Privacy Act of 1974; System of Records, 6988-6992 [2021-01501]

Agencies

• DEPARTMENT OF VETERANS AFFAIRS

[Federal Register Volume 86, Number 14 (Monday, January 25, 2021)]
[Notices]
[Pages 6988-6992]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-01501]


-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Department of Veterans Affairs (VA).

ACTION: Notice of a Modified System of Records.

-----------------------------------------------------------------------

SUMMARY: As required by the Privacy Act of 1974, notice is hereby given 
that the Department of Veterans Affairs (VA) is amending the system of 
records currently entitled, ``Patient Advocate Tracking System 
(PATS)[dash]VA'' (100VA10NS10) as set forth in the Federal Register. VA 
is amending the system of records by revising the System Name, System 
Number; System Location; System Manager; Record Source Categories; 
Routine Uses of Records Maintained in the System, Including Categories 
of Users and the Purposes of Such Uses; Policies and Practices for 
Retention and Disposal of Records; and Physical, Administrative and 
Procedural Safeguards. VA is republishing the system notice in its 
entirety.

DATES: Comments on this amended system of records must be received no 
later than February 24, 2021. If no public comment is received during 
the period allowed for comment or unless otherwise published in the 
Federal Register by the VA, the new system will become effective 
February 24, 2021.

ADDRESSES: Written comments may be submitted through 
www.Regulations.gov; by mail or hand-delivery to Director, Regulation 
Policy and Management (00REG), Department of Veterans Affairs, 810 
Vermont Avenue NW, Room 1064, Washington, DC 20420; or by fax to (202) 
273-9026 (Note: not a toll-free number). Comments should indicate they 
are submitted in response to ``Patient Representation Program 
Records[dash]VA''. Copies of comments received will be available for 
public inspection in the Office of Regulation Policy and Management, 
Room 1063B, between the hours of 8:00 a.m. and 4:30 p.m., Monday 
through Friday (except holidays). Please call (202) 461-4902 for an 
appointment (Note: not a toll-free number). In addition, comments may 
be viewed online at www.Regulations.gov.

FOR FURTHER INFORMATION CONTACT: Stephania Griffin, Veterans Health 
Administration (VHA) Privacy Officer, Department of Veterans Affairs, 
810 Vermont Avenue NW, Washington, DC 20420; telephone (704) 245-2492.

[[Page 6989]]


SUPPLEMENTARY INFORMATION: The System Name is being changed from 
``Patient Advocate Tracking System (PATS)[dash]VA'' to ``Patient 
Advocate Tracking System Replacement (PATS-R)-VA''.
    The System Number will be changed from 100VA10NS10 to 100VA10H to 
reflect the current organizational alignment.
    The System Location is being amended to replace the PATS 
application from being located at Falling Waters to Martinsburg, West 
Virginia. Being removed from this section is, ``A limited set of 
information is transferred from this central system in Falling Waters 
to Austin Automation Center. This limited set of information 
transferred to Austin Automation Center is utilized to run specific 
reports for central business office.'' Being added to the section is 
that PATS Report of Contact (ROC) encounter data, entered by Patient 
Advocate users of the application, resides in the centralized PATS 
database at Austin Information Technology Center (AITC). This ROC data 
is transferred nightly from the PATS database at AITC to the PATS 
Reports database at Hines Information Technology Center (HITC) to be 
utilized to run ROC issue activity and trending reports by Patient 
Advocates for submission to their VA Medical Center (VAMC)/Integrated 
Health Care System Director, Service Chiefs and Customer Care leaders 
to assess service activity and provide feedback to identify trends for 
process improvement and achieve best practices.
    The System Manager is being amended to replace Director, National 
Veteran Service and Advocacy Program with Executive Director, VHA 
Office of Patient Advocacy.
    The Records Source Categories is being amended to replace 24VA136 
with 24VA10A7 and to will now include Veterans Health Information 
Systems and Technology Architecture (VistA) Records-VA (79VA10P2) and 
integrated systems.
    The Routine Uses of Records Maintained in the System has been 
amended to change Joint Commission for Accreditation of Healthcare 
Organizations (JCAHO) to The Joint Commission (TJC) in Routine use #6.
    Routine Use #18 has been amended by clarifying the language to 
state, ``VA may disclose any information or records to appropriate 
agencies, entities, and persons when (1) VA suspects or has confirmed 
that there has been a breach of the system of records; (2) VA has 
determined that as a result of the suspected or confirmed breach there 
is a risk to individuals, VA (including its information systems, 
programs, and operations), the Federal Government, or national 
security; and (3) the disclosure made to such agencies, entities, or 
persons is reasonably necessary to assist in connection with VA efforts 
to respond to the suspected or confirmed breach or to prevent, 
minimize, or remedy such harm.''
    Routine Use #19 is being added to state, ``VA may disclose 
information from this system to another Federal agency or Federal 
entity, when VA determines that information from this system of records 
is reasonably necessary to assist the recipient agency or entity in (1) 
responding to a suspected or confirmed breach or (2) preventing, 
minimizing, or remedying the risk of harm to individuals, the recipient 
agency or entity (including its information systems, programs, and 
operations), the Federal Government, or national security, resulting 
from a suspected or confirmed breach. VA needs this routine use for the 
data breach response and remedial efforts with another Federal 
agency.''
    New Routine Use #20 is being added to state, ``VA may disclose 
relevant information in response to an inquiry from a member of the 
general public or third party about the named individual.'' VA needs 
this routine use to permit disclosure to a Veteran when a complaint was 
submitted on his/her behalf or if a Congressional member submits the 
complaint but is not retrieved by his/her name or other unique 
identifier.
    The Policies and Practices for Retention and Disposal of Records is 
being amended to replace Section XLV as authorized by the National 
Archives and Records Administration of the United States with Subject 
Identification Code (SIC) 1300.1, records are to be maintained for (7) 
years as authorized by the National Archives and Records Administration 
of the United States (N1-15-05-2, Item 1).
    The Physical, Administrative and Procedural Safeguards is being 
amended to replace the PATS data center as being located in Falling 
Waters, WV, to being located in Martinsburg, West Virginia. Also, the 
Austin VA Data Processing Center is being replaced with the Austin 
Information Technology Center (AITC).
    The Report of Intent to Amend a System of Records Notice and an 
advance copy of the system notice have been sent to the appropriate 
Congressional committees and to the Director of the Office of 
Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy 
Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000.

Signing Authority

    The Senior Agency Official for Privacy, or designee, approved this 
document and authorized the undersigned to sign and submit the document 
to the Office of the Federal Register for publication electronically as 
an official document of the Department of Veterans Affairs. James P. 
Gfrerer, Assistant Secretary of Information and Technology and Chief 
Information Officer, approved this document on June 3, 2020 for 
publication.

    Dated: January 19, 2021.
Amy L. Rose,
Program Analyst, VA Privacy Service, Office of Information Security, 
Office of Information and Technology, Department of Veterans Affairs.

SYSTEM NAME AND NUMBER:
    ``Patient Advocate Tracking System Replacement (PATS-R)-VA'' 
(100VA10H)

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    The PATS application is installed on a centrally located system in 
Martinsburg, West Virginia. The backup system in case of disaster 
recovery scenario is located at Hines Information Technology Center 
(HITC). The data entered into the application also resides on this 
central system. PATS Report of Contact (ROC) encounter data, entered by 
Patient Advocate users of the Application, resides in the centralized 
PATS database at Austin Information Technology Center (AITC).
    Patient contacts, as recorded in ROCs, are coded using issue codes 
in order to facilitate tracking of these encounters to show where 
system improvements might be made. Aggregate data are maintained at the 
Network and Headquarters levels for the development of reports to make 
system wide changes. Records are collected and stored electronically 
for ease of retrieval by individual patient names and ease in compiling 
aggregate data. This ROC data is transferred nightly from the PATS 
database at AITC to the PATS Reports database at HITC to be utilized to 
run ROC issue activity and trending reports by Patient Advocates for 
submission to their VAMC/Integrated Health Care System Director, 
Service Chiefs and Customer Care leaders to assess service activity and 
provide feedback to identify trends for process improvement and achieve 
best practices.

SYSTEM MANAGER(S):
    Official responsible for policies and procedures; Executive 
Director, VHA

[[Page 6990]]

Office of Patient Advocacy, Department of Veterans Affairs, 810 Vermont 
Avenue NW, Washington, DC 20420. Telephone number 202-461-7607 (this is 
not a toll-free number). Officials maintaining the system are the 
Director at the facility where the individual were associated.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Title 38, United States Code, Chapter 73, section 7301(b).

PURPOSE(S) OF THE SYSTEM:
    The records may be used for such purposes as producing various 
management and patient follow-up reports; responding to patient and 
other inquiries; conducting health care-related studies, statistical 
analysis, and resource allocation planning; providing clinical and 
administrative support to patient medical care; audits, reviews and 
investigations conducted by the staff of the health care facility, 
Veterans Integrated Service Network (VISN), VHA Headquarters, and VA's 
Office of Inspector General; law enforcement investigations; quality 
improvement reviews and investigations; personnel management and 
evaluation; employee ratings and performance evaluations; employee 
disciplinary or other adverse action, including discharge; advising 
health care professional licensing or monitoring bodies or similar 
entities or activities of VA and former VA health care personnel; 
accreditation of a facility by an entity such as the Joint Commission; 
and, notifying medical schools of medical students' performance. The 
information is integrated into the overall quality improvement plans 
and activities of the facility and used to improve services and 
communications, as well as, to track categories of complaints and the 
locations of complaints in order to improve the delivery of health 
care.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The records include information concerning individual patients, 
Veterans who have applied for care, their friends, their families, VA 
health care providers and members of the community. Members of the 
community include, but are not limited to, Congressional liaisons, 
Veterans Service Organizations and attorneys.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The records may include information maintained in paper records, 
and entered into a centralized web-based system, PATS, related to 
concerns and complaints regarding an individual's medical care, VA 
benefits, and/or encounters with health care facility personnel or 
other patients. The records include information that is compiled to 
review, investigate, and resolve these issues.

RECORD SOURCE CATEGORIES:
    The patient, family members, and friends, employers or other third 
parties when otherwise unobtainable from the patient or family; 
employees, Patient Medical Records-VA (24VA10P2); Veterans Health 
Information Systems and Technology Architecture (VistA) Records-VA 
(79VA10P2); private medical facilities and health care professionals; 
State and local agencies; other Federal agencies; VISNs, Veterans 
Benefits Administration automated record systems including Veterans and 
Beneficiaries Identification and Records Location Subsystem-VA (38VA23) 
and the Compensation, Pension, Education and Rehabilitation Records-VA 
(58VA21/22); PATS Legacy; and various automated and/or integrated 
systems providing clinical and managerial support at VA health care 
facilities.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    To the extent that records contained in the system include 
information protected by 45 CFR parts 160 and 164, i.e., individually 
identifiable health information, and 38 U.S.C. 7332, i.e., medical 
treatment information related to drug abuse, alcoholism or alcohol 
abuse, sickle cell anemia or infection with the human immunodeficiency 
virus, that information cannot be disclosed under a routine use unless 
there is also specific statutory authority in 38 U.S.C. 7332 and 
regulatory authority in 45 CFR parts 160 and 164 permitting disclosure.
    1. The record of an individual who is covered by a system of 
records may be disclosed to a Member of Congress, or a staff person 
acting for the Member, when the Member or staff person requests the 
record on behalf of and at the written request of the individual.
    2. Disclosure may be made to the National Archives and Records 
Administration (NARA) and the General Services Administration (GSA) for 
the purpose of records management inspections conducted under authority 
of Title 44, Chapter 29 of the United States Code.
    3. VA may disclose information from this system of records to the 
Department of Justice (DoJ), either on VA's initiative or in response 
to DoJ's request for the information, after either VA or DoJ determines 
that such information is relevant to DoJ's representation of the United 
States or any of its components in legal proceedings before a court or 
adjudicative body, provided that, in each case, the agency also 
determines prior to disclosure that release of the records to the DoJ 
is limited to circumstances where relevant and necessary to the 
litigation. VA may disclose records in this system of records in legal 
proceedings before a court or administrative body after determining 
that release of the records to the DoJ is limited to circumstances 
where relevant and necessary to the litigation.
    4. Disclosure may be made to any facility regarding the hiring, 
performance, or other personnel-related information with which there 
is, or there is proposed to be, an affiliation, sharing agreement, 
contract, or similar arrangement for purposes of establishing, 
maintaining, or expanding any such relationship.
    5. Disclosure may be made to a Federal agency or to a State or 
local government licensing board and/or to the Federation of State 
Medical Boards or a similar non-government entity which maintains 
records concerning individual employment histories or concerning the 
issuance, retention or revocation of licenses, certifications, or 
registration necessary to practice an occupation, profession or 
specialty, in order for the Department to obtain information relevant 
to a Department decision concerning the hiring, retention or 
termination of an employee boards or the appropriate nongovernment 
entities about the health care practices of employees who resigned, 
were terminated, or retired and whose professional health care activity 
so significantly failed to conform to generally accepted standards of 
professional medical practice as to raise reasonable concern for the 
health and safety of patients receiving medical care in the private 
sector or from another Federal agency. These records may also be 
disclosed as part of an ongoing computer-matching program to accomplish 
these purposes.
    6. VA may disclose information for program review purposes and the 
seeking of accreditation and/or certification to survey teams of The 
Joint Commission (TJC), College of American Pathologists, American 
Association of Blood Banks, and similar national accreditation agencies 
or boards with which VA has a contract or agreement to conduct such 
reviews, but only to the extent that the information is necessary and 
relevant to the review.
    7. Disclosure may be made to a State or local government entity or 
national certifying body which has the authority to make decisions 
concerning the issuance, retention or revocation of

[[Page 6991]]

licenses, certifications or registrations required to practice a health 
care profession, when requested in writing by an investigator or 
supervisory official of the licensing entity or national certifying 
body for the purpose of making a decision concerning the issuance, 
retention or revocation of the license, certification or registration 
of a named health care professional.
    8. Disclosure of information to the Federal Labor Relations 
Authority, including its General Counsel, when requested in connection 
with the investigation and resolution of allegations of unfair labor 
practices, in connection with the resolution of exceptions to 
arbitrator awards when a question of material fact is raised, in 
connection with matters before the Federal Service Impasses Panel, and 
to investigate representation petitions and conduct or supervise 
representation elections.
    9. Disclosure of relevant information may be made to individuals, 
organizations, private or public agencies, etc., with whom VA has a 
contract or agreement to perform such services as VA may deem 
practicable for the purposes of laws administered by VA, in order for 
the contractor or subcontractor to perform the services of the contract 
or agreement.
    10. Disclosure may be made to a Federal agency, in response to its 
request, in connection with the hiring or retention of an employee, the 
issuance of a security clearance, the reporting of an investigation of 
an employee, the letting of a contract, or the issuance of a license, 
grant, or other benefit by the requesting agency, to the extent that 
the information is relevant and necessary to the requesting agency's 
decision on the matter.
    11. Disclosure may be made to a Federal, State or local agency 
maintaining civil, criminal or other relevant information such as 
current licenses, if necessary to obtain information relevant to any 
agency decision concerning the hiring or retention of an employee, the 
issuance of a security clearance, the letting of a contract, or the 
issuance of a license, grant or other health, educational or welfare 
benefit.
    12. Disclosure of information may be made to the next-of-kin and/or 
the person(s) with whom the patient has a meaningful relationship to 
the extent necessary and on a need-to-know basis consistent with good 
medical-ethical practices.
    13. A record containing the name(s) and address(es) of present or 
former members of the armed services and/or their dependents may be 
disclosed under certain circumstances to any criminal or civil law 
enforcement governmental agency or instrumentality charged under 
applicable law with the protection of the public's health or safety, if 
a qualified representative of such organization, agency or 
instrumentality has made a standing written request that such name(s) 
or address(es) be provided for a purpose authorized by law; provided 
that the record(s) will not be used for any purpose other than that 
stated in the request and that organization, agency or instrumentality 
is aware of the penalty provision of 38 U.S.C. 5701(f).
    14. VA may disclose any information in this system, except the 
names and home addresses of Veterans and their dependents, which is 
relevant to a suspected or reasonably imminent violation of law, 
whether civil, criminal or regulatory in nature and whether arising by 
general or program statute or by regulation, rule or order issued 
pursuant thereto, to a Federal, State, local, tribal, or foreign agency 
charged with the responsibility of investigating or prosecuting such 
violation, or charged with enforcing or implementing the statute, 
regulation, rule or order. VA may also disclose the names and addresses 
of Veterans and their dependents to a Federal agency charged with the 
responsibility of investigating or prosecuting civil, criminal or 
regulatory violations of law, or charged with enforcing or implementing 
the statute, regulation, rule or order issued pursuant thereto.
    15. Disclosure may be made to the Equal Employment Opportunity 
Commission when requested in connection with investigations of alleged 
or possible discrimination practices, examination of Federal 
affirmative employment programs, compliance with the Uniform Guidelines 
of Employee Selection Procedures, or other functions of the Commission 
as authorized by law or regulation.
    16. Disclosure may be made to officials of the Merit Systems 
Protection Board, including the Office of the Special Counsel, when 
requested in connection with appeals, special studies of the civil 
service and other merit systems, review of rules and regulations, 
investigation of alleged or possible prohibited personnel practices, 
and such other functions, promulgated in 5 U.S.C. 1205-1206, or as may 
be authorized by law.
    17. Disclosure to other Federal agencies may be made to assist such 
agencies in preventing and detecting possible fraud or abuse by 
individuals in their operations and programs.
    18. VA may disclose any information or records to appropriate 
agencies, entities, and persons when (1) VA suspects or has confirmed 
that there has been a breach of the system of records; (2) VA has 
determined that as a result of the suspected or confirmed breach there 
is a risk to individuals, VA (including its information systems, 
programs, and operations), the Federal Government, or national 
security; and (3) the disclosure made to such agencies, entities, or 
persons is reasonably necessary to assist in connection with VA efforts 
to respond to the suspected or confirmed breach or to prevent, 
minimize, or remedy such harm.
    19. VA may disclose information from this system to another Federal 
agency or Federal entity, when VA determines that information from this 
system of records is reasonably necessary to assist the recipient 
agency or entity in (1) responding to a suspected or confirmed breach 
or (2) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    20. VA may disclose relevant information in response to an inquiry 
from a member of the general public or third party about the named 
individual.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are maintained on paper, microfilm, magnetic tape, disk, or 
laser optical media. In most cases, copies of back-up computer files 
are maintained at off-site locations.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by name, social security number or other 
assigned identifiers of the individuals on whom they are maintained.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Paper records and information stored on electronic storage media 
are maintained and disposed of in accordance with Records Control 
Schedule 10-1, Subject Identification Code (SIC) 1300.1, and are to be 
maintained for (7) years as authorized by the National Archives and 
Records Administration of the United States (N1-15-05-2, Item 1).

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    1. Access to VA working and storage areas are restricted to VA 
employees on

[[Page 6992]]

a ``need-to-know'' basis; strict control measures are enforced to 
ensure that disclosure to these individuals is also based on this same 
principle. Generally, VA file areas are locked after normal duty hours 
and the facilities are protected from outside access by the Federal 
Protective Service or other security personnel.
    2. PATS is a web-based application installed on central computer 
systems in a data center at Martinsburg, West Virginia. The systems are 
maintained by authorized personnel. The end users access the 
application using the Web browser installed on their desktops. 
Additionally, access to computer rooms at health care facilities is 
generally limited by appropriate locking devices and restricted to 
authorized VA employees and vendor personnel. Automated Data Processing 
(ADP) peripheral devices are placed in secure areas (areas that are 
locked or have limited access) or are otherwise protected. Information 
in VistA may be accessed by authorized VA employees. Access to PATS 
application and data in the application is controlled at two levels; 
the systems recognize authorized employees by series of individually 
unique passwords/codes as a part of each data message, and the 
employees are limited to only that information in the application which 
is needed in the performance of their official duties. Information that 
is downloaded from PATS and maintained on personal computers are 
afforded similar storage and access protections as the data that is 
maintained in the original files. Access to information stored on 
automated storage media at other VA locations is controlled by 
individually unique passwords/codes.
    3. Access to the AITC is generally restricted to Center employees, 
custodial personnel, Federal Protective Service and other security 
personnel. Access to computer rooms is restricted to authorized 
operational personnel through electronic locking devices. All other 
persons gaining access to computer rooms are escorted. Information 
stored in the computer may be accessed by authorized VA employees at 
remote locations including VA health care facilities, Information 
Systems Centers, VA Central Office, and Veteran Integrated Service 
Networks. Access is controlled by individually unique passwords/codes 
which must be changed periodically by the employee.

RECORD ACCESS PROCEDURE:
    Individuals seeking information regarding access to and contesting 
of records in this system may write, call or visit the VA facility 
location where they are or were employed or made contact.

CONTESTING RECORD PROCEDURES:
    (See Record Access Procedures above.)

NOTIFICATION PROCEDURE:
    Individuals who wish to determine whether this system of records 
contains information about them should contact the VA facility location 
at which they are or were employed or made or have contact. Inquiries 
should include the person's full name, social security number, dates of 
employment, date(s) of contact, and return address.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    Last full publication provided in 74 FR 26766 dated June 3, 2009.

[FR Doc. 2021-01501 Filed 1-22-21; 8:45 am]
BILLING CODE 8320-01-P