Skip to Content

Notice

Privacy Act of 1974; System of Records

Document Details

Information about this document as published in the Federal Register.

Document Statistics
Document page views are updated periodically throughout the day and are cumulative counts for this document including its time on Public Inspection. Counts are subject to sampling, reprocessing and revision (up or down) throughout the day.
Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

AGENCY:

Department of Veterans Affairs (VA).

ACTION:

Notice of a new system of records.

SUMMARY:

The Privacy Act of 1974 requires that all agencies publish in the Federal Register a notice of the existence and character of their systems of records. Notice is hereby given that the Department of Veterans Affairs (VA) is establishing a new system of records entitled, “HealthShare Referral Manager (HSRM)-VA” (180VA10D).

DATES:

Comments on this new system of records must be received no later than January 17, 2019. If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by VA, the new system will become effective January 17, 2019. If VA receives public comments, VA shall review the comments to determine whether any changes to the notice are necessary.

ADDRESSES:

Written comments concerning the new system of records may be submitted by: Mail or hand-delivery to Director, Regulations Management (00REG), Department of Veterans Affairs, 810 Vermont Avenue NW, Room 1068, Washington, DC 20420; fax to (202) 273-9026; or Email to http://www.Regulations.gov. Comments should indicate that they are submitted in response to “HealthShare Referral Manager (HSRM)-VA” (180VA10D). All comments received will be available for public inspection in the Office of Regulation Policy and Management, Room 1063B, between the hours of 8:00 a.m. and 4:30 p.m., Monday through Friday (except holidays). Please call (202) 461-4902 (this is not a toll-free number) for an appointment.

Start Further Info

FOR FURTHER INFORMATION CONTACT:

Kevin Kania, Program Manager, Community Care Referrals and Start Printed Page 64936Authorization (CCRA) System, Office of Community Care, Hines Office of Information and Technology Field Office, Edward Hines, Jr. VA Hospital, P.O. Box 7008, Building 37, Room 128, Hines, IL 60141; telephone at (815) 254-0334. (This is not a toll-free number.)

End Further Info End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

I. Description of Proposed Systems of Records

CCRA is an enterprise-wide solution in support of the Veterans Access, Choice, and Accountability Act of 2014 (Pub. L. 113-146) (“Choice Act”), as amended by the VA Expiring Authorities Act of 2014 (Pub. L. 113-175), to generate referrals and authorizations for Veterans receiving care in the community. VA clinical providers and Non-VA clinical providers will access a cloud based software system to request and refer clinical care for Veterans with Non-VA Community Care providers. This solution will enhance Veteran access to care by utilizing a common and modern system to orchestrate the complex business of VA referral management. The CCRA solution is an integral component of the VA Community Care (CC) Information Technology (IT) architecture, and will track and share health care information and correspondence necessary for Veterans to be seen for appropriate and approved episodes of CC. The CCRA solution will allow the VA to move to a process that generates standardized referrals and authorizations, according to clinical and business rules.

The CCRA project completed a contract to provide HealthShare Referral Manager by Intersystems as the CCRA solution. HealthShare Referral Manager is a commercial off-the-shelf software product that will be hosted in an Amazon Web Services (AWS) FedRAMP High Gov cloud and is planned for enterprise integration with VA systems, both inside and outside of CC.

II. Proposed Routine Use Disclosures of Data in the System

We are proposing to establish the following Routine Use disclosures of information maintained in the system. To the extent that records contained in the system include information protected by 38 U.S.C. 7332, i.e., medical treatment information related to drug abuse, alcoholism or alcohol abuse, sickle cell anemia or infection with the human immunodeficiency virus; information protected by 38 U.S.C. 5705, i.e., quality assurance records; or information protected by 45 CFR parts 160 and 164, i.e., individually identifiable health information, such information cannot be disclosed under a routine use unless there is also specific statutory authority permitting the disclosure. VA may disclose protected health information pursuant to the following routine uses where required or permitted by law.

1. VA may disclose information from the record of an individual in response to an inquiry from the congressional office made at the request of that individual. VA must be able to provide information about individuals to adequately respond to inquiries from Members of Congress at the request of constituents who have sought their assistance.

2. VA may disclose information from this system to appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that there has been a breach of the system of records; (2) VA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, VA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with VA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

3. VA may disclose information in this system, except the names and home addresses of Veterans and their dependents, which is relevant to a suspected or reasonably imminent violation of law, whether civil, criminal or regulatory in nature and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, to a Federal, state, local, tribal, or foreign agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule or order. On its own initiative, VA may also disclose the names and addresses of Veterans and their dependents to a Federal agency charged with the responsibility of investigating or prosecuting civil, criminal or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, rule or order issued pursuant thereto. VA must be able to provide on its own initiative information that pertains to a violation of laws to law enforcement authorities in order for them to investigate and enforce those laws. Under 38 U.S.C. 5701(a) and (f), VA may only disclose the names and addresses of Veterans and their dependents to Federal entities with law enforcement responsibilities. This is distinct from the authority to disclose records in response to a qualifying request from a law enforcement entity, as authorized by Privacy Act subsection 5 U.S.C. 552a(b)(7).

4. VA may disclose information from this system of records to the Department of Justice (DoJ), either on VA's initiative or in response to DoJ's request for the information, after either VA or DoJ determines that such information is relevant to DoJ's representation of the United States or any of its components in legal proceedings before a court or adjudicative body, provided that, in each case, the agency also determines prior to disclosure that release of the records to the DoJ is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. VA, on its own initiative, may disclose records in this system of records in legal proceedings before a court or administrative body after determining that the disclosure of the records to the court or administrative body is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. VA must be able to provide information to DoJ in litigation where the United States or any of its components is involved or has an interest. A determination would be made in each instance that under the circumstances involved, the purpose is compatible with the purpose for which VA collected the information. This routine use is distinct from the authority to disclose records in response to a court order under subsection (b)(11) of the Privacy Act, 5 U.S.C. 552(b)(11), or any other provision of subsection (b), in accordance with the court's analysis in Doe v. DiGenova, 779 F.2d 74, 78-84 (D.C. Cir. 1985) and Doe v. Stephens, 851 F.2d 1457, 1465-67 (D.C. Cir. 1988).

5. VA may disclose information from this system of records to individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to perform such services as VA may deem practicable for the purposes of laws administered by VA, in order for the contractor, subcontractor, public or private agency, or other entity or individual with whom VA has a contract or agreement to perform services under the contract or agreement. This routine use includes disclosures by an individual or entity performing services for VA to any secondary entity or individual to perform an activity that is necessary for individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to provide the Start Printed Page 64937service to VA. This routine use, which also applies to agreements that do not qualify as contracts defined by Federal procurement laws and regulations, is consistent with the Office of Management and Budget (OMB) guidance in OMB Circular A-108, paragraph 6(j) that agencies promulgate routine uses to address disclosure of Privacy Act-protected information to contractors in order to perform the services contracts for the agency.

6. VA may disclose information from this system to the Equal Employment Opportunity Commission (EEOC) when requested in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, or other functions of the Commission as authorized by law or regulation. VA must be able to provide information to EEOC to assist it in fulfilling its duties to protect employees' rights, as required by statute and regulation.

7. VA may disclose information from this system to the Federal Labor Relations Authority (FLRA), including its General Counsel, information related to the establishment of jurisdiction, investigation, and resolution of allegations of unfair labor practices, or in connection with the resolution of exceptions to arbitration awards when a question of material fact is raised; for it to address matters properly before the Federal Services Impasses Panel, investigate representation petitions, and conduct or supervise representation elections. VA must be able to provide information to FLRA to comply with the statutory mandate under which it operates.

8. VA may disclose information from this system to the Merit Systems Protection Board (MSPB), or the Office of the Special Counsel, when requested in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as authorized by law. VA must be able to provide information to MSPB to assist it in fulfilling its duties as required by statute and regulation.

9. VA may disclose information from this system to the National Archives and Records Administration (NARA) and General Services Administration (GSA) in records management inspections conducted under Title 44, U.S.C. NARA is responsible for archiving old records which are no longer actively used but may be appropriate for preservation, and for the physical maintenance of the Federal government's records. VA must be able to provide the records to NARA in order to determine the proper disposition of such records.

10. Data breach response and remedial efforts with another Federal agency: VA may disclose information from this system to another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

11. Disclosure to other Federal agencies may be made to assist such agencies in preventing and detecting possible fraud or abuse by individuals in their operations and programs.

12. VA may disclose relevant health care information to (a) a Federal agency or non-VA health care provider or institution when VA refers a patient for hospital or nursing home care or medical services, or authorizes a patient to obtain non-VA medical services, and the information is needed by the Federal agency or non-VA institution or provider to perform the services, or (b) a Federal agency or a non-VA hospital (Federal, State and local, public, or private) or other medical installation having hospital facilities, blood banks, or similar institutions, medical schools or clinics, or other groups or individuals that have contracted or agreed to provide medical services or share the use of medical resources under the provisions of 38 U.S.C. 513, 7409, 8111, or 8153, when treatment is rendered by VA under the terms of such contract or agreement, or the issuance of an authorization, and the information is needed for purposes of medical treatment and/or follow-up, determining entitlement to a benefit, or recovery of the costs of the medical care.

III. Compatibility of the Proposed Routine Uses

The Privacy Act permits VA to disclose information about individuals without their consent for a routine use when the information will be used for a purpose that is compatible with the purpose for which VA collected the information. In all of the routine use disclosures described above, either the recipient of the information will use the information in connection with a matter relating to one of VA's programs, to provide a benefit to the VA, or to disclose information as required by law.

Under section 264, Subtitle F of Title II of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Public Law 104-191, 100 Stat. 1936, 2033-34 (1996), the United States Department of Health and Human Services (HHS) published a final rule, as amended, establishing Standards for Privacy of Individually-Identifiable health Information, 45 CFR parts 160 and 164. Veterans Health Administration (VHA) may not disclose individually identifiable health information (as defined in HIPAA and the Privacy Rule, 42 U.S.C. 1320(d)(6) and 45 CFR 164.501) pursuant to a routine use unless either: (a) The disclosure is required by law, or (b) the disclosure is also permitted or required by HHS' Privacy Rule. The disclosures of individually-identifiable health information contemplated in the routine uses published in this new system of records notice are permitted under the Privacy Rule or required by law. However, to also have authority to make such disclosures under the Privacy Act, VA must publish these routine uses. Consequently, VA is publishing these routine uses to the routine uses portion of the system of records notice stating that any disclosure pursuant to the routine uses in this system of records notice must be either required by law or permitted by the Privacy Rule, before VHA may disclose the covered information.

The notice of intent to publish and an advance copy of the system notice have been sent to the appropriate Congressional committees and to the Director, Office of Management and Budget, as required by 5 U.S.C. 552a(r) (Privacy Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000.

Signing Authority

The Senior Agency Official for Privacy, or designee, approved this document and authorized the undersigned to sign and submit the document to the Office of the Federal Register for publication electronically as an official document of the Department of Veterans Affairs. James B. Ford, Acting Executive Director for Privacy, Quality, Privacy, and Risk, Department of Veterans Affairs approved this document on July 16, 2018 for publication.

Start Signature
Start Printed Page 64938

Dated: December 13, 2018.

Kathleen M. Manwell,

Program Analyst, VA Privacy Service, Office of Information and Technology, Department of Veterans Affairs.

End Signature

SYSTEM NAME AND NUMBER:

HealthShare Referral Manager (HSRM)-VA (180VA10D)

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Amazon Web Services, LLC, 13461 Sunrise Valley Drive, Herndon, VA 20171-3283. Community Care Referrals and Authorization (CCRA) System Program Manager, Office of Community Care, Hines Office of Information and Technology Field Office, Edward Hines, Jr. VA Hospital, P.O. Box 7008, Building 37, Room 128, Hines, IL 60141.

SYSTEM MANAGER(S):

Officials responsible for policies and procedures: Program Manager, VHA Office of Community Care (10D), Health Eligibility Center, 2957 Clairmont Road, Suite 200 Atlanta, GA 30329-1647. Telephone number (815) -254-0334. (This is not a toll-free number.)

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Title 38, United States Code, section 7301(a) and Veterans Access, Choice, and Accountability Act of 2014 (Pub. L. 113-146).

PURPOSE(S) OF THE SYSTEM:

CCRA is an enterprise-wide system used by community care staff to automatically generate referrals and authorizations for all Veterans receiving care in the community. The system is an integral component of the VA community care information technology (IT) architecture, and will allow Veterans to receive care from community providers within the Community Care Network through the Veterans Choice Program. The CCRA system will allow these providers to view relevant patient and clinical information from Veterans Information Systems and Technology Architecture (VistA). The exchange of health care information and authorizations will enhance VA's ability to ensure that Veterans receive the best health care available to address their medical needs. The CCRA system will also enable the VA to move from what is currently a largely manual process to an automated process that generates standardized referrals and authorizations according to clinical and business rules. The automated process will decrease the administrative burden on VA clinical and community care staff members by way of establishing clinical and business pathways that which reflect best processes, consistent outcomes, and reduced turnaround times.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

The records include information concerning:

1. Veterans who have applied for health care services under Title 38, United States Code, Chapter 17, and in certain cases members of their immediate families.

2. Individuals examined or treated under contract or resource sharing agreements.

3. Individuals who were provided medical care under emergency conditions for humanitarian reasons.

4. Health care professionals providing examination or treatment to any individuals within VA health care facilities.

5. Healthcare professionals providing examination or treatment to individuals under contract or resource sharing agreements or CC programs, such as Choice.

6. Patients and members of their immediate family, volunteers, maintenance personnel, as well as individuals working collaboratively with VA.

7. Contractors, sub-contractors, contract personnel, students, providers and consultants.

CATEGORIES OF RECORDS IN THE SYSTEM:

The records may include information and health information related to:

1. Identifying information (e.g., name, birth date, death date, admission date, discharge date, gender, social security number, taxpayer identification number); address information (e.g., home and/or mailing address, home telephone number, emergency contact information such as name, address, telephone number, and relationship); prosthetic and sensory aid serial numbers; medical record numbers; integration control numbers; information related to medical examination or treatment (e.g., location of VA medical facility providing examination or treatment, treatment dates, medical conditions treated or noted on examination); information related to military service and status.

2. Computer access authorizations, computer applications available and used, information access attempts, frequency and time of use; identification of the person responsible for, currently assigned, or otherwise engaged in various categories of patient care or support of health care delivery.

3. Application, eligibility, and claim information regarding payment determination for medical services provided to VA beneficiaries by non-VA health care institutions and providers.

4. Health care provider's name, address, and taxpayer identification number, correspondence concerning individuals and documents pertaining to claims for medical services, reasons for denial of payment, and appellate determinations.

RECORD SOURCE CATEGORIES:

The Veteran or other VA beneficiary, family members or accredited representatives, and other third parties; private medical facilities and healthcare professionals; health insurance carriers; other Federal agencies; employees; contractors; VHA facilities and automated systems providing clinical and managerial support at VA health care facilities.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

1. VA may disclose information from the record of an individual in response to an inquiry from the congressional office made at the request of that individual.

2. VA may disclose information from this system to appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that there has been a breach of the system of records; (2) VA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, VA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with VA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

This routine use permits disclosures by the Department to respond to a suspected or confirmed data breach, including the conduct of any risk analysis or provision of credit protection services as provided in 38 U.S.C. 5724

a. Effective Response. A Federal agency's ability to respond quickly and effectively in the event of a breach of Federal data is critical to its efforts to prevent or minimize any consequent harm. An effective response necessitates disclosure of information regarding the breach to those individuals affected by it, as well as to persons and entities in a position to cooperate, either by assisting in notification to affected individuals or playing a role in preventing or minimizing harms from the breach.Start Printed Page 64939

b. Disclosure of Information. Often, the information to be disclosed to such persons and entities is maintained by Federal agencies and is subject to the Privacy Act (5 U.S.C. 552a). The Privacy Act prohibits the disclosure of any record in a system of records by any means of communication to any person or agency absent the written consent of the subject individual, unless the disclosure falls within one of twelve statutory exceptions. In order to ensure an agency is in the best position to respond in a timely and effective manner, in accordance with 5 U.S.C. 552a(b)(3) of the Privacy Act, agencies should publish a routine use for appropriate systems specifically applying to the disclosure of information in connection with response and remedial efforts in the event of a data breach.

3. VA may, on its own initiative, disclose information in this system, except the names and home addresses of Veterans and their dependents, which is relevant to a suspected or reasonably imminent violation of law, whether civil, criminal or regulatory in nature and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, to a Federal, state, local, tribal, or foreign agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule or order. On its own initiative, VA may also disclose the names and addresses of Veterans and their dependents to a Federal agency charged with the responsibility of investigating or prosecuting civil, criminal or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, rule or order issued pursuant thereto.

4. VA may disclose information from this system of records to the Department of Justice (DoJ), either on VA's initiative or in response to DoJ's request for the information, after either VA or DoJ determines that such information is relevant to DoJ's representation of the United States or any of its components in legal proceedings before a court or adjudicative body, provided that, in each case, the agency also determines prior to disclosure that release of the records to the DoJ is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. VA, on its own initiative, may disclose records in this system of records in legal proceedings before a court or administrative body after determining that the disclosure of the records to the court or administrative body is a use of the information contained in the records that is compatible with the purpose for which VA collected the records.

5. VA may disclose information from this system of records to individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to perform such services as VA may deem practicable for the purposes of laws administered by VA, in order for the contractor, subcontractor, public or private agency, or other entity or individual with whom VA has a contract or agreement to perform services under the contract or agreement.

6. VA may disclose information from this system to the Equal Employment Opportunity Commission (EEOC) when requested in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, or other functions of the Commission as authorized by law or regulation.

7. VA may disclose information from this system to the Federal Labor Relations Authority (FLRA), including its General Counsel, information related to the establishment of jurisdiction, investigation, and resolution of allegations of unfair labor practices, or in connection with the resolution of exceptions to arbitration awards when a question of material fact is raised; for it to address matters properly before the Federal Service Impasses Panel, investigate representation petitions, and conduct or supervise representation elections.

8. VA may disclose information from this system to the Merit Systems Protection Board (MSPB), or the Office of the Special Counsel, when requested in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as authorized by law.

9. VA may disclose information from this system to the National Archives and Records Administration (NARA) and General Services Administration (GSA) in records management inspections conducted under title 44, U.S.C. NARA is responsible for archiving old records which are no longer actively used but may be appropriate for preservation, and for the physical maintenance of the Federal government's records.

10. VA may disclose information from this system to another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

11. Disclosure to other Federal agencies may be made to assist such agencies in preventing and detecting possible fraud or abuse by individuals in their operations and programs.

12. VA may disclose relevant health care information to (a) a Federal agency or non-VA health care provider or institution when VA refers a patient for hospital or nursing home care or medical services, or authorizes a patient to obtain non-VA medical services, and the information is needed by the Federal agency or non-VA institution or provider to perform the services, or (b) a Federal agency or a non-VA hospital (Federal, State and local, public, or private) or other medical installation having hospital facilities, blood banks, or similar institutions, medical schools or clinics, or other groups or individuals that have contracted or agreed to provide medical services or share the use of medical resources under the provisions of 38 U.S.C. 513, 7409, 8111, or 8153, when treatment is rendered by VA under the terms of such contract or agreement, or the issuance of an authorization, and the information is needed for purposes of medical treatment and/or follow-up, determining entitlement to a benefit, or recovery of the costs of the medical care.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

CCRA relies on information in VistA, and only collects information related to referrals. Referral information is maintained as part of the individual's electronic health care record in accordance with the rules applied to those records. The CCRA system is hosted in Amazon Web Services (AWS) Government Cloud (GovCloud) infrastructure as a service cloud-computing environment that has been authorized at the high-impact level under the Federal Risk and Authorization Management Program (FedRAMP). The secure site-to-site encrypted network connection is limited to access via the VA trusted internet connection (TIC).Start Printed Page 64940

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records are retrieved by name, social security number or other assigned identifiers of the individuals on whom they are maintained.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

These patient appointment and appointment schedules records shall be maintained per Record Control Schedule (RCS) 10-1 item; 2201.1. According to General Records Scehdule (GRS) 5.1 item 010, DAA-GRS-2017-0003-0001, temporary destroy transitory records, messages coordinating schedules, appointments, and events when no longer needed for business use, or according to agency predetermined time or business rule.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

1. CCRA has physical controls and securely stores digital and non-digital media defined within the latest revision of NIST SP 800-88, Guidelines for Media Sanitization, and VA 6500, within controlled areas; and protects information system media until the media is destroyed or sanitized using approved equipment, techniques, and procedures.

2. The CCRA system is hosted in Amazon Web Services (AWS) Government Cloud (GovCloud) infrastructure as a service cloud-computing environment that has been authorized at the high-impact level under the Federal Risk and Authorization Management Program (FedRAMP). The secure site-to-site encrypted network connection is limited to access via the VA trusted internet connection (TIC).

RECORD ACCESS PROCEDURES:

Individuals seeking information regarding access to and contesting of records in this system may write, call or visit the VA facility location where medical care was provided or VHA Office of Community Care.

CONTESTING RECORD PROCEDURES:

(See Record Access Procedures above.)

NOTIFICATION PROCEDURES:

An individual who wishes to determine whether a record is being maintained in this system under his or her name or other personal identifier, or wants to review the contents of such record, should submit a written request or apply in person to the last VA health care facility where care was rendered. All inquiries must reasonably describe the portion of the medical record involved and the place and approximate date that medical care was provided. Inquiries should include the patient's full name, social security number, and return address.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.

End Supplemental Information

[FR Doc. 2018-27334 Filed 12-17-18; 8:45 am]

BILLING CODE P