Privacy Act of 1974; System of Records, 7404-7407 [2020-02482]

Download as PDF 7404 Federal Register / Vol. 85, No. 26 / Friday, February 7, 2020 / Notices location. Electronic backup files for the regional SCI/D applications are stored at the Regional Data Processing Center (RDPC1) at Denver, Colorado also for disaster backup at a secure, off-site location. POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: Records are indexed by name of Veteran, social security number, unique patient identifiers. POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: RECORD ACCESS PROCEDURE: Records are under the following records schedule; Record Control Schedule (RCS) 10–1 item 6270. Master Files within a centralized database; Temporary; cutoff at the last unique patient entry or the death of a particular patient. Delete 75 years after cutoff. (N1–015–05–1, Item 1). Local Files (SCI centers and clinics); Temporary; delete when replaced by a subsequent file or 75 years after date of last activity for a particular patient. (N1–015–05–1, Item 2). Backup Files; Temporary; delete when master files have been deleted or replaced with a subsequent backup file. (N1–015–05–1, Item 3). jbell on DSKJLSW7X2PROD with NOTICES ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: 1. Data transmissions between VA healthcare facilities and the VA SCI/D National Program Office protected network folders. The SCI/D–Repository program and other programs at the respective facilities automatically flag records or events for transmission based upon functionality requirements. VA healthcare facilities control access to data by using VHA’s VistA and Computerized Patient Record System (CPRS) security modules. The Department’s Telecommunications Support Service has oversight responsibility for planning, security, and management of the wide area network. 2. Access to records at VA healthcare facilities is only authorized to VA personnel on a ‘‘need-to-know’’ basis. Records are maintained in staffed rooms during working hours. During nonworking hours, there is limited access to the building with visitor control by security personnel. Access to the National Program Office staff is generally restricted to SCI/D staff, VA Central Office employees, custodial personnel, Federal Protective Service, and authorized operational personnel through electronic locking devices. All other persons gaining access to the computer rooms are escorted. Backup records stored off-site for both the National Program Office and VA Central VerDate Sep<11>2014 17:42 Feb 06, 2020 Jkt 250001 Office are safeguarded in secured storage areas. 3. Strict control measures are enforced to ensure that access to and disclosure from all records including electronic files and Veteran-specific data elements are limited to VHA employees whose official duties warrant access to those files. The automated record system recognizes authorized users by keyboard entry of unique passwords, access, and verify codes. An individual who seeks access to records maintained under his or her name may write or visit the Program Office in which requests for services were made, the nearest VA facility, or write to the Chief Consultant, Spinal Cord Injury and Disorders Services (128N), 1660 South Columbian Way, Seattle, Washington 98108. CONTESTING RECORD PROCEDURES: (See Record Access procedures above). NOTIFICATION PROCEDURE: An individual who wishes to determine whether a record is being maintained in this system under his or her name or other personal identifier, or wants to determine the contents of such record, should submit a written request or apply in person to the last VA facility where medical care was provided or submit a written request to the Chief Consultant, Spinal Cord Injury and Disorders Services (128N), 1660 South Columbian Way, Seattle, Washington 98108. Inquiries should include the Veteran’s name, social security number, and return address. EXEMPTIONS PROMULGATED FOR THE SYSTEM: None. HISTORY: Last full publication provided in 77 FR 73 dated April 16, 2012. [FR Doc. 2020–02479 Filed 2–6–20; 8:45 am] BILLING CODE 8320–01–P DEPARTMENT OF VETERANS AFFAIRS Privacy Act of 1974; System of Records AGENCY: Department of Veterans Affairs (VA). ACTION: Notice of a modified system of records. As required by the Privacy Act of 1974, notice is hereby given that the Department of Veterans Affairs (VA) is amending the system of records SUMMARY: PO 00000 Frm 00140 Fmt 4703 Sfmt 4703 entitled, ‘‘Investigative Database—OMI– VA’’ (162VA10MI) as set forth in the Federal Register 75 FR 26847. VA is amending the system of records by revising the System Number; System Location; System Manager; Categories of Records in the System; Record Source Categories and Routine Uses of Records Maintained in the System and Policies. VA is republishing the system notice in its entirety. DATES: Comments on the amendment of this system of records must be received no later than March 9, 2020. If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by VA, the amended system will become effective March 9, 2020. ADDRESSES: Written comments may be submitted through www.Regulations.gov; by mail or handdelivery to Director, Regulation Policy and Management (00REG), Department of Veterans Affairs, 810 Vermont Avenue NW, Room 1064, Washington, DC 20420; or by fax to (202) 273–9026 (not a toll-free number). Comments should indicate that they are submitted in response to ‘‘Investigative Database— OMI–VA’’. Copies of comments received will be available for public inspection in the Office of Regulation Policy and Management, Room 1063B, between the hours of 8:00 a.m. and 4:30 p.m., Monday through Friday (except holidays). Please call (202) 461–4902 for an appointment. (This is not a toll-free number.) In addition, comments may be viewed online at www.Regulations.gov. FOR FURTHER INFORMATION CONTACT: Veterans Health Administration (VHA) Privacy Officer, Department of Veterans Affairs, 810 Vermont Ave. NW, Washington, DC 20420, (704) 245–2492. (This is not a toll-free number.) SUPPLEMENTARY INFORMATION: The System Number is being changed from (162VA10MI to 162VA10E1B) to reflect the current organizational alignment. The System Location is being amended to change the Austin Automation Center to the Austin Information Technology Center. The System Manager is being amended to remove ‘‘Official responsible for policies and procedures; Chief Information Officer (OIT), Department of Veterans Affairs, 810 Vermont Avenue NW, Washington, DC 20420.’’ OMI (10MI) is being changed to OMI (10E1B). The Categories of Records in the System is being amended to change 24VA19 to 24VA10P2 in section 1. In section 6, ‘‘VHA Directive 2006–04 of June 27, 2006, Cooperation with the Office of the Medical Inspector, E:\FR\FM\07FEN1.SGM 07FEN1 jbell on DSKJLSW7X2PROD with NOTICES Federal Register / Vol. 85, No. 26 / Friday, February 7, 2020 / Notices Paragraph 4a.’’, is being replaced with VHA Directive 1038 of August 2, 2017, Role of the Office of the Medical Inspector, Paragraph 4f. The Record Source Categories is being amended to change 24VA19 to 24VA10P2, and ‘‘Healthcare Eligibility Records—VA’’ (89VA16) is being changed to ‘‘Income Verification Records—VA’’ (89VA10NB). The Austin Automation Center is being changed to the Austin Information Technology Center. The Routine Uses of Records Maintained in the System has been amended by amending the language in Routine Use #3 which states that disclosure of the records to the DoJ is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. VA may disclose records in this system of records in legal proceedings before a court or administrative body after determining that the disclosure of the records to the court or administrative body is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. This routine use will now state that release of the records to the DoJ is limited to circumstances where relevant and necessary to the litigation. VA may disclose records in this system of records in legal proceedings before a court or administrative body after determining that release of the records to the court or administrative body is limited to circumstances where relevant and necessary to the litigation. Routine Use #10 is being amended from stating that any information in this system of records may be disclosed, in the course of presenting evidence in or to a court, magistrate, administrative tribunal, or grand jury, including disclosures to opposing counsel in the course of such proceedings or in settlement negotiations. This routine use will now state that any relevant and necessary information in this system of records may be disclosed to support the litigation, in the course of presenting evidence in or to a court, magistrate, administrative tribunal, or grand jury, including disclosures to opposing counsel in the course of such proceedings or in settlement negotiations. Routine Use #14 is clarifying the language to state, ‘‘VA may disclose any information or records to appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that there has been a breach of the system of records; (2) VA has determined that as a result of the suspected or confirmed breach there is a risk to individuals, VA VerDate Sep<11>2014 17:42 Feb 06, 2020 Jkt 250001 (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, or persons is reasonably necessary to assist in connection with VA efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.’’ Routine use #15 is being added to state, ‘‘VA may disclose information from this system of records to another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. VA needs this routine use for the data breach response and remedial efforts with another Federal agency. Routine use #16 is being added to state VA may disclose information from this system to the Office of the Special Counsel for investigation and inquires of alleged or possible prohibited personnel practices. VA needs this routine use to insist in informal inquires as required by statute and regulation. Signing Authority: The Senior Agency Official for Privacy, or designee, approved this document and authorized the undersigned to sign and submit the document to the Office of the Federal Register for publication electronically as an official document of the Department of Veterans Affairs. James P. Gfrerer, Assistant Secretary for Information and Technology and Chief Information Officer, Department of Veterans Affairs, approved this document on May 13, 2019 for publication. Dated: February 4, 2020. Amy L. Rose, Program Analyst, VA Privacy Service, Department of Veterans Affairs. SYSTEM NAME AND NUMBER: ‘‘Investigative Database—OMI–VA’’ (162VA10E1B). SECURITY CLASSIFICATION: Unclassified. SYSTEM LOCATION: The main Office of the Medical Inspector (OMI) records are maintained in secure files within the OMI and indexed on a secure document management server within the Department of Veterans Affairs (VA) PO 00000 Frm 00141 Fmt 4703 Sfmt 4703 7405 Central Office firewall. Additional records are maintained by the Austin Information Technology Center, 1615 Woodward Street, Austin, Texas 78772, and subject to their security control. SYSTEM MANAGER(S): Official maintaining this system of records: Correspondence Analyst, OMI (10E1B), 810 Vermont Avenue NW, Washington, DC 20420. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: Title 38 U.S.C. 501. PURPOSE(S) OF THE SYSTEM: The records and information of this database may be used to document the investigative activities of the OMI; to perform statistical analysis to produce various management and follow-up reports; and to monitor the activities of VA Medical Centers in fulfilling action plans developed in response to OMI reports. The data may be used for VA’s extensive quality improvement programs in accordance with VA policy. In addition, the data may be used for law enforcement investigations. Survey data will be collected for the purpose of measuring and monitoring various aspects and outcomes of National, Veterans Integrated Service Network (VISN) and Facility-Level performance. Results of the survey data analysis are shared throughout the Veterans Health Administration (VHA) system. CATEGORIES OF INDIVIDUALS COVERED BY THIS SYSTEM: The records contain information for individuals (1) Receiving health care from the VHA, and (2) VHA providers that are providing the health care. Individuals encompass Veterans and their immediate family members, members of the armed services, current and former employees, trainees, contractors, subcontractors, consultants, volunteers, and other individuals working collaboratively with VA. CATEGORIES OF RECORDS IN THE SYSTEM: The records may include information and health information related to: 1. Patient medical record abstract information including information from Patient Medical Record—VA (24VA10P2); 2. Identifying information (e.g., name, birth date, death date, admission date, discharge date, gender, Social Security number, taxpayer identification number); address information (e.g., home and/or mailing address, home and/or cell telephone number, emergency contact information such as name, address, telephone number, and relationship); prosthetic and sensory aid serial numbers; medical record E:\FR\FM\07FEN1.SGM 07FEN1 7406 Federal Register / Vol. 85, No. 26 / Friday, February 7, 2020 / Notices numbers; integration control numbers; information related to medical examination or treatment (e.g., location of VA medical facility providing examination or treatment, treatment dates, medical conditions treated or noted on examination); information related to military service and status; 3. Medical benefit and eligibility information; 4. Patient aggregate workload data such as admissions, discharges, and outpatient visits; resource utilization such as laboratory tests, x rays, and prescriptions; 5. Patient Satisfaction Survey Data which include questions and responses; 6. Data capture from various VA databases. According to VHA Directive 1038 of August 2, 2017, Role of the Office of the Medical Inspector, Paragraph 4f., ‘‘OMI, as a component of VHA, has legal authority under applicable Federal privacy laws and regulations to access and use any information, including health information, maintained in VHA records for the purposes of health care operations and health care oversight.’’; and 7. Documents and reports produced and received by OMI in the course of its investigations. RECORD SOURCE CATEGORIES: Information in this system of records is provided by Veterans, VA employees, VA computer systems, Veterans Health Information Systems and Technology Architecture (VistA), VA medical centers, VA Health Eligibility Center, VA program offices, VISNs, Austin Information Technology Center, the Food and Drug Administration, the Department of Defense, Survey of Healthcare Experiences of Patients, External Peer Review Program, and the following Systems Of Records: ‘‘Patient Medical Records—VA’’ (24VA10P2), ‘‘National Prosthetics Patient Database— VA’’ (33VA113), ‘‘Income Verification Records—VA’’ (89VA10NB), VA Veterans Benefits Administration automated record systems (including the Veterans and Beneficiaries Identification and Records Location Subsystem—VA (38VA23), and subsequent iterations of those systems of records. jbell on DSKJLSW7X2PROD with NOTICES ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: 1. Disclosure may be made to a Congressional office from the record or an individual in response to an inquiry from the Congressional office made at the request of that individual. 2. Disclosure may be made to National Archives and Records Administration in VerDate Sep<11>2014 17:42 Feb 06, 2020 Jkt 250001 records management inspections conducted under authority of title 44 United States Code. 3. VA may disclose information in this system of records to the Department of Justice (DoJ), either on VA’s initiative or in response to DoJ’s request for the information, after either VA or DoJ determines that such information is relevant to DoJ’s representation of the United States or any of its components in legal proceedings before a court or adjudicative body, provided that, in each case, the agency also determines prior to disclosure that release of the records to the DoJ is limited to circumstances where relevant and necessary to the litigation. VA may disclose records in this system of records in legal proceedings before a court or administrative body after determining that release of the records to the court or administrative body is limited to circumstances where relevant and necessary to the litigation. 4. Any information in this system, except the name and address of a Veteran, may be disclosed to a Federal, State, or local agency maintaining civil or criminal violation records or other pertinent information such as prior employment history, prior Federal employment background investigations, and/or personal or educational background in order for VA to obtain information relevant to the hiring, transfer, or retention of an employee, the letting of a contract, the granting of a security clearance, or the issuance of a grant or other benefit. The name and address of a Veteran may be disclosed to a Federal agency under this routine use if this information has been requested by the Federal agency in order to respond to the VA inquiry. 5. VA may disclose any information in this system, except the names and home addresses of Veterans and their dependents, which is relevant to a suspected or reasonably imminent violation of law, whether civil, criminal or regulatory in nature and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, to a State, local or foreign agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule or order. VA may also disclose the names and addresses of Veterans and their dependents to a Federal agency charged with the responsibility of investigating or prosecuting civil, criminal or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, rule or order issued pursuant thereto. PO 00000 Frm 00142 Fmt 4703 Sfmt 4703 6. To assist attorneys in representing their clients, any information in this system may be disclosed to attorneys representing subjects of investigations, including Veterans, Federal government employees, retirees, volunteers, contractors, subcontractors, or private citizens. 7. Disclosure of information to Federal Labor Relations Authority, including its General Counsel, when requested in connection with the investigation and resolution of allegations of unfair labor practices, in connection with the resolution of exceptions to arbitrator awards when a question of material fact is raised, in connection with matters before the Federal Service Impasses Panel, and to investigate representation petitions and conduct or supervise representation elections. 8. Information may be disclosed to the Equal Employment Opportunity Commission when requested in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, compliance with the Uniform Guidelines of Employee Selection Procedures, or other functions vested in the Commission by the President’s Reorganization Plan No. 1 of 1978. 9. To disclose information to officials of the Merit Systems Protection Board, when requested in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and such other functions, promulgated in 5 U.S.C. 1205 and 1206, or as may be authorized by law. 10. Any relevant and necessary information in this system of records may be disclosed to support the litigation, in the course of presenting evidence in or to a court, magistrate, administrative tribunal, or grand jury, including disclosures to opposing counsel in the course of such proceedings or in settlement negotiations. 11. Any information in this system, except the name and address of a Veteran, may be disclosed to Federal, State, or local professional, regulatory, or disciplinary organizations or associations, including but not limited to bar associations, State licensing boards, and similar professional entities, for use in disciplinary proceedings and inquiries preparatory thereto, where VA determines that there is good cause to question the legality or ethical propriety of the conduct of a person employed by VA or a person representing a person in a matter before VA. E:\FR\FM\07FEN1.SGM 07FEN1 Federal Register / Vol. 85, No. 26 / Friday, February 7, 2020 / Notices 12. Disclosure may be made to individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to perform such services as VA may deem practicable for the purposes of laws administered by VA, in order for the contractor, subcontractor, public or private agency, or other entity or individual with whom VA has an agreement or contract to perform the services of the contract or agreement. 13. Disclosure to other Federal agencies may be made to assist such agencies in preventing and detecting possible fraud or abuse by individuals in their operations and programs. 14. VA may disclose any information or records to appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that there has been a breach of the system of records; (2) VA has determined that as a result of the suspected or confirmed breach there is a risk to individuals, VA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, or persons is reasonably necessary to assist in connection with VA efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm. 15. VA may disclose information from this system to another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. 16. VA may disclose information from this system to the Office of the Special Counsel for investigation and inquires of alleged or possible prohibited personnel practices. jbell on DSKJLSW7X2PROD with NOTICES POLICIES AND PRACTICES FOR STORAGE OF RECORDS: Records are maintained on paper and on electronic storage media, including magnetic tape, disk, encrypted flash memory, and laser optical media. POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: Records are retrieved by name, Social Security number, or other assigned identifiers of the individuals on whom they are maintained. VerDate Sep<11>2014 17:42 Feb 06, 2020 Jkt 250001 POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: The records are disposed of in accordance with Section XXXV—Office of the Medical Inspector (10E1B) of the Veterans Health Administration Records Control Schedule 10–1 of January 2016, which stipulates that records from investigations not involving site visits will be destroyed 10 years after closure; records from investigations involving site visits will be destroyed 20 years after closure. ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: 1. Access to and use of national patient databases are limited to those persons whose official duties require such access, and VA has established security procedures to ensure that access is appropriately limited. Information security officers and system data stewards review and authorize data access requests. VA regulates data access with security software that authenticates users and requires individually unique codes and passwords. VA provides information security training to all staff and instructs staff on the responsibility each person has for safeguarding data confidentiality. 2. VA maintains Business Associate Agreements and Non-Disclosure Agreements with contracted resources in order to maintain confidentiality of the information. 3. Physical access to computer rooms housing national patient databases is restricted to authorized staff and protected by a variety of security devices. Unauthorized employees, contractors, and other staff are not allowed in computer rooms. The Federal Protective Service or other security personnel provide physical security for the buildings housing computer rooms and data centers. 4. All materials containing real or scrambled Social Security numbers are kept only on secure, encrypted VHA servers, personal computers, laptops, or media. All email transmissions of such files use Public Key Infrastructure (PKI) encryption. If a recipient does not have PKI, items are mailed or sent to a secure fax. Paper records containing Social Security numbers are secured in locked cabinets or offices within the OMI area. Access to OMI requires passing a security officer, an elevator card reader for floor access and a separate VHA card reader for access to the office area. All materials, both paper and electronic, that are no longer required are shredded/obliterated in accordance with VHA guidelines. Materials required for case documentation and follow up are PO 00000 Frm 00143 Fmt 4703 Sfmt 4703 7407 archived in our secure document management server (electronic) and in locked storage (paper). 5. In most cases, copies of back-up computer files are maintained at off-site locations. RECORD ACCESS PROCEDURE: Individuals seeking information regarding access to and contesting of records in this system may write or call Correspondence Analyst, OMI, 810 Vermont Avenue NW, Washington, DC 20420, 202–461–1030. CONTESTING RECORD PROCEDURES: (See Record Access Procedures). NOTIFICATION PROCEDURE: Individuals who wish to determine whether this system of records contains information about them should contact Correspondence Analyst, OMI, 810 Vermont Avenue NW, Washington, DC 20420. Inquiries should include the person’s full name, Social Security number, location and dates of employment or location and dates of treatment and return address. EXEMPTIONS PROMULGATED FOR THE SYSTEM: None. HISTORY: Last full publication provided in 75 FR 26847 dated May 12, 2010. [FR Doc. 2020–02482 Filed 2–6–20; 8:45 am] BILLING CODE 8320–01–P DEPARTMENT OF VETERANS AFFAIRS Privacy Act of 1974; System of Records AGENCY: Department of Veterans Affairs (VA). ACTION: Notice of a modified system of records. As required by the Privacy Act of 1974, notice is hereby given that the Department of Veterans Affairs (VA) is amending the system of records entitled ‘‘Agent Orange Registry—VA’’ (105VA131) as set forth in 68 FR 75025. VA is amending the system of records by revising the System Number; System Location; System Manager; Authority for Maintenance of the System; Categories of Individuals Covered by the System; Categories of Records in the System; Routine Uses of Records Maintained in the System and Policies; Policies and Practices for Storage of Records; Policies and Practices for Retention and Disposal of Records; Administrative, Technical, and Physical Safeguards; Record Access Procedure; SUMMARY: E:\FR\FM\07FEN1.SGM 07FEN1

Agencies

[Federal Register Volume 85, Number 26 (Friday, February 7, 2020)]
[Notices]
[Pages 7404-7407]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-02482]


-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Department of Veterans Affairs (VA).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: As required by the Privacy Act of 1974, notice is hereby given 
that the Department of Veterans Affairs (VA) is amending the system of 
records entitled, ``Investigative Database--OMI-VA'' (162VA10MI) as set 
forth in the Federal Register 75 FR 26847. VA is amending the system of 
records by revising the System Number; System Location; System Manager; 
Categories of Records in the System; Record Source Categories and 
Routine Uses of Records Maintained in the System and Policies. VA is 
republishing the system notice in its entirety.

DATES: Comments on the amendment of this system of records must be 
received no later than March 9, 2020. If no public comment is received 
during the period allowed for comment or unless otherwise published in 
the Federal Register by VA, the amended system will become effective 
March 9, 2020.

ADDRESSES: Written comments may be submitted through 
www.Regulations.gov; by mail or hand-delivery to Director, Regulation 
Policy and Management (00REG), Department of Veterans Affairs, 810 
Vermont Avenue NW, Room 1064, Washington, DC 20420; or by fax to (202) 
273-9026 (not a toll-free number). Comments should indicate that they 
are submitted in response to ``Investigative Database--OMI-VA''. Copies 
of comments received will be available for public inspection in the 
Office of Regulation Policy and Management, Room 1063B, between the 
hours of 8:00 a.m. and 4:30 p.m., Monday through Friday (except 
holidays). Please call (202) 461-4902 for an appointment. (This is not 
a toll-free number.) In addition, comments may be viewed online at 
www.Regulations.gov.

FOR FURTHER INFORMATION CONTACT: Veterans Health Administration (VHA) 
Privacy Officer, Department of Veterans Affairs, 810 Vermont Ave. NW, 
Washington, DC 20420, (704) 245-2492. (This is not a toll-free number.)

SUPPLEMENTARY INFORMATION: The System Number is being changed from 
(162VA10MI to 162VA10E1B) to reflect the current organizational 
alignment.
    The System Location is being amended to change the Austin 
Automation Center to the Austin Information Technology Center.
    The System Manager is being amended to remove ``Official 
responsible for policies and procedures; Chief Information Officer 
(OIT), Department of Veterans Affairs, 810 Vermont Avenue NW, 
Washington, DC 20420.'' OMI (10MI) is being changed to OMI (10E1B).
    The Categories of Records in the System is being amended to change 
24VA19 to 24VA10P2 in section 1. In section 6, ``VHA Directive 2006-04 
of June 27, 2006, Cooperation with the Office of the Medical Inspector,

[[Page 7405]]

Paragraph 4a.'', is being replaced with VHA Directive 1038 of August 2, 
2017, Role of the Office of the Medical Inspector, Paragraph 4f.
    The Record Source Categories is being amended to change 24VA19 to 
24VA10P2, and ``Healthcare Eligibility Records--VA'' (89VA16) is being 
changed to ``Income Verification Records--VA'' (89VA10NB). The Austin 
Automation Center is being changed to the Austin Information Technology 
Center.
    The Routine Uses of Records Maintained in the System has been 
amended by amending the language in Routine Use #3 which states that 
disclosure of the records to the DoJ is a use of the information 
contained in the records that is compatible with the purpose for which 
VA collected the records. VA may disclose records in this system of 
records in legal proceedings before a court or administrative body 
after determining that the disclosure of the records to the court or 
administrative body is a use of the information contained in the 
records that is compatible with the purpose for which VA collected the 
records. This routine use will now state that release of the records to 
the DoJ is limited to circumstances where relevant and necessary to the 
litigation. VA may disclose records in this system of records in legal 
proceedings before a court or administrative body after determining 
that release of the records to the court or administrative body is 
limited to circumstances where relevant and necessary to the 
litigation.
    Routine Use #10 is being amended from stating that any information 
in this system of records may be disclosed, in the course of presenting 
evidence in or to a court, magistrate, administrative tribunal, or 
grand jury, including disclosures to opposing counsel in the course of 
such proceedings or in settlement negotiations. This routine use will 
now state that any relevant and necessary information in this system of 
records may be disclosed to support the litigation, in the course of 
presenting evidence in or to a court, magistrate, administrative 
tribunal, or grand jury, including disclosures to opposing counsel in 
the course of such proceedings or in settlement negotiations.
    Routine Use #14 is clarifying the language to state, ``VA may 
disclose any information or records to appropriate agencies, entities, 
and persons when (1) VA suspects or has confirmed that there has been a 
breach of the system of records; (2) VA has determined that as a result 
of the suspected or confirmed breach there is a risk to individuals, VA 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, or persons is reasonably necessary to 
assist in connection with VA efforts to respond to the suspected or 
confirmed breach or to prevent, minimize, or remedy such harm.''
    Routine use #15 is being added to state, ``VA may disclose 
information from this system of records to another Federal agency or 
Federal entity, when VA determines that information from this system of 
records is reasonably necessary to assist the recipient agency or 
entity in (1) responding to a suspected or confirmed breach or (2) 
preventing, minimizing, or remedying the risk of harm to individuals, 
the recipient agency or entity (including its information systems, 
programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach. VA needs this 
routine use for the data breach response and remedial efforts with 
another Federal agency.
    Routine use #16 is being added to state VA may disclose information 
from this system to the Office of the Special Counsel for investigation 
and inquires of alleged or possible prohibited personnel practices. VA 
needs this routine use to insist in informal inquires as required by 
statute and regulation.
    Signing Authority: The Senior Agency Official for Privacy, or 
designee, approved this document and authorized the undersigned to sign 
and submit the document to the Office of the Federal Register for 
publication electronically as an official document of the Department of 
Veterans Affairs. James P. Gfrerer, Assistant Secretary for Information 
and Technology and Chief Information Officer, Department of Veterans 
Affairs, approved this document on May 13, 2019 for publication.

    Dated: February 4, 2020.
Amy L. Rose,
Program Analyst, VA Privacy Service, Department of Veterans Affairs.

SYSTEM NAME AND NUMBER:
    ``Investigative Database--OMI-VA'' (162VA10E1B).

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    The main Office of the Medical Inspector (OMI) records are 
maintained in secure files within the OMI and indexed on a secure 
document management server within the Department of Veterans Affairs 
(VA) Central Office firewall. Additional records are maintained by the 
Austin Information Technology Center, 1615 Woodward Street, Austin, 
Texas 78772, and subject to their security control.

SYSTEM MANAGER(S):
    Official maintaining this system of records: Correspondence 
Analyst, OMI (10E1B), 810 Vermont Avenue NW, Washington, DC 20420.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Title 38 U.S.C. 501.

PURPOSE(S) OF THE SYSTEM:
    The records and information of this database may be used to 
document the investigative activities of the OMI; to perform 
statistical analysis to produce various management and follow-up 
reports; and to monitor the activities of VA Medical Centers in 
fulfilling action plans developed in response to OMI reports. The data 
may be used for VA's extensive quality improvement programs in 
accordance with VA policy. In addition, the data may be used for law 
enforcement investigations. Survey data will be collected for the 
purpose of measuring and monitoring various aspects and outcomes of 
National, Veterans Integrated Service Network (VISN) and Facility-Level 
performance. Results of the survey data analysis are shared throughout 
the Veterans Health Administration (VHA) system.

CATEGORIES OF INDIVIDUALS COVERED BY THIS SYSTEM:
    The records contain information for individuals (1) Receiving 
health care from the VHA, and (2) VHA providers that are providing the 
health care. Individuals encompass Veterans and their immediate family 
members, members of the armed services, current and former employees, 
trainees, contractors, subcontractors, consultants, volunteers, and 
other individuals working collaboratively with VA.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The records may include information and health information related 
to:
    1. Patient medical record abstract information including 
information from Patient Medical Record--VA (24VA10P2);
    2. Identifying information (e.g., name, birth date, death date, 
admission date, discharge date, gender, Social Security number, 
taxpayer identification number); address information (e.g., home and/or 
mailing address, home and/or cell telephone number, emergency contact 
information such as name, address, telephone number, and relationship); 
prosthetic and sensory aid serial numbers; medical record

[[Page 7406]]

numbers; integration control numbers; information related to medical 
examination or treatment (e.g., location of VA medical facility 
providing examination or treatment, treatment dates, medical conditions 
treated or noted on examination); information related to military 
service and status;
    3. Medical benefit and eligibility information;
    4. Patient aggregate workload data such as admissions, discharges, 
and outpatient visits; resource utilization such as laboratory tests, x 
rays, and prescriptions;
    5. Patient Satisfaction Survey Data which include questions and 
responses;
    6. Data capture from various VA databases. According to VHA 
Directive 1038 of August 2, 2017, Role of the Office of the Medical 
Inspector, Paragraph 4f., ``OMI, as a component of VHA, has legal 
authority under applicable Federal privacy laws and regulations to 
access and use any information, including health information, 
maintained in VHA records for the purposes of health care operations 
and health care oversight.''; and
    7. Documents and reports produced and received by OMI in the course 
of its investigations.

RECORD SOURCE CATEGORIES:
    Information in this system of records is provided by Veterans, VA 
employees, VA computer systems, Veterans Health Information Systems and 
Technology Architecture (VistA), VA medical centers, VA Health 
Eligibility Center, VA program offices, VISNs, Austin Information 
Technology Center, the Food and Drug Administration, the Department of 
Defense, Survey of Healthcare Experiences of Patients, External Peer 
Review Program, and the following Systems Of Records: ``Patient Medical 
Records--VA'' (24VA10P2), ``National Prosthetics Patient Database--VA'' 
(33VA113), ``Income Verification Records--VA'' (89VA10NB), VA Veterans 
Benefits Administration automated record systems (including the 
Veterans and Beneficiaries Identification and Records Location 
Subsystem--VA (38VA23), and subsequent iterations of those systems of 
records.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Disclosure may be made to a Congressional office from the record 
or an individual in response to an inquiry from the Congressional 
office made at the request of that individual.
    2. Disclosure may be made to National Archives and Records 
Administration in records management inspections conducted under 
authority of title 44 United States Code.
    3. VA may disclose information in this system of records to the 
Department of Justice (DoJ), either on VA's initiative or in response 
to DoJ's request for the information, after either VA or DoJ determines 
that such information is relevant to DoJ's representation of the United 
States or any of its components in legal proceedings before a court or 
adjudicative body, provided that, in each case, the agency also 
determines prior to disclosure that release of the records to the DoJ 
is limited to circumstances where relevant and necessary to the 
litigation. VA may disclose records in this system of records in legal 
proceedings before a court or administrative body after determining 
that release of the records to the court or administrative body is 
limited to circumstances where relevant and necessary to the 
litigation.
    4. Any information in this system, except the name and address of a 
Veteran, may be disclosed to a Federal, State, or local agency 
maintaining civil or criminal violation records or other pertinent 
information such as prior employment history, prior Federal employment 
background investigations, and/or personal or educational background in 
order for VA to obtain information relevant to the hiring, transfer, or 
retention of an employee, the letting of a contract, the granting of a 
security clearance, or the issuance of a grant or other benefit. The 
name and address of a Veteran may be disclosed to a Federal agency 
under this routine use if this information has been requested by the 
Federal agency in order to respond to the VA inquiry.
    5. VA may disclose any information in this system, except the names 
and home addresses of Veterans and their dependents, which is relevant 
to a suspected or reasonably imminent violation of law, whether civil, 
criminal or regulatory in nature and whether arising by general or 
program statute or by regulation, rule or order issued pursuant 
thereto, to a State, local or foreign agency charged with the 
responsibility of investigating or prosecuting such violation, or 
charged with enforcing or implementing the statute, regulation, rule or 
order. VA may also disclose the names and addresses of Veterans and 
their dependents to a Federal agency charged with the responsibility of 
investigating or prosecuting civil, criminal or regulatory violations 
of law, or charged with enforcing or implementing the statute, 
regulation, rule or order issued pursuant thereto.
    6. To assist attorneys in representing their clients, any 
information in this system may be disclosed to attorneys representing 
subjects of investigations, including Veterans, Federal government 
employees, retirees, volunteers, contractors, subcontractors, or 
private citizens.
    7. Disclosure of information to Federal Labor Relations Authority, 
including its General Counsel, when requested in connection with the 
investigation and resolution of allegations of unfair labor practices, 
in connection with the resolution of exceptions to arbitrator awards 
when a question of material fact is raised, in connection with matters 
before the Federal Service Impasses Panel, and to investigate 
representation petitions and conduct or supervise representation 
elections.
    8. Information may be disclosed to the Equal Employment Opportunity 
Commission when requested in connection with investigations of alleged 
or possible discriminatory practices, examination of Federal 
affirmative employment programs, compliance with the Uniform Guidelines 
of Employee Selection Procedures, or other functions vested in the 
Commission by the President's Reorganization Plan No. 1 of 1978.
    9. To disclose information to officials of the Merit Systems 
Protection Board, when requested in connection with appeals, special 
studies of the civil service and other merit systems, review of rules 
and regulations, investigation of alleged or possible prohibited 
personnel practices, and such other functions, promulgated in 5 U.S.C. 
1205 and 1206, or as may be authorized by law.
    10. Any relevant and necessary information in this system of 
records may be disclosed to support the litigation, in the course of 
presenting evidence in or to a court, magistrate, administrative 
tribunal, or grand jury, including disclosures to opposing counsel in 
the course of such proceedings or in settlement negotiations.
    11. Any information in this system, except the name and address of 
a Veteran, may be disclosed to Federal, State, or local professional, 
regulatory, or disciplinary organizations or associations, including 
but not limited to bar associations, State licensing boards, and 
similar professional entities, for use in disciplinary proceedings and 
inquiries preparatory thereto, where VA determines that there is good 
cause to question the legality or ethical propriety of the conduct of a 
person employed by VA or a person representing a person in a matter 
before VA.

[[Page 7407]]

    12. Disclosure may be made to individuals, organizations, private 
or public agencies, or other entities or individuals with whom VA has a 
contract or agreement to perform such services as VA may deem 
practicable for the purposes of laws administered by VA, in order for 
the contractor, subcontractor, public or private agency, or other 
entity or individual with whom VA has an agreement or contract to 
perform the services of the contract or agreement.
    13. Disclosure to other Federal agencies may be made to assist such 
agencies in preventing and detecting possible fraud or abuse by 
individuals in their operations and programs.
    14. VA may disclose any information or records to appropriate 
agencies, entities, and persons when (1) VA suspects or has confirmed 
that there has been a breach of the system of records; (2) VA has 
determined that as a result of the suspected or confirmed breach there 
is a risk to individuals, VA (including its information systems, 
programs, and operations), the Federal Government, or national 
security; and (3) the disclosure made to such agencies, entities, or 
persons is reasonably necessary to assist in connection with VA efforts 
to respond to the suspected or confirmed breach or to prevent, 
minimize, or remedy such harm.
    15. VA may disclose information from this system to another Federal 
agency or Federal entity, when VA determines that information from this 
system of records is reasonably necessary to assist the recipient 
agency or entity in (1) responding to a suspected or confirmed breach 
or (2) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    16. VA may disclose information from this system to the Office of 
the Special Counsel for investigation and inquires of alleged or 
possible prohibited personnel practices.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are maintained on paper and on electronic storage media, 
including magnetic tape, disk, encrypted flash memory, and laser 
optical media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by name, Social Security number, or other 
assigned identifiers of the individuals on whom they are maintained.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    The records are disposed of in accordance with Section XXXV--Office 
of the Medical Inspector (10E1B) of the Veterans Health Administration 
Records Control Schedule 10-1 of January 2016, which stipulates that 
records from investigations not involving site visits will be destroyed 
10 years after closure; records from investigations involving site 
visits will be destroyed 20 years after closure.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    1. Access to and use of national patient databases are limited to 
those persons whose official duties require such access, and VA has 
established security procedures to ensure that access is appropriately 
limited. Information security officers and system data stewards review 
and authorize data access requests. VA regulates data access with 
security software that authenticates users and requires individually 
unique codes and passwords. VA provides information security training 
to all staff and instructs staff on the responsibility each person has 
for safeguarding data confidentiality.
    2. VA maintains Business Associate Agreements and Non-Disclosure 
Agreements with contracted resources in order to maintain 
confidentiality of the information.
    3. Physical access to computer rooms housing national patient 
databases is restricted to authorized staff and protected by a variety 
of security devices. Unauthorized employees, contractors, and other 
staff are not allowed in computer rooms. The Federal Protective Service 
or other security personnel provide physical security for the buildings 
housing computer rooms and data centers.
    4. All materials containing real or scrambled Social Security 
numbers are kept only on secure, encrypted VHA servers, personal 
computers, laptops, or media. All email transmissions of such files use 
Public Key Infrastructure (PKI) encryption. If a recipient does not 
have PKI, items are mailed or sent to a secure fax. Paper records 
containing Social Security numbers are secured in locked cabinets or 
offices within the OMI area. Access to OMI requires passing a security 
officer, an elevator card reader for floor access and a separate VHA 
card reader for access to the office area. All materials, both paper 
and electronic, that are no longer required are shredded/obliterated in 
accordance with VHA guidelines. Materials required for case 
documentation and follow up are archived in our secure document 
management server (electronic) and in locked storage (paper).
    5. In most cases, copies of back-up computer files are maintained 
at off-site locations.

RECORD ACCESS PROCEDURE:
    Individuals seeking information regarding access to and contesting 
of records in this system may write or call Correspondence Analyst, 
OMI, 810 Vermont Avenue NW, Washington, DC 20420, 202-461-1030.

CONTESTING RECORD PROCEDURES:
    (See Record Access Procedures).

NOTIFICATION PROCEDURE:
    Individuals who wish to determine whether this system of records 
contains information about them should contact Correspondence Analyst, 
OMI, 810 Vermont Avenue NW, Washington, DC 20420. Inquiries should 
include the person's full name, Social Security number, location and 
dates of employment or location and dates of treatment and return 
address.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    Last full publication provided in 75 FR 26847 dated May 12, 2010.

[FR Doc. 2020-02482 Filed 2-6-20; 8:45 am]
 BILLING CODE 8320-01-P