Privacy Act of 1974; System of Records, 60269-60275 [2023-18807]

Agencies

• DEPARTMENT OF VETERANS AFFAIRS

[Federal Register Volume 88, Number 168 (Thursday, August 31, 2023)]
[Notices]
[Pages 60269-60275]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-18807]


-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Department of Veterans Affairs (VA), Office of Information of 
Technology, Financial Service Center (FSC).

ACTION: Notice of modified system of records.

-----------------------------------------------------------------------

SUMMARY: Individuals Submitting Invoices-Vouchers for Payment and 
Accounting Transactional Data-VA (13VA047) is a compilation of records

[[Page 60270]]

received, controlled, managed, and employed for payment processing; 
general accounting; benefit payment distribution to veterans and their 
families; commercial vendor invoices for contract and reimbursement 
expenditures; payroll payments; and commercial government procurement 
and contracting data.

DATES: Comments on this modified system of records must be received no 
later than 30 days after date of publication in the Federal Register. 
If no public comment is received during the period allowed for comment 
or unless otherwise published in the Federal Register by VA, the 
modified system of records will become effective a minimum of 30 days 
after date of publication in the Federal Register. If VA receives 
public comments, VA shall review the comments to determine whether any 
changes to the notice are necessary.

ADDRESSES: Written comments may be submitted through 
www.Regulation.gov; by mail or hand-delivery to Director, Regulation 
Policy and Management (00REG), Department of Veterans Affairs, 810 
Vermont Ave. NW, Room 1064, Washington, DC 20420; or by fax to (202) 
273-9026 (not a toll-free number). Comments should indicate that they 
are submitted in response to ``Individuals Submitting Invoices-Vouchers 
for Payment and Accounting Transactional Data-VA'' (13VA047). Copies of 
comments received will be available for public inspection in the Office 
of Regulation Policy and Management, Room 1063B, between the hours of 
8:00 a.m. and 4:30 p.m., Monday through Friday (except holidays). 
Please call (202) 461-4902 for an appointment. (This is not a toll-free 
number.) In addition, comments may be viewed online at 
www.Regulations.gov.

FOR FURTHER INFORMATION CONTACT: Jonathan Lindow, Director, Operations 
and Management Division, Financial Services Center, 7600 Metropolis 
Dr., Austin, TX 78744, [email protected], 512-568-0626.

SUPPLEMENTARY INFORMATION: The Point-of-Contact (POC), system manager 
and routine uses are being modified in this ``Individuals Submitting 
Invoices Vouchers for Payment and Accounting Transactional Data-VA'' 
(13VA047), along with some changes to covered systems. Individuals 
Submitting Invoices-Vouchers for Payment and Accounting Transactional 
Data-VA is a VA-wide financial management system of records utilized in 
VA's IT accounting systems for payment of benefits, vendor payments, 
invoice payment processing, payroll purposes, and acquisition records 
pertinent to maintaining acquisition methods, costs and processes. 
Information is collected from recipients, vendors, VA administrations, 
medical centers, and other Federal entities for rendering payment. This 
includes information on businesses and persons as a business conducting 
business with VA. Business/person's names may be duplicative requiring 
another method to ensure the correct business/person is identified. 
Data Universal Numbers (DUNs), Unique Entity Identifier (UEI) and/or 
Tax Identification Numbers (TINs) or Employment Identification Numbers 
(EIN) are used by businesses. In some cases, persons will use their 
social security number (SSN) as the TIN.
    Updated authorities by which the data is collected are 31 U.S. Code 
3512--Executive Agency Accounting and other Financial Management 
Reports and Plans; Federal Managers' Financial Integrity Act section 2 
of 1982; Federal Financial Management Improvement Act of 1996; E-
Government Act of 2002 title III., Federal Information Security 
Management Act (FISMA); Clinger Cohen Act of 1996; 38 CFR part 17 
17.120-17.132; OMB Circular A-123, Management's Responsibility for 
Internal Control.
    Additional Routine Uses were added based on revised guidelines to 
A-108 and updated standards for agency breach notification. Moreover, 
VA must be able to provide its own initiative information that pertains 
to a violation of laws to law enforcement authorities in order for them 
to investigate and enforce those laws. Under 38 U.S.C. 5701(a) and (f), 
VA may only disclose the names and addresses of veterans and their 
dependents to Federal entities with law enforcement responsibilities. 
This is distinct from the authority to disclose records in response to 
a qualifying request from a law enforcement entity, as authorized by 
Privacy Act subsection 5 U.S.C. 552a(b)(7). VA will administer 
financial and transactional information through benefit disbursement 
consuming HIPPA related data thus amending the routine uses to include: 
14. Federal Agencies, Hospitals, for Referral by VA.; 15. Non-VA Doc, 
for Referral to VA; 25. Claims Representatives; and 26. Third Party, 
for Benefit or Discharge. Location of the system of records is a 
notable change to being stored, managed, and secured within a momentum 
cloud application.
    Numerical order of routine uses from original SORN listing to 
revised version is amended to the below agency standardized format 
including the first ten routine uses:
    1. Congress.
    2. Data breach response and remedial efforts.
    3. Data breach response and remedial efforts with another Federal 
agency.
    4. Law Enforcement.
    5. Litigation.
    6. Contractors.
    7. EEOC.
    8. FLRA.
    9. MSPB.
    10. NARA & GSA.
    Data breach response and remedial efforts. VA may, on its own 
initiative, disclose information from this system to appropriate 
agencies, entities, and persons when (1) VA suspects or has confirmed 
that there has been a breach of the system of records; (2) the 
Department has determined that as a result of the suspected or 
confirmed compromise there is a risk of harm to individuals, the 
Department (including its information systems, programs, and 
operations), the Federal Government, or national security; and (3) the 
disclosure is to agencies, entities, or persons whom VA determines are 
reasonably necessary to assist or carry out the Department's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm. This routine use permits disclosures by the 
Department to respond to a suspected or confirmed data breach, 
including the conduct of any risk analysis or provision of credit 
protection services as provided in 38 U.S.C. 5724 and, in accordance 
with Veterans Benefits, Health Care, and Information Technology Act of 
2006 5723-5724.
    Data breach response and remedial efforts, for another Federal 
agency. VA may, on its own initiative, disclose information from this 
system to another Federal agency or Federal entity, when VA determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national security, resulting from a suspected or 
confirmed breach. In accordance with 38 U.S.C. 5723, VA will ensure 
that the Assistant Secretary for Information and Technology, in 
coordination with the Under Secretaries, Assistant Secretaries, and 
other key officials of the Department report to Congress, the Office of 
Management and Budget, and other entities as required by law and this 
section of the regulation to cooperate with notify and cooperate with 
officials other than officials of the Department of

[[Page 60271]]

data breaches when required. Use of information is necessary and proper 
to initiate investigations into confirmed data breaches involving other 
executive branch agencies.
    Law Enforcement. VA may, on its own initiative, disclose 
information in this system, except the names and home addresses of 
veterans and their dependents, which is relevant to a suspected or 
reasonably imminent violation of law, whether civil, criminal or 
regulatory in nature and whether arising by general or program statute 
or by regulation, rule or order issued pursuant thereto, to a Federal, 
State, local, Tribal, or foreign agency charged with the responsibility 
of investigating or prosecuting such violation, or charged with 
enforcing or implementing the statute, regulation, rule or order. VA 
may also disclose the names and addresses of veterans and their 
dependents to a Federal agency charged with the responsibility of 
investigating or prosecuting civil, criminal or regulatory violations 
of law, or charged with enforcing or implementing the statute, 
regulation, rule or order issued pursuant thereto. Use of information 
is necessary and proper to cooperate with other federal agencies while 
prosecuting civil, criminal or regulatory violations of law.
    Litigation. VA may disclose information to the Department of 
Justice (DoJ) or in a proceeding before a court, adjudicative body, or 
other administrative body before which VA is authorized to appear, 
when:
    (a) VA or any component thereof;
    (b) Any VA employee in his or her official capacity;
    (c) Any VA employee in his or her individual capacity where DoJ has 
agreed to represent the employee; or
    (d) The United States, where VA determines that litigation is 
likely to affect the agency or any of its components is a party to such 
proceedings or has an interest in such proceedings, and VA determines 
that use of such records is relevant and necessary to the proceedings.
    Contractors. VA may disclose information from this system of 
records to contractors, grantees, experts, consultants, students, and 
others performing or working on a contract, service, grant, cooperative 
agreement, or other assignment for VA, when reasonably necessary to 
accomplish an agency function related to the records., in order for the 
contractor, subcontractor, public or private agency, or other entity or 
individual with whom VA has a contract or agreement to perform services 
under the contract or agreement. This routine use includes disclosures 
by an individual or entity performing services for VA to any secondary 
entity or individual to perform an activity that is necessary for 
individuals, organizations, private or public agencies, or other 
entities or individuals with whom VA has a contract or agreement to 
provide the service to VA. This routine use also applies to agreements 
that do not qualify as contracts defined by Federal procurement laws 
and regulations. VA may disclose information from this system of 
records to individuals, organizations private or public agencies, or 
other entities or individuals with whom VA has a contract or agreement 
to perform such services by contract or agreement, and performing 
duties on behalf of VA.
    EEOC. VA may disclose information from this system to the Equal 
Employment Opportunity Commission (EEOC) when requested in connection 
with investigations of alleged or possible discriminatory practices, 
examination of Federal affirmative employment programs, or other 
functions of the Commission as authorized by law or regulation. VA must 
be able to provide information to EEOC to assist it in fulfilling its 
duties to protect employees' rights, as required by statute and 
regulation, and to protect VA employee rights.
    FLRA. VA may disclose information from this system to the Federal 
Labor Relations Authority (FLRA), including its General Counsel, 
information related to the establishment of jurisdiction, 
investigation, and resolution of allegations of unfair labor practices, 
or in connection with the resolution of exceptions to arbitration 
awards when a question of material fact is raised; for it to address 
matters properly before the Federal Services Impasses Panel, 
investigate representation petitions, and conduct or supervise 
representation elections. VA must be able to provide information to 
FLRA to comply with the statutory mandate under which it operates and 
to cooperate with labor relation investigations.
    MSPB. VA may disclose information from this system to the Merit 
Systems Protection Board (MSPB) when requested in connection with 
appeals, special studies of the civil service and other merit systems, 
review of rules and regulations, investigation of alleged or possible 
prohibited personnel practices, and such other functions promulgated in 
5 U.S.C. 1205 and 1206, or as authorized by law. VA must be able to 
provide information to MSPB to assist it in fulfilling its duties as 
required by statute and regulation and to cooperate with Merit Systems 
Protection Board concerning allegations of prohibited personnel 
practices. Disclosure may be made to a congressional office from the 
record of an individual in response to an inquiry from the 
congressional office made at the request of that individual.
    Federal Agencies, for Computer Matches. VA may disclose identifying 
information, including social security number, concerning veterans, 
spouses of veterans, and the beneficiaries of veterans to other federal 
agencies for the purpose of conducting computer matches to obtain 
information to determine or verify eligibility of veterans receiving VA 
medical care under Title 38, U.S.C. VA must be able to provide limited 
personally identifiable information to other federal agencies for 
computer matching activities for the purpose of benefit payments to 
veterans and beneficiaries.
    Federal Agencies, Hospitals, for Referral by VA. VA may disclose 
relevant health care information to: (1) a federal agency or non-VA 
health care provider or institution when VA refers a patient for 
hospital or nursing home care or medical services, or authorizes a 
patient to obtain non-VA medical services and the information is needed 
by the federal agency or non-VA institution on provider to perform the 
services; or (2) a federal agency or to a non-VA hospital (federal, 
state, and local public or private) or other medical installation 
having hospital facilities, organ banks, blood banks, or similar 
institutions, medical schools or clinics, or other groups or 
individuals that have contracted or agreed to provide medical services 
or share the use of medical resources under the provisions of 38 U.S.C. 
513, 7409, 8111, or 8153, when treatment is rendered by VA under the 
terms of such contract or agreement or the issuance of an 
authorization, and the information is needed for purposes of medical 
treatment and/or follow-up, determining entitlement to a benefit, or 
for VA to effect recovery of the costs of the medical care. VA must be 
able to provide patient referral information for authorized hospital 
and/or nursing home care to a non-VA medical services provider for 
recovery of the costs of the medical care.
    Federal Agencies, for Recovery of Medical Care Costs. VA may 
disclose patient identifying information to federal agencies and VA and 
government-wide third-party insurers responsible for payment of the 
cost of medical care for the identified patients, in order for VA to 
seek recovery of the medical care costs. These records may also be 
disclosed as part of a computer matching program to accomplish this 
purpose. Use of information is necessary

[[Page 60272]]

and proper as data within this system does not exclusively include 
financial, transactional, and benefit payout data.
    Treasury, IRS. VA may disclose the name of a veteran or 
beneficiary, other information as is reasonably necessary to identify 
such individual, and any other information concerning the individual's 
indebtedness by virtue of a person's participation in a benefits 
program administered by VA, may be disclosed to the Department of the 
Treasury, Internal Revenue Service, for the collection of Title 38 
benefit overpayments, overdue indebtedness, and/or costs of services 
provided to an individual not entitled to such services, by the 
withholding of all or a portion of the person's Federal income tax 
refund. The purpose of this disclosure is to collect a debt owed the VA 
by an individual by offset of his or her Federal income tax refund.
    Treasury, to Report Waived Debt as Income. VA may disclose an 
individual's name, address, social security number, and the amount 
(excluding interest) of any indebtedness which is waived under 38 
U.S.C. 3102, compromised under 4 CFR part 103, otherwise forgiven, or 
for which the applicable statute of limitations for enforcing 
collection has expired, to the Department of the Treasury, Internal 
Revenue Service, as a report of income under 26 U.S.C. 61(a)(12).
    Treasury, for Payment or Reimbursement. VA may disclose information 
to the Department of the Treasury to facilitate payments to physicians, 
clinics, and pharmacies for reimbursement of services rendered, and to 
veterans for reimbursements of authorized expenses, or to collect, by 
set off or otherwise, debts owed the United States. Justification--VA 
established standardized Guardians Ad Litem, for Representation.VA may 
disclose information to a fiduciary or guardian ad litem in relation to 
his or her representation of a claimant in any legal proceeding, but 
only to the extent necessary to fulfill the duties of the fiduciary or 
guardian ad litem. This disclosure permits VA to provide individual 
information to an appointed VA Federal fiduciary or to the individual's 
guardian ad litem that is needed to fulfill appointed duties.
    Guardians, for Incompetent Veterans. VA may disclose relevant 
information from this system of records in the course of presenting 
evidence to a court, magistrate, or administrative tribunal; in matters 
of guardianship, inquests, and commitments; to private attorneys 
representing veterans rated incompetent in conjunction with issuance of 
Certificates of Incompetency; and to probation and parole officers in 
connection with court-required duties.
    Claims Representatives. VA may disclose information from this 
system of records relevant to a claim of a veteran or beneficiary, such 
as the name, address, the basis and nature of a claim, amount of 
benefit payment information, medical information, and military service 
and active duty separation information, at the request of the claimant 
to accredited service organizations, VA-approved claim agents, and 
attorneys acting under a declaration of representation, so that these 
individuals can aid claimants in the preparation, presentation, and 
prosecution of claims under the laws administered by VA. The name and 
address of a claimant will not, however, be disclosed to these 
individuals under this routine use if the claimant has not requested 
the assistance of an accredited service organization, claims agent or 
an attorney. VA must be able to disclose this information to accredited 
service organizations, VA-approved claim agents, and attorneys 
representing veterans so they can assist veterans by preparing, 
presenting, and prosecuting claims under the laws administered by VA.
    Third Party, for Benefit or Discharge. Health care information 
concerning a non-judicially declared incompetent patient may be 
disclosed to a third party upon the written authorization of the 
patient's next of kin in order for the patient, or, consistent with the 
best interest of the patient, a member of the patient's family, to 
receive a benefit to which the patient or family member is entitled, 
or, to arrange for the patient's discharge from a VA medical facility. 
Sufficient data to make an informed determination will be made 
available to such next of kin. If the patient's next of kin are not 
reasonably accessible, the Chief of Staff, Director, or designee of the 
custodial VA medical facility may disclose health information for these 
purposes.

Signing Authority

    The Senior Agency Official for Privacy, or designee, approved this 
document and authorized the undersigned to sign and submit the document 
to the Office of the Federal Register for publication electronically as 
an official document of the Department of Veterans Affairs. Kurt D. 
DelBene, Assistant Secretary for Information and Technology and Chief 
Information Officer, approved this document on July 25, 2023 for 
publication.

    Dated: August 28, 2023.
Amy L. Rose,
Government Information Specialist, VA Privacy Service, Office of 
Compliance, Risk and Remediation, Office of Information and Technology, 
Department of Veterans Affairs.

SYSTEM NAME:
    ``Individuals Submitting Invoices-Vouchers for Payment and 
Accounting Transactional Data-VA'' (13VA047).

SECURITY CLASSIFICATION:
    The information in this system is unclassified.

SYSTEM LOCATION:
    VA Data Processing Center, Austin, Texas and fiscal offices of 
Central Office; field stations where fiscal transactions are processed; 
and application servers located in the VA managed enterprise service 
cloud enclave.

SYSTEM MANAGER(s):
    Jonathan Lindow, Information System Owner, VA Financial Services 
Center (FSC), 7600 Metropolis Dr., Austin, TX 78744, 
[email protected], (512) 981-4871. Pamela Smith, VA FSC Privacy 
Officer, Financial Services Center, 7600 Metropolis Dr., Austin, TX 
78744, [email protected], (512) 937-4824.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    31 U.S. Code 3512- Executive Agency Accounting and other Financial 
Management Reports and Plans; Federal Managers' Financial Integrity Act 
section 2 of 1982; Federal Financial Management Improvement Act of 
1996; E-Government Act of 2002 title III., Federal Information Security 
Modernization Act (FISMA) of 2014; Clinger Cohen Act of 1996; 38 CFR 
part 17 17.120-17.132; OMB Circular A-123, Management's Responsibility 
for Internal Control.

PURPOSE(S) OF THE SYSTEM:
    Individuals Submitting Invoices-Vouchers for Payment and Accounting 
Transactional Data-VA is a VA-wide financial management system of 
records utilized in VA's IT accounting systems for payment of benefits, 
vendor payments, invoice payment processing, and payroll purposes. 
Information is collected from recipients, vendors, VA administrations, 
medical centers, and other Federal entities for rendering payment.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    VA Employees, VA Contractors, VA Volunteers, Veterans or 
Dependents, and Members of the Public and Individuals.

[[Page 60273]]

CATEGORIES OF RECORDS IN THE SYSTEM:
    Commercial Vendor identification listings, invoiced payment 
records, claimant information, and banking and financial accounting 
information, including Full name, Address, Phone Number, Social 
Security Number, Medical Records, Claim/Statement Number, Date of 
Service, Beneficiary Information, Email Address, Date of Birth, Driver 
License (Number and State), License Plate, Place of Birth (City, State 
and Country), Banking Information (Routing/Bank Account Number, and 
Bank Name), Charge Card Number, Emergency Contact Information, and 
Unique Entity Identifier (UEI).

RECORD SOURCE CATEGORIES:
    Commercial vendors; individual or legal representative as part of 
an application for a benefit, contract or reimbursement; Data could 
potentially be obtained from a VA administration, facility and/or 
medical center; Department of the Treasury; Internal Revenue Service; 
and other Federal entities.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Congress: To a Member of Congress or staff acting upon the 
Member's behalf when the Member or staff requests the information on 
behalf of, and at the request of, the individual who is the subject of 
the record.
    2. Data breach response and remediation, for VA: To appropriate 
agencies, entities, and persons when (1) VA suspects or has confirmed 
that there has been a breach of the system of records,[middot] (2) VA 
has determined that as a result of the suspected or confirmed breach 
there is a risk of harm to individuals, VA (including its information 
systems, programs, and operations), the Federal Government, or national 
security; and (3) the disclosure made to such agencies, entities, and 
persons is reasonably necessary to assist in connection with VA's 
efforts to respond to the suspected or confirmed breach or to prevent, 
minimize, or remedy such harm.
    3. Data breach response and remediation, for another Federal 
agency: To another Federal agency or Federal entity, when VA determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national security, resulting from a suspected or 
confirmed breach.
    4. Law Enforcement: To a Federal, state, local, territorial, 
tribal, or foreign law enforcement authority or other appropriate 
entity charged with the responsibility of investigating or prosecuting 
such violation or charged with enforcing or implementing such law, 
provided that the disclosure is limited to information that, either 
alone or in conjunction with other information, indicates a violation 
or potential violation of law, whether civil, criminal, or regulatory 
in nature. The disclosure of the names and addresses of veterans and 
their dependents from VA records under this routine use must also 
comply with the provisions of 38 U.S.C. 5701.
    5. DoJ for Litigation or Administrative Proceeding: To the 
Department of Justice (DoJ), or in a proceeding before a court, 
adjudicative body, or other administrative body before which VA is 
authorized to appear, when:
    (a) VA or any component thereof;
    (b) Any VA employee in his or her official capacity;
    (c) Any VA employee in his or her individual capacity where DoJ has 
agreed to represent the employee; or
    (d) The United States, where VA determines that litigation is 
likely to affect the agency or any of its components, is a party to 
such proceedings or has an interest in such proceedings, and VA 
determines that use of such records is relevant and necessary to the 
proceedings.
    6. Contractors: To contractors, grantees, experts, consultants, 
students, and others performing or working on a contract, service, 
grant, cooperative agreement, or other assignment for VA, when 
reasonably necessary to accomplish an agency function related to the 
records.
    7. OPM: To the Office of Personnel Management (OPM) in connection 
with the application or effect of civil service laws, rules, 
regulations, or OPM guidelines in particular situations.
    8. EEOC: To the Equal Employment Opportunity Commission (EEOC) in 
connection with investigations of alleged or possible discriminatory 
practices, examination of Federal affirmative employment programs, or 
other functions of the Commission as authorized by law.
    9. FLRA: To the Federal Labor Relations Authority (FLRA) in 
connection with the investigation and resolution of allegations of 
unfair labor practices, the resolution of exceptions to arbitration 
awards when a question of material fact is raised, matters before the 
Federal Service Impasses Panel, and the investigation of representation 
petitions and the conduct or supervision of representation elections.
    10. MSPB: To the Merit Systems Protection Board (MSPB) in 
connection with appeals, special studies of the civil service and other 
merit systems, review of rules and regulations, investigation of 
alleged or possible prohibited personnel practices, and such other 
functions promulgated in 5 U.S.C. 1205 and 1206, or as authorized by 
law.
    11. NARA: To the National Archives and Records Administration 
(NARA) in records management inspections conducted under 44 U.S.C. 2904 
and 2906, or other functions authorized by laws and policies governing 
NARA operations and VA records management responsibilities.
    12. Federal Agencies, for Computer Matches: To other federal 
agencies for the purpose of conducting computer matches to obtain 
information to determine or verify eligibility of veterans receiving VA 
benefits or medical care under title 38.
    13. Federal Agencies, Courts, Litigants, for Litigation or 
Administrative Proceedings: To another federal agency, court, or party 
in litigation before a court or in an administrative proceeding 
conducted by a Federal agency, when the government is a party to the 
judicial or administrative proceeding.
    14. Health Care Providers, for Referral by VA: To: (1) a federal 
agency or health care provider when VA refers a patient for medical and 
other health services, or authorizes a patient to obtain such services 
and the information is needed by the federal agency or health care 
provider to perform the services; or (2) a federal agency or to health 
care provider under the provisions of 38 U.S.C. 513, 7409, 8111, or 
8153, when treatment is rendered by VA under the terms of such contract 
or agreement or the issuance of an authorization, and the information 
is needed for purposes of medical treatment or follow-up, determination 
of eligibility for benefits, or recovery by VA of the costs of the 
treatment.
    15. Health Care Providers, for Referral to VA: To a non-VA health 
care provider when that health care provider has referred the 
individual to VA for medical or other health services.
    16. Federal Agencies, for Recovery of Medical Care Costs: To 
Federal agencies and government-wide third-party insurers responsible 
for payment of the cost of medical care for the identified patients, to 
seek recovery of the medical care costs. These records may also be

[[Page 60274]]

disclosed as part of a computer matching program to accomplish this 
purpose.
    17. Treasury, for Withholding: To the Department of the Treasury 
for the collection of title 38 benefit overpayments, overdue 
indebtedness, or costs of services provided to an individual not 
entitled to such services, by the withholding of all or a portion of 
the person's Federal income tax refund, provided that the disclosure is 
limited to information concerning an individual's indebtedness by 
virtue of a person's participation in a benefits program administered 
by VA.
    18. Treasury, to Report Waived Debt as Income: To the Department of 
the Treasury as a report of income under 26 U.S.C. 61(a)(12), provided 
that the disclosure is limited to information concerning an 
individual's indebtedness that is waived under 38 U.S.C. 3102, 
compromised under 4 CFR part 103, otherwise forgiven, or for which the 
applicable statute of limitations for enforcing collection has expired.
    19. Treasury, for Payment or Reimbursement: To the Department of 
the Treasury to facilitate payments to physicians, clinics, and 
pharmacies for reimbursement of services rendered or to veterans for 
reimbursement of authorized expenses, as well as to collect, by set off 
or otherwise, debts owed the United States.
    20. Guardians Ad Litem, for Representation: To a fiduciary or 
guardian ad litem in relation to his or her representation of a 
claimant in any legal proceeding as relevant and necessary to fulfill 
the duties of the fiduciary or guardian ad litem.
    21. Guardians, Courts, for Incompetent Veterans: To a court, 
magistrate, or administrative tribunal in matters of guardianship, 
inquests, and commitments; to private attorneys representing veterans 
rated incompetent in conjunction with issuance of Certificates of 
Incompetency; or to probation and parole officers in connection with 
court-required duties.
    22. Claims Representatives: To accredited service organizations, 
VA-approved claim agents, and attorneys acting under a declaration of 
representation, so that these individuals can aid claimants in the 
preparation, presentation, and prosecution of claims under the laws 
administered by VA upon the request of the claimant and provided that 
the disclosure is limited to information relevant to a claim, such as 
the name, address, the basis and nature of a claim, amount of benefit 
payment information, medical information, and military service and 
active duty separation information.
    23. Third Party, for Benefit or Discharge: To a third party upon 
the written request of the patient's next-of-kin in order for a non-
judicially declared incompetent patient or, consistent with the best 
interest of the patient, a member of the patient's family to receive a 
benefit to which the patient or family member is entitled or to arrange 
for the patient's discharge from a VA medical facility. Sufficient data 
to make an informed determination will be made available to such next-
of-kin. If the patient's next-of-kin is not reasonably accessible, the 
Chief of Staff, Director, or designee of the custodial VA medical 
facility may disclose the information for these purposes.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are stored electronically on a VA server, in paper folders, 
magnetic discs, magnetic tape, and in a momentum cloud application. 
Paper documents may be scanned/digitized and stored for viewing 
electronically.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Alphabetically by name and numerically by identification number. 
Access to the records is restricted to VA Finance employees. These 
records are protected from outside access by Federal Protective 
Service.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Individuals Submitting Invoices-Vouchers for Payment and Accounting 
Transactional Data-VA system of records is retained as defined by its 
NARA approved the General Records Schedule (GRS) GRS 1.1: Financial 
Management and Reporting Records, item 010. Unscheduled records within 
this System of Records are indefinitely retained within the rules GRS, 
ERA Number DAA-GRS-2013-0003-0001 (Financial transaction records). Per 
NARA practice, documentation for permanent electronic records must be 
transferred with the related records using the disposition authority of 
the related electronic records rather than the GRS disposition 
authority.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    VA will store records produced within this system of records in an 
area that is physically and technologically secure from access by 
unauthorized persons at all times. Only authorized personnel will 
transport records within this system of records. VA will process 
records produced within this system of records under immediate 
supervision and control of authorized personnel in a manner that will 
protect the confidentiality of the records, so that unauthorized 
persons cannot retrieve any records by computer, remote terminal, or 
other means. VA will store records using FIPS 140-2 compliant 
encryption. Systems personnel must enter personal identification 
numbers when accessing records on the agencies' systems. VA will 
strictly limit authorization to those electronic records areas 
necessary for the authorized analyst to perform his or her official 
duties.

RECORD ACCESS PROCEDURES:
    An individual wanting notification or access, including contesting 
the record, should mail or deliver a request to the office identified 
in the SORN. If an individual does not know the ``office concerned,'' 
the request may be addressed to the following with below requirements: 
PO or FOIA/PO of any VA field station or the Department of Veterans 
Affairs Central Office, 810 Vermont Avenue NW, Washington, DC 20420. 
The receiving office must promptly forward the mail request received to 
the office of jurisdiction clearly identifying it as ``Privacy Act 
Request'' and notify the requester of the referral. Approved VA 
authorization forms may be provided to individuals for use.

CONTESTING RECORD PROCEDURES:
    An individual may request amendment of a record pertaining to him 
or her contained in a specific VA system of records by mailing or 
delivering the request to the office concerned. The request must be in 
writing and must conform to the following requirements: It must state 
the nature of the information in the record the individual believes to 
be inaccurate, irrelevant, untimely, or incomplete; why the record 
should be changed; and the amendment desired. The requester must be 
advised of the title and address of the VA official who can assist in 
preparing the request to amend the record if assistance is desired. Not 
later than business 10 days after the date of a request to amend a 
record, the VA official concerned will acknowledge in writing such 
receipt. If a determination for correction or amendment has not been 
made, the acknowledgement will inform the individual of when to expect 
information regarding the action taken on the request. VA will complete 
a review of the request to amend or correct a record within 30 business 
days of the date of receipt. Where VA agrees with the individual's 
request to amend his or her record(s), the requirements of 5 U.S.C. 
552a(d) will be followed. The

[[Page 60275]]

record(s) will be corrected promptly, and the individual will be 
advised promptly of the correction.
    If the record has previously been disclosed to any person or 
agency, and an accounting of the disclosure was made, prior recipients 
of the record will be informed of the correction. An approved VA 
notification of amendment form letter may be used for this purpose. An 
individual wanting notification or access, including contesting the 
record, should mail or deliver a request to the Privacy Office or FOIA/
Privacy Office of any VA field station or the Department of Veterans 
Affairs Central Office, 810 Vermont Avenue NW, Washington, DC 20420.

NOTIFICATION PROCEDURES:
    Notification for correcting the information will be accomplished by 
informing the individual to whom the record pertains by mail. The 
individual making the amendment must be advised in writing that the 
record has been amended and provided with a copy of the amended record. 
System Manager for the concerned VA system of records, Privacy Officer, 
or their designee, will notify the relevant persons or organizations 
who had previously received the record about the amendment.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    N/A

HISTORY:
    Last full publication provided in 85 FR 22788 dated April 23, 2020.

[FR Doc. 2023-18807 Filed 8-30-23; 8:45 am]
BILLING CODE P