[Federal Register Volume 60, Number 78 (Monday, April 24, 1995)]
[Notices]
[Pages 20156-20158]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 95-9988]



-----------------------------------------------------------------------


DEPARTMENT OF VETERANS AFFAIRS

Privacy Act of 1974, Amendment of System of Records, 
Compensation, Pension, Education and Rehabilitation Records-VA (58VA21/
22)

AGENCY: Department of Veterans Affairs.

ACTION: Notice.

-----------------------------------------------------------------------

    Notice is hereby given that the Department of Veterans Affairs (VA) 
is considering adding two new routine uses to, and amending the storage 
policies for the records in, the system of records entitled 
Compensation, Pension, Education and Rehabilitation Records--VA 
(58VA21/22) published at 41 FR 9294 (03/03/76), and amended at 43 FR 
3984 (01/30/78), 43 FR 15026 (04/10/78), 43 FR 23797 (06/01/78), 45 FR 
57641 (08/28/80), 45 FR 77220 (11/21/80), 47 FR 367 (01/05/82), 47 FR 
16132 (04/14/482), 47 FR 4072 (09/15/82), 48 FR 1384 (01/12/83), 48 FR 
15994 (04/13/83), 48 FR 39197 (08/29/83), 48 FR 52798 (11/22/83), 49 FR 
23974 (06/08/84), 49 FR 36046 (09/13/84), 50 FR 10886 (03/18/85), 50 FR 
31453 (06/28/85), 50 FR 31453 (08/02/85), 51 FR 24781 (07/08/86), 51 FR 
25141 (07/10/86), 51 FR 28289 (08/06/86), 51 FR 36894 (10/16/86), 52 FR 
4078 (02/09/87), 54 FR 36933 (09/05/89), 55 FR 28508 (07/11/90), 55 FR 
42540 (10/19/90), 56 FR 15667 (04/17/91), 56 FR 16354 (04/22/91), 57 FR 
12374 (04/09/92), 57 FR 44007 (09/23/92), 58 FR 38164 (07/15/93) and 58 
FR 54643 (10/22/93).
    VA has published a notice of final rulemaking (59 FR 47082 
(September 14, 1994)) amending its regulations to add sections 38 CFR 
14.640 through 14.643 to provide for expanded remote access to 
computerized claims records by individuals approved by the Department 
to represent claimants before VA in the preparation, presentation, and 
prosecution of claims for veterans' benefits.
    Those regulations provide that VA would disclose information 
concerning how these representatives use their access privileges in two 
circumstances for which routine uses do not currently exist. First, if 
VA is considering whether to revoke the individual representative's 
access privileges generally, VA will then notify the representative's 
employer.
    Second, if the representative is licensed by a governmental entity, 
such as a state bar association, VA will report the conduct of the 
representative to that entity after revocation of access privileges if 
VA concludes that the conduct which was the basis for revocation of 
access privileges merits reporting.
    These two routine uses would add provisions to allow the release of 
information concerning the conduct of individual representatives in 
both these cases.
    VA has determined that release of information under the 
circumstances described above is a necessary and proper use of 
information in this system of records and that a specific routine use 
for transfer of this information is appropriate.
    VA is also amending the storage policies and practices for the 
records in this system of records to reflect the policies and practices 
applicable to claimants' representatives and attorneys who are granted 
access to automated claimant's record.
    Interested persons are invited to submit written comments, 
suggestions, or objections regarding the proposed amended routine use 
statements to the Director, Office of Regulations Management(02), 810 
Vermont Avenue, NW, Washington, DC 20420. All relevant material 
received before May 24, 1995, will be considered. All written comments 
received will be available for public inspection at the Office of 
Regulations Management, room 1176, 801 I Street, NW., Washington, DC 
20001 only between the hours of 8 am and 4:30 pm, Monday through Friday 
(except holidays) until June 5, 1995.
    If no public comment is received during the 30 day review period 
allowed for public comment or unless otherwise published in the Federal 
Register by the Department of Veterans Affairs, the amendments to 
58VA21/22 included herein are effective May 24, 1995.

    Approved: April 10, 1995.
Jesse Brown,
Secetary of Veterans Affairs.

Notice of Amendment to System of Records

    The system of records identified as 58 VA 21/22, ``Compensation, 
Pension, Education and Rehabilitation records--VA'' published at 41 FR 
9294 (03/03/76) and amended at 43 FR 3984 (01/30/78), 43 FR 15026 (04/
10/78), 43 FR 23797 (06/01/78), 45 FR 57641 (08/28/80), 45 FR 77220 
(11/21/80), 47 FR 367 (01/05/82), 47 FR 16132 (04/14/82), 47 FR 40742 
(09/15/82), 48 FR 1384 (01/12/83), 48 FR 15994 (04/13/83), 48 FR 39197 
(08/29/83), 48 FR 52798 (11/22/83), 49 FR 23974 (06/08/84), 49 FR 36046 
(09/13/84), 50 FR 10886 (03/18/85), 50 FR 31453 (06/28/85), 50 FR 31453 
(08/02/85), 51 FR 24781 (07/08/86), 51 FR 25141 (07/10/86), 51 FR 28289 
(08/06/86), 51 FR 36894 (10/16/86), 52 FR 4078 (02/09/87), 54 FR 36933 
(09/05/89), 55 FR 28508 (07/11/90), 55 FR 42540 (10/19/90), 56 FR 15667 
(04/17/91), 56 FR 16354 (04/22/91), 57 FR 12374 (04/09/92), 57 FR 44007 
(09/23/92), 58 FR 38164 (07/15/93) and 58 FR 54643 (10/22/93), is 
amended by adding the following:
58 VA 21/22
    Compensation, Pension, Education and Rehabilitation Records--VA.
* * * * *
* * * * *
    59. The name and address of a prospective, present, or former 
accredited representative, claims agent or attorney and any information 
concerning such individual which is [[Page 20157]] relevant to a 
refusal to grant access privileges to automated veterans claims 
records, or a potential or past suspension or termination of such 
access privileges may be disclosed to the entity employing the 
individual to represent veterans on claims for veterans benefits.
    60. The name and address of a former accredited representative, 
claim agent or attorney, and any information concerning such 
individual, except a veteran's name and home address, which is relevant 
to a revocation of such access privileges may be disclosed to an 
appropriate governmental licensing organization where VA determines 
that the individual's conduct which resulted in revocation merits 
reporting.
* * * * *
    Records (or information contained in records) are maintained on 
paper documents in claims file folders (e.g., ``C'' file folders, 
educational file folders and vocational rehabilitation folders) and on 
automated storage media (e.g., microfilm, microfiche, magnetic tape and 
disks). Such information may be accessed through a data 
telecommunication terminal system designated the Benefits Delivery 
Network (BDN). BDN terminal locations include VA Central Office, 
regional offices, some VA health care facilities, Department of Defense 
Finance and Accounting Service Centers and the U.S. Coast Guard Pay and 
Personnel Center.
    Remote on-line access is also made available to authorized 
representatives of claimants and to attorneys of record for claimants. 
A VA claimant must execute a prior written consent or a power of 
attorney authorizing access to his or her claims records before VA will 
allow the representative or attorney to have access to the claimant's 
automated claims records. Access by representatives and attorneys of 
record is to be used solely for the purpose of assisting an individual 
claimant whose records are accessed in a claim for benefits 
administered by VA.
    Information relating to receivable accounts owed to VA, designated 
the Centralized Accounts Receivable System (CARS), is maintained on 
magnetic tape, microfiche and microfilm. CARS is accessed through a 
data telecommunications terminal system at St. Paul, Minnesota.
* * * * *
    The proposed change should have no effect upon the current 
RETREIVABILITY policies or practices.
* * * * *
    1. Physical Security: (a) Access to working spaces and claims 
folder file storage areas in VA regional offices and centers is 
restricted to VA employees on a need-to-know basis. Generally, file 
areas are locked after normal duty hours and the offices and centers 
are protected from outside access by the Federal Protective Service or 
other security personnel. Employee claims file records and claims file 
records of public figures are stored in separate locked files. Strict 
control measures are enforced to ensure that access to and disclosure 
from these claims file records are limited to a need-to-know basis.
    (b) Access to BDN data telecommunications network is by 
authorization controlled by the site security officer who is 
responsible for authorizing access to the BDN by a claimant's 
representative or attorney approved for access in accordance with VA 
regulations. The site security officer is responsible for ensuring that 
the hardware, software and security practices of a representative or 
attorney satisfy VA security requirements before granting access. The 
security requirements applicable to access to automated claims files by 
VA employees also apply to access to automated claims files by 
claimants' representatives or attorneys. The security officer is 
assigned responsibility for privacy-security measures, especially for 
review of violation logs, information logs and control of password 
distribution, including password distribution for claimants' 
representatives.
    (c) Access to data processing centers is generally restricted to 
center employees, custodial personnel, Federal Protective Service and 
other security personnel. Access to computer rooms is restricted to 
authorized operational personnel through electronic locking devices. 
All other persons provided access to computer rooms are escorted.
    (d) Employee production records are identified by the confidential 
BDN access number, not name, and are protected by management/
supervisory personnel from unauthorized disclosure in the same manner 
as other confidential records maintained by supervisors.
    2. BDN System Security: (a) Usage of the BDN system is protected by 
the usage of ``logan'' identification passwords and authorized function 
passwords. The passwords are changed periodically. These same 
protections apply to remote access users.
    (b) At the data processing centers, identification of magnetic 
tapes and disks containing data is rigidly enforced using labeling 
techniques. Automated storage media which are not in use are stored in 
tape libraries which are secured in locked rooms. Access to programs is 
controlled at three levels: Programming, auditing and operations. 
Access to the data processing centers where HUD maintains CAIVRS is 
generally restricted to center employees and authorized subcontractors. 
Access to computer rooms is restricted to center employees and 
authorized operational personnel through electronic locking devices. 
All other persons granted access to computer rooms are escorted.
    Files in CAIVRS use social security numbers as identifiers. Access 
to information files is restricted to authorized employees of 
participating agencies and authorized employees of lenders who 
participate in the agencies' programs. Access is controlled by agency 
distribution of passwords. Information in the system may be accessed by 
use of a touch-tone telephone by authorized agency and lender employees 
on a ``need-to-know'' basis.
* * * * *

Report of Intention to Alter Federal Notice of System of Records for 
``Compensation, Pension, Education and Rehabilitation Records--VA'' 58 
VA 21/22

Purpose

    Amending this system of records will allow VA to use information 
maintained by this system of records to be used to revoke the access of 
claimant's representatives to the system of records for violation of 
the provisions of 38 CFR 14.640 through 14.643.

Authority

    Regulations 38 CFR 14.640 through 14.643.

Probable or Potential Effect on the Privacy of Individuals

    These changes should have minimal effect on the privacy rights of 
individuals. They will permit VA to use information contained in this 
system of records to revoke access to this system to representatives of 
claimants who violate the provisions of regulations 38 CFR 14.640 
through 14.643.

Steps Taken to Minimize Risks

    VA will safeguard individual records as required by the Privacy Act 
of 1974. Access to working areas and claims [[Page 20158]] folder 
storage areas in VA regional offices is restricted to VA employees on a 
need to know basis. Files are locked afternormal duty hours and the 
offices are protected from outside access by the Federal Protective 
Service or other security personnel. Access to automated VA records by 
VA employees and authorized representatives of claimants requires 
clearance by the site security officer, whose responsibilities include 
control of password distribution.

Satisfaction of Compatibility Requirements of Subsection (a)(7) of the 
Privacy Act

    These routine uses will permit VA to disclose information from the 
BDN system to service organizations whenever VA contemplates revocation 
of a representative's access privileges. These are necessary to protect 
the integrity of the BDN system.
[FR Doc. 95-9988 Filed 4-21-95; 8:45 am]
BILLING CODE 8320-01-M