[Federal Register Volume 66, Number 231 (Friday, November 30, 2001)]
[Notices]
[Pages 59842-59847]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 01-29735]


-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Department of Veterans Affairs (VA).

ACTION: Notice of new system of records--Compliance Records, Response, 
and Resolution of Reports of Persons Allegedly Involved in Compliance 
Violations--VA.

-----------------------------------------------------------------------

SUMMARY: As required by the Privacy Act of 1974, 5 U.S.C. 552a(e), 
notice is hereby given that the Department of Veterans Affairs (VA) is 
adding a new system of records, ``Compliance Records, Response, and 
Resolution of Reports of Persons Allegedly Involved in Compliance 
Violations--VA'' (106VA17).

DATES: Comments on the establishment of this system of records must be 
received no later than December 31, 2001. If no public comment is 
received during the period allowed for comment or unless otherwise 
published in the Federal Register by VA, the new system will become 
effective December 31, 2001.

ADDRESSES: Written comments concerning the proposed new system of 
records may be submitted to the Office of Regulations Management (02D), 
Department of Veterans Affairs, 810 Vermont Avenue, NW., Washington, DC 
20420. Comments will be available for public inspection at the above 
address in the Office of Regulations Management, Room 1158, between the 
hours of 8 a.m. and 4:30 p.m., Monday through Friday (except holidays).

FOR FURTHER INFORMATION CONTACT: Veterans Health Administration (VHA) 
Privacy Act Officer, Department of Veterans Affairs, 810 Vermont 
Avenue, NW., Washington, DC 20420, telephone (727) 320-1839.

SUPPLEMENTARY INFORMATION:

I. Description of the Proposed Systems of Records

    The Compliance and Business Integrity (CBI) Program, although 
originally modeled after Health and Human Services (HHS)-Office of 
Inspector General's (OIG) hospital compliance program, has evolved into 
a program that meets program requirements specific to VA. Management of 
the CBI Program falls under the direction of the VHA Chief Financial 
Officer (CFO). The CBI Program assures the organizational and business 
structure within which patient care takes place is in compliance with 
laws, regulations, policies and standards, which impact the business. 
It also reduces business risk and serves as a management function that 
is interdisciplinary in nature, focuses on business processes and acts 
as a fiduciary of public resources. An integral component of the 
Compliance and Business Integrity (CBI) Program is the establishment of 
a Confidential Disclosure Program (CDP) designed to ensure activities 
of VHA are conducted in compliance with public law, established 
regulations and recognized standards of business practice. The CDP 
assures integrity of business and operational processes within VHA by 
providing a mechanism for employees to raise questions and report 
concerns about potential non-compliance and is consistent with similar 
reporting and tracking mechanisms identified by HHS-OIG as integral to 
effective health care compliance programs. Two elements of the CDP are 
the CBI Helpline and the Compliance Reporting and Tracking System 
(CIRTS). Together, they comprise the core of the CDP. VHA has 
contracted for the CBI Helpline, which serves as an anonymous avenue 
for employees and others to access the CDP in an attempt to assure the 
integrity of VHA business and operational processes.
    The CBI Helpline is established to control the receipt and 
disposition of reports and/or concerns related to the following VHA 
areas: Enrollment; Means Testing; Eligibility; Pre-certification and 
certification/utilization review; Standards pertaining to 
documentation, coding and billing; Audits, reviews, inquiries and 
remediation; Accounts receivable and

[[Page 59843]]

payable; Excluded individuals and/or entities screening and sanctions 
listings; Information protection, record retention, managing requests 
for information; Provider documentation supporting business processes; 
Overpayments; Questionable conduct on the part of managers, supervisors 
or employees as related to business processes; and any other matter 
relating to the business integrity of VHA operations.
    The Compliance Line is primarily for use by VHA employees who 
observe co-workers at their jobs on a regular basis. However, there is 
nothing to prevent others, such as veterans or their family members, 
from observing and reporting suspected compliance violations by VHA 
staff. VHA employees will be made aware of the Compliance Line and how 
to use it through general compliance awareness training, as well as 
various other promotional materials, such as brochures, posters, the 
creation of a web site, etc. Veterans and their families, and third 
parties, such as contractors conducting official business with VHA, 
will have access to information about the Compliance Line through 
posters and other printed material that may be displayed throughout VHA 
facilities.
    The system of records will cover complainants and subjects of 
complaints. Complainants may be employees, veterans or their family 
members, or third parties, such as contractors, who conduct official 
business with VHA. Subjects of complaints may be VHA staff named 
individually, or VHA departments or facilities (for example, ``the 
billing office'' at a particular hospital). Complainants desiring to 
raise a question and report a concern regarding the integrity of 
business and operational processes within VHA may report it to the 
Compliance Office through the Compliance Line. Depending on the nature 
of the report, it will be appropriately referred to another office (for 
example, the Office of Inspector General; Office of Resolution 
Management) or to the Compliance Office. This system of records applies 
only to those records that are maintained by the Compliance Office.
    The system of records will contain personal and demographic 
information provided through the Compliance Line or other sources by 
complainants, and personal information that has been collected during 
an appropriate review/investigation. Such information may include: (1) 
The name, home and work address and phone number of the complainant; 
(2) name of the subject of the complaint; (3) name and/or patient 
number of the veteran patient who received services associated with the 
complaint; (4) the date when the allegation was reported; (5) the date, 
location and nature of the alleged wrongdoing; and, (6) the Compliance 
Office's identification number assigned to the case. The records may 
also include correspondence between the Compliance Office and the 
Compliance Line vendor as to the status of each case (open or closed).
    The system of records will also contain the information gathered 
when reports of suspected compliance violations are thoroughly 
documented and investigated to determine their veracity. Information in 
the investigation records may include: (1) The name of the subject of 
an investigation; (2) the names of individuals whose work was reviewed 
as part of the investigation; (3) the names and/or patient numbers of 
veteran patients whose medical records were reviewed in order to 
investigate the allegation; (4) the station at which an investigation 
took place; (5) the time period when the investigation took place; (6) 
the nature of the allegation; (7) the outcome of the investigation; (8) 
the recommended action; and, (9) the Compliance Office's identification 
number assigned to the case. Information may be in the form of a 
narrative summary or synopsis, exhibits, or VHA documentation and 
memoranda.
    Records in the system will be a combination of computerized files 
and paper files. Both paper and electronic records may contain the 
information listed above, and may relate to complainants and subjects 
of complaints. All reports of suspected noncompliance will be 
documented in a computerized database and assigned a unique 
identification number. This number will also be used to identify any 
paper files associated with the case as the review or investigation 
proceeds. Paper files may contain documents collected in association 
with reviewing the case, such as memoranda, policies, or examples of 
work produced as a result of the complaint. Both electronic and paper 
case files will be stored and individually retrieved by the unique 
identification number, not by name.
    Access to information in the database will be restricted to 
authorized personnel on a need-to-know basis by means of passwords and 
authorized user identification codes. Computer system documentation 
will be maintained in a secure environment in the VHA CFO Compliance 
Office, VA Central Office, and in the Compliance Offices at the network 
and medical center locations. Access to printouts and data terminals 
will be limited to authorized personnel in the Compliance Program.
    Access to paper file folders will be restricted to authorized 
personnel on a need-to-know basis. Paper files will be maintained in 
file cabinets or closets that will be locked after duty hours. These 
files will be under the control of the Compliance Officer or his/her 
designee. Buildings are protected from unauthorized access by a 
protective service.
    Computerized records will be retained indefinitely. Periodic system 
back-ups will be employed for record protection. If disk space is 
limited, the records will be archived to tape or disk in accordance 
with established practice. Paper records will be maintained and 
disposed of in accordance with records disposition authority approved 
by the Archivist of the United States.
    An individual who wishes to know if a computerized or paper record 
is being maintained by the VHA Compliance Office under his or her name 
in this system, or wants to learn the contents of such records, will be 
able to submit a written request or apply in person to the VHA CFO 
(17), Department of Veterans Affairs, 810 Vermont Avenue, NW., 
Washington, DC 20420. An individual who seeks access to or wishes to 
contest records maintained under his or her name in this system may 
write, call or visit the VHA CFO (17), Department of Veterans Affairs, 
810 Vermont Avenue, NW., Washington, DC 20420.

II. Proposed Routine Use Disclosures of Data in the System

    We are proposing to establish the following routine use disclosures 
of information that will be maintained in the system:
    1. To a Member of Congress or staff person acting for the Member 
when the Member or staff person requests the records on behalf of and 
at the request of that individual.
    Individuals sometimes request the help of a Member of Congress in 
resolving some issues relating to a matter before VA. The Member of 
Congress then writes VA, and VA must be able to give sufficient 
information to be responsive to the inquiry.
    2. To a Federal, State or local agency, upon its official request, 
to the extent that it is relevant and necessary to that agency's 
decision regarding: the hiring, retention or transfer of an employee, 
the issuance of a security clearance, the letting of a contract, or the 
issuance or continuance of a license, grant or other benefit given by 
that agency. However, in accordance with an agreement with the U.S. 
Postal Service, disclosures to the U.S. Postal Service for decisions

[[Page 59844]]

concerning the employment of veterans will only be made with the 
veteran's prior written consent.
    VA must be able to provide information to agencies conducting 
background checks on applicants for employment or licensure.
    3. To a Federal, State, or local agency maintaining civil or 
criminal violation records, or other pertinent information in order for 
VA to obtain information relevant to the hiring, transfer or retention 
of an employee, letting of a contract, granting of a security 
clearance, or the issuance of a grant.
    VA needs to obtain information from other agencies in order to 
conduct background and security clearance checks on applicants for VA 
employment, contractors, or persons requesting a grant.
    4. To a Federal, State, local or foreign agency charged with the 
responsibility of investigating or prosecuting civil, criminal or 
regulatory violations of law, or charged with enforcing or implementing 
the statute, regulation, rule or order issued pursuant thereto. The 
names and addresses of veterans may only be disclosed:
     To a Federal agency when it is relevant to a suspected 
violation or reasonably imminent violation of law.
     To a State or local agency under a written request when it 
is relevant to a suspected violation or reasonably imminent violation 
of law concerning public health or safety.
    VA must be able to comply with the requirements of agencies charged 
with enforcing the law conducting investigations. VA must also be able 
to provide information to State or local agencies charged with 
protecting the public health as set forth in State law.
    5. Any information in this system may be disclosed to the U.S. 
Office of Special Counsel, upon its official request, when required for 
the Special Counsel's review of the complainant's allegations of 
prohibited personnel practices.
    VA must be able to provide pertinent information to the U.S. Office 
of Special Counsel, an independent Federal investigative and 
prosecutorial agency, to assist in a review conducted by that agency.
    6. Disclosure to other Federal agencies to assist such agencies in 
preventing and detecting possible fraud or abuse by individuals in 
their operations and programs.
    Abuse of Federal programs costs the Federal Government and 
taxpayers large sums of money every year. Information contained in VA 
records may help detect and/or prevent fraud and abuse of other agency 
programs. VA must be able to assist other Federal agencies in their 
efforts to detect and prevent fraud or abuse in their programs.
    7. Disclosure to a Federal Agency or to a State or local government 
licensing board and/or to the Federation of State Medical Boards or a 
similar non-government entity which maintains records concerning 
individuals' employment histories or concerning the issuance, retention 
or revocation of licenses, certifications, or registration necessary to 
practice an occupation, profession or specialty in order:
     For the agency to obtain information relevant to an agency 
decision concerning the hiring, retention or termination of an 
employee;
     To inform a Federal agency or licensing boards or the 
appropriate non-government entities about the health care practices of 
a terminated, resigned or retired health care employee whose 
professional health care activity so significantly failed to conform to 
generally accepted standards of professional medical practice as to 
raise reasonable concern for the health and safety of patients in the 
private sector or from another Federal agency; or
     As part of an ongoing computer matching program to 
accomplish these purposes.
    8. Relevant information from this system of records related to 
final adverse actions taken against a health care provider, supplier, 
or practitioner may be disclosed to the Health Integrity and Protection 
Data Bank (HIPDB) (45 CFR part 61).
    VA must report final adverse actions to the Department of Health 
and Human Services National Databank, HIPDB, in accordance with the 
Health Insurance Portability and Accountability Act of 1996 and 
promulgated regulation in Title 45, Code of Federal Regulations.
    9. Disclosure of relevant information may be made to individuals, 
organizations, private or public agencies, etc., with whom VA has a 
contract or agreement to perform such services as VA may deem 
practicable for the purposes of laws administered by VA, in order for 
the contractor or subcontractor to perform the services of the contract 
or agreement.
    VA occasionally contracts out certain of its functions when this 
would contribute to effective and efficient operations. VA must be able 
to give a contractor whatever information is necessary for the 
contractor to fulfill its duties. In these situations, safeguards are 
provided in the contract prohibiting the contractor from using or 
disclosing the information for any purpose other than that described in 
the contract.
    10. Disclosure to survey teams of the Joint Commission on 
Accreditation of Healthcare Organizations (JCAHO), College of American 
Pathologists, American Association of Blood Banks, and similar national 
accreditation agencies or boards with which VA has a contract or 
agreement to conduct such reviews.
    VA must be able to disclose information for program review purposes 
and the seeking of accreditation and/or certification of health care 
facilities and programs.
    11. Disclosure to the National Archives and Records Administration 
(NARA) in records management inspections conducted under authority of 
Title 44 United States Code.
    NARA is responsible for archiving old records no longer actively 
used, but which may be appropriate for preservation and in general for 
the physical maintenance of the Federal Government's records. VA must 
be able to turn records over to this agency in order to determine the 
proper disposition of such records.

III. Compatibility of the Proposed Routine Uses

    The Privacy Act permits VA to disclose information about 
individuals without their consent for a routine use when the 
information will be used for a purpose that is compatible with the 
purpose for which VA collected the information. In all of the routine 
use disclosures described above, the recipient of the information will 
use the information either in connection with a matter relating to one 
of VA's programs, or will use the information to provide a benefit to 
VA, or will disclose as required by law.
    The notice of intent to publish and an advance copy of the system 
notice have been sent to the appropriate Congressional committees and 
to the Director of the Office of Management and Budget (OMB) as 
required by 5 U.S.C. 552a(r) (Privacy Act) and guidelines issued by OMB 
(65 FR 77677), December 12, 2000.

    Approved: November 13, 2001.
Anthony J. Principi,
Secretary of Veterans Affairs.
106VA17

SYSTEM NAME:
    Compliance Records, Response, and Resolution of Reports of Persons 
Allegedly Involved in Compliance Violations-VA.

SYSTEM LOCATION:
    All computerized and paper records are located at: Department of 
Veterans Affairs (VA) Headquarters, 810 Vermont Avenue, NW, Washington, 
DC 20420;

[[Page 59845]]

Veterans Integrated Services Networks (VISN); and, VA health care 
facilities. Address locations for VA facilities are listed in VA 
Appendix 1 of the biennial publication of the Privacy Act Issuances.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The following categories of individuals will be covered by the 
system: (1) Employees, (2) veterans, (3) third parties such as 
contractors who conduct official business with the Veterans Health 
Administration (VHA), and (4) subjects of complaints and complainants. 
Complainants are individuals who have reported a possible violation of 
law, rules, policies, regulations, or external program requirements, 
such as third-party payor billing guidelines.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records (or information contained in records) in this system 
include allegations made by individuals calling VHA's Compliance Line, 
or through another source, to report a possible violation of law, 
rules, policies, regulations, or external program requirements such as 
third-party payor billing guidelines. Records also may contain reports 
of the reviews or investigations conducted at the medical center, VISN, 
or Headquarters level to verify the reported allegations and take 
remedial action as needed. The VHA Compliance Office will maintain a 
copy of these reports. Information in this system regarding reports of 
suspected non-compliance may include: (1) The name, home and work 
address and phone number of the complainant; (2) the name of the 
subject of the complaint; (3) the name and/or patient number of veteran 
patient who received services associated with the complaint; (4) the 
date when the allegation was reported; (5) the date, location and 
nature of the alleged wrongdoing; and (6) the Compliance Office's 
identification number assigned to the case. The records may also 
include correspondence between the Compliance Office and the Compliance 
Line contractor as to the status of each case (open or closed).
    Information in the investigation records may include: (1) The name 
of the subject of an investigation; (2) the names of individuals whose 
work was reviewed as part of the investigation; (3) the names and/or 
patient numbers of veteran patients whose medical records were reviewed 
in order to investigate the allegation; (4) the station at which an 
investigation took place; (5) the time period when the investigation 
took place; (6) the nature of the allegation; (7) the outcome of the 
investigation; (8) the recommended action; and, (9) the Compliance 
Office's identification number assigned to the case. Information may be 
in the form of a narrative summary or synopsis, exhibits, or internal 
documentation and memoranda.
    Records in the system will be a combination of computerized files 
and paper files. Both paper and electronic records may contain the 
information listed above, and may relate to complainants and subjects 
of complaints.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Title 38 United States Code, section 501.

PURPOSE(S):
    The purpose is to establish a process to receive reports of 
suspected compliance violations, and to maintain a system to respond to 
such allegations.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. The record of an individual who is covered by this system may be 
disclosed to a Member of Congress or staff person acting for the member 
when the member or staff person requests the records on behalf of and 
at the request of that individual.
    2. Any information in this system may be disclosed to a Federal 
agency, upon its official request, to the extent that it is relevant 
and necessary to that agency's decision regarding: the hiring, 
retention or transfer of an employee, the issuance of a security 
clearance, the letting of a contract, or the issuance or continuance of 
a license, grant or other benefit given by that agency. However, in 
accordance with an agreement with the U.S. Postal Service, disclosures 
to the U.S. Postal Service for decisions concerning the employment of 
veterans will only be made with the veteran's prior written consent.
    3. Any information in this system may be disclosed to a State or 
local agency, upon its official request, to the extent that it is 
relevant and necessary to that agency's decision on: The hiring, 
transfer or retention of an employee, the issuance of a security 
clearance, the letting of a contract, or the issuance or continuance of 
a license, grant or other benefit by the agency; provided, that if the 
information pertains to a veteran, the name and address of the veteran 
will not be disclosed unless the name and address is provided first by 
the requesting State or local agency.
    4. Any information in this system, except the name and address of a 
veteran, may be disclosed to a Federal, State or local agency 
maintaining civil or criminal violation records, or other pertinent 
information such as prior employment history, prior Federal employment 
background investigations, and/or personal or educational background in 
order for VA to obtain information relevant to the hiring, transfer or 
retention of an employee, the letting of a contract, the granting of a 
security clearance, or the issuance of a grant or other benefit. The 
name and address of a veteran may be disclosed to a Federal agency 
under this routine use if this information has been requested by the 
Federal agency in order to respond to the VA inquiry.
    5. Any information in this system, except the name and address of a 
veteran, which is relevant to a suspected violation or reasonably 
imminent violation of law, whether civil, criminal or regulatory in 
nature and whether arising by general or program statute or by 
regulation, rule or order issued pursuant thereto, may be disclosed to 
a Federal, State, local or foreign agency charged with the 
responsibility of investigating or prosecuting such violation, or 
charged with enforcing or implementing the statute, regulation, rule or 
order issued pursuant thereto.
    6. The name and address of a veteran, which is relevant to a 
suspected violation or reasonably imminent violation of law, whether 
civil, criminal or regulatory in nature and whether arising by general 
or program statute or by regulation, rule or order issued pursuant 
thereto, may be disclosed to a Federal agency charged with the 
responsibility of investigating or prosecuting such violation, or 
charged with enforcing or implementing the statute, regulation, rule or 
order issued pursuant thereto, in response to its official request.
    7. The name and address of a veteran, which is relevant to a 
suspected violation or reasonably imminent violation of law concerning 
public health or safety, whether civil, criminal or regulatory in 
nature and whether arising by general or program statute or by 
regulation, rule or order issued pursuant thereto, may be disclosed to 
any foreign, State or local governmental agency or instrumentality 
charged under applicable law with the protection of the public health 
or safety if a qualified representative of such organization, agency or 
instrumentality has made a written request that such name and address 
be provided for a purpose authorized by law.
    8. Any information in this system may be disclosed to the U.S. 
Office of Special Counsel, upon its official request, when

[[Page 59846]]

required for the Special Counsel's review of the complainant's 
allegations of prohibited personnel practices.
    9. The name, address, and other identifying data, including title, 
date and place of birth, social security number, and summary 
information concerning an individual who, for fraudulent or deceitful 
conduct either as an employee or while conducting or seeking to conduct 
business with the Agency, has been convicted of violating Federal or 
State law or has been debarred or suspended from doing business with 
VA, may be furnished to other Federal agencies to assist such agencies 
in preventing and detecting possible fraud or abuse by such individual 
in their operations and programs. This routine use applies to all 
information in this system of records which can be retrieved by name or 
by some identifier assigned to an individual, regardless of whether the 
information concerns the individual in a personal or in an 
entrepreneurial capacity.
    10. Records from this system of records may be disclosed to a 
Federal agency or to a State or local government licensing board and/or 
to the Federation of State Medical Boards or a similar non-government 
entity which maintains records concerning individuals' employment 
histories or concerning the issuance, retention or revocation of 
licenses, certifications, or registration necessary to practice an 
occupation, profession or specialty, in order for the agency to obtain 
information relevant to an agency decision concerning the hiring, 
retention or termination of an employee or to inform a Federal agency 
or licensing boards or the appropriate non-government entities about 
the health care practices of a terminated, resigned or retired health 
care employee whose professional health care activity so significantly 
failed to conform to generally accepted standards of professional 
medical practice as to raise reasonable concern for the health and 
safety of patients in the private sector or from another Federal 
agency. These records may also be disclosed as part of an ongoing 
computer matching program to accomplish these purposes.
    11. Relevant information from this system of records related to 
final adverse actions taken against a health care provider, supplier, 
or practitioner may be disclosed to the Health Integrity and Protection 
Data Bank (HIPDB) (45 CFR part 61). The information to be reported 
includes: (1) The name and Taxpayer Identification Number (as defined 
in section 7701 (a)(41) of the Internal Revenue Code of 1986) of any 
health care provider, supplier, or practitioner who is the subject of a 
final adverse action; (2) the name of any health care entity, if known, 
with which a health care provider, supplier, or practitioner, who is 
the subject of a final adverse action, is affiliated or associated; (3) 
the nature of the final adverse action and whether such action is on 
appeal; and (4) a description of the acts or omissions and injuries 
upon which the final adverse action was based, and such other 
information as the Secretary, Department of Health and Human Services, 
determines by regulation is required for appropriate interpretation of 
information reported. Information reported will be considered 
confidential and shall not be disclosed except as specified in the 
HIPDB regulations.
    12. Disclosure of relevant information may be made to individuals, 
organizations, private or public agencies, etc., with whom VA has a 
contract or agreement to perform such services as VA may deem 
practicable for the purposes of laws administered by VA, in order for 
the contractor or subcontractor to perform the services of the contract 
or agreement.
    13. For program review purposes and the seeking of accreditation 
and/or certification, disclosure may be made to survey teams of the 
Joint Commission on Accreditation of Healthcare Organizations (JCAHO), 
College of American Pathologists, American Association of Blood Banks, 
and similar national accreditation agencies or boards with which VA has 
a contract or agreement to conduct such reviews but only to the extent 
that the information is necessary and relevant to the review.
    14. Disclosure may be made to the National Archives and Records 
Administration (NARA) in records management inspections conducted under 
authority of Title 44 United States Code.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    All reports of suspected noncompliance will be documented in a 
computerized database and assigned a unique identification number. 
Paper files may also be maintained which contain documents collected in 
association with reviewing the case, such as memoranda, policies, or 
examples of work produced as a result of the complaint.

RETRIEVABILITY:
    Both electronic and paper case files will be stored and 
individually retrieved by the unique identification number, not by 
name.

SAFEGUARDS:
    Access to computerized information in the database is restricted to 
authorized personnel on a need-to-know basis by means of passwords and 
authorized user identification codes. Computer system documentation 
will be maintained in a secure environment in the VHA Office of the 
Chief Financial Officer (CFO) Compliance Office, and in the Compliance 
Offices at the network and medical center locations. Physical access to 
printouts and data terminals will be limited to authorized personnel in 
the Compliance Program.
    Access to file folders is restricted to authorized personnel on a 
need-to-know basis. Paper files are maintained in file cabinets or 
closets and are locked after duty hours. These files are under the 
control of the Compliance Officer or his/her designees. Buildings are 
protected from unauthorized access by a protective service.

RETENTION AND DISPOSAL:
    Computerized records will be retained indefinitely. Periodic system 
back-ups will be employed for record protection. If disk space is 
limited, the records will be archived to tape or disk in accordance 
with established practice. Paper records will be maintained and 
disposed of in accordance with records disposition authority approved 
by the Archivist of the United States.

SYSTEM MANAGER(S) AND ADDRESS:
    VHA Chief Financial Officer (17), Department of Veterans Affairs, 
810 Vermont Avenue, NW., Washington, DC 20420.

NOTIFICATION PROCEDURE:
    An individual who wishes to know if a record is being maintained by 
the VHA CFO Compliance Office under his or her name in this system or 
wants to determine the contents of such records should submit a written 
request or apply in person to the VHA CFO (17).

RECORD ACCESS PROCEDURES:
    An individual who seeks access to or wishes to contest records 
maintained under his or her name in this system may write, call or 
visit the VHA CFO (17).

CONTESTING RECORD PROCEDURES:
    (See Record Access Procedures above.)

RECORD SOURCE CATEGORIES:
    The information in this system will be obtained from calls that are 
received on the Compliance Line and reports

[[Page 59847]]

received through other sources. Information is obtained from VHA 
employees, veterans, third parties such as contractors, and VHA records 
which may include billing data, patient medical records, policies and 
procedures, and memoranda.
[FR Doc. 01-29735 Filed 11-29-01; 8:45 am]
BILLING CODE 8320-01-P