Privacy Act of 1974; System of Records, 25074-25077 [2023-08710]
Download as PDF
25074
Federal Register / Vol. 88, No. 79 / Tuesday, April 25, 2023 / Notices
Dated: April 20, 2023.
Rebecca Fernandes,
Director of Accounting.
FOR FURTHER INFORMATION CONTACT:
[FR Doc. 2023–08702 Filed 4–24–23; 8:45 am]
BILLING CODE 2810–03–P
DEPARTMENT OF VETERANS
AFFAIRS
Privacy Act of 1974; System of
Records
Veterans Health
Administration (VHA), Department of
Veterans Affairs (VA).
ACTION: Notice of modified system of
records.
AGENCY:
Pursuant to the Privacy Act of
1974, notice is hereby given that the VA
is modifying the system of records
entitled ‘‘Disaster Emergency Medical
Personnel System (DEMPS)-VA’’
(98VA104). This system is used to
provide information on sufficient health
care medical support personnel to
respond to disasters, to provide
information to the VHA Office of
Emergency Management (OEM)
primarily during national, regional, or
local emergencies caused by
catastrophic events, and to respond to
internal emergencies occurring within
the Veterans Integrated Service
Networks (VISN) requiring support to
VHA facilities or National Disaster
Frameworks, Emergency Support
Function 8 (ESF 8) assistance to Federal,
State, local, Territorial, or Tribal (SLTT)
partners.
DATES: Comments on this modified
system of records must be received no
later than 30 days after date of
publication in the Federal Register. If
no public comment is received during
the period allowed for comment or
unless otherwise published in the
Federal Register by VA, the modified
system of records will become effective
a minimum of 30 days after date of
publication in the Federal Register. If
VA receives public comments, VA shall
review the comments to determine
whether any changes to the notice are
necessary.
SUMMARY:
Comments may be
submitted through www.Regulations.gov
or mailed to VA Privacy Service, 810
Vermont Avenue NW, (005R1A),
Washington, DC 20420. Comments
should indicate that they are submitted
in response to ‘‘Disaster Emergency
Medical Personnel System (DEMPS)VA’’ (98VA104). Comments received
will be available at regulations.gov for
public viewing, inspection or copies.
lotter on DSK11XQN23PROD with NOTICES1
ADDRESSES:
VerDate Sep<11>2014
16:47 Apr 24, 2023
Jkt 259001
Stephania Griffin, Veterans Health
Administration Chief Privacy Officer,
Department of Veterans Affairs, 810
Vermont Avenue NW, Washington, DC
20420, stephania.griffin@va.gov,
telephone number 704–245–2492 (Note:
This is not a toll-free number).
SUPPLEMENTARY INFORMATION: VA is
modifying the system by revising the
System Name, System Number, System
Location; System Manager; Purpose;
Categories of Individuals Covered by the
System; Categories of Records in the
System; Records Source Categories;
Routine Uses of Records Maintained in
the System; Policies and Practices for
Retention and Disposal of Records; and
Physical, Procedural and Administrative
Safeguards.
The System Name will be changed
from ‘‘Disaster Emergency Medical
Personnel System (DEMPS)-VA’’ to
‘‘Performance Improvement
Management System (PIMS),
Deployment Management System
(DMS)-VA’’.
The System Number will be changed
from 98VA104 to 98VA10 to reflect the
current VHA organizational routing
symbol.
The System Location is being updated
to remove verbiage indicating that
records are maintained at each of the
VA health care facilities. The address
locations for VA facilities were listed in
VA Appendix I of the biennial
publication of the VA systems of record.
Information from these records or copies
of records may be maintained at the
Department of Veterans Affairs, 810
Vermont Avenue NW, Washington, DC
20420; Network Directors’ Offices;
Emergency Management Strategic
Healthcare Group Headquarters, VA
Medical Center, Martinsburg, WV
25401; or with the Area Emergency
Managers located at VA facilities. This
section will now reflect the following:
Records are maintained within the
DMS/PIMS infrastructure and database.
PIMS is a web-based system developed
and hosted under contract with the Oak
Ridge Associated Universities (ORAU).
ORAU’s cognizant government
contracting office is the U.S. Department
of Energy (DOE), Oak Ridge National
Laboratory Site Office. PIMS is hosted
on a Windows stack (Web and
Structured Query Language server); all
tiers of the PIMS application stack are
hosted in a virtual hosting environment
by ORAU in their data center in Oak
Ridge, Tennessee.
The System Manager is being updated
to replace Director, Emergency
Management Strategic Healthcare Group
(EMSHG (13C)), with Executive
Director, VHA OEM.
PO 00000
Frm 00107
Fmt 4703
Sfmt 4703
The Purpose is being updated to
revise verbiage indicating that records
are used for the Emergency Management
Strategic Healthcare Group primarily in
times of national emergencies caused by
catastrophic events, and to respond to
internal emergencies occurring within
the VISNs. This section will now reflect
the following: Provide information to
VHA OEM primarily in times of
national, regional, or local emergencies
requiring support to VHA facilities or
National Disaster Frameworks,
Emergency Support Function 8 (ESF 8)
assistance to Federal, SLTT partners.
Categories of Individuals Covered by
the System is being updated to remove
terrorist attacks, and the employment of
nuclear, biological, and chemical
weapons of mass destruction. This
section will include supporting staff,
man-made hazards, and other positions
required for hospital and health care
operations.
Categories of Records in the System is
being updated to remove: Information is
provided on a voluntary basis. This
section will include supporting staff,
and mission assignments from other
Federal departments and agencies.
Information such as name, professional
title, credentialing, home station,
professional specialty, job position title.
Records Source Categories is being
updated to include: the Light Electronic
Action Framework (LEAF) system is
used to provide credentialing and
privileging of health care providers and
personnel.
Policies and Practices for Retention
and Disposal of Records is being
updated to include VHA Records
Control Schedule 10–1, Item Number
1270.1.
The following routine use #4 is being
updated to include Clinical Deployment
Team, Telehealth Emergency
Management, or other VHA personnel.
The following routine use #10 is being
removed: Information may be disclosed
to a State or local government entity or
national certifying body that has the
authority to make decisions concerning
the issuance, retention or revocation of
licenses.
The following routine use is now
being replaced as #10: Data Breach
Response and Remediation, for Another
Federal Agency: To another Federal
agency or Federal entity, when VA
determines that information from this
system of records is reasonably
necessary to assist the recipient agency
or entity in (1) responding to a
suspected or confirmed breach or (2)
preventing, minimizing, or remedying
the risk of harm to individuals, the
recipient agency or entity (including its
information systems, programs, and
E:\FR\FM\25APN1.SGM
25APN1
Federal Register / Vol. 88, No. 79 / Tuesday, April 25, 2023 / Notices
operations), the Federal Government, or
national security, resulting from a
suspected or confirmed breach.
Physical, Procedural and
Administrative Safeguards is being
updated to include VA Police Service.
Number 2 will remove: Access to the
Veterans Health Information Systems
Technology Architecture (VistA)
computer room within the health care
facilities is generally limited by
appropriate security devices and
restricted to authorized VA employees
and vendor personnel. Automatic Data
Processing (ADP) peripheral devices are
generally placed in secure areas (areas
that are locked or have limited access)
or are otherwise protected. Authorized
VA employees may access information
in the VistA system. Access to file
information is controlled at two levels:
The system recognizes authorized
employees by a series of individually
unique passwords/codes as a part of
each data message, and the employees
are limited to only that information in
the file which is needed in the
performance of their official duties. This
section will now reflect the following:
All tiers of the VHA PIMS application
stack are hosted in a highly available,
resilient, and redundant virtual hosting
environment. The internet connection is
provided through the Department of
Energy’s Energy Science Network
(ES.NET), managed by ORAU under a
DOE Authority to Operate (ATO). As
part of the ATO, VHA PIMS has been
built in accordance with applicable
Federal Information Security
Management Act and National Institute
of Standards and Technology (NIST)
security and privacy control
requirements for Federal information
systems with implementation of all
baseline security controls
commensurate with the Federal
Information Processing Standard 199
system security categorization. ORAU
handles data in PIMS in accordance
with the appropriate NIST
classification.
lotter on DSK11XQN23PROD with NOTICES1
Signing Authority
The Senior Agency Official for
Privacy, or designee, approved this
document and authorized the
undersigned to sign and submit the
document to the Office of the Federal
Register for publication electronically as
an official document of the Department
of Veterans Affairs. Kurt D. DelBene,
Assistant Secretary for Information and
Technology and Chief Information
Officer, approved this document on
March 18, 2023 for publication.
VerDate Sep<11>2014
16:47 Apr 24, 2023
Jkt 259001
Dated: April 20, 2023.
Amy L. Rose,
Program Analyst, VA Privacy Service, Office
of Information Security, Office of Information
and Technology, Department of Veterans
Affairs.
SYSTEM NAME AND NUMBER:
Performance Improvement
Management System (PIMS),
Deployment Management System
(DMS)-VA (98VA10).
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Records are maintained within the
DMS/PIMS infrastructure and database.
PIMS is a web-based system developed
and hosted under contract with the Oak
Ridge Associated Universities (ORAU).
ORAU’s cognizant government
contracting office is the U.S. Department
of Energy (DOE), Oak Ridge National
Laboratory Site Office. PIMS is hosted
on a Windows stack (Web and
Structured Query Language server); all
tiers of the PIMS application stack are
hosted in a virtual hosting environment
by ORAU in their data center in Oak
Ridge, Tennessee.
SYSTEM MANAGER(S):
Official responsible for maintaining
the system: Executive Director, Veterans
Health Administration (VHA) Office of
Emergency Management (OEM), VA
Medical Center, Martinsburg, West
Virginia, 25405. Telephone number
304–264–4827 (Note: This is not a tollfree number).
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Authority for maintenance of this
system of records is Executive Order
12656 dated November 18, 1988.
PURPOSE(S) OF THE SYSTEM:
The records may be used for such
purpose as to provide information on
sufficient health care medical and
support personnel to respond to
disasters, to provide information to
VHA OEM primarily in times of
national, regional, or local emergencies
requiring support to VHA facilities or
National Disaster Frameworks,
Emergency Support Function 8 (ESF 8)
assistance to Federal, State, Local,
Territorial, or Tribal (SLTT) partners.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
These records include information on
VA employees who make application to
VA and are considered for deployment
as health care providers and supporting
staff, primarily in times of national,
regional, or local emergencies in
PO 00000
Frm 00108
Fmt 4703
Sfmt 4703
25075
response to domestic disasters resulting
from natural, technological, or manmade hazards. These individuals may
include audiologists, dentists, dietitians,
expanded-function dental auxiliaries,
licensed practical vocational nurses,
nuclear medicine technologists, nurse
anesthetists, nurse practitioners, nurses,
occupational therapists, optometrists,
clinical pharmacists, licensed physical
therapists, physician assistants,
physicians, podiatrists, psychologists,
registered respiratory therapists,
certified respiratory therapy
technicians, diagnostic and therapeutic
radiology technologists, social workers,
speech pathologists, contracting
specialists, building maintenance,
engineering, housekeeping, other
positions required for hospital and
health care operations and other
personnel associated with emergency
management.
CATEGORIES OF RECORDS IN THE SYSTEM:
The records may include information
on VA employees who make application
to be deployed as health care providers
and supporting staff primarily in times
of national, regional, or local
emergencies. This source document
provides personal and demographic
information, such as name, professional
title, credentialing, home station,
professional specialty, job position title,
initiated, provided, and authenticated
by the employee and contains the
necessary approvals and signatures of
officials in the supervisory chain for the
employee’s inclusion in the database.
Information related to identifying and
selecting by VHA OEM, Veterans
Integrated Services Networks (VISN)
and VA medical facility personnel
eligible to support specific job taskings
and assignments during disasters
internal to the VHA health care system
or external to VHA for which the VA is
tasked to provide support under
applicable authorities. Requests for
issuance of travel orders and necessary
reimbursement to VA for subsequent
allocation of funds to home stations of
deployed personnel are required to
cover costs of travel, overtime and other
expenses associated with individual
deployments. This information is
necessary to account for personnel
deployed in support of disasters, to
identify personnel with specific job
skills and experience that may be
required to support contingency
missions tasked to VA under the VA/
Department of Defense Contingency
Plan or mission assignments from other
Federal departments and agencies, and
for the development of plans at the
enterprise, network, and medical center
level for utilization of VHA personnel in
E:\FR\FM\25APN1.SGM
25APN1
25076
Federal Register / Vol. 88, No. 79 / Tuesday, April 25, 2023 / Notices
support of disasters internal and
external to VA.
RECORD SOURCE CATEGORIES:
The information will be provided by
the individual VA employee and the VA
medical facility (assigned facility) or
other VA location at which the
employee is employed. VHA OEM
Headquarters will also provide
information for updates of deployment
status and availability. The Light
Electronic Action Framework (LEAF)
system is used to provide credentialing
and privileging of health care providers
and personnel.
lotter on DSK11XQN23PROD with NOTICES1
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES:
1. Selected information (such as
name, station and telephone numbers)
may be disclosed to other Federal
departments and agencies that have an
interest in or obligation to track or
otherwise audit transfer of funds to VA
for reimbursement of tasks.
2. Statistical information and other
data may be disclosed to Federal, SLTT
government agencies to assist in disaster
planning and after-action reports.
3. Law Enforcement: To a Federal,
SLTT or foreign law enforcement
authority or other appropriate entity
charged with the responsibility of
investigating or prosecuting such
violation or charged with enforcing or
implementing such law, provided that
the disclosure is limited to information
that, either alone or in conjunction with
other information, indicates a violation
or potential violation of law, whether
civil, criminal or regulatory in nature.
The disclosure of the names and
addresses of Veterans and their
dependents from VA records under this
routine use must also comply with the
provisions of 38 U.S.C. 5701.
4. Disclosure may be made to any
source, such as a police department or
the Federal Bureau of Investigation,
from which additional information is
requested to the extent necessary to
identify the individual, inform the
source of the purpose(s) of the request,
and to identify the type of information
requested such as DEMPS, Clinical
Deployment Team, Telehealth
Emergency Management, or other VHA
personnel present at a crime scene
caused by terrorists.
5. Disclosure may be made to an
agency in the executive, legislative, or
judicial branch or the District of
Columbia Government in response to its
request, or at the initiation of VA, for
information in connection with the
selection of an employee for the
deployment and future training of an
VerDate Sep<11>2014
16:47 Apr 24, 2023
Jkt 259001
individual, the letting of a contract, the
issuance of a license, grant or other
benefits by the requesting agency, or the
lawful statutory, administrative or
investigative purpose of the agency to
the extent that the information is
relevant and necessary to the requesting
agency’s deployment/Federal Response
Framework needs.
6. Congress: To a Member of Congress
or staff acting upon the Member’s behalf
when the Member or staff requests the
information on behalf of, and at the
request of, the individual who is the
subject of the record.
7. National Archives and Records
Administration (NARA): To NARA in
records management inspections
conducted under 44 U.S.C. 2904 and
2906, or other functions authorized by
laws and policies governing NARA
operations and VA records management
responsibilities.
8. State Licensing Boards, for
Licensing: To a Federal agency, a state
or local government licensing board, the
Federation of State Medical Boards or a
similar non-governmental entity that
maintains records concerning
individuals’ employment histories or
concerning the issuance, retention or
revocation of licenses, certifications or
registration necessary to practice an
occupation, profession or specialty, to
inform such non-governmental entities
about the health care practices of a
terminated, resigned or retired health
care employee whose professional
health care activity so significantly
failed to conform to generally accepted
standards of professional medical
practice as to raise reasonable concern
for the health and safety of patients in
the private sector or from another
Federal Agency. These records may also
be disclosed as part of an ongoing
computer matching program to
accomplish these purposes.
9. The Joint Commission, for
Accreditation: To survey teams of The
Joint Commission, College of American
Pathologists, American Association of
Blood Banks, and similar national
accreditation agencies or boards with
which VA has a contract or agreement
to conduct such reviews, as relevant and
necessary for the purpose of program
review or the seeking of accreditation or
certification.
10. Data Breach Response and
Remediation, for Another Federal
Agency: To another Federal agency or
Federal entity, when VA determines
that information from this system of
records is reasonably necessary to assist
the recipient agency or entity in (1)
responding to a suspected or confirmed
breach or (2) preventing, minimizing or
remedying the risk of harm to
PO 00000
Frm 00109
Fmt 4703
Sfmt 4703
individuals, the recipient agency or
entity (including its information
systems, programs, and operations), the
Federal Government or national
security, resulting from a suspected or
confirmed breach.
11. Department of Justice (DoJ),
Litigation, Administrative Proceeding:
To DoJ, or in a proceeding before a
court, adjudicative body or other
administrative body before which VA is
authorized to appear, when:
(a) VA or any component thereof;
(b) Any VA employee in their official
capacity;
(c) Any VA employee in their
individual capacity where DoJ has
agreed to represent the employee; or
(d) The United States, where VA
determines that litigation is likely to
affect the agency or any of its
components, is a party to such
proceedings or has an interest in such
proceedings, and VA determines that
use of such records is relevant and
necessary to the proceedings.
12. Information on deployment to
Federal/VHA emergencies, performance,
or other personnel-related material may
be disclosed to any facility with which
there is, or there is proposed to be, an
affiliation, sharing agreement, contract
or similar arrangement, for purposes of
establishing, maintaining or expanding
any such relationship.
13. Information concerning a health
care provider’s professional
qualifications and clinical privileges
may be disclosed to a VA/emergency
disaster-served client patient, or the
representative or guardian of a patient
who, due to physical or mental
incapacity, lacks sufficient
understanding or legal capacity to make
decisions concerning his or her medical
care, who is receiving or contemplating
receiving medical or other patient care
services from the provider when the
information is needed by the patient or
the patient’s representative or guardian
in order to make a decision related to
the initiation of treatment, continuation
or discontinuation of treatment, or
receiving a specific treatment that is
proposed or planned by the provider.
Disclosure will be limited to
information concerning the health care
provider’s professional qualifications
(professional education, training and
current licensure/certification status),
professional employment history and
current clinical privileges.
14. Unions: To officials of labor
organizations recognized under 5 U.S.C.
chapter 71(b)(4) when relevant and
necessary to their duties of exclusive
representation concerning personnel
policies, practices and matters affecting
working conditions.
E:\FR\FM\25APN1.SGM
25APN1
Federal Register / Vol. 88, No. 79 / Tuesday, April 25, 2023 / Notices
lotter on DSK11XQN23PROD with NOTICES1
15. Information may be disclosed to
the VA-appointed representative of an
employee of all notices, determinations,
decisions or other written
communications issued to the employee
in connection with an examination
ordered by VA under medical
evaluation (formerly fitness-for-duty)
examination procedures or Departmentfiled disability retirement procedures.
16. Merit Systems Protection Board
(MSPB): To the MSPB and the Office of
the Special Counsel in connection with
appeals, special studies of the civil
service and other merit systems, review
of rules and regulations, investigation of
alleged or possible prohibited personnel
practices and such other functions
promulgated in 5 U.S.C. 1205 and 1206,
or as authorized by law.
17. Equal Employment Opportunity
Commission (EEOC): To the EEOC in
connection with investigations of
alleged or possible discriminatory
practices, examination of Federal
affirmative employment programs or
other functions of the Commission as
authorized by law.
18. Federal Labor Relations Authority
(FLRA): To the FLRA in connection
with: The investigation and resolution
of allegations of unfair labor practices,
the resolution of exceptions to
arbitration awards when a question of
material fact is raised; matters before the
Federal Service Impasses Panel; and the
investigation of representation petitions
and the conduct or supervision of
representation elections.
19. Contractors: To contractors,
grantees, experts, consultants, students
and others performing or working on a
contract, service, grant, cooperative
agreement or other assignment for VA,
when reasonably necessary to
accomplish an agency function related
to the records.
20. Federal Agencies, Fraud and
Abuse: To other Federal agencies to
assist such agencies in preventing and
detecting possible fraud or abuse by
individuals in their operations and
programs.
21. Data Breach Response and
Remediation, for VA: To appropriate
agencies, entities and persons when (1)
VA suspects or has confirmed that there
has been a breach of the system of
records; (2) VA has determined that as
a result of the suspected or confirmed
VerDate Sep<11>2014
16:47 Apr 24, 2023
Jkt 259001
breach there is a risk to individuals, VA
(including its information systems,
programs and operations), the Federal
Government or national security; and (3)
the disclosure made to such agencies,
entities or persons reasonably necessary
to assist in connection with VA efforts
to respond to the suspected or
confirmed breach or to prevent,
minimize or remedy such harm.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
Automated records are maintained at
all levels of management outlined in
system location. Automated information
is stored in this database.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
Records in this system are retrieved
by the name, professional title, VISN,
home station, professional specialty, job
position title, etc., of the individuals on
whom they are maintained.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
An automated database of deployable
personnel will be maintained by VHA
OEM. If an individual transfers to
another VA facility location, the
individual’s data will be reassigned
within the system to the new location.
Records in this system are retained and
disposed of in accordance with the
schedule approved by the Archivist of
the United States, VHA Records Control
Schedule 10–1, Item Number 1270.1.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
1. Access to VA working and storage
areas in VA health care facilities are
restricted to VA employees on a needto-know basis; strict control measures
are enforced to ensure that disclosure to
these individuals is also based on this
same principle. Generally, VA file areas
are locked after normal duty hours, and
the health care facilities are protected
from outside access by the VA Police
Service, Federal Protective Service or
other security personnel.
2. All tiers of the VHA PIMS
application stack are hosted in a highly
available, resilient and redundant
virtual hosting environment. The
internet connection is provided through
the Department of Energy’s Energy
Science Network (ES.NET), managed by
PO 00000
Frm 00110
Fmt 4703
Sfmt 9990
25077
ORAU under a DOE Authority to
Operate (ATO). As part of the ATO,
VHA PIMS has been built in accordance
with applicable Federal Information
Security Management Act and National
Institute of Standards and Technology
(NIST) security and privacy control
requirements for Federal information
systems with implementation of all
baseline security controls
commensurate with the Federal
Information Processing Standard 199
system security categorization. ORAU
handles data in PIMS in accordance
with the appropriate NIST
classification.
RECORD ACCESS PROCEDURES:
Individuals seeking information on
the existence and content of records in
this system pertaining to them should
contact the system manager in writing
as indicated above, or the individuals
may write, call or visit the VA facility
location where they made application
for employment or are (or were)
employed. A request for access to
records must contain the requester’s full
name, address, telephone number, be
signed by the requester, and describe
the records sought in sufficient detail to
enable VA personnel to locate them
with a reasonable amount of effort.
CONTESTING RECORD PROCEDURES:
Individuals seeking to contest or
amend records in this system pertaining
to them should contact the system
manager in writing as indicated above.
A request to contest or amend records
must state clearly and concisely what
record is being contested, the reasons
for contesting it, and the proposed
amendment to the record.
NOTIFICATION PROCEDURES:
Generalized notice is provided by the
publication of this notice. For specific
notice, see Record Access Procedure,
above.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
65 FR 25531 (May 2, 2000); 75 FR
4458 (January 27, 2010).
[FR Doc. 2023–08710 Filed 4–24–23; 8:45 am]
BILLING CODE 8320–01–P
E:\FR\FM\25APN1.SGM
25APN1
Agencies
[Federal Register Volume 88, Number 79 (Tuesday, April 25, 2023)]
[Notices]
[Pages 25074-25077]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-08710]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF VETERANS AFFAIRS
Privacy Act of 1974; System of Records
AGENCY: Veterans Health Administration (VHA), Department of Veterans
Affairs (VA).
ACTION: Notice of modified system of records.
-----------------------------------------------------------------------
SUMMARY: Pursuant to the Privacy Act of 1974, notice is hereby given
that the VA is modifying the system of records entitled ``Disaster
Emergency Medical Personnel System (DEMPS)-VA'' (98VA104). This system
is used to provide information on sufficient health care medical
support personnel to respond to disasters, to provide information to
the VHA Office of Emergency Management (OEM) primarily during national,
regional, or local emergencies caused by catastrophic events, and to
respond to internal emergencies occurring within the Veterans
Integrated Service Networks (VISN) requiring support to VHA facilities
or National Disaster Frameworks, Emergency Support Function 8 (ESF 8)
assistance to Federal, State, local, Territorial, or Tribal (SLTT)
partners.
DATES: Comments on this modified system of records must be received no
later than 30 days after date of publication in the Federal Register.
If no public comment is received during the period allowed for comment
or unless otherwise published in the Federal Register by VA, the
modified system of records will become effective a minimum of 30 days
after date of publication in the Federal Register. If VA receives
public comments, VA shall review the comments to determine whether any
changes to the notice are necessary.
ADDRESSES: Comments may be submitted through www.Regulations.gov or
mailed to VA Privacy Service, 810 Vermont Avenue NW, (005R1A),
Washington, DC 20420. Comments should indicate that they are submitted
in response to ``Disaster Emergency Medical Personnel System (DEMPS)-
VA'' (98VA104). Comments received will be available at regulations.gov
for public viewing, inspection or copies.
FOR FURTHER INFORMATION CONTACT: Stephania Griffin, Veterans Health
Administration Chief Privacy Officer, Department of Veterans Affairs,
810 Vermont Avenue NW, Washington, DC 20420, [email protected],
telephone number 704-245-2492 (Note: This is not a toll-free number).
SUPPLEMENTARY INFORMATION: VA is modifying the system by revising the
System Name, System Number, System Location; System Manager; Purpose;
Categories of Individuals Covered by the System; Categories of Records
in the System; Records Source Categories; Routine Uses of Records
Maintained in the System; Policies and Practices for Retention and
Disposal of Records; and Physical, Procedural and Administrative
Safeguards.
The System Name will be changed from ``Disaster Emergency Medical
Personnel System (DEMPS)-VA'' to ``Performance Improvement Management
System (PIMS), Deployment Management System (DMS)-VA''.
The System Number will be changed from 98VA104 to 98VA10 to reflect
the current VHA organizational routing symbol.
The System Location is being updated to remove verbiage indicating
that records are maintained at each of the VA health care facilities.
The address locations for VA facilities were listed in VA Appendix I of
the biennial publication of the VA systems of record. Information from
these records or copies of records may be maintained at the Department
of Veterans Affairs, 810 Vermont Avenue NW, Washington, DC 20420;
Network Directors' Offices; Emergency Management Strategic Healthcare
Group Headquarters, VA Medical Center, Martinsburg, WV 25401; or with
the Area Emergency Managers located at VA facilities. This section will
now reflect the following: Records are maintained within the DMS/PIMS
infrastructure and database. PIMS is a web-based system developed and
hosted under contract with the Oak Ridge Associated Universities
(ORAU). ORAU's cognizant government contracting office is the U.S.
Department of Energy (DOE), Oak Ridge National Laboratory Site Office.
PIMS is hosted on a Windows stack (Web and Structured Query Language
server); all tiers of the PIMS application stack are hosted in a
virtual hosting environment by ORAU in their data center in Oak Ridge,
Tennessee.
The System Manager is being updated to replace Director, Emergency
Management Strategic Healthcare Group (EMSHG (13C)), with Executive
Director, VHA OEM.
The Purpose is being updated to revise verbiage indicating that
records are used for the Emergency Management Strategic Healthcare
Group primarily in times of national emergencies caused by catastrophic
events, and to respond to internal emergencies occurring within the
VISNs. This section will now reflect the following: Provide information
to VHA OEM primarily in times of national, regional, or local
emergencies requiring support to VHA facilities or National Disaster
Frameworks, Emergency Support Function 8 (ESF 8) assistance to Federal,
SLTT partners.
Categories of Individuals Covered by the System is being updated to
remove terrorist attacks, and the employment of nuclear, biological,
and chemical weapons of mass destruction. This section will include
supporting staff, man-made hazards, and other positions required for
hospital and health care operations.
Categories of Records in the System is being updated to remove:
Information is provided on a voluntary basis. This section will include
supporting staff, and mission assignments from other Federal
departments and agencies. Information such as name, professional title,
credentialing, home station, professional specialty, job position
title.
Records Source Categories is being updated to include: the Light
Electronic Action Framework (LEAF) system is used to provide
credentialing and privileging of health care providers and personnel.
Policies and Practices for Retention and Disposal of Records is
being updated to include VHA Records Control Schedule 10-1, Item Number
1270.1.
The following routine use #4 is being updated to include Clinical
Deployment Team, Telehealth Emergency Management, or other VHA
personnel.
The following routine use #10 is being removed: Information may be
disclosed to a State or local government entity or national certifying
body that has the authority to make decisions concerning the issuance,
retention or revocation of licenses.
The following routine use is now being replaced as #10: Data Breach
Response and Remediation, for Another Federal Agency: To another
Federal agency or Federal entity, when VA determines that information
from this system of records is reasonably necessary to assist the
recipient agency or entity in (1) responding to a suspected or
confirmed breach or (2) preventing, minimizing, or remedying the risk
of harm to individuals, the recipient agency or entity (including its
information systems, programs, and
[[Page 25075]]
operations), the Federal Government, or national security, resulting
from a suspected or confirmed breach.
Physical, Procedural and Administrative Safeguards is being updated
to include VA Police Service. Number 2 will remove: Access to the
Veterans Health Information Systems Technology Architecture (VistA)
computer room within the health care facilities is generally limited by
appropriate security devices and restricted to authorized VA employees
and vendor personnel. Automatic Data Processing (ADP) peripheral
devices are generally placed in secure areas (areas that are locked or
have limited access) or are otherwise protected. Authorized VA
employees may access information in the VistA system. Access to file
information is controlled at two levels: The system recognizes
authorized employees by a series of individually unique passwords/codes
as a part of each data message, and the employees are limited to only
that information in the file which is needed in the performance of
their official duties. This section will now reflect the following: All
tiers of the VHA PIMS application stack are hosted in a highly
available, resilient, and redundant virtual hosting environment. The
internet connection is provided through the Department of Energy's
Energy Science Network (ES.NET), managed by ORAU under a DOE Authority
to Operate (ATO). As part of the ATO, VHA PIMS has been built in
accordance with applicable Federal Information Security Management Act
and National Institute of Standards and Technology (NIST) security and
privacy control requirements for Federal information systems with
implementation of all baseline security controls commensurate with the
Federal Information Processing Standard 199 system security
categorization. ORAU handles data in PIMS in accordance with the
appropriate NIST classification.
Signing Authority
The Senior Agency Official for Privacy, or designee, approved this
document and authorized the undersigned to sign and submit the document
to the Office of the Federal Register for publication electronically as
an official document of the Department of Veterans Affairs. Kurt D.
DelBene, Assistant Secretary for Information and Technology and Chief
Information Officer, approved this document on March 18, 2023 for
publication.
Dated: April 20, 2023.
Amy L. Rose,
Program Analyst, VA Privacy Service, Office of Information Security,
Office of Information and Technology, Department of Veterans Affairs.
SYSTEM NAME AND NUMBER:
Performance Improvement Management System (PIMS), Deployment
Management System (DMS)-VA (98VA10).
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Records are maintained within the DMS/PIMS infrastructure and
database. PIMS is a web-based system developed and hosted under
contract with the Oak Ridge Associated Universities (ORAU). ORAU's
cognizant government contracting office is the U.S. Department of
Energy (DOE), Oak Ridge National Laboratory Site Office. PIMS is hosted
on a Windows stack (Web and Structured Query Language server); all
tiers of the PIMS application stack are hosted in a virtual hosting
environment by ORAU in their data center in Oak Ridge, Tennessee.
SYSTEM MANAGER(S):
Official responsible for maintaining the system: Executive
Director, Veterans Health Administration (VHA) Office of Emergency
Management (OEM), VA Medical Center, Martinsburg, West Virginia, 25405.
Telephone number 304-264-4827 (Note: This is not a toll-free number).
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Authority for maintenance of this system of records is Executive
Order 12656 dated November 18, 1988.
PURPOSE(S) OF THE SYSTEM:
The records may be used for such purpose as to provide information
on sufficient health care medical and support personnel to respond to
disasters, to provide information to VHA OEM primarily in times of
national, regional, or local emergencies requiring support to VHA
facilities or National Disaster Frameworks, Emergency Support Function
8 (ESF 8) assistance to Federal, State, Local, Territorial, or Tribal
(SLTT) partners.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
These records include information on VA employees who make
application to VA and are considered for deployment as health care
providers and supporting staff, primarily in times of national,
regional, or local emergencies in response to domestic disasters
resulting from natural, technological, or man-made hazards. These
individuals may include audiologists, dentists, dietitians, expanded-
function dental auxiliaries, licensed practical vocational nurses,
nuclear medicine technologists, nurse anesthetists, nurse
practitioners, nurses, occupational therapists, optometrists, clinical
pharmacists, licensed physical therapists, physician assistants,
physicians, podiatrists, psychologists, registered respiratory
therapists, certified respiratory therapy technicians, diagnostic and
therapeutic radiology technologists, social workers, speech
pathologists, contracting specialists, building maintenance,
engineering, housekeeping, other positions required for hospital and
health care operations and other personnel associated with emergency
management.
CATEGORIES OF RECORDS IN THE SYSTEM:
The records may include information on VA employees who make
application to be deployed as health care providers and supporting
staff primarily in times of national, regional, or local emergencies.
This source document provides personal and demographic information,
such as name, professional title, credentialing, home station,
professional specialty, job position title, initiated, provided, and
authenticated by the employee and contains the necessary approvals and
signatures of officials in the supervisory chain for the employee's
inclusion in the database. Information related to identifying and
selecting by VHA OEM, Veterans Integrated Services Networks (VISN) and
VA medical facility personnel eligible to support specific job taskings
and assignments during disasters internal to the VHA health care system
or external to VHA for which the VA is tasked to provide support under
applicable authorities. Requests for issuance of travel orders and
necessary reimbursement to VA for subsequent allocation of funds to
home stations of deployed personnel are required to cover costs of
travel, overtime and other expenses associated with individual
deployments. This information is necessary to account for personnel
deployed in support of disasters, to identify personnel with specific
job skills and experience that may be required to support contingency
missions tasked to VA under the VA/Department of Defense Contingency
Plan or mission assignments from other Federal departments and
agencies, and for the development of plans at the enterprise, network,
and medical center level for utilization of VHA personnel in
[[Page 25076]]
support of disasters internal and external to VA.
RECORD SOURCE CATEGORIES:
The information will be provided by the individual VA employee and
the VA medical facility (assigned facility) or other VA location at
which the employee is employed. VHA OEM Headquarters will also provide
information for updates of deployment status and availability. The
Light Electronic Action Framework (LEAF) system is used to provide
credentialing and privileging of health care providers and personnel.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
1. Selected information (such as name, station and telephone
numbers) may be disclosed to other Federal departments and agencies
that have an interest in or obligation to track or otherwise audit
transfer of funds to VA for reimbursement of tasks.
2. Statistical information and other data may be disclosed to
Federal, SLTT government agencies to assist in disaster planning and
after-action reports.
3. Law Enforcement: To a Federal, SLTT or foreign law enforcement
authority or other appropriate entity charged with the responsibility
of investigating or prosecuting such violation or charged with
enforcing or implementing such law, provided that the disclosure is
limited to information that, either alone or in conjunction with other
information, indicates a violation or potential violation of law,
whether civil, criminal or regulatory in nature. The disclosure of the
names and addresses of Veterans and their dependents from VA records
under this routine use must also comply with the provisions of 38
U.S.C. 5701.
4. Disclosure may be made to any source, such as a police
department or the Federal Bureau of Investigation, from which
additional information is requested to the extent necessary to identify
the individual, inform the source of the purpose(s) of the request, and
to identify the type of information requested such as DEMPS, Clinical
Deployment Team, Telehealth Emergency Management, or other VHA
personnel present at a crime scene caused by terrorists.
5. Disclosure may be made to an agency in the executive,
legislative, or judicial branch or the District of Columbia Government
in response to its request, or at the initiation of VA, for information
in connection with the selection of an employee for the deployment and
future training of an individual, the letting of a contract, the
issuance of a license, grant or other benefits by the requesting
agency, or the lawful statutory, administrative or investigative
purpose of the agency to the extent that the information is relevant
and necessary to the requesting agency's deployment/Federal Response
Framework needs.
6. Congress: To a Member of Congress or staff acting upon the
Member's behalf when the Member or staff requests the information on
behalf of, and at the request of, the individual who is the subject of
the record.
7. National Archives and Records Administration (NARA): To NARA in
records management inspections conducted under 44 U.S.C. 2904 and 2906,
or other functions authorized by laws and policies governing NARA
operations and VA records management responsibilities.
8. State Licensing Boards, for Licensing: To a Federal agency, a
state or local government licensing board, the Federation of State
Medical Boards or a similar non-governmental entity that maintains
records concerning individuals' employment histories or concerning the
issuance, retention or revocation of licenses, certifications or
registration necessary to practice an occupation, profession or
specialty, to inform such non-governmental entities about the health
care practices of a terminated, resigned or retired health care
employee whose professional health care activity so significantly
failed to conform to generally accepted standards of professional
medical practice as to raise reasonable concern for the health and
safety of patients in the private sector or from another Federal
Agency. These records may also be disclosed as part of an ongoing
computer matching program to accomplish these purposes.
9. The Joint Commission, for Accreditation: To survey teams of The
Joint Commission, College of American Pathologists, American
Association of Blood Banks, and similar national accreditation agencies
or boards with which VA has a contract or agreement to conduct such
reviews, as relevant and necessary for the purpose of program review or
the seeking of accreditation or certification.
10. Data Breach Response and Remediation, for Another Federal
Agency: To another Federal agency or Federal entity, when VA determines
that information from this system of records is reasonably necessary to
assist the recipient agency or entity in (1) responding to a suspected
or confirmed breach or (2) preventing, minimizing or remedying the risk
of harm to individuals, the recipient agency or entity (including its
information systems, programs, and operations), the Federal Government
or national security, resulting from a suspected or confirmed breach.
11. Department of Justice (DoJ), Litigation, Administrative
Proceeding: To DoJ, or in a proceeding before a court, adjudicative
body or other administrative body before which VA is authorized to
appear, when:
(a) VA or any component thereof;
(b) Any VA employee in their official capacity;
(c) Any VA employee in their individual capacity where DoJ has
agreed to represent the employee; or
(d) The United States, where VA determines that litigation is
likely to affect the agency or any of its components, is a party to
such proceedings or has an interest in such proceedings, and VA
determines that use of such records is relevant and necessary to the
proceedings.
12. Information on deployment to Federal/VHA emergencies,
performance, or other personnel-related material may be disclosed to
any facility with which there is, or there is proposed to be, an
affiliation, sharing agreement, contract or similar arrangement, for
purposes of establishing, maintaining or expanding any such
relationship.
13. Information concerning a health care provider's professional
qualifications and clinical privileges may be disclosed to a VA/
emergency disaster-served client patient, or the representative or
guardian of a patient who, due to physical or mental incapacity, lacks
sufficient understanding or legal capacity to make decisions concerning
his or her medical care, who is receiving or contemplating receiving
medical or other patient care services from the provider when the
information is needed by the patient or the patient's representative or
guardian in order to make a decision related to the initiation of
treatment, continuation or discontinuation of treatment, or receiving a
specific treatment that is proposed or planned by the provider.
Disclosure will be limited to information concerning the health care
provider's professional qualifications (professional education,
training and current licensure/certification status), professional
employment history and current clinical privileges.
14. Unions: To officials of labor organizations recognized under 5
U.S.C. chapter 71(b)(4) when relevant and necessary to their duties of
exclusive representation concerning personnel policies, practices and
matters affecting working conditions.
[[Page 25077]]
15. Information may be disclosed to the VA-appointed representative
of an employee of all notices, determinations, decisions or other
written communications issued to the employee in connection with an
examination ordered by VA under medical evaluation (formerly fitness-
for-duty) examination procedures or Department-filed disability
retirement procedures.
16. Merit Systems Protection Board (MSPB): To the MSPB and the
Office of the Special Counsel in connection with appeals, special
studies of the civil service and other merit systems, review of rules
and regulations, investigation of alleged or possible prohibited
personnel practices and such other functions promulgated in 5 U.S.C.
1205 and 1206, or as authorized by law.
17. Equal Employment Opportunity Commission (EEOC): To the EEOC in
connection with investigations of alleged or possible discriminatory
practices, examination of Federal affirmative employment programs or
other functions of the Commission as authorized by law.
18. Federal Labor Relations Authority (FLRA): To the FLRA in
connection with: The investigation and resolution of allegations of
unfair labor practices, the resolution of exceptions to arbitration
awards when a question of material fact is raised; matters before the
Federal Service Impasses Panel; and the investigation of representation
petitions and the conduct or supervision of representation elections.
19. Contractors: To contractors, grantees, experts, consultants,
students and others performing or working on a contract, service,
grant, cooperative agreement or other assignment for VA, when
reasonably necessary to accomplish an agency function related to the
records.
20. Federal Agencies, Fraud and Abuse: To other Federal agencies to
assist such agencies in preventing and detecting possible fraud or
abuse by individuals in their operations and programs.
21. Data Breach Response and Remediation, for VA: To appropriate
agencies, entities and persons when (1) VA suspects or has confirmed
that there has been a breach of the system of records; (2) VA has
determined that as a result of the suspected or confirmed breach there
is a risk to individuals, VA (including its information systems,
programs and operations), the Federal Government or national security;
and (3) the disclosure made to such agencies, entities or persons
reasonably necessary to assist in connection with VA efforts to respond
to the suspected or confirmed breach or to prevent, minimize or remedy
such harm.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Automated records are maintained at all levels of management
outlined in system location. Automated information is stored in this
database.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records in this system are retrieved by the name, professional
title, VISN, home station, professional specialty, job position title,
etc., of the individuals on whom they are maintained.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
An automated database of deployable personnel will be maintained by
VHA OEM. If an individual transfers to another VA facility location,
the individual's data will be reassigned within the system to the new
location. Records in this system are retained and disposed of in
accordance with the schedule approved by the Archivist of the United
States, VHA Records Control Schedule 10-1, Item Number 1270.1.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
1. Access to VA working and storage areas in VA health care
facilities are restricted to VA employees on a need-to-know basis;
strict control measures are enforced to ensure that disclosure to these
individuals is also based on this same principle. Generally, VA file
areas are locked after normal duty hours, and the health care
facilities are protected from outside access by the VA Police Service,
Federal Protective Service or other security personnel.
2. All tiers of the VHA PIMS application stack are hosted in a
highly available, resilient and redundant virtual hosting environment.
The internet connection is provided through the Department of Energy's
Energy Science Network (ES.NET), managed by ORAU under a DOE Authority
to Operate (ATO). As part of the ATO, VHA PIMS has been built in
accordance with applicable Federal Information Security Management Act
and National Institute of Standards and Technology (NIST) security and
privacy control requirements for Federal information systems with
implementation of all baseline security controls commensurate with the
Federal Information Processing Standard 199 system security
categorization. ORAU handles data in PIMS in accordance with the
appropriate NIST classification.
RECORD ACCESS PROCEDURES:
Individuals seeking information on the existence and content of
records in this system pertaining to them should contact the system
manager in writing as indicated above, or the individuals may write,
call or visit the VA facility location where they made application for
employment or are (or were) employed. A request for access to records
must contain the requester's full name, address, telephone number, be
signed by the requester, and describe the records sought in sufficient
detail to enable VA personnel to locate them with a reasonable amount
of effort.
CONTESTING RECORD PROCEDURES:
Individuals seeking to contest or amend records in this system
pertaining to them should contact the system manager in writing as
indicated above. A request to contest or amend records must state
clearly and concisely what record is being contested, the reasons for
contesting it, and the proposed amendment to the record.
NOTIFICATION PROCEDURES:
Generalized notice is provided by the publication of this notice.
For specific notice, see Record Access Procedure, above.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
65 FR 25531 (May 2, 2000); 75 FR 4458 (January 27, 2010).
[FR Doc. 2023-08710 Filed 4-24-23; 8:45 am]
BILLING CODE 8320-01-P