[Federal Register Volume 66, Number 97 (Friday, May 18, 2001)]
[Notices]
[Pages 27752-27757]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 01-12527]


-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Department of Veterans Affairs (VA).

ACTION: Notice of Amendment of Systems of Records Notice ``Healthcare 
Eligibility Records--VA''.

-----------------------------------------------------------------------

SUMMARY: As required by the Privacy Act of 1974, 5 U.S.C. 552a(e), 
notice is hereby given that the Department of Veterans Affairs (VA) is 
amending the system of records currently entitled as ``Healthcare 
Eligibility Records--VA'' (89VA19) as established in Federal Register 
59 FR 8677 dated 2/23/94 and amended in Federal Register 64 FR 13049 
dated 3/16/99. VA is amending the system by revising the System 
Location; Categories of Records in the System; Routine Use Disclosure 
Statements; and Policies and Practices for Storing, Retrieving, 
Accessing, Retaining and Disposing of Records in the System, including 
Storage, Retrievability and Safeguards. VA is republishing the system 
notice in its entirety at this time.
    Title 38 U.S.C. Section 1705, requires the Veterans Health 
Administration (VHA) to establish a system of annual patient 
enrollment. VHA determined that the Health Eligibility Center (HEC) 
database would be expanded to serve as the central enrollment database, 
thereby adding veteran eligibility and enrollment information in the 
database. Veterans' eligibility and enrollment information maintained 
in this database is shared with VA health care facilities involved in 
the veterans' care. The National Enrollment Database (NED) located at 
VA's Austin Automation Center (AAC), Austin, Texas, supports the 
national enrollment system. The NED is populated via nightly batch 
updates from the HEC. The extracts do not contain federal tax 
information.
    In an effort to facilitate patient education about VA enrollment, 
VHA established a call center operated by contractors. The HEC shares 
certain veteran data with the contractor, to facilitate the 
contractor's ability to accurately respond to veteran inquiries 
relating to enrollment and eligibility information, and to assist in 
fulfilling requests for enrollment-related materials (brochures, 
application forms, etc.). Specific data shared with the contractor 
include veterans' names, social security numbers, addresses, phone 
numbers, dates of birth, enrollment priority groups and primary health 
care facilities. The contractor asks the veteran caller for his or her 
social security number (SSN) and date of birth when it is necessary to 
transfer the call to a VA Medical Center or HEC for further assistance. 
SSN and Date of Birth information assists VA Medical Center and HEC 
staffs in locating the veteran's records. Other data elements provided 
to the contractor are utilized to assist in advising the veteran on 
enrollment-related matters and to mail enrollment information to the 
caller. Veterans also contact the call center to provide change of 
address information. Any updated demographic data obtained from the 
caller by the contractor is submitted to the HEC through electronic 
mail. Information is secured through use of a dedicated T-1 line, which 
contains a firewall to secure the data.

[[Page 27753]]


DATES: Comments on the amendment of this system of records must be 
received no later than June 18, 2001. If no public comment is received, 
the new system will become effective June 18, 2001.

ADDRESSES: Written comments concerning the amendment of this system of 
records may be submitted to the Office of Regulations Management (02D), 
Department of Veterans Affairs, 810 Vermont Avenue, NW., Washington, DC 
20420. Comments will be available for public inspection at the above 
address in the Office of Regulations Management, Room 1158, between the 
hours of 8:00 a.m. and 4:30 p.m., Monday through Friday (except 
holidays).

FOR FURTHER INFORMATION CONTACT: Veterans Health Administration (VHA) 
Privacy Act Officer, Department of Veterans Affairs, 810 Vermont 
Avenue, NW., Washington, D.C. 20420, telephone (727) 320-1839.

SUPPLEMENTARY INFORMATION: The purpose for this system of records 
amendment is to expand the categories of individuals covered; to add a 
new routine use for the data contained in the system of records and to 
cover records to be maintained in the NED. The system location has been 
amended to reflect additional locations of certain data contained in 
the system of records, e.g., with or by contractor and records 
maintained at the AAC. The individuals covered by this system have been 
increased to include all enrolled veterans who have applied for VA 
health care services under Title 38, United States Code, Chapter 17, 
and their spouses and dependents as provided for in other provisions of 
Title 38, United States Code. Under the previous notice only, VA 
collected data on only non-service connected veterans and 
noncompensable, zero percent service-connected veterans.
    The safeguards portion of the notice has been amended to describe 
the security provisions for information contained in the system of 
records for the NED and contractor sites.
    A new routine use of the data is added to reflect that certain data 
contained in the system of records is shared with a contractor or 
subcontractor.
    A supplementary statement has been added under retention and 
disposal of the records to reflect that records are disposed of in 
accordance with the records retention standards approved by the 
Archivist of the United States, National Archives and Records 
Administration, and published in VHA Records Control Schedule 10-1.
    The HEC in Atlanta, Georgia, was originally established as the 
Income Verification Match Center (IVMC) to verify the income of non-
service connected veterans with Internal Revenue Service (IRS) and 
Social Security Administration (SSA) information to verify the 
veteran's eligibility for VA health care benefits, as authorized by 
section 8051, Public Law 101-508. Section 8014 of Public Law 105-33 
extended VA's matching authority through September 30, 2002.
    Title 38, United States Code, Section 1705, requires VA to design, 
establish and operate a system of annual patient enrollment. As a 
matter of policy, VA has determined that the HEC database will be 
expanded to serve as the central repository for eligibility and 
enrollment data of veterans applying for, or receiving VA health care 
benefits. Veterans' enrollment information, such as the beginning and 
ending date of the enrollment period, enrollment status and primary 
health care facility, will be maintained in this database and provided 
to VA health care facilities involved in the veterans' care. This 
increases the types of records and individuals covered under the 
system.
    To carry out the HEC programs, the Center receives electronic 
transmissions of eligibility and enrollment information on a nightly 
basis from VA health care facilities via the Department's electronic 
communications system (wide area network). These transmissions include 
personal, income and eligibility information, such as name, social 
security number, address, health insurance coverage, and other 
information concerning veteran's household income and eligibility 
status. Where relevant to the means test, these transmissions include 
information necessary to make such determination that is provided by 
the veteran. Compensation and pension award information contained in 
claims records administered by the Veterans Benefit Administration 
(VBA) is also sent to the HEC database by the AAC. This transmission is 
accomplished by using the Department's wide area network, ensuring 
consistency of eligibility information contained in records covered by 
this system. The HEC automatically sends this information over the VA's 
wide area network to VA medical facilities where the veteran received 
care within the past three years. VA medical facilities can query the 
HEC database to obtain information on veteran applicants who have not 
previously received health care at that facility. If available, updated 
information is transmitted to the requesting facility and loaded into 
the facility's database. Once in the facility database, this 
information is covered by another system of records.
    The HEC submits record identifying information (name, social 
security number, data of birth, and sex) to SSA for social security 
number validation on the veteran, spouse or dependent. This data 
exchange is restricted to validation of SSN data that the VHA submits 
to SSA. SSA does not disclose SSN information. The validated social 
security number assists in matching a veteran's record maintained at 
one VA health care facility with records maintained at another and with 
records maintained on the individual by the VBA.
    For certain veterans whose eligibility for VA health care is based 
on income, the validated social security number is also used to match 
VA records with SSA and IRS for income verification purposes. For 
veterans whose eligibility for VA health care is based on income, the 
HEC database contains earned and unearned income data received from IRS 
and SSA. However, no Federal Tax Information (FTI) data that the VA has 
obtained from IRS or SSA will be disclosed outside of the HEC or to a 
contractor or subcontractor. FTI information is tax information and tax 
return information obtained from the IRS or SSA, such as taxpayer's 
identity, source or amount of income, payment deductions, exemptions, 
assets, net worth, tax liability, tax withheld, deficiencies, over 
assessments or tax payments.
    Routine use number 15 states relevant information from this system 
may be disclosed to individuals, organizations, private or public 
agencies, etc., with whom VA has a contract or agreement to perform 
such services as VA may deem practicable for the purposes of laws 
administered by VA in order for the contractor or subcontractor to 
perform the services of the contract or agreement. This routine use is 
being added to reflect that certain information contained in the system 
of records is shared with a contractor, and subcontractor as 
appropriate to perform the contracted services.
    The notice of intent to publish and an advance copy of the system 
notice have been sent to the appropriate Congressional committees and 
to the Director of the Office of Management and Budget (OMB) as 
required by 5 U.S.C. 552a(r) (Privacy Act) and guidelines issued by OMB 
(65 FR 77677), December 12, 2000.


[[Page 27754]]


    Approved: April 25, 2001.
Anthony J. Principi,
Secretary of Veterans Affairs.
89VA19

SYSTEM NAME:
    Health Eligibility Records--VA.

SYSTEM LOCATION:
    Records are maintained at the Health Eligibility Center (HEC), 1644 
Tullie Circle, Atlanta, Georgia 30329; the contractor of record's site; 
and the National Enrollment Database (NED) VA Austin Automation Center 
(AAC), Austin, Texas.

CATEGORIES OF INDIVIDUALS COVERED BY THIS SYSTEM:
    Veterans who have applied for health care services under Title 38, 
United States Code, Chapter 17; their spouses and dependents as 
provided for, in other provisions of Title 38, United States Code; and 
non-veterans inquiring about VA health care benefits.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The category of records in the system include:
    National Enrollment Database (NED) records including: Medical 
benefit application and eligibility information; identifying 
information including name, address, date of birth, social security 
number, claim number, family information including spouse and 
dependent(s) name, address and social security number; employment 
information on veteran and spouse, including occupation, employer(s) 
name(s) and address(es); financial information concerning the veteran 
and the veteran's spouse including family income, assets, expenses, 
debts; third party health plan contract information, including health 
insurance carrier name and address, policy number and time period 
covered by policy; facility location(s) where treatment is provided; 
type of treatment provided, i.e., inpatient or outpatient; and dates of 
visits.
    Health Eligibility Center (HEC) records including [formerly the 
Income Verification Match (IVM) record]: Federal Tax Information (FTI) 
generated as a result of income verification computer match with 
records from Internal Revenue Service (IRS) and the Social Security 
Administration (SSA); documents obtained during the notification, 
verification and due process periods, such as initial verification 
letters, income verification forms, final confirmation letters, due 
process letters, clarification letters and subpoena documentation. FTI 
is tax information and tax return information obtained from the IRS or 
SSA, such as taxpayer's identity, source or amount of income, payment 
deductions, exemptions, assets, net worth, tax liability, tax withheld, 
deficiencies, over assessments or tax payments. Individual 
correspondence provided to the HEC by veterans or family members 
including, but not limited to, copies of death certificates; DD 214, 
Notice of Separation; disability award letters; IRS documents (i.e., 
Form 1040's, W-2's, etc.); state welfare and food stamp applications; 
VA and other pension applications; VA Form 10-10EZ, Application for 
Medical Benefits; workers compensation forms; and various annual 
earnings statements, as well as pay stubs. VA may not disclose to any 
person in any manner FTI received from IRS and SSA except as necessary 
to determine eligibility for benefits in accordance with the Internal 
Revenue Code (IRC) 26 U.S.C. 6103 (l)(7). VA may not allow access to 
FTI by any contractor or subcontractor.
    Call Center Records including: Veteran's name, social security 
number, address, date of birth, phone number, enrollment priority group 
and primary health care facility.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Title 38, United States Code, Sections 501 (a), 1705, 1722, and 
5317.

PURPOSE(S):
    Information in the system of records is used to update, verify and 
validate veteran eligibility, conduct income testing and verification 
activities; to validate social security numbers of veterans and spouses 
of those veterans receiving VA health care benefits; to ensure accuracy 
of veterans' eligibility information for medical care benefits; to 
operate an annual enrollment system; to update veteran eligibility; 
provide enrollment materials to educate veterans on enrollment; respond 
to veteran and non veteran inquiries on enrollment and eligibility; and 
to compile management reports.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    To the extent that records contained in the system include 
information protected by 26 U.S.C. 6103(p)(4), i.e., the nature, source 
and amount of income, that information cannot be disclosed under a 
Routine Use set forth absent specific authorization from the IRS or the 
VA Office of General Counsel (024).
    1. The record of an individual who is covered by this system may be 
disclosed to a member of Congress or staff person acting for the member 
when the member or staff person requests the record on behalf of, and 
at the written request of, that individual.
    2. Disclosure of HEC (formerly IVM) records, as deemed necessary 
and proper to named individuals serving as accredited service 
organization representatives and other individuals named as approved 
agents or attorneys for a documented purpose and period of time, to aid 
beneficiaries in the preparation and presentation of their cases during 
the verification and/or due process procedures and in the presentation 
and prosecution of claims under laws administered by the Department of 
Veterans Affairs (VA).
    3. In the event that information in this system of records 
maintained by this agency to carry out its functions, indicates a 
suspected violation or reasonably imminent violation of law, whether 
civil, criminal or regulatory in nature, and whether arising by general 
statute or a particular program statute, or by regulation, rule or 
order issued pursuant thereto, the relevant records may be referred at 
VA's initiative, as a routine use, to the appropriate agency, whether 
Federal, State, local or foreign, charged with the responsibility of 
investigating or prosecuting such violation or charged with enforcing 
or implementing the statute, or rule, regulation or order issued 
pursuant thereto. However, names and addresses of veterans and their 
dependents will be released only to Federal entities.
    4. Relevant information from this system of records may be 
disclosed as a routine use: in the course of presenting evidence to a 
court, magistrate or administrative tribunal, in matters of 
guardianship, inquests and commitments; to private attorneys 
representing veterans rated incompetent in conjunction with issuance of 
Certificates of Incompetency; and to probation and parole officers in 
connection with Court required duties.
    5. Any information in this system may be disclosed to a VA Federal 
fiduciary or a guardian ad litem in relation to his or her 
representation of a veteran only to the extent necessary to fulfill the 
duties of the VA Federal fiduciary or the guardian ad litem.
    6. Relevant information may be disclosed to attorneys, insurance 
companies, employers, third parties liable or potentially liable under 
health plan contracts, and to courts, boards, or commissions only to 
the extent necessary to aid VA in the preparation, presentation, and 
prosecution of claims authorized under Federal, State, or local laws, 
and regulations promulgated thereunder.

[[Page 27755]]

    7. Relevant information may be disclosed to the Department of 
Justice and United States Attorneys in defense or prosecution of 
litigation involving the United States, and to Federal Agencies upon 
their request in connection with review of administrative tort claims 
filed under the Federal Tort Claims Act, 28 U.S.C. 2672.
    8. Disclosure may be made to National Archives and Records 
Administration (NARA) and General Services Administration (GSA) in 
records management inspections conducted under authority of Title 44 
United States Code.
    9. Information in this system of records may be disclosed for the 
purposes identified below to a third party, except consumer reporting 
agencies, in connection with any proceeding for the collection of an 
amount owed to the United States by virtue of a person's participation 
in any benefit program administered by VA. Information may be disclosed 
under this routine use only to the extent that it is reasonably 
necessary for the following purposes: (a) To assist the VA in the 
collection of costs of services provided individuals not entitled to 
such services; and (b) to initiate civil or criminal legal actions for 
collecting amounts owed to the United States and/or for prosecuting 
individuals who willfully or fraudulently obtained or seek to obtain 
title 38 medical benefits. This disclosure is consistent with 38 U.S.C. 
5701(b)(6).
    10. The name and address of a veteran, other information as is 
reasonably necessary to identify such veteran, including personal 
information obtained from other Federal agencies through computer 
matching programs, and any information concerning the veteran's 
indebtedness to the United States by virtue of the person's 
participation in a benefits program administered by the VA may be 
disclosed to a consumer reporting agency for purposes of assisting in 
the collection of such indebtedness, provided that the provisions of 38 
U.S.C. 5701(g)(4) have been met.
    11. For computer matching program and Automated Data Processing 
(ADP) security review purposes, record information may be disclosed to 
teams from other source Federal agencies who are parties to computer 
matching agreements involving the information maintained in this 
system, but only to the extent that the information is necessary and 
relevant to the review.
    12. The name and identifying information on a veteran and/or spouse 
may be provided to reported payers of earned and/or unearned income in 
order to verify the identifier provided, address, income paid, period 
of employment, and health insurance information provided on the means 
test and to confirm income and demographic data provided by other 
Federal agencies during income verification computer matching.
    13. Identifying information, including Social Security Numbers, 
concerning veterans, their spouses, and the dependents of veterans may 
be disclosed to other Federal agencies for purposes of conducting 
computer matches to obtain valid identifying, demographic and income 
information to determine or verify eligibility of certain veterans who 
are receiving VA medical care under Title 38, United States Code.
    14. The name and social security number of a veteran, spouse and 
dependents, and other identifying information as is reasonably 
necessary may be disclosed to the Social Security Administration, 
Department of Health and Human Services, for the purpose of conducting 
a computer match to obtain information to validate the social security 
numbers maintained in VA records.
    15. Relevant information from this system may be disclosed to 
individuals, organizations, private or public agencies, etc., with whom 
VA has a contract or agreement to perform such services as VA may deem 
practicable for the purposes of laws administered by VA in order for 
the contractor or subcontractor to perform the services of the contract 
or agreement.

    Note: This routine use does not authorize disclosure of FTI 
received from the Internal Revenue Service or the Social Security 
Administration to contractors or subcontractors.

Policies and Practices for Storing, Retrieving, Accessing, Retaining 
and Disposing of Records in the System:
Storage:
    Records are maintained on magnetic tape, magnetic disk, optical 
disk and paper.

Retrievability:
    Records (or information contained in records) maintained on paper 
documents are indexed and accessed by the veteran's name, social 
security number or case number and filed in case order number. 
Automated veterans' health eligibility records are indexed and 
retrieved by the veteran's name, social security number or case number. 
Automated health eligibility record information on spouses may be 
retrieved by the spouse's name or social security number.

Safeguards:
    1. Data transmissions between VA health care facilities and the HEC 
and VA databases housed at VA's AAC are accomplished using the 
Department's wide area network. The software programs at the respective 
facilities automatically flag records or events for transmission based 
upon functionality requirements. VA health care facilities and the HEC 
control access to data by using VHA's Veterans Health Information 
System and Technology Architecture (VISTA), (formerly known as 
Decentralized Hospital Computer Program (DHCP) software modules), 
specifically Kernel and MailMan. Kernel utility programs provide the 
interface between operating systems, application packages and users. 
Once data are identified for transmission, records are stored in 
electronic mail messages, which are then transmitted via the 
Department's electronic communications system (wide area network) to 
specific facilities on the Department's wide area network. Server jobs 
at each facility run continuously to check for data to be transmitted 
and/or incoming data which needs to be parsed to files on the receiving 
end. All mail messages containing data transmissions include header 
information that is used for validation purposes. Consistency checks in 
the software are used to validate the transmission, and electronic 
acknowledgment messages are returned to the sending application. The 
Department's Telecommunications Support Service has oversight 
responsibility for planning security.
    2. Working spaces and record storage areas at the HEC are secured 
during all business hours, as well as during non-business hours. All 
entrance doors require an electronic passcard for entry when unlocked, 
and entry doors are locked outside normal business hours. Electronic 
passcards are issued by the HEC Security Officer. HEC staff controls 
visitor entry by door release or escort. The building is equipped with 
an intrusion alarm system for non-business hours, and this system is 
monitored by a security service vendor. The office space occupied by 
employees with access to veteran records is secured with an electronic 
locking system, which requires a card for entry and exit of that office 
space. Access to the VA AAC is generally restricted to AAC staff, VA 
Headquarters employees, custodial personnel, Federal Protective Service 
and authorized operational personnel through electronic locking 
devices. All other persons gaining access to the computer rooms are 
escorted.

[[Page 27756]]

    3. Strict control measures are enforced to ensure that access to 
and disclosure from all records, including electronic files and veteran 
specific data elements, stored in the HEC veteran database is limited 
to VA employees whose official duties warrant access to those files. 
The HEC automated record system recognizes authorized users by keyboard 
entry of a series of unique passwords. Once the employee is logged onto 
the system, access to the files is controlled by discrete menus which 
are assigned by the HEC computer system administration staff, upon 
request from the employee's supervisor and employee's demonstrated need 
to access the data to perform the employee's assigned duties. A number 
of other security measures are implemented to enhance security of 
electronic records (automatic timeout after short period of inactivity, 
device locking after pre-set number of invalid logon attempts, etc.). 
Employees are required to sign a user access agreement acknowledging 
their knowledge of confidentiality requirements, and all employees 
receive annual training on information security. Access is deactivated 
when no longer required for official duties. Recurring monitors are in 
place to ensure compliance with nationally and locally established 
security measures.
    4. Veteran data is transmitted from the HEC to VA health care 
facilities and National Enrollment Database (NED) over the Department's 
computerized electronic communications system. Access to data in these 
files is controlled at the health care facility and NED level in 
accordance with nationally and locally established data security 
procedures. The NED is a database developed to support a national 
enrollment system. VA employees at these facilities are granted access 
to patient data on a ``need-to-know'' basis. All employees receive 
information security training and are issued unique access and verify 
codes. Employees are assigned computer menus that allow them to view 
and edit records as authorized by the supervisor. While employees at 
the health care facility may edit data which was initially input at the 
facility level, employees at the facility do not have edit access to 
income tests which originated at the HEC.
    5. In addition to passcards, the HEC computer room requires manual 
entry of a security code prior to entry. Only the Automated Information 
System (AIS) staff and the HEC security officer are issued the security 
code to this area. Programmer access to the HEC database is restricted 
only to those AIS staff whose official duties require that level of 
access.
    6. On-line data reside on magnetic media in the HEC computer room 
that is highly secured. Backup media are stored in a combination lock 
safe in a secured room within the same building; only information 
system staff has access to the safe. On a weekly basis, backup media 
are stored in off-site storage by a media storage vendor. The vendor 
picks up and returns the media in a locked storage container; vendor 
personnel do not have key access to the locked container.
    7. Any sensitive information that may be downloaded to personal 
computer files in the HEC or printed to hard copy format is provided 
the same level of security as the electronic records. All paper 
documents and informal notations containing sensitive data are shredded 
prior to disposal. All magnetic media (primary computer system) and 
personal computer disks are degaussed prior to disposal or release off 
site for repair.
    8. The IVM program of the HEC requires that HEC obtain veteran and 
spouse earned and unearned income data from IRS and SSA. The HEC 
complies fully with the Tax Information Security Guidelines for 
Federal, State and Local Agencies (Department of the Treasury IRS 
Publication 1075) as it relates to access and protection of such data. 
These guidelines define the management of magnetic media, paper and 
electronic records, and physical and electronic security of the data.
    9. All new HEC employees receive initial information security 
training with refresher training provided to all employees on an annual 
basis. An annual information security audit is performed by the VA 
Regional Information Security Officer. This annual audit includes the 
primary computer information system, the telecommunication system, and 
local area networks. Additionally, the IRS performs periodic on-site 
inspections to ensure the appropriate level of security is maintained 
for Federal tax data. The HEC Information Security Officer and AIS 
administrator additionally perform periodic reviews to ensure security 
of the system and databases.
    10. Identification codes and codes used to access HEC automated 
communications systems and records systems, as well as security 
profiles and possible security violations, are maintained on magnetic 
media in a secure environment at the Center. For contingency purposes, 
database back-ups on removable magnetic media are stored off-site by a 
licensed and bonded media storage vendor.
    11. Neither field offices, the contractor administering the Call 
Center for VHA, nor the NED will receive FTI from HEC.
    12. Contractor working spaces and record storage areas are secured 
during all business hours, as well as during non-business hours. All 
entrance doors require an electronic passcard for entry when unlocked, 
and entry doors are locked outside normal business hours. Electronic 
passcards are issued by the contractor's Security Officer. Visitor 
entry is controlled by the contractor's staff by door release and/or 
door escort. The building is equipped with an intrusion alarm system 
for non-business hours, and this system is monitored by a security 
service vendor.
    13. Strict control measures are enforced to ensure that access to 
and disclosure from all records including electronic files and veteran 
specific data elements in the contractor veteran call tracking database 
are limited to contractor's employees whose official duties warrant 
access to those files. The automated record system recognizes 
authorized users by keyboard entry of a series of unique passwords. 
Once the employee is logged onto the system, access to files is 
controlled by discrete menus, assigned by the contractor computer 
system administration staff upon request from the employee's supervisor 
and the employee's demonstrated need to access the data to perform 
assigned duties. A number of other security measures are implemented to 
enhance security of electronic records (automatic timeout after short 
period of inactivity, device locking after pre-set number of invalid 
logon attempts, etc.). Employees are required to sign a user security 
policy agreement acknowledging their understanding of confidentiality 
requirements, and all employees receive annual training on information 
security. Access is deactivated when no longer required for official 
duties.
    14. Contractors and subcontractors will adhere to the same 
safeguards and security requirements as the HEC is held to.

Retention and Disposal:
    Depending on the record medium, records are destroyed by either 
shredding or degaussing. Paper records are destroyed after they have 
been accurately scanned on optical disks. Optical disks or other 
electronic medium are deleted when all phases of the veteran's appeal 
rights have ended (ten years after the income year for which the means 
test verification was conducted). Tapes received from SSA and IRS are 
destroyed 30 days after the

[[Page 27757]]

data have been validated as being a true copy of the original data. 
Summary reports and other output reports are destroyed when no longer 
needed for current operation. Records are disposed of in accordance 
with the records retention standards approved by the Archivist of the 
United States, National Archives and Records Administration, and 
published in the VHA Records Control Schedule 10-1. Regardless of the 
record medium, no records will be retired to a Federal records center.

System Manager(s) and Addresses:
    Official responsible for policies and procedures: Chief Information 
Officer (19), VA Central Office, 810 Vermont Avenue, NW., Washington, 
DC 20420. Official maintaining the system: Director, Health Eligibility 
Center, 1644 Tullie Circle, Atlanta, Georgia 30329.

Notification Procedure:
    An individual who wishes to determine whether a record is being 
maintained in this system under his or her name or other personal 
identifier or wants to determine the contents of such record, should 
submit a written request or apply in person to the Health Eligibility 
Center. All inquiries must reasonably identify the records requested. 
Inquiries should include the individual's full name, social security 
number and return address.

Record Access Procedures:
    Individuals seeking information regarding access to and contesting 
of HEC records may write to the Director, HEC, 1644 Tullie Circle, 
Atlanta, Georgia 30329.

Contesting Record Procedures:
    (See Record Access procedures above).

Record Source Categories:
    Information in the systems of records may be provided by the 
veteran; veteran's spouse or other family members or accredited 
representatives or friends; employers and other payers of earned 
income; financial institutions and other payers of unearned income; 
health insurance carriers; other Federal agencies; ``Patient Medical 
Records--VA'' (24VA136) system of records; Veterans Benefits 
Administration automated record systems (including Veterans and 
Beneficiaries Identification and Records Location Subsystem--VA 
(38VA23); and the ``Compensation, Pension, Education and Rehabilitation 
Records--VA'' (58VA21/22).

[FR Doc. 01-12527 Filed 5-17-01; 8:45 am]
BILLING CODE 8320-01-P