Privacy Act of 1974; System of Records, 38139-38141 [2023-12395]

Agencies

• DEPARTMENT OF VETERANS AFFAIRS

[Federal Register Volume 88, Number 112 (Monday, June 12, 2023)]
[Notices]
[Pages 38139-38141]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-12395]


-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Financial Services Center (FSC), Department of Veterans Affairs 
(VA).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: The Privacy Act of 1974 requires that all agencies publish in 
the Federal Register a notice of the existence and character of their 
systems of records. Notice is hereby given that the Department of 
Veterans Affairs (VA) is establishing a new system of records titled 
``Other Government Agencies-VA'' (OGA) (213VA0475A1).

DATES: Comments on this new system of records must be received no later 
than 30 days after date of publication in the Federal Register. If no 
public comment is received during the period allowed for comment or 
unless otherwise published in the Federal Register by VA, the new 
system of records will become effective a minimum of 30 days after date 
of publication in the Federal Register. If VA receives public comments, 
VA shall review the comments to determine whether any changes to the 
notice are necessary.

ADDRESSES: Comments may be submitted through www.Regulations.gov or 
mailed to VA Privacy Service, 810 Vermont Avenue NW, (005X6F), 
Washington, DC 20420. Comments should indicate that they are submitted 
in response to ``Other Government Agencies-VA'' (213VA0475A1). Comments 
received will be available at regulations.gov for public viewing, 
inspection, or copies.

FOR FURTHER INFORMATION CONTACT: Carl G. Herrmann, OGA Program Manager, 
[email protected], 254-338-1758.

SUPPLEMENTARY INFORMATION: VA maintains Franchise Agreements with 
agencies such as Department of Health & Human Services (HHS) and 
Immigration Customs Enforcement (ICE) Healthcare Services Corps (IHSC) 
to provide medical and financial claims processing services. This 
system stores administrative and financial records that are generated 
during the medical and financial claim request and adjudication 
process. These records document VA FSC activities related to claims 
processing and are the means that other government agencies such HHS 
and ICE IHSC use to determine the status of their claims or historical 
requests.

Signing Authority

    The Senior Agency Official for Privacy, or designee, approved this 
document and authorized the undersigned to sign and submit the document 
to the Office of the Federal Register for publication electronically as 
an official document of the Department of Veterans Affairs. Kurt D. 
DelBene, Assistant Secretary for Information and Technology and Chief 
Information Officer, approved this document on April 26, 2023 for 
publication.

    Dated: June 6, 2023.
Amy L. Rose,
Program Analyst, VA Privacy Service, Office of Information Security, 
Office of Information and Technology, Department of Veterans Affairs.

SYSTEM NAME AND NUMBER:
    ``Other Government Agencies-VA'' (213VA0475A1)

[[Page 38140]]

SECURITY CLASSIFICATION:
    The information in this system is unclassified.

SYSTEM LOCATION:
    VA Data Processing Center, 7600 Metropolis Dr., Austin, TX 78744 
and fiscal offices of Central Office; field stations where fiscal 
transactions are processed.

SYSTEM MANAGER(S):
    Angela Repka, System Owner, VA FSC, 7600 Metropolis Dr., Austin, TX 
78744. Email: [email protected], Telephone: 512-541-5868.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 301; 44 U.S.C. 3101; 31 U.S.C. 3512; OMB Circular A-123, 
Management's Responsibility for Internal Control; and OMB Circular A-
127, Financial Management Systems.

PURPOSE(S) OF THE SYSTEM:
    This system of records stores administrative and financial records 
that are generated during the claim request and adjudication process. 
These records are the means that other government agencies such as HHS 
and IHSC Contracted Healthcare Providers use to determine the status of 
their claims or historical requests.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    These records include information on contractors, vendors, medical 
providers, salaried employees, physicians, dentists, and immigration 
detainees who require medical care.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The records may include vendor identification listings; invoiced 
payment records; claimant information (including full name, claim 
number, patient control number, alien number, dates of service, 
diagnosis-procedure codes related to medical conditions, date of birth 
and referral number); and, medical procedures billed.

RECORD SOURCE CATEGORIES:
    Information in this system of records is provided by vendors; 
individual or legal representative as part of an application for a 
benefit, contract, or reimbursement; Department of Treasury; Internal 
Revenue Service; and other Federal entities such as the IHSC.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    1. Congress: to a Member of Congress or staff acting upon the 
Member's behalf when the Member or staff requests the information on 
behalf of, and at the request of, the individual who is the subject of 
the record.
    2. Data breach response and remediation, for VA: to appropriate 
agencies, entities and persons when (1) VA suspects or has confirmed 
that there has been a breach of the system of records,[middot] (2) VA 
has determined that as a result of the suspected or confirmed breach 
there is a risk of harm to individuals, VA (including its information 
systems, programs and operations), the Federal Government, or national 
security; and (3) the disclosure made to such agencies, entities and 
persons is reasonably necessary to assist in connection with VA's 
efforts to respond to the suspected or confirmed breach or to prevent, 
minimize or remedy such harm.
    3. Data breach response and remediation, for another Federal 
agency: to another Federal agency or Federal entity, when VA determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing or remedying the risk 
of harm to individuals, the recipient agency or entity (including its 
information systems, programs and operations), the Federal Government 
or national security, resulting from a suspected or confirmed breach.
    4. Law Enforcement: to a Federal, state, local, territorial, 
tribal, or foreign law enforcement authority or other appropriate 
entity charged with the responsibility of investigating or prosecuting 
such violation or charged with enforcing or implementing such law, 
provided that the disclosure is limited to information that, either 
alone or in conjunction with other information, indicates a violation 
or potential violation of law, whether civil, criminal, or regulatory 
in nature. The disclosure of the names and addresses of Veterans and 
their dependents from VA records under this routine use must also 
comply with the provisions of 38 U.S.C. 5701.
    5. Department of Justice (DOJ) for Litigation or Administrative 
Proceeding: to DOJ, or in a proceeding before a court, adjudicative 
body, or other administrative body before which VA is authorized to 
appear, when:
    (a) VA or any component thereof;
    (b) Any VA employee in his or her official capacity;
    (c) Any VA employee in his or her individual capacity where DoJ has 
agreed to represent the employee; or
    (d) The United States, where VA determines that litigation is 
likely to affect the agency or any of its components,
    is a party to such proceedings or has an interest in such 
proceedings, and VA determines that use of such records is relevant and 
necessary to the proceedings.
    6. To those federal agencies which VA FSC has entered into an 
agreement to provide financial services.
    7. Office of Personnel Management (OPM): to OPM in connection with 
the application or effect of civil service laws, rules, regulations or 
OPM guidelines in particular situations.
    8. Equal Employment Opportunity Commission (EEOC): to EEOC in 
connection with investigations of alleged or possible discriminatory 
practices, examination of Federal affirmative employment programs or 
other functions of the Commission as authorized by law.
    9. Federal Labor Relations Authority (FLRA): to FLRA in connection 
with the investigation and resolution of allegations of unfair labor 
practices, the resolution of exceptions to arbitration awards when a 
question of material fact is raised, matters before the Federal Service 
Impasses Panel and the investigation of representation petitions and 
the conduct or supervision of representation elections.
    10. Merit Systems Protection Board (MSPB): to MSPB in connection 
with appeals, special studies of the civil service and other merit 
systems, review of rules and regulations, investigation of alleged or 
possible prohibited personnel practices and such other functions 
promulgated in 5 U.S.C. 1205 and 1206, or as authorized by law.
    11. National Archives and Records Administration (NARA): to NARA in 
records management inspections conducted under 44 U.S.C. 2904 and 2906, 
or other functions authorized by laws and policies governing NARA 
operations and VA records management responsibilities.
    12. Federal Agencies, for Litigation: To another federal agency, 
court, or party in litigation before a court or in an administrative 
proceeding conducted by a federal agency, when the government is a 
party to the judicial or administrative proceeding.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are stored electronically on a VA server or magnetic discs. 
Paper documents may be scanned/digitized and stored for viewing 
electronically.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    VA Directive 6300, Records, and Information Management; VA 
Directive

[[Page 38141]]

6502, VA Enterprise Privacy Program; and VA Handbook 6300.4, Procedures 
for Processing Requests for Records Subject to the Privacy Act.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records for this system are retained as defined by its NARA 
approved Records Control Schedule, MP-4, Part X and within rules of the 
General Records Schedule (GRS). Per NARA practice, documentation for 
permanent electronic records must be transferred with the related 
records using the disposition authority of the related electronic 
records rather than the GRS disposition authority. Agency policy and 
responsibility for media and electronic sanitization is explicated in 
VA Handbook 6500.1, Electronic Media Sanitization. This Handbook sets 
forth policies and responsibilities for the proper sanitization of 
electronic media prior to repair, disposal, reuse or recycling. These 
guidelines are in accordance with Federal Information Processing 
Standard (FIPS) 200, Minimum Security Requirements for Federal 
Information and Information Systems; and NIST Special Publication 800-
88 Revision 1, Guidelines for Media Sanitization. VA Directive 6371, 
Destruction of Temporary Paper Records, is Agency policy for the 
destruction of temporary paper records.

ADMINISTRATIVE, TECHNICAL AND PHYSICAL SAFEGUARDS:
    VA will store records produced within this system of records in an 
area that is always physically and technologically secure from access 
by unauthorized persons. Only authorized personnel will transport 
records within this system of records. VA will process records produced 
within this system of records under immediate supervision and control 
of authorized personnel in a manner that will protect the 
confidentiality of the records, so that unauthorized persons cannot 
retrieve any records by computer, remote terminal or other means. VA 
will store records using FIPS 140-2 compliant encryption. Systems 
personnel must enter personal identification numbers when accessing 
records on the agencies' systems. VA will strictly limit authorization 
to those electronic records areas necessary for the authorized analyst 
to perform his or her official duties.

RECORD ACCESS PROCEDURES:
    An individual wanting notification or access, including contesting 
the record, should mail or deliver a request to the office identified 
in the SORN. If an individual does not know the ``office concerned,'' 
the request may be addressed to the following with below requirements: 
PO or FOIA/PO of any VA field station or the Department of Veterans 
Affairs Central Office, 810 Vermont Avenue NW, Washington, DC 20420. 
The receiving office must promptly forward the mail request received to 
the office of jurisdiction clearly identifying it as ``Privacy Act 
Request'' and notify the requester of the referral. Approved VA 
authorization forms may be provided to individuals for use.

CONTESTING RECORD PROCEDURES:
    An individual may request amendment of a record pertaining to him 
or her contained in a specific VA system of records by mailing or 
delivering the request to the office concerned. The request must be in 
writing and must conform to the following requirements: It must state 
the nature of the information in the record the individual believes to 
be inaccurate, irrelevant, untimely, or incomplete; why the record 
should be changed; and the amendment desired. The requester must be 
advised of the title and address of the VA official who can assist in 
preparing the request to amend the record if assistance is desired. Not 
later than business 10 days after the date of a request to amend a 
record, the VA official concerned will acknowledge in writing such 
receipt. If a determination for correction or amendment has not been 
made, the acknowledgement will inform the individual of when to expect 
information regarding the action taken on the request. VA will complete 
a review of the request to amend or correct a record within 30 business 
days of the date of receipt. Where VA agrees with the individual's 
request to amend his or her record(s), the requirements of 5 U.S.C. 
552a(d) will be followed. The record(s) will be corrected promptly, and 
the individual will be advised promptly of the correction. If the 
record has previously been disclosed to any person or agency, and an 
accounting of the disclosure was made, prior recipients of the record 
will be informed of the correction. An approved VA notification of 
amendment form letter may be used for this purpose. An individual 
wanting notification or access, including contesting the record, should 
mail or deliver a request to the Privacy Office or FOIA/Privacy Office 
of any VA field station or the Department of Veterans Affairs Central 
Office, 810 Vermont Avenue NW, Washington, DC 20420.

NOTIFICATION PROCEDURES:
    Notification for correcting the information will be accomplished by 
informing the individual to whom the record pertains by mail. The 
individual making the amendment must be advised in writing that the 
record has been amended and provided with a copy of the amended record. 
System Manager for the concerned VA system of records, Privacy Officer, 
or their designee, will notify the relevant persons or organizations 
whom had previously received the record about the amendment. The review 
must be completed as soon as possible, in most cases within 30 workdays 
from receipt of the request. If the anticipated completion date 
indicated in the acknowledgment cannot be met, the individual must be 
advised, in writing, of the reasons for the delay and the date action 
is expected to be completed. The delay may not exceed 90 calendar days 
from receipt of the request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    N/A.

HISTORY:
    None.

[FR Doc. 2023-12395 Filed 6-9-23; 8:45 am]
BILLING CODE P