Privacy Act of 1974; System of Records, 61852-61855 [2021-24368]
Download as PDF
61852
Federal Register / Vol. 86, No. 213 / Monday, November 8, 2021 / Notices
8922, or viewing the entire information
collection request at www.reginfo.gov.
SUPPLEMENTARY INFORMATION:
Internal Revenue Service (IRS)
Title: Employer’s Annual Tax Return
for Agricultural Employees.
OMB Control Number: 1545–0035.
Type of Review: Reinstatement
without change of a currently approved
collection.
Description: Agricultural employers
must prepare and file Form 943 and
Form 943–PR (Puerto Rico only) to
report and pay FICA taxes and income
tax voluntarily withheld (Form 943
only). Agricultural employees may
attach Forms 943–A and 943A–PR to
Forms 943 and 943–PR to show their tax
liabilities for semiweekly periods. The
information is used to verify that the
correct tax has been paid. Form 943
(Schedule R) allows (1) an agent
appointed by an employer or payer or
(2) a customer who enters into a
contract that meets the requirements
under 7705(e)(2) or (3) a client who
enters into a service agreement
described under Regulations section
31.3504–2(b)(2) with a Certified
Professional Employer Organization, to
allocate information reported on Form
943 to each client.
Form Numbers: IRS Form 943, IRS
Form 943–PR, IRS Form 943–A, IRS
Form 943A–PR, IRS Form 943X, IRS
Form 943–X(PR), and IRS Form 943—
Schedule R.
Affected Public: Businesses or other
for-profit institutions.
Estimated Number of Respondents:
965,698.
Frequency of Response: Annually.
Estimated Total Number of Annual
Responses: 965,698.
Estimated Time per Response: 14
hours 1 minute.
Estimated Total Annual Burden
Hours: 13,533,994 hours.
Authority: 44 U.S.C. 3501 et seq.
Dated: November 3, 2021.
Molly Stasko,
Treasury PRA Clearance Officer.
[FR Doc. 2021–24379 Filed 11–5–21; 8:45 am]
BILLING CODE 4810–25–P
DEPARTMENT OF VETERAN AFFAIRS
lotter on DSK11XQN23PROD with NOTICES1
Privacy Act of 1974; System of
Records
Department of Veteran Affairs,
Office of General Counsel.
ACTION: Notice of a modified system of
records.
AGENCY:
VA is amending the current
system of record (SOR) (173VA005OP2)
SUMMARY:
VerDate Sep<11>2014
18:37 Nov 05, 2021
Jkt 256001
the Department of Veterans Affairs (VA)
Mobile Application Environment (MAE)
by renaming it VA Enterprise Cloud—
Mobile Application Platform (VAEC–
MAP). The VA MAE has been replaced
by VAEC–MAP. VA changed
Information Technology providers from
Terremark to Amazon Web Services
(AWS). In addition, the system location
has changed. We are restating the
routine uses in full and revising the
language to make routine uses align
with recent Office of Management and
Budget (OMB) guidelines and making
minor editorial changes to more clearly
articulate uses and to align with
standardized VA routine use language.
VA is republishing the system notice in
its entirety. VAEC–MAP is a cloud
hosted system that provides the
infrastructure and hosting platform for
Mobile Shared Services (i.e., common
services used for Mobile applications)
and web components of applications
used on Mobile devices. Mobile
applications connect to VA enterprise
services using the VAEC MAP Mobile
Shared Services. Mobile applications
such as Video Visits Service (VVS),
Veteran Affairs Online Scheduling
(VAOS), Patient Viewer (PV), and
Veteran Affairs Video Connect (VVC)
leverage this platform, pipeline, and
hosting environment to provide a
coordinated scheduling and notification
capability to Staff and Veterans among
other resources. VAEC–MAP uses the
VAEC AWS cloud environment to
provide an automated platform and
pipeline for the development and
hosting of production VA mobile
applications. VAEC Common shared
services, such as BigFix, Nessus,
Splunk, and AD, are leveraged to
provide security control implementation
and system security visibility to the VA
teams responsible for ensuring the
security of VA systems. Administrative
users of the VAEC–MAP environment
must authenticate to the VA (Citrix
Access Gateway or RESCUE) via
Personal Identification Verification
before using access keys and Identity
and Access Management multi-factor
authentication to gain access into the
environment. System Administrators
access the VA network using VA
managed Government Furnished
Equipment through Virtual Private
Network connections to the VA Local
Area Network and are authenticated
using an Active Directory system
managed by VA Network Security
Operations Center. Encrypted
communications protocols and ports are
employed to protect information
flowing across the VA network. All
system access is managed via Role
PO 00000
Frm 00106
Fmt 4703
Sfmt 4703
Based Access Control deployed
separately within the environment and
adheres to the Least Privilege Principal
for all user accounts regardless of role.
VAEC–MAP user account management
adheres to VA policy or exceeds VA
Policy where applicable.
Comments on this revision of a
system of records must be received no
later than 30 days after date of
publication in the Federal Register. If
no public comment is received during
the period allowed for comment or
unless otherwise published in the
Federal Register by VA, these revisions
will become effective a minimum of 30
days after date of publication in the
Federal Register. If VA receives public
comments, VA shall review the
comments to determine whether any
changes to the notice are necessary.
DATES:
Comments may be
submitted through www.Regulations.gov
or mailed to VA Privacy Service, 810
Vermont Avenue NW, (005R1A),
Washington, DC 20420. Comments
should indicate that they are submitted
in response to the VA Mobile
Application Environment (MAE)-VA
(173VA005OP2). Comments received
will be available at regulations.gov for
public viewing, inspection or copies.
ADDRESSES:
For
submitting general questions and
requests about this revised system
please direct correspondence to Mark
Ennis (System Owner) [Veteran Affairs
102 2nd Avenue South, Suite 300, St.
Petersburg, FL 33701], or at
Mark.Ennis@va.gov, and 727–212–0827
(This is not a toll-free number).
FOR FURTHER INFORMATION CONTACT:
VA is
amending the current system of record
(SOR) (173VA005OP2) the Department
of Veterans Affairs (VA) Mobile
Application Environment (MAE) by
renaming it VA Enterprise Cloud—
Mobile Application Platform (VAEC–
MAP) and updating the system location.
SUPPLEMENTARY INFORMATION:
Signing Authority
The Senior Agency Official for
Privacy, or designee, approved this
document and authorized the
undersigned to sign and submit the
document to the Office of the Federal
Register for publication electronically as
an official document of the Department
of Veterans Affairs. Dominic A. Cussatt,
Acting Assistant Secretary of
Information and Technology and Chief
Information Officer, approved this
document on May 26, 2021 for
publication.
E:\FR\FM\08NON1.SGM
08NON1
Federal Register / Vol. 86, No. 213 / Monday, November 8, 2021 / Notices
Dated: November 3, 2021.
Amy L. Rose,
Program Analyst, VA Privacy Service, Office
of Information Security, Office of Information
and Technology, Department of Veterans
Affairs.
SYSTEM NAME AND NUMBER:
‘‘VA Enterprise Cloud—Mobile
Application Platform (Cloud) Assessing
(VAEC–MAP) (173VA005OP2).
SECURITY CLASSIFICATION:
Sensitive But Unclassified (SBU).
SYSTEM LOCATION:
The office responsible for the system
is the Department of Veteran Affairs,
Office of General Counsel, 810 Vermont
Ave. NW, Washington, DC 20420 and
Amazon Web Services (AWS)—Seattle,
WA.
SYSTEM MANAGER(S):
Mark Ennis (System Owner) Veteran
Affairs 102 2nd Avenue South, Suite
300, St. Petersburg, FL 33701, or at
Mark.Ennis@va.gov, and 727–212–0827
(This is not a toll-free number).
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Title 38, United States Code, Section
501.
lotter on DSK11XQN23PROD with NOTICES1
PURPOSE(S) OF THE SYSTEM:
The records and information will be
used to provide a repository for the
clinical and administrative information
that is collected, retrieved, or displayed
from within a VA mobile or Web
application. The purpose of use will
include, but not be limited to, health
care treatment information, disability
adjudication, and benefits to the Veteran
both within the VA Medical Center and
in sharing with partners who are
participating through the eHealth
Exchange in VA’s Mobile pilots and
subsequent public and enterprise rollout
of new applications. Data may also be
used at an aggregate, non-personally
identifiable level to track and evaluate
local or national health and benefits
initiatives and preventative-care
measures, such as detecting outbreaks of
flu or other diseases, detection of
antibiotic resistance bacteria, etc. These
data may be used for such purposes as
scheduling patient treatment services,
including nursing care, clinic
appointments, surveys, diagnostic, and
therapeutic procedures. These data may
also be used for the purpose of health
care operations, such as producing
various management and patient follow
up reports; responding to patient and
other inquiries; for epidemiological
research and other health care-related
studies; statistical analysis, resource
allocation and planning; providing
VerDate Sep<11>2014
18:37 Nov 05, 2021
Jkt 256001
clinical and administrative support to
patient medical care; determining
entitlement and eligibility for VA
benefits; processing and adjudicating
benefit claims by Veterans Benefits
Administration Regional Office staff; for
audits, reviews, and investigations
conducted by staff of VA Central Office
and VA’s OIG; sharing of health
information between and among VHA,
DoD, IHS, and other Government and
private industry health care
organizations; law enforcement
investigations; quality assurance audits,
reviews, and investigations; personnel
management and evaluation; employee
ratings and performance evaluations;
and employee disciplinary or other
adverse action, including discharge;
advising health care professional
licensing or monitoring bodies or
similar entities of activities of VA and
former VA health care personnel.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
The records contain information on
Veterans, Veteran beneficiaries, Veteran
caregivers, members of the Armed
Forces, Reserves and National Guard,
and other VA customers in addition to
VA authorized users (e.g., VA
employees, VA contractors, VA
volunteers, and other individuals
permitted to have access to VA IT
systems).
CATEGORIES OF RECORDS IN THE SYSTEM:
The records may include information
related to data entered through Web and
mobile applications developed and
maintained by VA, accessed and
updated by the individuals covered by
the system as well as by VA-authorized
users. The records may contain
demographics, personal information
(e.g., name, social security numbers,
physical address, phone number, email
address), health-related information
(e.g., vital signs, allergies, medications,
health related history, health
assessments), benefit-related
information, information provided to
VA for the potential provision of
services and benefits, military history
and services, preferences for authorizing
the sharing of their health information
(e.g., electronic surrogate authorizations,
electronic surrogate revocations). The
records may include identifiers such as
VA’s integration control number. The
information will be primarily benefits
and health-related but may include
other information such as customer
entered updates to demographic
information.
PO 00000
Frm 00107
Fmt 4703
Sfmt 4703
61853
RECORD SOURCE CATEGORIES:
Information in this system of records
is provided by Veterans and their
beneficiaries or caregivers, members of
the Armed Services, Reserves or
National Guard; VA employees, other
VA-authorized users (e.g., DoD), and
information from VA computer systems
and databases include, but not limited
to, Veterans Health Information Systems
and Technology Architecture (VistA)—
VA (79VA10P2) and National Patient
Databases—VA (121VA10P2), VAMCs,
Federal and non-Federal VLER/eHealth
Exchange partners, and DoD.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES:
1. Congress
VA may disclose information to a
Member of Congress or staff acting upon
the Member’s behalf when the Member
or staff requests the information on
behalf of, and at the request of, the
individual who is the subject of the
record.
2. Data Breach Response and
Remediation, for VA
VA may disclose information to
appropriate agencies, entities, and
persons when (1) VA suspects or has
confirmed that there has been a breach
of the system of records,(2) VA has
determined that as a result of the
suspected or confirmed breach there is
a risk of harm to individuals, VA
(including its information systems,
programs, and operations), the Federal
Government, or national security; and
(3) the disclosure made to such
agencies, entities, and persons is
reasonably necessary to assist in
connection with VA’s efforts to respond
to the suspected or confirmed breach or
to prevent, minimize, or remedy such
harm . . .
3. Data Breach Response and
Remediation, for Another Federal
Agency
VA may disclose information to
another Federal agency or Federal
entity, when VA determines that the
information from this system of records
is reasonably necessary to assist the
recipient agency or entity in (1)
responding to a suspected or confirmed
breach or (2) preventing, minimizing, or
remedying the risk of harm to
individuals, the recipient agency or
entity (including its information
systems, programs, and operations), the
Federal Government, or national
security, resulting from a suspected or
confirmed breach.
4. Law Enforcement
VA may disclose information that,
either alone or in conjunction with
E:\FR\FM\08NON1.SGM
08NON1
lotter on DSK11XQN23PROD with NOTICES1
61854
Federal Register / Vol. 86, No. 213 / Monday, November 8, 2021 / Notices
other information, indicates a violation
or potential violation of law, whether
civil, criminal, or regulatory in nature,
to a Federal, state, local, territorial,
tribal, or foreign law enforcement
authority or other appropriate entity
charged with the responsibility of
investigating or prosecuting such
violation or charged with enforcing or
implementing such law. The disclosure
of the names and addresses of veterans
and their dependents from VA records
under this routine use must also comply
with the provisions of 38 U.S.C. 5701.
5. DoJ for Litigation or Administrative
Proceeding
VA may disclose information to the
Department of Justice (DoJ), or in a
proceeding before a court, adjudicative
body, or other administrative body
before which VA is authorized to
appear, when:
(a) VA or any component thereof;
(b) Any VA employee in his or her
official capacity;
(c) Any VA employee in his or her
official capacity where DoJ has agreed to
represent the employee; or
(d) The United States, where VA
determines that litigation is likely to
affect the agency or any of its
components,
is a party to such proceedings or has
an interest in such proceedings, and VA
determines that use of such records is
relevant and necessary to the
proceedings.
6. Contractors
VA may disclose information to
contractors, grantees, experts,
consultants, students, and others
performing or working on a contract,
service, grant, cooperative agreement, or
other assignment for VA, when
reasonably necessary to accomplish an
agency function related to the records.
7. OPM
VA may disclose information to the
Office of Personnel Management (OPM)
in connection with the application or
effect of civil service laws, rules,
regulations, or OPM guidelines in
particular situations.
8. EEOC
VA may disclose information to the
Equal Employment Opportunity
Commission (EEOC) in connection with
investigations of alleged or possible
discriminatory practices, examination of
Federal affirmative employment
programs, or other functions of the
Commission as authorized by law.
9. FLRA
VA may disclose information to the
Federal Labor Relations Authority
(FLRA) in connection with: The
investigation and resolution of
VerDate Sep<11>2014
18:37 Nov 05, 2021
Jkt 256001
allegations of unfair labor practices, the
resolution of exceptions to arbitration
awards when a question of material fact
is raised; matters before the Federal
Service Impasses Panel; and the
investigation of representation petitions
and the conduct or supervision of
representation elections.
10. MSPB
VA may disclose information to the
Merit Systems Protection Board (MSPB)
and the Office of the Special Counsel in
connection with appeals, special studies
of the civil service and other merit
systems, review of rules and regulations,
investigation of alleged or possible
prohibited personnel practices, and
such other functions promulgated in 5
U.S.C. 1205 and 1206, or as authorized
by law.
11. NARA
VA may disclose information to
NARA in records management
inspections conducted under 44 U.S.C.
2904 and 2906, or other functions
authorized by laws and policies
governing NARA operations and VA
records management responsibilities.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
Records are stored in the AWS Cloud.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
Records may be retrieved by name,
social security number, VA’s integration
control number, or other assigned
identifiers of the individuals for whom
they are maintained.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
Records from this system that are
needed for audit purposes will be
disposed of 6 years after a user’s
account becomes inactive. Routine
records will be disposed of when the
agency determines they are no longer
needed for administrative, legal, audit,
or other operational purposes. These
retention and disposal statements are
pursuant to NARA General Records
Schedules GRS 20, item 1c and GRS 24,
item 6a.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
1. Access to and use of national
administrative databases, warehouses,
and data marts are limited to those
persons whose official duties require
such access, and VA has established
security procedures to ensure that
access is appropriately limited.
Information security officers and system
data stewards review and authorize data
access requests. VA regulates data
access with security software that
PO 00000
Frm 00108
Fmt 4703
Sfmt 4703
authenticates users and requires
individually-unique codes and
passwords. VA requires information
security training for all staff and
instructs staff on the responsibility each
person has for safeguarding data
confidentiality. 2. Physical access to
computer rooms housing national
administrative databases, warehouses,
and data marts is restricted to
authorized staff and protected by a
variety of security devices.
Unauthorized employees, contractors,
and other staff are not allowed in
computer rooms. 3. Data transmissions
between operational systems and
national administrative databases,
warehouses, and data marts maintained
by this system of record are protected by
state-of-the-art telecommunication
software and hardware. This may
include firewalls, intrusion detection
devices, encryption, and other security
measures necessary to safeguard data as
it travels across the VA-Wide Area
Network. 4. In most cases, copies of
back-up computer files are maintained
at off-site locations.
RECORD ACCESS PROCEDURES:
Individuals seeking information
regarding access to and contesting of
records in this system may write the
Director of VA Connected Health, VHA
Office of Informatics and Analytics,
Department of Veterans Affairs, 810
Vermont Avenue NW, Washington, DC
20420. Inquiries should, at a minimum,
include the person’s full name, social
security number, type of information
requested or contested, their return
address, and phone number.
CONTESTING RECORD PROCEDURES:
Individuals seeking information
regarding access to and contesting of
records in this system may write the
Director of VA Connected Health, VHA
Office of Informatics and Analytics,
Department of Veterans Affairs, 810
Vermont Avenue NW, Washington, DC
20420. Inquiries should, at a minimum,
include the person’s full name, social
security number, type of information
requested or contested, their return
address, and phone number.
NOTIFICATION PROCEDURES:
Individuals who wish to determine
whether this system of records contains
information about them should contact
the Director of VA Connected Health,
VHA Office of Informatics and
Analytics, Department of Veterans
Affairs, 810 Vermont Avenue NW,
Washington, DC 20420 or via the Web
at https://mobilehealth.va.gov. Inquiries
should include the person’s full name,
E:\FR\FM\08NON1.SGM
08NON1
Federal Register / Vol. 86, No. 213 / Monday, November 8, 2021 / Notices
social security number, and their return
address.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
N/A.
HISTORY:
VA Mobile Application Environment
(MAE)-VA (173VA005OP2) last full
publication provided in 78 FR 66806
dated November 6, 2013
[FR Doc. 2021–24368 Filed 11–5–21; 8:45 am]
BILLING CODE P
DEPARTMENT OF VETERANS
AFFAIRS
[OMB Control No. 2900–0576]
Agency Information Collection
Activity: Certification of Affirmation of
Enrollment Agreement
Correspondence Course
Veterans Benefits
Administration, Department of Veterans
Affairs.
ACTION: Notice.
AGENCY:
The Veterans Benefits
Administration (VBA), Department of
Veterans Affairs (VBA), is announcing
an opportunity for public comment on
the proposed collection of certain
information by the agency. Under the
Paperwork Reduction Act (PRA) of
1995, Federal agencies are required to
publish notice in the Federal Register
concerning each proposed collection of
information, including each proposed
Reinstatement of a Previously Approved
Information Collection and allow 60
days for public comment in response to
the notice.
DATES: Written comments and
recommendations on the proposed
collection of information should be
received on or before January 7, 2022.
ADDRESSES: Submit written comments
on the collection of information through
Federal Docket Management System
(FDMS) at www.Regulations.gov or to
Nancy J. Kessinger, Veterans Benefits
Administration (20M33), Department of
Veterans Affairs, 810 Vermont Avenue
NW, Washington, DC 20420 or email to
nancy.kessinger@va.gov. Please refer to
‘‘OMB Control No. 2900–0576’’ in any
correspondence. During the comment
period, comments may be viewed online
through FDMS.
FOR FURTHER INFORMATION CONTACT:
Maribel Aponte, Office of Enterprise
and Integration, Data Governance
Analytics (008), 1717 H Street NW,
Washington, DC 20006, (202) 266–4688
or email maribel.aponte@va.gov. Please
refer to ‘‘OMB Control No. 2900–0576’’
in any correspondence.
lotter on DSK11XQN23PROD with NOTICES1
SUMMARY:
VerDate Sep<11>2014
18:37 Nov 05, 2021
Jkt 256001
Under the
PRA of 1995, Federal agencies must
obtain approval from the Office of
Management and Budget (OMB) for each
collection of information they conduct
or sponsor. This request for comment is
being made pursuant to Section
3506(c)(2)(A) of the PRA.
With respect to the following
collection of information, VBA invites
comments on: (1) Whether the proposed
collection of information is necessary
for the proper performance of VBA’s
functions, including whether the
information will have practical utility;
(2) the accuracy of VBA’s estimate of the
burden of the proposed collection of
information; (3) ways to enhance the
quality, utility, and clarity of the
information to be collected; and (4)
ways to minimize the burden of the
collection of information on
respondents, including through the use
of automated collection techniques or
the use of other forms of information
technology.
Authority: 38 U.S.C. 3686(b); 38
U.S.C. 3323(a); 10 U.S.C. 16131, and 38
CFR 21.74256(b).
Title: Certification of Affirmation of
Enrollment Agreement Correspondence
Course.
OMB Control Number: 2900–0576.
Type of Review: Reinstatement of a
previously approved collection.
Abstract: VA uses information from
the current collection to pay education
benefits for correspondence training.
This information allows VA to
determine if the claimant has been
informed of the 5-day reflection period
required by law.
Affected Public: Individuals and
households.
Estimated Annual Burden: 3 hours.
Estimated Average Burden per
Respondent: 3 minutes.
Frequency of Response: Annually.
Estimated Number of Respondents:
69.
SUPPLEMENTARY INFORMATION:
By direction of the Secretary.
Maribel Aponte,
VA PRA Clearance Officer, Office of
Enterprise and Integration/Data Governance
Analytics, Department of Veterans Affairs.
[FR Doc. 2021–24346 Filed 11–5–21; 8:45 am]
BILLING CODE 8320–01–P
PO 00000
Frm 00109
Fmt 4703
Sfmt 4703
61855
DEPARTMENT OF VETERANS
AFFAIRS
[OMB Control No. 2900–0613]
Agency Information Collection
Activity: Record Keeping at Flight
Schools
Veterans Benefits
Administration, Department of Veterans
Affairs.
ACTION: Notice.
AGENCY:
The Veterans Benefits
Administration, Department of Veterans
Affairs, is announcing an opportunity
for public comment on the proposed
collection of certain information by the
agency. Under the Paperwork Reduction
Act (PRA) of 1995, Federal agencies are
required to publish notice in the
Federal Register concerning each
proposed collection of information,
including each proposed Reinstatement
of a Previously Approved Information
Collection and allow 60 days for public
comment in response to the notice.
DATES: Written comments and
recommendations on the proposed
collection of information should be
received on or before January 7, 2022.
ADDRESSES: Submit written comments
on the collection of information through
Federal Docket Management System
(FDMS) at www.Regulations.gov or to
Nancy J. Kessinger, Veterans Benefits
Administration (20M33), Department of
Veterans Affairs, 810 Vermont Avenue
NW, Washington, DC 20420 or email to
nancy.kessinger@va.gov. Please refer to
‘‘OMB Control No. 2900–0613’’ in any
correspondence. During the comment
period, comments may be viewed online
through FDMS.
FOR FURTHER INFORMATION CONTACT:
Maribel Aponte, Office of Enterprise
and Integration, Data Governance
Analytics (008), 1717 H Street NW,
Washington, DC 20006, (202) 266–4688
or email maribel.aponte@va.gov. Please
refer to ‘‘OMB Control No. 2900–0613’’
in any correspondence.
SUPPLEMENTARY INFORMATION: Under the
PRA of 1995, Federal agencies must
obtain approval from the Office of
Management and Budget (OMB) for each
collection of information they conduct
or sponsor. This request for comment is
being made pursuant to Section
3506(c)(2)(A) of the PRA.
With respect to the following
collection of information, VBA invites
comments on: (1) Whether the proposed
collection of information is necessary
for the proper performance of VBA’s
functions, including whether the
information will have practical utility;
(2) the accuracy of VBA’s estimate of the
SUMMARY:
E:\FR\FM\08NON1.SGM
08NON1
Agencies
[Federal Register Volume 86, Number 213 (Monday, November 8, 2021)]
[Notices]
[Pages 61852-61855]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-24368]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF VETERAN AFFAIRS
Privacy Act of 1974; System of Records
AGENCY: Department of Veteran Affairs, Office of General Counsel.
ACTION: Notice of a modified system of records.
-----------------------------------------------------------------------
SUMMARY: VA is amending the current system of record (SOR)
(173VA005OP2) the Department of Veterans Affairs (VA) Mobile
Application Environment (MAE) by renaming it VA Enterprise Cloud--
Mobile Application Platform (VAEC-MAP). The VA MAE has been replaced by
VAEC-MAP. VA changed Information Technology providers from Terremark to
Amazon Web Services (AWS). In addition, the system location has
changed. We are restating the routine uses in full and revising the
language to make routine uses align with recent Office of Management
and Budget (OMB) guidelines and making minor editorial changes to more
clearly articulate uses and to align with standardized VA routine use
language. VA is republishing the system notice in its entirety. VAEC-
MAP is a cloud hosted system that provides the infrastructure and
hosting platform for Mobile Shared Services (i.e., common services used
for Mobile applications) and web components of applications used on
Mobile devices. Mobile applications connect to VA enterprise services
using the VAEC MAP Mobile Shared Services. Mobile applications such as
Video Visits Service (VVS), Veteran Affairs Online Scheduling (VAOS),
Patient Viewer (PV), and Veteran Affairs Video Connect (VVC) leverage
this platform, pipeline, and hosting environment to provide a
coordinated scheduling and notification capability to Staff and
Veterans among other resources. VAEC-MAP uses the VAEC AWS cloud
environment to provide an automated platform and pipeline for the
development and hosting of production VA mobile applications. VAEC
Common shared services, such as BigFix, Nessus, Splunk, and AD, are
leveraged to provide security control implementation and system
security visibility to the VA teams responsible for ensuring the
security of VA systems. Administrative users of the VAEC-MAP
environment must authenticate to the VA (Citrix Access Gateway or
RESCUE) via Personal Identification Verification before using access
keys and Identity and Access Management multi-factor authentication to
gain access into the environment. System Administrators access the VA
network using VA managed Government Furnished Equipment through Virtual
Private Network connections to the VA Local Area Network and are
authenticated using an Active Directory system managed by VA Network
Security Operations Center. Encrypted communications protocols and
ports are employed to protect information flowing across the VA
network. All system access is managed via Role Based Access Control
deployed separately within the environment and adheres to the Least
Privilege Principal for all user accounts regardless of role. VAEC-MAP
user account management adheres to VA policy or exceeds VA Policy where
applicable.
DATES: Comments on this revision of a system of records must be
received no later than 30 days after date of publication in the Federal
Register. If no public comment is received during the period allowed
for comment or unless otherwise published in the Federal Register by
VA, these revisions will become effective a minimum of 30 days after
date of publication in the Federal Register. If VA receives public
comments, VA shall review the comments to determine whether any changes
to the notice are necessary.
ADDRESSES: Comments may be submitted through www.Regulations.gov or
mailed to VA Privacy Service, 810 Vermont Avenue NW, (005R1A),
Washington, DC 20420. Comments should indicate that they are submitted
in response to the VA Mobile Application Environment (MAE)-VA
(173VA005OP2). Comments received will be available at regulations.gov
for public viewing, inspection or copies.
FOR FURTHER INFORMATION CONTACT: For submitting general questions and
requests about this revised system please direct correspondence to Mark
Ennis (System Owner) [Veteran Affairs 102 2nd Avenue South, Suite 300,
St. Petersburg, FL 33701], or at [email protected], and 727-212-0827
(This is not a toll-free number).
SUPPLEMENTARY INFORMATION: VA is amending the current system of record
(SOR) (173VA005OP2) the Department of Veterans Affairs (VA) Mobile
Application Environment (MAE) by renaming it VA Enterprise Cloud--
Mobile Application Platform (VAEC-MAP) and updating the system
location.
Signing Authority
The Senior Agency Official for Privacy, or designee, approved this
document and authorized the undersigned to sign and submit the document
to the Office of the Federal Register for publication electronically as
an official document of the Department of Veterans Affairs. Dominic A.
Cussatt, Acting Assistant Secretary of Information and Technology and
Chief Information Officer, approved this document on May 26, 2021 for
publication.
[[Page 61853]]
Dated: November 3, 2021.
Amy L. Rose,
Program Analyst, VA Privacy Service, Office of Information Security,
Office of Information and Technology, Department of Veterans Affairs.
SYSTEM NAME AND NUMBER:
``VA Enterprise Cloud--Mobile Application Platform (Cloud)
Assessing (VAEC-MAP) (173VA005OP2).
SECURITY CLASSIFICATION:
Sensitive But Unclassified (SBU).
SYSTEM LOCATION:
The office responsible for the system is the Department of Veteran
Affairs, Office of General Counsel, 810 Vermont Ave. NW, Washington, DC
20420 and Amazon Web Services (AWS)--Seattle, WA.
SYSTEM MANAGER(S):
Mark Ennis (System Owner) Veteran Affairs 102 2nd Avenue South,
Suite 300, St. Petersburg, FL 33701, or at [email protected], and 727-
212-0827 (This is not a toll-free number).
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Title 38, United States Code, Section 501.
PURPOSE(S) OF THE SYSTEM:
The records and information will be used to provide a repository
for the clinical and administrative information that is collected,
retrieved, or displayed from within a VA mobile or Web application. The
purpose of use will include, but not be limited to, health care
treatment information, disability adjudication, and benefits to the
Veteran both within the VA Medical Center and in sharing with partners
who are participating through the eHealth Exchange in VA's Mobile
pilots and subsequent public and enterprise rollout of new
applications. Data may also be used at an aggregate, non-personally
identifiable level to track and evaluate local or national health and
benefits initiatives and preventative-care measures, such as detecting
outbreaks of flu or other diseases, detection of antibiotic resistance
bacteria, etc. These data may be used for such purposes as scheduling
patient treatment services, including nursing care, clinic
appointments, surveys, diagnostic, and therapeutic procedures. These
data may also be used for the purpose of health care operations, such
as producing various management and patient follow up reports;
responding to patient and other inquiries; for epidemiological research
and other health care-related studies; statistical analysis, resource
allocation and planning; providing clinical and administrative support
to patient medical care; determining entitlement and eligibility for VA
benefits; processing and adjudicating benefit claims by Veterans
Benefits Administration Regional Office staff; for audits, reviews, and
investigations conducted by staff of VA Central Office and VA's OIG;
sharing of health information between and among VHA, DoD, IHS, and
other Government and private industry health care organizations; law
enforcement investigations; quality assurance audits, reviews, and
investigations; personnel management and evaluation; employee ratings
and performance evaluations; and employee disciplinary or other adverse
action, including discharge; advising health care professional
licensing or monitoring bodies or similar entities of activities of VA
and former VA health care personnel.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The records contain information on Veterans, Veteran beneficiaries,
Veteran caregivers, members of the Armed Forces, Reserves and National
Guard, and other VA customers in addition to VA authorized users (e.g.,
VA employees, VA contractors, VA volunteers, and other individuals
permitted to have access to VA IT systems).
CATEGORIES OF RECORDS IN THE SYSTEM:
The records may include information related to data entered through
Web and mobile applications developed and maintained by VA, accessed
and updated by the individuals covered by the system as well as by VA-
authorized users. The records may contain demographics, personal
information (e.g., name, social security numbers, physical address,
phone number, email address), health-related information (e.g., vital
signs, allergies, medications, health related history, health
assessments), benefit-related information, information provided to VA
for the potential provision of services and benefits, military history
and services, preferences for authorizing the sharing of their health
information (e.g., electronic surrogate authorizations, electronic
surrogate revocations). The records may include identifiers such as
VA's integration control number. The information will be primarily
benefits and health-related but may include other information such as
customer entered updates to demographic information.
RECORD SOURCE CATEGORIES:
Information in this system of records is provided by Veterans and
their beneficiaries or caregivers, members of the Armed Services,
Reserves or National Guard; VA employees, other VA-authorized users
(e.g., DoD), and information from VA computer systems and databases
include, but not limited to, Veterans Health Information Systems and
Technology Architecture (VistA)--VA (79VA10P2) and National Patient
Databases--VA (121VA10P2), VAMCs, Federal and non-Federal VLER/eHealth
Exchange partners, and DoD.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
1. Congress
VA may disclose information to a Member of Congress or staff acting
upon the Member's behalf when the Member or staff requests the
information on behalf of, and at the request of, the individual who is
the subject of the record.
2. Data Breach Response and Remediation, for VA
VA may disclose information to appropriate agencies, entities, and
persons when (1) VA suspects or has confirmed that there has been a
breach of the system of records,(2) VA has determined that as a result
of the suspected or confirmed breach there is a risk of harm to
individuals, VA (including its information systems, programs, and
operations), the Federal Government, or national security; and (3) the
disclosure made to such agencies, entities, and persons is reasonably
necessary to assist in connection with VA's efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such
harm . . .
3. Data Breach Response and Remediation, for Another Federal Agency
VA may disclose information to another Federal agency or Federal
entity, when VA determines that the information from this system of
records is reasonably necessary to assist the recipient agency or
entity in (1) responding to a suspected or confirmed breach or (2)
preventing, minimizing, or remedying the risk of harm to individuals,
the recipient agency or entity (including its information systems,
programs, and operations), the Federal Government, or national
security, resulting from a suspected or confirmed breach.
4. Law Enforcement
VA may disclose information that, either alone or in conjunction
with
[[Page 61854]]
other information, indicates a violation or potential violation of law,
whether civil, criminal, or regulatory in nature, to a Federal, state,
local, territorial, tribal, or foreign law enforcement authority or
other appropriate entity charged with the responsibility of
investigating or prosecuting such violation or charged with enforcing
or implementing such law. The disclosure of the names and addresses of
veterans and their dependents from VA records under this routine use
must also comply with the provisions of 38 U.S.C. 5701.
5. DoJ for Litigation or Administrative Proceeding
VA may disclose information to the Department of Justice (DoJ), or
in a proceeding before a court, adjudicative body, or other
administrative body before which VA is authorized to appear, when:
(a) VA or any component thereof;
(b) Any VA employee in his or her official capacity;
(c) Any VA employee in his or her official capacity where DoJ has
agreed to represent the employee; or
(d) The United States, where VA determines that litigation is
likely to affect the agency or any of its components,
is a party to such proceedings or has an interest in such
proceedings, and VA determines that use of such records is relevant and
necessary to the proceedings.
6. Contractors
VA may disclose information to contractors, grantees, experts,
consultants, students, and others performing or working on a contract,
service, grant, cooperative agreement, or other assignment for VA, when
reasonably necessary to accomplish an agency function related to the
records.
7. OPM
VA may disclose information to the Office of Personnel Management
(OPM) in connection with the application or effect of civil service
laws, rules, regulations, or OPM guidelines in particular situations.
8. EEOC
VA may disclose information to the Equal Employment Opportunity
Commission (EEOC) in connection with investigations of alleged or
possible discriminatory practices, examination of Federal affirmative
employment programs, or other functions of the Commission as authorized
by law.
9. FLRA
VA may disclose information to the Federal Labor Relations
Authority (FLRA) in connection with: The investigation and resolution
of allegations of unfair labor practices, the resolution of exceptions
to arbitration awards when a question of material fact is raised;
matters before the Federal Service Impasses Panel; and the
investigation of representation petitions and the conduct or
supervision of representation elections.
10. MSPB
VA may disclose information to the Merit Systems Protection Board
(MSPB) and the Office of the Special Counsel in connection with
appeals, special studies of the civil service and other merit systems,
review of rules and regulations, investigation of alleged or possible
prohibited personnel practices, and such other functions promulgated in
5 U.S.C. 1205 and 1206, or as authorized by law.
11. NARA
VA may disclose information to NARA in records management
inspections conducted under 44 U.S.C. 2904 and 2906, or other functions
authorized by laws and policies governing NARA operations and VA
records management responsibilities.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are stored in the AWS Cloud.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records may be retrieved by name, social security number, VA's
integration control number, or other assigned identifiers of the
individuals for whom they are maintained.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records from this system that are needed for audit purposes will be
disposed of 6 years after a user's account becomes inactive. Routine
records will be disposed of when the agency determines they are no
longer needed for administrative, legal, audit, or other operational
purposes. These retention and disposal statements are pursuant to NARA
General Records Schedules GRS 20, item 1c and GRS 24, item 6a.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
1. Access to and use of national administrative databases,
warehouses, and data marts are limited to those persons whose official
duties require such access, and VA has established security procedures
to ensure that access is appropriately limited. Information security
officers and system data stewards review and authorize data access
requests. VA regulates data access with security software that
authenticates users and requires individually-unique codes and
passwords. VA requires information security training for all staff and
instructs staff on the responsibility each person has for safeguarding
data confidentiality. 2. Physical access to computer rooms housing
national administrative databases, warehouses, and data marts is
restricted to authorized staff and protected by a variety of security
devices. Unauthorized employees, contractors, and other staff are not
allowed in computer rooms. 3. Data transmissions between operational
systems and national administrative databases, warehouses, and data
marts maintained by this system of record are protected by state-of-
the-art telecommunication software and hardware. This may include
firewalls, intrusion detection devices, encryption, and other security
measures necessary to safeguard data as it travels across the VA-Wide
Area Network. 4. In most cases, copies of back-up computer files are
maintained at off-site locations.
RECORD ACCESS PROCEDURES:
Individuals seeking information regarding access to and contesting
of records in this system may write the Director of VA Connected
Health, VHA Office of Informatics and Analytics, Department of Veterans
Affairs, 810 Vermont Avenue NW, Washington, DC 20420. Inquiries should,
at a minimum, include the person's full name, social security number,
type of information requested or contested, their return address, and
phone number.
CONTESTING RECORD PROCEDURES:
Individuals seeking information regarding access to and contesting
of records in this system may write the Director of VA Connected
Health, VHA Office of Informatics and Analytics, Department of Veterans
Affairs, 810 Vermont Avenue NW, Washington, DC 20420. Inquiries should,
at a minimum, include the person's full name, social security number,
type of information requested or contested, their return address, and
phone number.
NOTIFICATION PROCEDURES:
Individuals who wish to determine whether this system of records
contains information about them should contact the Director of VA
Connected Health, VHA Office of Informatics and Analytics, Department
of Veterans Affairs, 810 Vermont Avenue NW, Washington, DC 20420 or via
the Web at https://mobilehealth.va.gov. Inquiries should include the
person's full name,
[[Page 61855]]
social security number, and their return address.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
N/A.
HISTORY:
VA Mobile Application Environment (MAE)-VA (173VA005OP2) last full
publication provided in 78 FR 66806 dated November 6, 2013
[FR Doc. 2021-24368 Filed 11-5-21; 8:45 am]
BILLING CODE P