other Federal agencies. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: To the extent that records contained in the system include information VerDate Sep<11>2014 17:42 Feb 06, 2020 Jkt 250001 protected by 45 CFR parts 160 and 164, i.e., individually identifiable health information, and 38 U.S.C. 7332, i.e., medical treatment information related to drug abuse, alcoholism or alcohol abuse, sickle cell anemia or infection with the human immunodeficiency virus, that information cannot be disclosed under a routine use unless there is also specific statutory authority in 38 U.S.C. 7332 and regulatory authority in 45 CFR parts 160 and 164 permitting disclosure. 1. The record of an individual who is covered by a system of records may be disclosed to a Member of Congress, or a staff person acting for the Member, when the Member or staff person requests the record on behalf of and at the written request of the individual. 2. Disclosure of records covered by this system, as deemed necessary and proper to named individuals serving as accredited service organization representatives, and other individuals named as approved agents or attorneys for a documented purpose and period of time, to aid beneficiaries in the preparation and presentation of their cases during the verification and/or due process procedures, and in the presentation and prosecution of claims under laws administered by VA. 3. A record containing the name(s) and address(es) of present or former members of the armed services and/or their dependents may be released from this system of records under certain circumstances: (a) To any nonprofit organization if the release is directly connected with the conduct of programs and the utilization of benefits under Title 38, and (b) To any criminal or civil law enforcement governmental agency or instrumentality charged under applicable law with the protection of the public health or safety if a qualified representative of such organization, agency or instrumentality has made a written request that such name(s) or address(es) be provided for a purpose authorized by law; provided, further, that the record(s) will not be used for any purpose other than that stated in the request and that the organization, agency or instrumentality is aware of the penalty provision of 38 U.S.C. 5701(f). 4. Disclosure may be made to NARA and General Services Administration (GSA) in records management inspections conducted under authority of Title 44, Chapter 29, of the U.S.C. NARA and GSA are responsible for management of old records no longer actively used, but which may be appropriate for preservation, and for the physical maintenance of the Federal Government’s records. PO 00000 Frm 00146 Fmt 4703 Sfmt 4703 5. Disclosure of information, excluding name and address (unless name and address is furnished by the requestor) for research purposes determined to be necessary and proper, to epidemiological and other research facilities approved by the Under Secretary for Health. 6. To conduct Federal research necessary to accomplish a statutory purpose of an agency, at the written request of the head of the agency, or designee of the head of that agency, the name(s) and address(es) of present or former personnel or the Armed Services and/or their dependents may be disclosed (a) To a Federal department or agency, or (b) Directly to a contractor of a Federal department or agency. When a disclosure of this information is to be made directly to the contractor, VA may impose applicable conditions on the department, agency, and/or contractor to insure the appropriateness of the disclosure to the contractor. 7. VA may disclose any information in this system, except the names and home addresses of Veterans and their dependents, which is relevant to a suspected or reasonably imminent violation of law, whether civil, criminal or regulatory in nature and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, to a Federal, State, local, tribal, or foreign agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule or order. VA may also disclose the names and addresses of Veterans and their dependents to a Federal agency charged with the responsibility of investigating or prosecuting civil, criminal or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, rule or order issued pursuant thereto. 8. For program review purposes and the seeking of accreditation and/or certification, disclosure may be made to survey teams of The Joint Commission, College of American Pathologists, American Association of Blood Banks, and similar national accreditation agencies or boards with whom VA has a contract or agreement to conduct such reviews but only to the extent that the information is necessary and relevant to the review. VA healthcare facilities undergo certification and accreditation by several national accreditation agencies or boards to comply with regulations and good medical practices. 9. VA may disclose information in this system of records to the Department of Justice (DoJ), either on VA’s initiative or in response to DoJ’s request for the E:\FR\FM\07FEN1.SGM 07FEN1 Federal Register / Vol. 85, No. 26 / Friday, February 7, 2020 / Notices jbell on DSKJLSW7X2PROD with NOTICES information, after either VA or DoJ determines that such information is relevant to DoJ’s representation of the United States or any of its components in legal proceedings before a court or adjudicative body, provided that, in each case, the agency also determines prior to disclosure that release of the records to the DoJ is limited to circumstances where relevant and necessary to the litigation. VA may disclose records in this system of records in legal proceedings before a court or administrative body after determining that release of the records to the court or administrative body is limited to circumstances where relevant and necessary to the litigation. 10. Disclosure to other Federal agencies may be made to assist such agencies in preventing and detecting possible fraud or abuse by individuals in their operations and programs. 11. VA may disclose any information or records to appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that there has been a breach of the system of records; (2) VA has determined that as a result of the suspected or confirmed breach there is a risk to individuals, VA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, or persons is reasonably necessary to assist in connection with VA efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm. 12. VA may disclose information from this system to another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. VerDate Sep<11>2014 17:42 Feb 06, 2020 Jkt 250001 13. VA may disclose information from this system of records to individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to perform such services as VA may deem practicable for the purposes of laws administered by VA, in order for the contractor, subcontractor, public or private agency, or other entity or individual with whom VA has a contract or agreement to perform services under the contract or agreement. POLICIES AND PRACTICES FOR STORAGE OF RECORDS: Data are stored electronically on a Web server hosted by the AITC. Three levels of access are provided for the data that is input, using password security linked to the AITC Top Secret Security system, with mandated changes every 90 days. AITC stores registry tapes for disaster back up at an off-site location. POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: Records are retrieved by name of Veteran and social security number. POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: Maintain these records per Record Control Schedule (RCS) 10–1 Subject Identification Code (SIC) 1203 series, these records are permanent records per N1–015–01–3, Item 3a and are to be transferred in 5-year blocks to NARA. ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: Registry data maintained at the AITC can only be updated by authorized AITC personnel. The registry is stored on a password protected system located in a locked room. Registry application is Web-based and accessible behind the VA firewall. Access to the facility is limited by Personal Identity Verification access, security card, metal scanners at the entrance, and security guards. Data are securely located behind the VA firewall and only accessible from the VA Local Area Network (LAN) through the VA Intranet. AITC reports are also accessible through a telecommunications network on a readonly basis to the owner (VA facility) of PO 00000 Frm 00147 Fmt 4703 Sfmt 9990 7411 the data. Access is limited to authorized employees by individually unique access codes which are changed periodically. Physical access to the AITC is generally restricted to AITC staff, VA Central Office staff, custodial personnel, Federal Protective Service and authorized operational personnel through electronic locking devices. All other persons gaining access to the computer rooms are escorted. Backup records are stored off-site and safeguarded in secured storage areas. A disaster recovery plan is in place and system recovery is tested at an off-site facility in accordance with established schedules. RECORD ACCESS PROCEDURE: An individual who seeks access to records maintained under his or her name may write or visit the nearest VA facility or write to the Deputy Chief Consultant, Post Deployment Health Services (10P4Q), VA Central Office, 810 Vermont Avenue NW, Washington, DC 20420. CONTESTING RECORD PROCEDURES: (See Record Access Procedures above.) NOTIFICATION PROCEDURE: An individual who wishes to determine whether a record is being maintained in this system under his or her name or other personal identifier, or wants to determine the contents of such record, should submit a written request or apply in person to the last VA facility where medical care was provided or submit a written request to the Deputy Chief Consultant, Post Deployment Health Services (10P4Q), VA Central Office, 810 Vermont Avenue NW, Washington, DC 20420. Inquiries should include the Veteran’s name, social security number and return address. EXEMPTIONS PROMULGATED FOR THE SYSTEM: None. HISTORY: Last full publication provided in 68 FR 75025 dated December 29, 2003. [FR Doc. 2020–02478 Filed 2–6–20; 8:45 am] BILLING CODE 8320–01–P E:\FR\FM\07FEN1.SGM 07FEN1

Agencies

[Federal Register Volume 85, Number 26 (Friday, February 7, 2020)]
[Notices]
[Pages 7407-7411]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-02478]


-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Department of Veterans Affairs (VA).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: As required by the Privacy Act of 1974, notice is hereby given 
that the Department of Veterans Affairs (VA) is amending the system of 
records entitled ``Agent Orange Registry--VA'' (105VA131) as set forth 
in 68 FR 75025. VA is amending the system of records by revising the 
System Number; System Location; System Manager; Authority for 
Maintenance of the System; Categories of Individuals Covered by the 
System; Categories of Records in the System; Routine Uses of Records 
Maintained in the System and Policies; Policies and Practices for 
Storage of Records; Policies and Practices for Retention and Disposal 
of Records; Administrative, Technical, and Physical Safeguards; Record 
Access Procedure;

[[Page 7408]]

and Notification Procedure. VA is republishing the system notice in its 
entirety.

DATES: Comments on this amended system of records must be received no 
later than March 9, 2020. If no public comment is received during the 
period allowed for comment or unless otherwise published in the Federal 
Register by the VA, the new system will become effective March 9, 2020.

ADDRESSES: Written comments may be submitted through 
www.Regulations.gov; by mail or hand-delivery to Director, Regulation 
Policy and Management (00REG), Department of Veterans Affairs, 810 
Vermont Avenue NW, Room 1064, Washington, DC 20420; or by fax to (202) 
273-9026 (Note: Not a toll-free number). Comments should indicate they 
are submitted in response to ``Agent Orange Registry--VA''. Copies of 
comments received will be available for public inspection in the Office 
of Regulation Policy and Management, Room 1063B, between the hours of 
8:00 a.m. and 4:30 p.m., Monday through Friday (except holidays). 
Please call (202) 461-4902 for an appointment (Note: Not a toll-free 
number). In addition, comments may be viewed online at 
www.Regulations.gov.

FOR FURTHER INFORMATION CONTACT: Veterans Health Administration (VHA) 
Privacy Officer, Department of Veterans Affairs, 810 Vermont Avenue NW, 
Washington, DC 20420; telephone (704) 245-2492 (Note: Not a toll-free 
number).

SUPPLEMENTARY INFORMATION: The System Number is changed from 105VA131 
to 105VA10P4Q to reflect the current organizational alignment.
    The System Location is being amended to change the Austin 
Automation Center (AAC) to the Austin Information Technology Center 
(AITC). This section is being amended to remove ``narratives, 
signatures, etc., noted on the code sheets are not entered into this 
system, images of the code sheets are maintained at the Department of 
Veterans Affairs, Environmental Agents Service (131), 810 Vermont 
Avenue NW, Washington, DC 20420. These are electronic images of paper 
records, i.e., code sheets, medical records, questionnaires and 
correspondence that are stored on optical disks. The optical disk 
system is currently being utilized where there is no access to the 
secure web-based system. The optical disk system is scheduled to be 
discontinued in 2004 and all access to the Agent Orange Registry (AOR) 
system will be through the secure web-based data entry system.''
    System Manager is being amended to replace Director, Environmental 
Agents Service (131), Office of Public Health and Environmental 
Hazards, (clinical issues) and Management/Program Analyst, 
Environmental Agents Service (131) (administrative issues), with Deputy 
Chief Consultant, Post Deployment Health Services (10P4Q).
    Authority for Maintenance of the System is being amended to replace 
Title 38, United States Code (U.S.C.) 1710(e)(1)(B) and 1720E with 
Public Law 102-4, 38 U.S.C. 527, 38 U.S.C. 1116, Public Law 102-585 
Section 703, and Public Law 100-687.
    Categories of Individuals Covered by the System is being amended to 
remove number 4. Have had an AOR examination at a VA medical facility. 
This section is being amended to include numbers 4. Exposure to Agent 
Orange in Vietnam Exposure on land in Vietnam or on a ship operating on 
the inland waterways of Vietnam between January 9, 1962 and May 7, 
1975. 5. C-123 Airplanes and Agent Orange Residue, C-123 Reservists who 
were assigned to flight, ground or medical crew duties at Lockbourne/
Rickenbacker Air Force Base in Ohio (906th and 907th Tactical Air 
Groups or 355th and 356th Tactical Airlift Squadron), Westover Air 
Force Base in Massachusetts (731st Tactical Air Squadron and 74th 
Aeromedical Evacuation Squadron) or Pittsburgh, Pennsylvania, 
International Airport (758th Airlift Squadron) during the period 1969 
to 1986. 6. Blue Water Veterans, possible exposure on open sea ships 
off the shore of Vietnam during the Vietnam War. Ship categories 
include the following: (1) Ships operating primarily or exclusively on 
Vietnam's inland waterways; (2) Ships operating temporarily on 
Vietnam's inland waterways; (3) Ships that docked to shore or pier in 
Vietnam; (4) Ships operating on Vietnam's close coastal waters for 
extended periods with evidence that crewmembers went ashore; and (5) 
Ships operating on Vietnam's close coastal waters for extended periods 
with evidence that smaller craft from the ship regularly delivered 
supplies or troops ashore. The list of U.S. Navy and Coast Guard ships 
that operated in Vietnam can be viewed at this link: https://www.benefits.va.gov/compensation/claims-postservice-agent_orange.asp. 
7. Korean Demilitarized Zone exposure along the demilitarized zone in 
Korea between April 1, 1968 and August 31, 1971 and 9. Thailand 
Military Bases exposure on or near the perimeters of military bases 
between February 28, 1961 and May 7, 1975.
    The Categories of Records in the System is being amended to add VA 
medical facility where the Veteran had the AOR examination.
    The Routine Uses of Records Maintained in the System has been 
amended to change Joint Commission for Accreditation of Healthcare 
Organizations (JCAHO) to The Joint Commission in Routine use #8.
    Routine Use #9 is amending the language which states that 
disclosure of the records to the DoJ is a use of the information 
contained in the records that is compatible with the purpose for which 
VA collected the records. VA may disclose records in this system of 
records in legal proceedings before a court or administrative body 
after determining that the disclosure of the records to the court or 
administrative body is a use of the information contained in the 
records that is compatible with the purpose for which VA collected the 
records. This routine use will now state that release of the records to 
the DoJ is limited to circumstances where relevant and necessary to the 
litigation. VA may disclose records in this system of records in legal 
proceedings before a court or administrative body after determining 
that release of the records to the court or administrative body is 
limited to circumstances where relevant and necessary to the 
litigation.
    Routine Use #11 is clarifying the language to state, ``VA may 
disclose any information or records to appropriate agencies, entities, 
and persons when (1) VA suspects or has confirmed that there has been a 
breach of the system of records; (2) VA has determined that as a result 
of the suspected or confirmed breach there is a risk to individuals, VA 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, or persons is reasonably necessary to 
assist in connection with VA efforts to respond to the suspected or 
confirmed breach or to prevent, minimize, or remedy such harm.''
    Routine use #12 is being added to state, ``VA may disclose 
information from this system to another Federal agency or Federal 
entity, when VA determines that information from this system of records 
is reasonably necessary to assist the recipient agency or entity in (1) 
responding to a suspected or confirmed breach or (2) preventing, 
minimizing, or remedying the risk of harm to individuals, the recipient 
agency or entity (including its information systems, programs, and 
operations), the Federal Government, or

[[Page 7409]]

national security, resulting from a suspected or confirmed breach.''
    Routine use #13 is also being added to state, ``VA may disclose 
information from this system of records to individuals, organizations, 
private or public agencies, or other entities or individuals with whom 
VA has a contract or agreement to perform such services as VA may deem 
practicable for the purposes of laws administered by VA, in order for 
the contractor, subcontractor, public or private agency, or other 
entity or individual with whom VA has a contract or agreement to 
perform services under the contract or agreement.'' This routine use 
includes disclosures by an individual or entity performing services for 
VA to any secondary entity or individual to perform an activity that is 
necessary for individuals, organizations, private or public agencies, 
or other entities or individuals with whom VA has a contract or 
agreement to provide the service to VA.
    Policies and Practices for Storage of Records is being amended to 
remove, ``In 2003, the data collection process moved to a secure web-
based system. Data previously recorded manually and converted to 
electronic format is now input through the secure VA Intranet system. 
In addition to electronic data, registry reports are maintained on 
paper documents and microfiche. The optical disk system is currently 
being utilized where there is no access to the secure web-based system. 
The optical disk system is scheduled to be discontinued in 2004 and all 
access to the AOR system will be through the secure web-based data 
entry system. Records will be maintained and disposed of in accordance 
with records disposition authority approved by the Archivist of the 
United States.'' This section is also being amended to change the 
Austin Automation Center (AAC) to the Austin Information Technology 
Center (AITC).
    Policies and Practices For Retention and Disposal of Records is 
being amended to replace, ``Records will be maintained and disposed of 
in accordance with records disposition authority approved by the 
Archivist of the United States.'' with ``Maintain these records per 
Record Control Schedule (RCS) 10-1 Subject Identification Code (SIC) 
1203 series, these records are permanent records per N1-015-01-3, Item 
3a and are to be transferred in 5 year block to the National Archives 
and Records Administration (NARA)''.
    Administrative, Technical, and Physical Safeguards is being amended 
to include the registry is stored on a password protected system 
located in a locked room. Registry application is Web-based and 
accessible behind the VA firewall. Access to the facility is limited by 
Personal Identity Verification access, security card, metal scanners at 
the entrance, and security guards. This section is also being amended 
to change the Austin Automation Center (AAC) to the Austin Information 
Technology Center (AITC).
    The Record Access Procedure and Notification Procedure are being 
amended to replace Director, Environmental Agents Service (131) or the 
Management/Program Analyst, Environmental Agents Service (131) with 
Deputy Chief Consultant, Post Deployment Health Services (10P4Q).
    The Report of Intent to Amend a System of Records Notice and an 
advance copy of the system notice have been sent to the appropriate 
Congressional committees and to the Director of the Office of 
Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy 
Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000.
    Signing Authority: The Senior Agency Official for Privacy, or 
designee, approved this document and authorized the undersigned to sign 
and submit the document to the Office of the Federal Register for 
publication electronically as an official document of the Department of 
Veterans Affairs. James P. Gfrerer, Assistant Secretary for Information 
and Technology and Chief Information Officer, Department of Veterans 
Affairs, approved this document on May 13, 2019 for publication.

    Dated: February 4, 2020.
Amy L. Rose,
Program Analyst, VA Privacy Service, Department of Veterans Affairs.

SYSTEM NAME AND NUMBER:
    Agent Orange Registry--VA (105VA10P4Q)

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Character-based data from Agent Orange Registry (AOR) are 
maintained in a registry database at the Austin Information Technology 
Center (AITC), 1615 Woodward Street, Austin, Texas 78772. The secure 
Web-based data entry system is maintained by the AITC and provides 
retrievable images to users.

SYSTEM MANAGER(S):
    Deputy Chief Consultant, Post Deployment Health Services (10P4Q), 
VA Central Office, 810 Vermont Avenue NW, Washington, DC 20420.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Public Law No: 102-4, Title 38 United States Code 527, Title 38 
United States Code 1116, Public Law 102-585 Section 703, and Public Law 
100-687.

PURPOSE(S) OF THE SYSTEM:
    The purpose of this AOR system of records is to provide information 
about: Veterans who have had an AOR examination at a VA facility; to 
assist in generating hypotheses for research studies; provide 
management with the capability to track patient demographics; reported 
birth defects among Veterans' children; dioxin-related diseases; 
planning and delivery of healthcare services and associated costs; and 
with relation to claims for compensation which may assist in the 
adjudication of claims possibly related to herbicide exposure although 
more comprehensive medical records are required for evaluation of 
subject claims.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Categories of individuals covered include Veterans who may have 
been exposed to dioxin or other toxic substance in a herbicide or 
defoliant during multiple periods and locations. These categories of 
Veterans are described below:
    1. Veterans with active military service in the Republic of Vietnam 
between 1962 and 1975.
    2. Veterans with active military service in the Republic of Korea 
between 1968 and 1969.
    3. Veterans that may have come in contact as a result of testing, 
transporting or spraying herbicides for military purposes.
    4. Veterans with possible exposure to Agent Orange in Vietnam on 
land in or on a ship operating on the inland waterways of Vietnam 
between January 9, 1962 and May 7, 1975.
    5. Veterans with possible exposure to C-123 Airplanes and Agent 
Orange Residue as C-123 Reservists who were assigned to flight, ground 
or medical crew duties at Lockbourne/Rickenbacker Air Force Base in 
Ohio (906th and 907th Tactical Air Groups or 355th and 356th Tactical 
Airlift Squadron), Westover Air Force Base in Massachusetts (731st 
Tactical Air Squadron and 74th Aeromedical Evacuation Squadron) or 
Pittsburgh, Pennsylvania, International Airport (758th Airlift 
Squadron) during the period 1969 to 1986.
    6. Blue Water Veterans with possible exposure on open sea ships off 
the shore of Vietnam during the Vietnam War. Ship categories include 
the following:

[[Page 7410]]

(1) Ships operating primarily or exclusively on Vietnam's inland 
waterways; (2) Ships operating temporarily on Vietnam's inland 
waterways; (3) Ships that docked to shore or pier in Vietnam; (4) Ships 
operating on Vietnam's close coastal waters for extended periods with 
evidence that crewmembers went ashore; and (5) Ships operating on 
Vietnam's close coastal waters for extended periods with evidence that 
smaller craft from the ship regularly delivered supplies or troops 
ashore. The list of U.S. Navy and Coast Guard ships that operated in 
Vietnam can be viewed at this link: https://www.benefits.va.gov/compensation/claims-postservice-agent_orange.asp.
    7. Veterans with Korean Demilitarized Zone exposure along the 
demilitarized zone in Korea between April 1, 1968 and August 31, 1971.
    8. Veterans with Thailand Military Bases exposure on or near the 
perimeters of military bases between February 28, 1961 and May 7, 1975.

CATEGORIES OF RECORDS IN THE SYSTEM:
    These records may contain the following information: VA facility 
code identifier where the Veteran was examined or treated; VA medical 
facility where the Veteran had the AOR examination; Veteran's name; 
address; social security number; military service serial number; claim 
number; date of birth; race/ethnicity; marital status; sex; branch of 
service; periods of service; areas of service in Vietnam; list of 
military units where Veteran served; method of exposure to herbicides; 
Veteran's self-assessment of health; date of registry examination; 
Veteran's complaints/symptoms; reported birth defects among Veteran's 
children; consultations; diagnoses; disposition (hospitalized, referred 
for outpatient treatment, etc.) and name and signature of examiner/
clinician coordinator, when available.

RECORD SOURCE CATEGORIES:
    VA patient health records, various automated record systems 
providing clinical and managerial support to VA healthcare facilities, 
the Veteran, family members, and records from the Veterans Benefits 
Administration, Department of Defense, Department of the Army, 
Department of the Air Force, Department of the Navy and other Federal 
agencies.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    To the extent that records contained in the system include 
information protected by 45 CFR parts 160 and 164, i.e., individually 
identifiable health information, and 38 U.S.C. 7332, i.e., medical 
treatment information related to drug abuse, alcoholism or alcohol 
abuse, sickle cell anemia or infection with the human immunodeficiency 
virus, that information cannot be disclosed under a routine use unless 
there is also specific statutory authority in 38 U.S.C. 7332 and 
regulatory authority in 45 CFR parts 160 and 164 permitting disclosure.
    1. The record of an individual who is covered by a system of 
records may be disclosed to a Member of Congress, or a staff person 
acting for the Member, when the Member or staff person requests the 
record on behalf of and at the written request of the individual.
    2. Disclosure of records covered by this system, as deemed 
necessary and proper to named individuals serving as accredited service 
organization representatives, and other individuals named as approved 
agents or attorneys for a documented purpose and period of time, to aid 
beneficiaries in the preparation and presentation of their cases during 
the verification and/or due process procedures, and in the presentation 
and prosecution of claims under laws administered by VA.
    3. A record containing the name(s) and address(es) of present or 
former members of the armed services and/or their dependents may be 
released from this system of records under certain circumstances: (a) 
To any nonprofit organization if the release is directly connected with 
the conduct of programs and the utilization of benefits under Title 38, 
and (b) To any criminal or civil law enforcement governmental agency or 
instrumentality charged under applicable law with the protection of the 
public health or safety if a qualified representative of such 
organization, agency or instrumentality has made a written request that 
such name(s) or address(es) be provided for a purpose authorized by 
law; provided, further, that the record(s) will not be used for any 
purpose other than that stated in the request and that the 
organization, agency or instrumentality is aware of the penalty 
provision of 38 U.S.C. 5701(f).
    4. Disclosure may be made to NARA and General Services 
Administration (GSA) in records management inspections conducted under 
authority of Title 44, Chapter 29, of the U.S.C. NARA and GSA are 
responsible for management of old records no longer actively used, but 
which may be appropriate for preservation, and for the physical 
maintenance of the Federal Government's records.
    5. Disclosure of information, excluding name and address (unless 
name and address is furnished by the requestor) for research purposes 
determined to be necessary and proper, to epidemiological and other 
research facilities approved by the Under Secretary for Health.
    6. To conduct Federal research necessary to accomplish a statutory 
purpose of an agency, at the written request of the head of the agency, 
or designee of the head of that agency, the name(s) and address(es) of 
present or former personnel or the Armed Services and/or their 
dependents may be disclosed (a) To a Federal department or agency, or 
(b) Directly to a contractor of a Federal department or agency. When a 
disclosure of this information is to be made directly to the 
contractor, VA may impose applicable conditions on the department, 
agency, and/or contractor to insure the appropriateness of the 
disclosure to the contractor.
    7. VA may disclose any information in this system, except the names 
and home addresses of Veterans and their dependents, which is relevant 
to a suspected or reasonably imminent violation of law, whether civil, 
criminal or regulatory in nature and whether arising by general or 
program statute or by regulation, rule or order issued pursuant 
thereto, to a Federal, State, local, tribal, or foreign agency charged 
with the responsibility of investigating or prosecuting such violation, 
or charged with enforcing or implementing the statute, regulation, rule 
or order. VA may also disclose the names and addresses of Veterans and 
their dependents to a Federal agency charged with the responsibility of 
investigating or prosecuting civil, criminal or regulatory violations 
of law, or charged with enforcing or implementing the statute, 
regulation, rule or order issued pursuant thereto.
    8. For program review purposes and the seeking of accreditation 
and/or certification, disclosure may be made to survey teams of The 
Joint Commission, College of American Pathologists, American 
Association of Blood Banks, and similar national accreditation agencies 
or boards with whom VA has a contract or agreement to conduct such 
reviews but only to the extent that the information is necessary and 
relevant to the review. VA healthcare facilities undergo certification 
and accreditation by several national accreditation agencies or boards 
to comply with regulations and good medical practices.
    9. VA may disclose information in this system of records to the 
Department of Justice (DoJ), either on VA's initiative or in response 
to DoJ's request for the

[[Page 7411]]

information, after either VA or DoJ determines that such information is 
relevant to DoJ's representation of the United States or any of its 
components in legal proceedings before a court or adjudicative body, 
provided that, in each case, the agency also determines prior to 
disclosure that release of the records to the DoJ is limited to 
circumstances where relevant and necessary to the litigation. VA may 
disclose records in this system of records in legal proceedings before 
a court or administrative body after determining that release of the 
records to the court or administrative body is limited to circumstances 
where relevant and necessary to the litigation.
    10. Disclosure to other Federal agencies may be made to assist such 
agencies in preventing and detecting possible fraud or abuse by 
individuals in their operations and programs.
    11. VA may disclose any information or records to appropriate 
agencies, entities, and persons when (1) VA suspects or has confirmed 
that there has been a breach of the system of records; (2) VA has 
determined that as a result of the suspected or confirmed breach there 
is a risk to individuals, VA (including its information systems, 
programs, and operations), the Federal Government, or national 
security; and (3) the disclosure made to such agencies, entities, or 
persons is reasonably necessary to assist in connection with VA efforts 
to respond to the suspected or confirmed breach or to prevent, 
minimize, or remedy such harm.
    12. VA may disclose information from this system to another Federal 
agency or Federal entity, when VA determines that information from this 
system of records is reasonably necessary to assist the recipient 
agency or entity in (1) responding to a suspected or confirmed breach 
or (2) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    13. VA may disclose information from this system of records to 
individuals, organizations, private or public agencies, or other 
entities or individuals with whom VA has a contract or agreement to 
perform such services as VA may deem practicable for the purposes of 
laws administered by VA, in order for the contractor, subcontractor, 
public or private agency, or other entity or individual with whom VA 
has a contract or agreement to perform services under the contract or 
agreement.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Data are stored electronically on a Web server hosted by the AITC. 
Three levels of access are provided for the data that is input, using 
password security linked to the AITC Top Secret Security system, with 
mandated changes every 90 days. AITC stores registry tapes for disaster 
back up at an off-site location.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by name of Veteran and social security 
number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Maintain these records per Record Control Schedule (RCS) 10-1 
Subject Identification Code (SIC) 1203 series, these records are 
permanent records per N1-015-01-3, Item 3a and are to be transferred in 
5-year blocks to NARA.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Registry data maintained at the AITC can only be updated by 
authorized AITC personnel. The registry is stored on a password 
protected system located in a locked room. Registry application is Web-
based and accessible behind the VA firewall. Access to the facility is 
limited by Personal Identity Verification access, security card, metal 
scanners at the entrance, and security guards.
    Data are securely located behind the VA firewall and only 
accessible from the VA Local Area Network (LAN) through the VA 
Intranet. AITC reports are also accessible through a telecommunications 
network on a read-only basis to the owner (VA facility) of the data. 
Access is limited to authorized employees by individually unique access 
codes which are changed periodically.
    Physical access to the AITC is generally restricted to AITC staff, 
VA Central Office staff, custodial personnel, Federal Protective 
Service and authorized operational personnel through electronic locking 
devices. All other persons gaining access to the computer rooms are 
escorted. Backup records are stored off-site and safeguarded in secured 
storage areas. A disaster recovery plan is in place and system recovery 
is tested at an off-site facility in accordance with established 
schedules.

RECORD ACCESS PROCEDURE:
    An individual who seeks access to records maintained under his or 
her name may write or visit the nearest VA facility or write to the 
Deputy Chief Consultant, Post Deployment Health Services (10P4Q), VA 
Central Office, 810 Vermont Avenue NW, Washington, DC 20420.

CONTESTING RECORD PROCEDURES:
    (See Record Access Procedures above.)

NOTIFICATION PROCEDURE:
    An individual who wishes to determine whether a record is being 
maintained in this system under his or her name or other personal 
identifier, or wants to determine the contents of such record, should 
submit a written request or apply in person to the last VA facility 
where medical care was provided or submit a written request to the 
Deputy Chief Consultant, Post Deployment Health Services (10P4Q), VA 
Central Office, 810 Vermont Avenue NW, Washington, DC 20420. Inquiries 
should include the Veteran's name, social security number and return 
address.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    Last full publication provided in 68 FR 75025 dated December 29, 
2003.
[FR Doc. 2020-02478 Filed 2-6-20; 8:45 am]
BILLING CODE 8320-01-P