Privacy Act of 1974; System of Records, 7404-7407 [2020-02482]

Agencies

• DEPARTMENT OF VETERANS AFFAIRS

[Federal Register Volume 85, Number 26 (Friday, February 7, 2020)]
[Notices]
[Pages 7404-7407]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-02482]


-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Department of Veterans Affairs (VA).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: As required by the Privacy Act of 1974, notice is hereby given 
that the Department of Veterans Affairs (VA) is amending the system of 
records entitled, ``Investigative Database--OMI-VA'' (162VA10MI) as set 
forth in the Federal Register 75 FR 26847. VA is amending the system of 
records by revising the System Number; System Location; System Manager; 
Categories of Records in the System; Record Source Categories and 
Routine Uses of Records Maintained in the System and Policies. VA is 
republishing the system notice in its entirety.

DATES: Comments on the amendment of this system of records must be 
received no later than March 9, 2020. If no public comment is received 
during the period allowed for comment or unless otherwise published in 
the Federal Register by VA, the amended system will become effective 
March 9, 2020.

ADDRESSES: Written comments may be submitted through 
www.Regulations.gov; by mail or hand-delivery to Director, Regulation 
Policy and Management (00REG), Department of Veterans Affairs, 810 
Vermont Avenue NW, Room 1064, Washington, DC 20420; or by fax to (202) 
273-9026 (not a toll-free number). Comments should indicate that they 
are submitted in response to ``Investigative Database--OMI-VA''. Copies 
of comments received will be available for public inspection in the 
Office of Regulation Policy and Management, Room 1063B, between the 
hours of 8:00 a.m. and 4:30 p.m., Monday through Friday (except 
holidays). Please call (202) 461-4902 for an appointment. (This is not 
a toll-free number.) In addition, comments may be viewed online at 
www.Regulations.gov.

FOR FURTHER INFORMATION CONTACT: Veterans Health Administration (VHA) 
Privacy Officer, Department of Veterans Affairs, 810 Vermont Ave. NW, 
Washington, DC 20420, (704) 245-2492. (This is not a toll-free number.)

SUPPLEMENTARY INFORMATION: The System Number is being changed from 
(162VA10MI to 162VA10E1B) to reflect the current organizational 
alignment.
    The System Location is being amended to change the Austin 
Automation Center to the Austin Information Technology Center.
    The System Manager is being amended to remove ``Official 
responsible for policies and procedures; Chief Information Officer 
(OIT), Department of Veterans Affairs, 810 Vermont Avenue NW, 
Washington, DC 20420.'' OMI (10MI) is being changed to OMI (10E1B).
    The Categories of Records in the System is being amended to change 
24VA19 to 24VA10P2 in section 1. In section 6, ``VHA Directive 2006-04 
of June 27, 2006, Cooperation with the Office of the Medical Inspector,

[[Page 7405]]

Paragraph 4a.'', is being replaced with VHA Directive 1038 of August 2, 
2017, Role of the Office of the Medical Inspector, Paragraph 4f.
    The Record Source Categories is being amended to change 24VA19 to 
24VA10P2, and ``Healthcare Eligibility Records--VA'' (89VA16) is being 
changed to ``Income Verification Records--VA'' (89VA10NB). The Austin 
Automation Center is being changed to the Austin Information Technology 
Center.
    The Routine Uses of Records Maintained in the System has been 
amended by amending the language in Routine Use #3 which states that 
disclosure of the records to the DoJ is a use of the information 
contained in the records that is compatible with the purpose for which 
VA collected the records. VA may disclose records in this system of 
records in legal proceedings before a court or administrative body 
after determining that the disclosure of the records to the court or 
administrative body is a use of the information contained in the 
records that is compatible with the purpose for which VA collected the 
records. This routine use will now state that release of the records to 
the DoJ is limited to circumstances where relevant and necessary to the 
litigation. VA may disclose records in this system of records in legal 
proceedings before a court or administrative body after determining 
that release of the records to the court or administrative body is 
limited to circumstances where relevant and necessary to the 
litigation.
    Routine Use #10 is being amended from stating that any information 
in this system of records may be disclosed, in the course of presenting 
evidence in or to a court, magistrate, administrative tribunal, or 
grand jury, including disclosures to opposing counsel in the course of 
such proceedings or in settlement negotiations. This routine use will 
now state that any relevant and necessary information in this system of 
records may be disclosed to support the litigation, in the course of 
presenting evidence in or to a court, magistrate, administrative 
tribunal, or grand jury, including disclosures to opposing counsel in 
the course of such proceedings or in settlement negotiations.
    Routine Use #14 is clarifying the language to state, ``VA may 
disclose any information or records to appropriate agencies, entities, 
and persons when (1) VA suspects or has confirmed that there has been a 
breach of the system of records; (2) VA has determined that as a result 
of the suspected or confirmed breach there is a risk to individuals, VA 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, or persons is reasonably necessary to 
assist in connection with VA efforts to respond to the suspected or 
confirmed breach or to prevent, minimize, or remedy such harm.''
    Routine use #15 is being added to state, ``VA may disclose 
information from this system of records to another Federal agency or 
Federal entity, when VA determines that information from this system of 
records is reasonably necessary to assist the recipient agency or 
entity in (1) responding to a suspected or confirmed breach or (2) 
preventing, minimizing, or remedying the risk of harm to individuals, 
the recipient agency or entity (including its information systems, 
programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach. VA needs this 
routine use for the data breach response and remedial efforts with 
another Federal agency.
    Routine use #16 is being added to state VA may disclose information 
from this system to the Office of the Special Counsel for investigation 
and inquires of alleged or possible prohibited personnel practices. VA 
needs this routine use to insist in informal inquires as required by 
statute and regulation.
    Signing Authority: The Senior Agency Official for Privacy, or 
designee, approved this document and authorized the undersigned to sign 
and submit the document to the Office of the Federal Register for 
publication electronically as an official document of the Department of 
Veterans Affairs. James P. Gfrerer, Assistant Secretary for Information 
and Technology and Chief Information Officer, Department of Veterans 
Affairs, approved this document on May 13, 2019 for publication.

    Dated: February 4, 2020.
Amy L. Rose,
Program Analyst, VA Privacy Service, Department of Veterans Affairs.

SYSTEM NAME AND NUMBER:
    ``Investigative Database--OMI-VA'' (162VA10E1B).

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    The main Office of the Medical Inspector (OMI) records are 
maintained in secure files within the OMI and indexed on a secure 
document management server within the Department of Veterans Affairs 
(VA) Central Office firewall. Additional records are maintained by the 
Austin Information Technology Center, 1615 Woodward Street, Austin, 
Texas 78772, and subject to their security control.

SYSTEM MANAGER(S):
    Official maintaining this system of records: Correspondence 
Analyst, OMI (10E1B), 810 Vermont Avenue NW, Washington, DC 20420.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Title 38 U.S.C. 501.

PURPOSE(S) OF THE SYSTEM:
    The records and information of this database may be used to 
document the investigative activities of the OMI; to perform 
statistical analysis to produce various management and follow-up 
reports; and to monitor the activities of VA Medical Centers in 
fulfilling action plans developed in response to OMI reports. The data 
may be used for VA's extensive quality improvement programs in 
accordance with VA policy. In addition, the data may be used for law 
enforcement investigations. Survey data will be collected for the 
purpose of measuring and monitoring various aspects and outcomes of 
National, Veterans Integrated Service Network (VISN) and Facility-Level 
performance. Results of the survey data analysis are shared throughout 
the Veterans Health Administration (VHA) system.

CATEGORIES OF INDIVIDUALS COVERED BY THIS SYSTEM:
    The records contain information for individuals (1) Receiving 
health care from the VHA, and (2) VHA providers that are providing the 
health care. Individuals encompass Veterans and their immediate family 
members, members of the armed services, current and former employees, 
trainees, contractors, subcontractors, consultants, volunteers, and 
other individuals working collaboratively with VA.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The records may include information and health information related 
to:
    1. Patient medical record abstract information including 
information from Patient Medical Record--VA (24VA10P2);
    2. Identifying information (e.g., name, birth date, death date, 
admission date, discharge date, gender, Social Security number, 
taxpayer identification number); address information (e.g., home and/or 
mailing address, home and/or cell telephone number, emergency contact 
information such as name, address, telephone number, and relationship); 
prosthetic and sensory aid serial numbers; medical record

[[Page 7406]]

numbers; integration control numbers; information related to medical 
examination or treatment (e.g., location of VA medical facility 
providing examination or treatment, treatment dates, medical conditions 
treated or noted on examination); information related to military 
service and status;
    3. Medical benefit and eligibility information;
    4. Patient aggregate workload data such as admissions, discharges, 
and outpatient visits; resource utilization such as laboratory tests, x 
rays, and prescriptions;
    5. Patient Satisfaction Survey Data which include questions and 
responses;
    6. Data capture from various VA databases. According to VHA 
Directive 1038 of August 2, 2017, Role of the Office of the Medical 
Inspector, Paragraph 4f., ``OMI, as a component of VHA, has legal 
authority under applicable Federal privacy laws and regulations to 
access and use any information, including health information, 
maintained in VHA records for the purposes of health care operations 
and health care oversight.''; and
    7. Documents and reports produced and received by OMI in the course 
of its investigations.

RECORD SOURCE CATEGORIES:
    Information in this system of records is provided by Veterans, VA 
employees, VA computer systems, Veterans Health Information Systems and 
Technology Architecture (VistA), VA medical centers, VA Health 
Eligibility Center, VA program offices, VISNs, Austin Information 
Technology Center, the Food and Drug Administration, the Department of 
Defense, Survey of Healthcare Experiences of Patients, External Peer 
Review Program, and the following Systems Of Records: ``Patient Medical 
Records--VA'' (24VA10P2), ``National Prosthetics Patient Database--VA'' 
(33VA113), ``Income Verification Records--VA'' (89VA10NB), VA Veterans 
Benefits Administration automated record systems (including the 
Veterans and Beneficiaries Identification and Records Location 
Subsystem--VA (38VA23), and subsequent iterations of those systems of 
records.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Disclosure may be made to a Congressional office from the record 
or an individual in response to an inquiry from the Congressional 
office made at the request of that individual.
    2. Disclosure may be made to National Archives and Records 
Administration in records management inspections conducted under 
authority of title 44 United States Code.
    3. VA may disclose information in this system of records to the 
Department of Justice (DoJ), either on VA's initiative or in response 
to DoJ's request for the information, after either VA or DoJ determines 
that such information is relevant to DoJ's representation of the United 
States or any of its components in legal proceedings before a court or 
adjudicative body, provided that, in each case, the agency also 
determines prior to disclosure that release of the records to the DoJ 
is limited to circumstances where relevant and necessary to the 
litigation. VA may disclose records in this system of records in legal 
proceedings before a court or administrative body after determining 
that release of the records to the court or administrative body is 
limited to circumstances where relevant and necessary to the 
litigation.
    4. Any information in this system, except the name and address of a 
Veteran, may be disclosed to a Federal, State, or local agency 
maintaining civil or criminal violation records or other pertinent 
information such as prior employment history, prior Federal employment 
background investigations, and/or personal or educational background in 
order for VA to obtain information relevant to the hiring, transfer, or 
retention of an employee, the letting of a contract, the granting of a 
security clearance, or the issuance of a grant or other benefit. The 
name and address of a Veteran may be disclosed to a Federal agency 
under this routine use if this information has been requested by the 
Federal agency in order to respond to the VA inquiry.
    5. VA may disclose any information in this system, except the names 
and home addresses of Veterans and their dependents, which is relevant 
to a suspected or reasonably imminent violation of law, whether civil, 
criminal or regulatory in nature and whether arising by general or 
program statute or by regulation, rule or order issued pursuant 
thereto, to a State, local or foreign agency charged with the 
responsibility of investigating or prosecuting such violation, or 
charged with enforcing or implementing the statute, regulation, rule or 
order. VA may also disclose the names and addresses of Veterans and 
their dependents to a Federal agency charged with the responsibility of 
investigating or prosecuting civil, criminal or regulatory violations 
of law, or charged with enforcing or implementing the statute, 
regulation, rule or order issued pursuant thereto.
    6. To assist attorneys in representing their clients, any 
information in this system may be disclosed to attorneys representing 
subjects of investigations, including Veterans, Federal government 
employees, retirees, volunteers, contractors, subcontractors, or 
private citizens.
    7. Disclosure of information to Federal Labor Relations Authority, 
including its General Counsel, when requested in connection with the 
investigation and resolution of allegations of unfair labor practices, 
in connection with the resolution of exceptions to arbitrator awards 
when a question of material fact is raised, in connection with matters 
before the Federal Service Impasses Panel, and to investigate 
representation petitions and conduct or supervise representation 
elections.
    8. Information may be disclosed to the Equal Employment Opportunity 
Commission when requested in connection with investigations of alleged 
or possible discriminatory practices, examination of Federal 
affirmative employment programs, compliance with the Uniform Guidelines 
of Employee Selection Procedures, or other functions vested in the 
Commission by the President's Reorganization Plan No. 1 of 1978.
    9. To disclose information to officials of the Merit Systems 
Protection Board, when requested in connection with appeals, special 
studies of the civil service and other merit systems, review of rules 
and regulations, investigation of alleged or possible prohibited 
personnel practices, and such other functions, promulgated in 5 U.S.C. 
1205 and 1206, or as may be authorized by law.
    10. Any relevant and necessary information in this system of 
records may be disclosed to support the litigation, in the course of 
presenting evidence in or to a court, magistrate, administrative 
tribunal, or grand jury, including disclosures to opposing counsel in 
the course of such proceedings or in settlement negotiations.
    11. Any information in this system, except the name and address of 
a Veteran, may be disclosed to Federal, State, or local professional, 
regulatory, or disciplinary organizations or associations, including 
but not limited to bar associations, State licensing boards, and 
similar professional entities, for use in disciplinary proceedings and 
inquiries preparatory thereto, where VA determines that there is good 
cause to question the legality or ethical propriety of the conduct of a 
person employed by VA or a person representing a person in a matter 
before VA.

[[Page 7407]]

    12. Disclosure may be made to individuals, organizations, private 
or public agencies, or other entities or individuals with whom VA has a 
contract or agreement to perform such services as VA may deem 
practicable for the purposes of laws administered by VA, in order for 
the contractor, subcontractor, public or private agency, or other 
entity or individual with whom VA has an agreement or contract to 
perform the services of the contract or agreement.
    13. Disclosure to other Federal agencies may be made to assist such 
agencies in preventing and detecting possible fraud or abuse by 
individuals in their operations and programs.
    14. VA may disclose any information or records to appropriate 
agencies, entities, and persons when (1) VA suspects or has confirmed 
that there has been a breach of the system of records; (2) VA has 
determined that as a result of the suspected or confirmed breach there 
is a risk to individuals, VA (including its information systems, 
programs, and operations), the Federal Government, or national 
security; and (3) the disclosure made to such agencies, entities, or 
persons is reasonably necessary to assist in connection with VA efforts 
to respond to the suspected or confirmed breach or to prevent, 
minimize, or remedy such harm.
    15. VA may disclose information from this system to another Federal 
agency or Federal entity, when VA determines that information from this 
system of records is reasonably necessary to assist the recipient 
agency or entity in (1) responding to a suspected or confirmed breach 
or (2) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    16. VA may disclose information from this system to the Office of 
the Special Counsel for investigation and inquires of alleged or 
possible prohibited personnel practices.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are maintained on paper and on electronic storage media, 
including magnetic tape, disk, encrypted flash memory, and laser 
optical media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by name, Social Security number, or other 
assigned identifiers of the individuals on whom they are maintained.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    The records are disposed of in accordance with Section XXXV--Office 
of the Medical Inspector (10E1B) of the Veterans Health Administration 
Records Control Schedule 10-1 of January 2016, which stipulates that 
records from investigations not involving site visits will be destroyed 
10 years after closure; records from investigations involving site 
visits will be destroyed 20 years after closure.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    1. Access to and use of national patient databases are limited to 
those persons whose official duties require such access, and VA has 
established security procedures to ensure that access is appropriately 
limited. Information security officers and system data stewards review 
and authorize data access requests. VA regulates data access with 
security software that authenticates users and requires individually 
unique codes and passwords. VA provides information security training 
to all staff and instructs staff on the responsibility each person has 
for safeguarding data confidentiality.
    2. VA maintains Business Associate Agreements and Non-Disclosure 
Agreements with contracted resources in order to maintain 
confidentiality of the information.
    3. Physical access to computer rooms housing national patient 
databases is restricted to authorized staff and protected by a variety 
of security devices. Unauthorized employees, contractors, and other 
staff are not allowed in computer rooms. The Federal Protective Service 
or other security personnel provide physical security for the buildings 
housing computer rooms and data centers.
    4. All materials containing real or scrambled Social Security 
numbers are kept only on secure, encrypted VHA servers, personal 
computers, laptops, or media. All email transmissions of such files use 
Public Key Infrastructure (PKI) encryption. If a recipient does not 
have PKI, items are mailed or sent to a secure fax. Paper records 
containing Social Security numbers are secured in locked cabinets or 
offices within the OMI area. Access to OMI requires passing a security 
officer, an elevator card reader for floor access and a separate VHA 
card reader for access to the office area. All materials, both paper 
and electronic, that are no longer required are shredded/obliterated in 
accordance with VHA guidelines. Materials required for case 
documentation and follow up are archived in our secure document 
management server (electronic) and in locked storage (paper).
    5. In most cases, copies of back-up computer files are maintained 
at off-site locations.

RECORD ACCESS PROCEDURE:
    Individuals seeking information regarding access to and contesting 
of records in this system may write or call Correspondence Analyst, 
OMI, 810 Vermont Avenue NW, Washington, DC 20420, 202-461-1030.

CONTESTING RECORD PROCEDURES:
    (See Record Access Procedures).

NOTIFICATION PROCEDURE:
    Individuals who wish to determine whether this system of records 
contains information about them should contact Correspondence Analyst, 
OMI, 810 Vermont Avenue NW, Washington, DC 20420. Inquiries should 
include the person's full name, Social Security number, location and 
dates of employment or location and dates of treatment and return 
address.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    Last full publication provided in 75 FR 26847 dated May 12, 2010.

[FR Doc. 2020-02482 Filed 2-6-20; 8:45 am]
 BILLING CODE 8320-01-P