Skip to Content

Notice

Privacy Act of 1974

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

AGENCY:

Department of Veterans Affairs (VA).

ACTION:

Notice of Amendment to System of Records.

SUMMARY:

The Privacy Act of 1974 (5 U.S.C. 552a(e)(4)) requires that all agencies publish in the Federal Register a notice of the existence and character of their system of records. Notice is hereby given that VA is amending the system of records entitled “Consolidated Data Information System-VA” (97VA105) as set forth in the Federal Register 72 FR 46130-46133 dated August 16, 2007. VA is amending the system by revising the System Location, Categories of Records in the System, Purpose, Routine Uses of Records Maintained in the System, Record Source Category, and Appendix 5. VA is republishing the system notice in its entirety.

DATES:

Comments on the amendment of this system of records must be received no later than June 3, 2011. If no public comment is received, the amended system will become effective June 3, 2011.

ADDRESSES:

Written comments may be submitted through http://www.Regulations.gov by mail or hand-delivery to Director, Regulations Management (02REG), Department of Veterans Affairs, 810 Vermont Avenue, NW., Room 1068, Washington, DC 20420; or by fax to (202) 273-9026. Comments received will be available for public inspection in the Office of Regulation Policy and Management, Room 1063B, between the hours of 8 a.m. and 4:30 p.m., Monday through Friday (except holidays). Please call (202) 461-4902 (this is not a toll-free number) for an appointment. In addition, during the comment period, comments may be viewed online through the Federal Docket Management System (FDMS) at http://www.Regulations.gov.

Start Further Info

FOR FURTHER INFORMATION CONTACT:

Stephania Griffin, Veterans Health Administration (VHA) Privacy Officer (19F2), Department of Veterans Affairs, 810 Vermont Avenue, NW., Washington, DC 20420, (704) 245-2492.

End Further Info End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

Under § 527 of title 38, U.S.C., and the Government Performance and Results Act of 1993, Public Law 103-62, VA is required to measure and evaluate, on an ongoing basis, the effectiveness of VA benefit programs and services. In performing this required function, VA must collect, collate and analyze full statistical data regarding participation, provision of services, categories of beneficiaries, and planning of expenditures for all VA programs. This combined database is necessary for the Veterans Health Administration (VHA) to accurately and timely assess the current health care usage by the patient population served by VA, to forecast future demand for VA medical care by individuals currently eligible for service by VA medical facilities, and to understand the numerous implications of cross-usage between VA and non-VA health care systems.

As VA has widened its scope of the Centers for Medicare and Medicaid Services (CMS) data usage and further centralized the source of data in order to improve efficiency and protect privacy/security of data elements, it was necessary to implement changes to the management and use of these records. A summary of these changes follows:

1. The purpose of this system of records has been revised to add the need to use the records and information for evaluation of Department programs, and for research as defined by Common Rule.

2. The records will be retained at the site listed in Appendix 5.

3. Under Categories of Records information from the Persian Gulf registry has been added and the types of CMS records maintained now includes health care utilization, demographic, enrollment, and survey/assessment files including veteran and non-veteran data. In addition, information on veterans enrolled for VA health care who have participated in the periodic “VHA Survey of Veteran Enrollees’ Health and Reliance Upon VA” is now included in the system. Additional data includes: Civilian Health and Medical Program of the Department of Veterans Affairs (CHAMPVA); VA/DOD Identity Repository (VADIR), as well as the OEF/OIF roster (Defense Manpower Data Center); and United States Renal Data System (USRDS).

4. System Manager and Address was updated to reflect: Manager, Medicare and Medicaid Analysis Center, 100 Grandview Rd., Suite 114, Braintree, MA 02184.

Under section 264, Subtitle F of Title II of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Public Law 104-191, 100 Stat. 1936, 2033-34 (1996), the Department of Health and Human Services (HHS) published a final rule, as amended, establishing Standards for Privacy of Individually-Identifiable Health Information, 45 CFR parts 160 and 164. VHA may not disclose individually-identifiable health information (as defined in HIPAA and the Privacy Rule, 42 U.S.C. 1320(d)(6) and 45 CFR 164.501) pursuant to a routine use unless either: (a) the disclosure is required by law, or (b) the disclosure is also permitted or required by the HHS Privacy Rule. The disclosures of individually-identifiable health information contemplated in the routine uses published in this amended system of records notice are permitted under the Privacy Rule or required by law. However, to also have authority to make such disclosures under the Privacy Act, VA must publish these routine uses. Consequently, VA is adding a preliminary paragraph to the routine Start Printed Page 25410uses portion of the system of records notice stating that any disclosure pursuant to the routine uses in this system of records notice must be either required by law or permitted by the Privacy Rule before VHA may disclosed the covered information. VA is also proposing to add the following routine use disclosure of information maintained in the system:

  • Routine use 8 was added. The record of an individual who is covered by a system of records may be disclosed to a Member of Congress, or a staff person acting for the member, when the member or staff person requests the record on behalf of and at the written request of the individual.
  • Routine use 9 was added. Disclosure to other Federal agencies may be made to assist such agencies in preventing and detecting possible fraud or abuse by individuals in their operations and programs.
  • Routine use 10 was added. Disclosure to the Equal Employment Opportunity Commission when requested in connection with investigations of alleged or possible discrimination practices, examinations of Federal affirmative employment programs, compliance with the Uniform Guidelines of Employee Selection Procedures, or other functions of the Commission as authorized by law or regulation.
  • Routine use 11 was added. Disclosure to a former VA employee or contractor, as well as the authorized representative of a current or former employee or contractor of VA in proceedings before the Merit Systems Protection Board or the Office of the Special Counsel in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as otherwise authorized by law.
  • Routine use 12 was added. Disclosure to the Federal Labor Relations Authority, including its General Counsel, information related to the establishment of jurisdiction, investigation, and resolution of allegations of unfair labor practices, or in connection with the resolution of exceptions to arbitration awards when a question of material fact is raised in matters before the Federal Service Impasses Panel.

The Privacy Act permits VA to disclose information about individuals without their prior written consent for a routine use when the information will be used for a purpose that is compatible with the purpose for which we collected the information. In all of the routine use disclosures described above, the recipient of the information will use the information in connection with a matter relating to one of VA's programs, and will use the information to provide a benefit to VA, or disclosure is required by law.

The Report of Intent to Publish an Amended System of Records Notice and an advance copy of the system notice have been sent to the appropriate Congressional committees and to the Director of Office of Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000.

Start Signature

Approved: March 30, 2011.

John R. Gingrich,

Chief of Staff, Department of Veterans Affairs.

End Signature

97VA105

SYSTEM NAME:

“Consolidated Data Information System-VA”.

SYSTEM LOCATION(S):

Records will be maintained at Department of Veteran Affairs (VA) Veterans Health Administration (VHA) sites for the Centers for Medicare & Medicaid Services (CMS) data (see VA Appendix 5).

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Records include information concerning veterans, their spouses and their dependents, family members, active duty military personnel, and individuals who are not VA beneficiaries, but who receive health care services from VHA.

Categories of records in the system:

Categories of records in the system will include veterans’ names, addresses, dates of birth, VA claim numbers, social security numbers (SSNs), and military service information, medical benefit application and eligibility information, code sheets and follow-up notes, sociological, diagnostic, counseling, rehabilitation, drug and alcohol, dietetic, medical, surgical, dental, psychological, and/or psychiatric medical information, prosthetic, pharmacy, nuclear medicine, social work, clinical laboratory and radiology information, patient scheduling information, family information such as next of kin, spouse and dependents” names, addresses, social security numbers and dates of birth, family medical history, employment information, financial information, third-party health plan information, information related to registry systems, date of death, VA claim and insurance file numbers, travel benefits information, military decorations, disability or pension payment information, amount of indebtedness arising from 38 U.S.C. benefits, applications for compensation, pension, education and rehabilitation benefits, information related to incarceration in a penal institution, medication profile such as name, quantity, prescriber, dosage, manufacturer, lot number, cost and administration instruction, pharmacy dispensing information such as pharmacy name and address.

The records will include information on Medicare beneficiaries from CMS databases including: health care usage, demographic, enrollment, and survey/assessment files including veteran and non-veteran data.

The records include information on Medicaid beneficiaries” utilization and enrollment from state databases.

The records include information on veterans enrolled for VA health care who have participated in the periodic “VHA Survey of Veteran Enrollees” Health and Reliance Upon VA.”

The records also include information on: Civilian Health and Medical Program of the Department of Veterans Affairs (CHAMPVA), VA/DOD Identity Repository (VADIR), as well as the OEF/OIF roster (Defense Manpower Data Center), and United States Renal Data System (USRDS).

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Section 527 of 38 U.S.C. and the Government Performance and Results Act of 1993, Public Law 103-62.

PURPOSE(S):

The purpose of this system of records is to conduct statistical studies and analyses which will support the formulation of Departmental policies and plans by identifying the total current health care usage of the VA patient population. The records and information may be used by VA in evaluation of Department programs. The information may be used to conduct research.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSE OF SUCH USES:

VA may disclose protected health information pursuant to the following routine uses where required by law, or required or permitted by 45 CFR parts 160 and 164.

1. VA may disclose on its own initiative any information in this system, except the names and home addresses of veterans and their Start Printed Page 25411dependents, which is relevant to a suspected or reasonably imminent violation of law, whether civil, criminal or regulatory in nature and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, to a Federal, State, local, Tribal, or foreign agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule or order. On its own initiative, VA may also disclose the names and addresses of veterans and their dependents to a Federal agency charged with the responsibility of investigating or prosecuting civil, criminal or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, rule or order issued pursuant thereto.

2. Disclosure may be made, excluding name and address (unless name and address are furnished by the requestor) for research purposes determined to be necessary and proper to epidemiological and other research facilities approved by the System Manager or the Under Secretary for Health, or designee.

3. Any record in the system of records may be disclosed to a Federal agency for the conduct of research and data analysis to perform a statutory purpose of that Federal agency upon the prior written request of that agency, provided that there is legal authority under all applicable confidentiality statutes and regulations to provide the data and VHA Medicare and Medicaid Analysis Center (MAC) has determined prior to the disclosure that VA data handling requirements are satisfied. MAC may disclose limited individual identification information to another Federal agency for the purpose of matching and acquiring information held by that agency for MAC to use for the purposes stated for this system of records.

4. Disclosure may be made to National Archives and Records Administration (NARA), General Services Administration (GSA) in records management inspections conducted under authority of 44 U.S.C.

5. VA may disclose information in this system of records to the Department of Justice (DoJ), either on VA's initiative or in response to DoJ's request for the information, after either VA or DoJ determines that such information is relevant to DoJ's representation of the United States or any of its components in legal proceedings before a court or adjudicative body, provided that, in each case, the agency also determines prior to disclosure that disclosure of the records to the Department of Justice is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. VA, on its own initiative, may disclose records in this system of records in legal proceedings before a court or administrative body after determining that the disclosure of the records to the court or administrative body is a use of the information contained in the records that is compatible with the purpose for which VA collected the records.

6. Disclosure may be made to individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to perform such services as VA may deem practicable for the purposes of laws administered by VA, in order for the contractor, subcontractor, public or private agency, or other entity or individual with whom VA has an agreement or contract to perform the services of the contract or agreement. This routine use includes disclosures by the individual or entity performing the service for VA to any secondary entity or individual to perform an activity that is necessary for individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to provide the service to VA.

7. Any records may be disclosed to appropriate agencies, entities, and persons under the following circumstances: when (1) it is suspected or confirmed that the security or confidentiality of information in the system of records has been compromised; (2) the Department has determined that as a result of the suspected or confirmed compromise there is a risk of embarrassment or harm to the reputations of the record subjects, harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by the Department or another agency or entity) that rely upon the compromised information; and (3) the disclosure is made to such agencies, entities, and persons who are reasonably necessary to assist in connection with the Department's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

8. The record of an individual who is covered by a system of records may be disclosed to a Member of Congress, or a staff person acting for the member, when the member or staff person requests the record on behalf of and at the written request of the individual.

9. Disclosure to other Federal agencies may be made to assist such agencies in preventing and detecting possible fraud or abuse by individuals in their operations and programs.

10. VA may disclose information to the Equal Employment Opportunity Commission when requested in connection with investigations of alleged or possible discrimination practices, examinations of Federal affirmative employment programs, compliance with the Uniform Guidelines of Employee Selection Procedures, or other functions of the Commission as authorized by law or regulation.

11. VA may disclose information to a former VA employee or contractor, as well as the authorized representative of a current or former employee or contractor of VA, in proceedings before the Merit Systems Protection Board or the Office of the Special Counsel in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and such other functions promulgated in 5 U.S.C. 1206, or as otherwise authorized by law.

12. VA may disclose to the Federal Labor Relations Authority, including its General Counsel, information related to the establishment of jurisdiction, investigation, and resolution of allegations of unfair labor practices, or in connection with the resolution of exceptions to arbitration awards when a question of material fact is raised in matters before the Federal Service Impasses Panel.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING AND DISPOSING OF RECORDS IN THE SYSTEM:

STORAGE:

Data are maintained on magnetic tape, disk, or laser optical media.

RETRIEVABILITY:

Records may be retrieved by name, name and one or more criteria (e.g., dates of birth, death and service), SSN or VA claim number.

SAFEGUARDS:

1. Access to and use of these records is limited to those persons whose official duties require such access. Personnel screening is employed to prevent unauthorized disclosure.

2. Access to Automated Data Processing files is controlled at two levels: (1) Terminals, central processing units, and peripheral devices are generally placed in secure areas (areas that are locked or have limited access) or are otherwise protected; and (2) the system recognizes authorized users by Start Printed Page 25412means of an individually unique password entered in combination with an individually unique user identification code.

3. Access to automated records concerning identification codes and codes used to access various VA automated communications systems and records systems, as well as security profiles and possible security violations is limited to designated automated systems security personnel who need to know the information in order to maintain and monitor the security of VA's automated communications and veterans' claim records systems. Access to these records in automated form is controlled by individually unique passwords and codes. Agency personnel may have access to the information on a need to know basis when necessary to advise agency security personnel or for use to suspend or revoke access privileges or to make disclosures authorized by a routine use.

4. Access to VA facilities where identification codes, passwords, security profiles and possible security violations are maintained is controlled at all hours by the Federal Protective Service, VA or other security personnel and security access control devices.

RETENTION AND DISPOSAL:

Copies of back-up computer files will be maintained at primary and secondary VA recipient sites for CMS data (see Appendix 5). Records will be maintained and disposed of in accordance with the records disposal authority approved by the Archivist of the United States, the National Archives and Records Administration, and published in Agency Records Control Schedules.

SYSTEM MANAGER AND ADDRESS:

Manager, Medicare and Medicaid Analysis Center, 100 Grandview Rd., Suite 114, Braintree, MA 02184.

NOTIFICATION PROCEDURE:

Individuals wishing to inquire whether this system of records contains information about them should submit a signed written request to the Manager, Medicare and Medicaid Analysis Center, 100 Grandview Rd., Suite 114, Braintree, MA 02184.

RECORDS ACCESS PROCEDURES:

An individual who seeks access to records maintained under his or her name or other personal identifier may write the System Manager named above and specify the information being contested.

CONTESTING RECORD PROCEDURES:

(See Records Access Procedures above).

RECORD SOURCE CATEGORIES:

Information may be obtained from the Patient Medical Records System (24VA136), Patient Fee Basis Medical and Pharmacy Records (23VA136), Veterans and Beneficiaries Identification and Records Location Subsystem (38VA23), Compensation, Pension, Education and Rehabilitation Records (58VA21/22), all other potential VA and non-VA sources of veteran demographic information, and CMS databases. The records also include information from: Civilian Health and Medical Program of the Department of Veterans Affairs (CHAMPVA), VA/DOD Identity Repository (VADIR), as well as the OEF/OIF roster (Defense Manpower Data Center), and United States Renal Data System (USRDS).

VA Appendix 5

1. VA Medicare and Medicaid Analysis Center, field unit of the Office of the Assistant Deputy Under Secretary for Health (ADUSH) for Policy and Planning, 100 Grandview Rd., Suite 114, Braintree, MA 02184.

2. VA Information Resource Center (VIReC), Hines VA Medical Center, 5th Ave & Roosevelt Ave, Hines, IL 60141. Veterans Health Administration (VHA), 810 Vermont Avenue, NW., Washington, DC 20420.

3. Office of the Assistant Deputy Under Secretary for Health (ADUSH) for Policy and Planning, 811 Vermont Avenue, NW., Washington, DC 20420, Silver Springs, MD, and/or Martinsburg, WV.

4. Austin Information Technology Center, 1615 Woodward Street, Austin, TX 78772.

5. VA facilities.

End Supplemental Information

[FR Doc. 2011-10844 Filed 5-3-11; 8:45 am]

BILLING CODE P