Skip to Content

Notice

Privacy Act of 1974; System of Records

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

AGENCY:

Department of Veterans Affairs (VA).

ACTION:

Notice of Establishment of New System of Records.

SUMMARY:

The Privacy Act of 1974 (5 U.S.C. 552(e) (4)) requires that all agencies publish in the Federal Register a notice of the existence and character of their systems of records. Notice is hereby given that the Department of Veterans Affairs (VA) is establishing a new system of records entitled “Investigative Database-OMI-VA” (162VA10MI).

DATES:

Comments on this new system of records must be received no later than June 11, 2010. If no public comment is received, the new system will become effective June 11, 2010.

ADDRESSES:

Written comments may be submitted through http://www.Regulations.gov;​ by mail or hand-delivery to Director, Regulations Management (02REG), Department of Veterans Affairs, 810 Vermont Avenue, NW., Room 1068, Washington, DC 20420; or by fax to (202) 273-9026. Comments received will be available for public inspection in the Office of Regulation Policy and Management, Room 1063B, between the hours of 8 a.m. and 4:30 p.m., Monday through Friday (except holidays). Please call (202) 461-4902 (this is not a toll-free number) for an appointment. In addition, during the comment period, comments may be viewed online through the Federal Docket Management System (FDMS) at http://www.Regulations.gov.

Start Further Info

FOR FURTHER INFORMATION CONTACT:

Veterans Health Administration (VHA) Privacy Officer, Department of Veterans Affairs, 810 Vermont Avenue, NW., Washington, DC 20420; telephone (704) 245-2492.

End Further Info End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

I. Description of Proposed System of Records

The Office of the Medical Inspector (OMI) conducts two different types of investigations for the VHA—case investigations and national quality assessments—both of which usually involve the collection of personal identifiable information (PII). National quality assessments result from a specific requirement assigned by the Secretary, the Under Secretary for Health (USH), or the Principal Deputy Under Secretary for Health (PDUSH). The OMI may also identify critical quality of care issues and initiate assessment projects. These assessments may include Web-based surveys, site visits, extraction of source data from VA data systems at the Austin Information and Technology Center, or use of the Start Printed Page 26848many quality and performance metrics available in VHA. These projects are characterized by systematic efforts to employ VHA data and information to inform VHA officials about problems/issues that impact the general quality of VA health care. Case investigations typically focus on the care delivered to one or more Veterans within the same Medical Center or Health Care System and include information obtained from reviews of medical records, interviews with patients and their families, interviews with providers, and site visits. These investigations inevitably require gathering PII either on Veterans and their families, or on VA employees. OMI stores this collected data in a secure document management system.

II. Proposed Routine Use Disclosures of Data in the System

1. Disclosure may be made to a congressional office from the record of an individual in response to an inquiry from the congressional office that is made at the request of that individual.

Veterans Affairs must be able to provide information about individuals to adequately respond to inquiries from Members of Congress at the request of constituents who have sought their assistance.

2. Disclosure may be made to the National Archives and Records Administration (NARA) and the General Services Administration (GSA) for records management activities and inspections conducted under authority of Title 44, Chapter 29, United States Code. National Archives and Records Administration and General Services Administration are responsible for management of old records no longer actively used, but which may be appropriate for preservation, and for the physical maintenance of the Federal government's records. Veterans Affairs must be able to provide the records to National Archives and Records Administration and General Services Administration in order to determine the proper disposition of such records.

3. VA may disclose information from this system of records to the Department of Justice (DoJ), either on VA's initiative or in response to DoJ's request for the information, after either VA or DoJ determines that such information is relevant to DoJ's representation of the United States or any of its components in legal proceedings before a court or adjudicative body, provided that, in each case, the agency also determines prior to disclosure that release of the records to the DoJ is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. VA, on its own initiative, may disclose records in this system of records in legal proceedings before a court or administrative body after determining that the disclosure of the records to the court or administrative body is a use of the information contained in the records that is compatible with the purpose for which VA collected the records.

Veterans Affairs must be able to provide information to Department of Justice in litigation where the United States or any of its components is involved or has an interest. A determination would be made in each instance that under the circumstances involved, the purpose is compatible with the purpose for which Veterans Affairs collected the information. This routine use is distinct from the authority to disclose records in response to a court order under subsection (b)(11) of the Privacy Act, 5 United States Code 552(b)(11), or any other provision of subsection (b), in accordance with the court's analysis in Doe v. DiGenova, 779 F.2d 74, 78-84 (DC Cir. 1985) and Doe v. Stephens, 851 F.2d 1457, 1465-67 (DC Cir. 1988).

4. Any information in this system, except the name and address of a Veteran, may be disclosed to a Federal, State, or local agency maintaining civil or criminal violation records or other pertinent information such as prior employment history, prior Federal employment background investigations, and/or personal or educational background in order for VA to obtain information relevant to the hiring, transfer, or retention of an employee, the letting of a contract, the granting of a security clearance, or the issuance of a grant or other benefit. The name and address of a Veteran may be disclosed to a Federal agency under this routine use if this information has been requested by the Federal agency in order to respond to the VA inquiry.

5. VA may disclose on its own initiative any information in this system, except the names and home addresses of Veterans and their dependents, which is relevant to a suspected or reasonably imminent violation of law, whether civil, criminal, or regulatory in nature and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, to a Federal, State, local, Tribal, or foreign agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule or order. On its own initiative, VA may also disclose the names and addresses of Veterans and dependents to a Federal or State agency charged with the responsibility of investigating or prosecuting civil, criminal, or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, rule, or order issued pursuant thereto.

Veterans Affairs must be able to provide on its own initiative information that pertains to a violation of laws to law enforcement authorities in order for them to investigate and enforce those laws. Under 38 United States Code 5701(a) and (f), Veterans Affairs may only disclose the names and addresses of veterans and their dependents to Federal entities with law enforcement responsibilities. This is distinct from the authority to disclose records in response to a qualifying request from a law enforcement entity, as authorized by Privacy Act subsection 5 United States Code 552a(b)(7).

6. To assist attorneys in representing their clients, any information in this system may be disclosed to attorneys representing subjects of investigations, including Veterans, Federal government employees, retirees, volunteers, contractors, subcontractors, or private citizens.

7. Disclosure of information to Federal Labor Relations Authority (FLRA), including its General Counsel, when requested in connection with the investigation and resolution of allegations of unfair labor practices, in connection with the resolution of exceptions to arbitrator awards when a question of material fact is raised, in connection with matters before the Federal Service Impasses Panel, and to investigate representation petitions and conduct or supervise representation elections. VA must be able to provide information to FLRA to comply with the statutory mandate under which it operates.

8. Information may be disclosed to the Equal Employment Opportunity Commission when requested in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, compliance with the Uniform Guidelines of Employee Selection Procedures, or other functions vested in the Commission by the President's Reorganization Plan No. 1 of 1978. VA must be able to provide information to EEOC to assist it in fulfilling its duties to protect employees' rights, as required by statute regulation.

9. Information may be disclosed to officials of the Merit Systems Protection Board, and the Office of Special Counsel, when properly requested in connection with appeals, special studies of the civil service and other merit systems, reviews of rules and Start Printed Page 26849regulations, investigation of alleged or possible prohibited personnel practices, and such other functions, promulgated in Title 5, United States Code, Sections 1205 and 1206, or as may be authorized by law. VA must be able to provide information to MSPB to assist it in fulfilling its duties as required by statute and regulation.

10. Any information in this system of records may be disclosed, in the course of presenting evidence in or to a court, magistrate, administrative tribunal, or grand jury, including disclosures to opposing counsel in the course of such proceedings or in settlement negotiations.

11. Any information in this system, except the name and address of a Veteran, may be disclosed to Federal, State, or local professional, regulatory, or disciplinary organizations or associations, including but not limited to bar associations, State licensing boards, and similar professional entities, for use in disciplinary proceedings and inquiries preparatory thereto, where VA determines that there is good cause to question the legality or ethical propriety of the conduct of a person employed by VA or a person representing a person in a matter before VA.

The name and address of a Veteran may be disclosed to a Federal agency under this routine use if this information has been requested by the Federal agency in order to respond to the VA inquiry.

12. VA may disclose information to individuals, organizations, private or public agencies, or other entities with which VA has a contract or agreement or where there is a subcontract to perform such services as VA may deem practicable for the purposes of laws administered by VA, in order for the contractor or subcontractor to perform the services of the contract or agreement. This routine use, which also applies to agreements that do not qualify as contracts defined by Federal procurement laws and regulations, is consistent with Office of Management and Budget guidance in Office of Management and Budget Circular A-130, App. I, paragraph 5a(1)(b) that agencies promulgate routine uses to address disclosure of Privacy Act-protected information to contractors in order to perform the services contracts for the agency.

13. Disclosure to other Federal agencies may be made to assist such agencies in preventing and detecting possible fraud or abuse by individuals in their operations and programs.

This routine use permits disclosures by the Department to report a suspected incident of identity theft and provide information and/or documentation related to or in support of the reported incident.

14. Disclosure of any information within this system may be made when it is suspected or confirmed that the security or confidentiality of information in the system of records has been compromised and VA has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interest, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by VA or another agency or entity) that rely upon the compromised information; and the disclosure is made to such agencies, entities, and persons who are reasonably necessary to assist in connection with VA's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

This routine use permits disclosures by the Department to respond to a suspected or confirmed data breach, including the conduct of any risk analysis or provision of credit protection services as provided in 38 United States Code 5724, as the terms are defined in 38 United States Code 5727.

III. Compatibility of the Proposed Routine Uses

The notice of intent to publish an advance copy of the system notice have been sent to the appropriate Congressional committees and to the Director of the Office of Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000.

Start Signature

Approved: April 15, 2010.

John R. Gingrich,

Chief of Staff, Department of Veterans Affairs.

End Signature

162VA10MI

SYSTEM NAME:

Investigative Database-OMI-VA.

SYSTEM LOCATION:

The main Office of the Medical Inspector (OMI) records are maintained in secure files within the OMI and indexed on a secure document management server within the VA Central Office firewall. Additional records are maintained by VA's Austin Automation Center, 1615 Woodward Street, Austin, Texas 78772, and subject to their security control.

Categories of individuals covered by the system:

The records contain information for individuals (1) Receiving health care from the Veterans Health Administration (VHA), and (2) Providing the health care. Individuals encompass Veterans and their immediate family members, members of the armed services, current and former employees, trainees, contractors, sub-contractors, consultants, volunteers, and other individuals working collaboratively with VA.

Categories of records in the system:

The records may include information and health information related to: 1. Patient medical record abstract information including information from Patient Medical Record—VA (24VA19); 2. Identifying information (e.g., name, birth date, death date, admission date, discharge date, gender, Social Security Number, taxpayer identification number); address information (e.g., home and/or mailing address, home and/or cell telephone number, emergency contact information such as name, address, telephone number, and relationship); prosthetic and sensory aid serial numbers; medical record numbers; integration control numbers; information related to medical examination or treatment (e.g., location of VA medical facility providing examination or treatment, treatment dates, medical conditions treated or noted on examination); information related to military service and status; 3. Medical benefit and eligibility information; 4. Patient aggregate workload data such as admissions, discharges, and outpatient visits; resource utilization such as laboratory tests, x rays, and prescriptions; 5. Patient Satisfaction Survey Data which include questions and responses; 6. Data capture from various VA databases. According to VHA Directive 2006-042 of June 27, 2006, “Cooperation with the Office of the Medical Inspector” Paragraph 4 a., “OMI, as a component of VHA, has legal authority under applicable Federal privacy laws and regulations to access and use any information, including health information, maintained in VHA records for the purposes of health care operations and health care oversight;” and 7. Documents and reports produced and received by OMI in the course of its investigations.

Authority for maintenance of the system:

Title 38, United States Code, Section 501.

PURPOSE(S):

The records and information of this database may be used to document the investigative activities of the OMI; to perform statistical analysis to produce Start Printed Page 26850various management and follow-up reports; and to monitor the activities of Medical Centers in fulfilling action plans developed in response to OMI reports. The data may be used for VA's extensive quality improvement programs in accordance with VA policy. In addition, the data may be used for law enforcement investigations. Survey data will be collected for the purpose of measuring and monitoring various aspects and outcomes of National, Veterans Integrated Service Network (VISN) and Facility-Level performance. Results of the survey data analysis are shared throughout the VHA system.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

To the extent that records contained in the system include information protected by 45 CFR Parts 160 and 164, i.e., individually identifiable health information, and 38 U.S.C. 7332, i.e., medical treatment information related to drug abuse, alcoholism or alcohol abuse, sickle cell anemia or infection with the human immunodeficiency virus, that information cannot be disclosed under a routine use unless there is also specific statutory authority in 38 U.S.C. 7332 and regulatory authority in 45 CFR Parts 160 and 164 permitting disclosure.

1. Disclosure may be made to a congressional office from the record of an individual in response to an inquiry from the congressional office that is made at the request of that individual.

2. Disclosure may be made to the National Archives and Records Administration (NARA) and the General Services Administration for records management activities and inspections conducted under authority of Title 44, Chapter 29, United States Code.

3. VA may disclose information from this system of records to the Department of Justice (DoJ), either on VA's initiative or in response to DoJ's request for the information, after either VA or DoJ determines that such information is relevant to DoJ's representation of the United States or any of its components in legal proceedings before a court or adjudicative body, provided that, in each case, the agency also determines prior to disclosure that release of the records to DoJ is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. VA, on its own initiative, may disclose records in this system of records in legal proceedings before a court or administrative body after determining that the disclosure of the records to the court or administrative body is a use of the information contained in the records that is compatible with the purpose for which VA collected the records.

4. Any information in this system, except the name and address of a Veteran, may be disclosed to a Federal, State, or local agency maintaining civil or criminal violation records or other pertinent information such as prior employment history, prior Federal employment background investigations, and/or personal or educational background in order for VA to obtain information relevant to the hiring, transfer, or retention of an employee, the letting of a contract, the granting of a security clearance, or the issuance of a grant or other benefit. The name and address of a Veteran may be disclosed to a Federal agency under this routine use if this information has been requested by the Federal agency in order to respond to the VA inquiry.

5. VA may disclose on its own initiative any information in this system, except the names and home addresses of Veterans and their dependents, which is relevant to a suspected or reasonably imminent violation of law, whether civil, criminal, or regulatory in nature and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, to a Federal, State, local, Tribal, or foreign agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule or order. On its own initiative, VA may also disclose the names and addresses of Veterans and dependents to a Federal or State agency charged with the responsibility of investigating or prosecuting civil, criminal, or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, rule, or order issued pursuant thereto.

6. To assist attorneys in representing their clients, any information in this system may be disclosed to attorneys representing subjects of investigations, including Veterans, Federal government employees, retirees, volunteers, contractors, subcontractors, or private citizens.

7. Disclosure of information to Federal Labor Relations Authority (FLRA), including its General Counsel, when requested in connection with the investigation and resolution of allegations of unfair labor practices, in connection with the resolution of exceptions to arbitrator awards when a question of material fact is raised, in connection with matters before the Federal Service Impasses Panel, and to investigate representation petitions and conduct or supervise representation elections.

8. Information may be disclosed to the Equal Employment Opportunity Commission when requested in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, compliance with the Uniform Guidelines of Employee Selection Procedures, or other functions vested in the Commission by the President's Reorganization Plan No. 1 of 1978.

9. Information may be disclosed to officials of the Merit Systems Protection Board, and the Office of Special Counsel, when properly requested in connection with appeals, special studies of the civil service and other merit systems, reviews of rules and regulations, investigation of alleged or possible prohibited personnel practices, and such other functions, promulgated in Title 5, United States Code, Sections 1205 and 1206, or as may be authorized by law.

10. Any information in this system of records may be disclosed, in the course of presenting evidence in or to a court, magistrate, administrative tribunal, or grand jury, including disclosures to opposing counsel in the course of such proceedings or in settlement negotiations.

11. Any information in this system, except the name and address of a Veteran, may be disclosed to Federal, State, or local professional, regulatory, or disciplinary organizations or associations, including but not limited to bar associations, State licensing boards, and similar professional entities, for use in disciplinary proceedings and inquiries preparatory thereto, where VA determines that there is good cause to question the legality or ethical propriety of the conduct of a person employed by VA or a person representing a person in a matter before VA. The name and address of a Veteran may be disclosed to a Federal agency under this routine use if this information has been requested by the Federal agency in order to respond to the VA inquiry.

12. VA may disclose information to individuals, organizations, private or public agencies, or other entities with which VA has a contract or agreement or where there is a subcontract to perform such services as VA may deem practicable for the purposes of laws administered by VA, in order for the contractor or subcontractor to perform the services of the contract or agreement.

13. Disclosure to other Federal agencies may be made to assist such agencies in preventing and detecting possible fraud or abuse by individuals in their operations and programs.Start Printed Page 26851

14. Disclosure of any information within this system may be made when it is suspected or confirmed that the security or confidentiality of information in the system of records has been compromised and VA has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interest, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by VA or another agency or entity) that rely upon the compromised information; and the disclosure is made to such agencies, entities, and persons who are reasonably necessary to assist in connection with VA's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

Records are maintained on paper and on electronic storage media, including magnetic tape, disk, encrypted flash memory, and laser optical media.

Retrievability:

Records are retrieved by name, Social Security Number, or other assigned identifiers of the individuals on whom they are maintained.

Safeguards:

1. Access to and use of national patient databases are limited to those persons whose official duties require such access, and VA has established security procedures to ensure that access is appropriately limited. Information security officers and system data stewards review and authorize data access requests. VA regulates data access with security software that authenticates users and requires individually unique codes and passwords. VA provides information security training to all staff and instructs staff on the responsibility each person has for safeguarding data confidentiality.

2. VA maintains Business Associate Agreements (BAA) and Non-Disclosure Agreements with contracted resources in order to maintain confidentiality of the information.

3. Physical access to computer rooms housing national patient databases is restricted to authorized staff and protected by a variety of security devices. Unauthorized employees, contractors, and other staff are not allowed in computer rooms. The Federal Protective Service or other security personnel provide physical security for the buildings housing computer rooms and data centers.

4. All materials containing real or scrambled Social Security Numbers are kept only on secure, encrypted VHA servers, personal computers, laptops, or media. All e-mail transmissions of such files use Public Key Infrastructure (PKI) encryption. If a recipient does not have PKI, items are mailed or sent to a secure fax. Paper records containing Social Security Numbers are secured in locked cabinets or offices within the OMI area. Access to OMI requires passing a security officer, an elevator card reader for floor access and a separate VHA card reader for access to the office area. All materials, both paper and electronic, that are no longer required are shredded/obliterated in accordance with VHA guidelines. Materials required for case documentation and follow up are archived in our secure document management server (electronic) and in locked storage (paper).

5. In most cases, copies of back-up computer files are maintained at off-site locations.

Retention and disposal:

The records are disposed of in accordance with Section XXXV—Office of the Medical Inspector (10MI) of the Veterans Health Administration Records Control Schedule 10-1 of March 31, 2008, which stipulates that records from investigations not involving site visits will be destroyed 10 years after closure; records from investigations involving site visits will be destroyed 20 years after closure.

System manager(s) and address:

Official responsible for policies and procedures; Chief Information Officer (19), Department of Veterans Affairs, 810 Vermont Avenue, NW., Washington, DC 20420. Official maintaining this system of records: Donald L. Martin, Correspondence Analyst, OMI (10MI), 810 Vermont Avenue, NW., Washington, DC 20420.

Notification procedure:

Individuals who wish to determine whether this system of records contains information about them should contact Donald L. Martin, Correspondence Analyst, OMI (10MI), 810 Vermont Avenue, NW., Washington, DC 20420. Inquiries should include the person's full name, Social Security number, location and dates of employment or location and dates of treatment, and return address.

Record access procedure:

Individuals seeking information regarding access to and contesting of records in this system may write or call Donald L. Martin, Correspondence Analyst, OMI (10MI), 810 Vermont Avenue, NW., Washington, DC 20420, 202-461-4079.

Contesting record procedures:

(See Record Access Procedures above.)

Record source categories:

Information in this system of records is provided by Veterans, VA employees, VA computer systems, Veterans Health Information Systems and Technology Architecture (VistA), VA medical centers, VA Health Eligibility Center, VA program offices, VISNs, VA Austin Automation Center, the Food and Drug Administration, the Department of Defense, Survey of Healthcare Experiences of Patients, External Peer Review Program, and the following Systems Of Records: “Patient Medical Records—VA” (24VA19), “National Prosthetics Patient Database—VA” (33VA113), “Healthcare Eligibility Records—VA” (89VA16), VA Veterans Benefits Administration automated record systems (including the Veterans and Beneficiaries Identification and Records Location Subsystem—VA (38VA23), and subsequent iterations of those systems of records.

End Supplemental Information

[FR Doc. 2010-11373 Filed 5-11-10; 8:45 am]

BILLING CODE 8320-01-P