[Federal Register Volume 74, Number 157 (Monday, August 17, 2009)]
[Notices]
[Pages 41490-41493]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E9-19628]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Department of Veterans Affairs (VA).

ACTION: Notice of amendment to system of records.

-----------------------------------------------------------------------

SUMMARY: As required by the Privacy Act of 1974, 5 U.S.C. 552a(e), 
notice is hereby given that the Department of Veterans Affairs (VA) is 
amending the system of records currently entitled ``Compliance Records, 
Response, and Resolution of Reports of Persons Allegedly Involved in 
Compliance Violations--VA'' (106VA17) as set forth in the Federal 
Register 66 FR 59842 and last amended Nov. 30, 2001. VA is amending the 
system of records by revising the Routine Uses of Records Maintained in 
the System Including Categories of Users and the Purpose of Such Uses. 
VA is republishing the system notice in its entirety.

DATES: Comments on the amendment of this system of records must be 
received no later than September 16, 2009. If no public comment is 
received, the amended system will become effective September 16, 2009.

ADDRESSES: Written comments may be submitted through http://www.Regulations.gov; by mail or hand-delivery to Director, Regulations 
Management (02Reg), Department of Veterans Affairs, 810 Vermont Avenue, 
NW., Room 1068, Washington, DC 20420; or by fax to (202) 273-9026. 
Comments received will be available for public inspection in the Office 
of Regulation Policy and Management, Room 1063B, between the hours of 8 
a.m. and 4:30 p.m., Monday through Friday (except holidays). Please 
call (202) 461-4902 (this is not a toll-free number) for an 
appointment. In addition, during the comment period, comments may be 
viewed online through the Federal Docket Management System (FDMS) at 
http://www.Regulations.gov.

FOR FURTHER INFORMATION CONTACT: Veterans Health Administration (VHA) 
Privacy Officer, Department of Veterans Affairs, 810 Vermont Avenue, 
NW., Washington, DC 20420; telephone (704) 245-2492.

SUPPLEMENTARY INFORMATION: Routine use 13 was amended to read: 
Disclosure may be made to the National Archives and Records 
Administration (NARA) and the General Services Administration (GSA) in 
records management inspections conducted under authority of Title 44, 
Chapter 29, of the United States Code.
    Routine use 14 was added to disclose information to the Department 
of Justice (DoJ), either on VA's initiative or in response to DoJ's 
request for the information, after either VA or DoJ determines that 
such information is relevant to DoJ's representation of the United 
States or any of its components in legal proceedings before a court or 
adjudicative body, provided that, in each case, the agency also 
determines prior to disclosure that release of the records to the DoJ 
is a use of the information contained in the records that is compatible 
with the purpose for which VA collected the records. VA, on its own 
initiative, may disclose records in this system of records in legal 
proceedings before a court or administrative body after determining 
that the disclosure of the records to the court or administrative body 
is a use of the information contained in the records that is compatible 
with the purpose for which VA collected the records.
    Routine use 15 was added to disclose information to other Federal 
agencies that may be made to assist such agencies in preventing and 
detecting possible fraud or abuse by individuals in their operations 
and programs.
    Routine use 16 was added so that the VA may, on its own initiative, 
disclose any information or records to appropriate agencies, entities, 
and persons when (1) VA suspects or has confirmed that the integrity or 
confidentiality of information in the system of records has been 
compromised; (2) the Department has determined that as a result of the 
suspected or confirmed compromise, there is a risk of embarrassment or 
harm to the reputations of the record subjects, harm to economic or 
property interests, identity theft or fraud, or harm to the security, 
confidentiality, or integrity of this system or other systems or 
programs (whether maintained by the Department or another agency or 
entity) that rely upon the potentially compromised information; and (3) 
the disclosure is to agencies, entities, or persons whom VA determines 
are reasonably necessary to assist or carry out the Department's 
efforts to respond to the suspected or confirmed compromise and 
prevent, minimize, or remedy such harm. This routine use permits 
disclosures by the Department to respond to a suspected or confirmed 
data breach, including the conduct of any risk analysis or provision of 
credit protection services as provided in 38 U.S.C. 5724, as the terms 
are defined in 38 U.S.C. 5727.
    The Report of Intent to Amend a System of Records Notice and an 
advance copy of the system notice have been sent to the appropriate 
Congressional committees and to the Director of the Office of 
Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy 
Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000.

    Approved: July 30, 2009.
John R. Gingrich,
Chief of Staff, Department of Veterans Affairs.
110VA17

SYSTEM NAME:
    Compliance Record, Response, and Resolution of Reports of Persons 
Allegedly Involved in Compliance Violations--VA

SYSTEM LOCATION:
    All computerized and paper records are located at: Department of 
Veterans Affairs (VA) Central Office, 810 Vermont Avenue, NW., 
Washington, DC 20420; Veterans Integrated Service Networks (VISNs); 
and, VA health care facilities. Address locations for VA facilities are 
listed in VA Appendix 1 of the biennial publication of the Privacy Act 
Issuances.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The following categories of individuals will be covered by the 
system: (1) Employees, (2) Veterans, (3) third parties such as 
contractors who conduct official business with the Veterans Health 
Administration (VHA),

[[Page 41491]]

(4) family members or representatives of Veterans, and (5) subjects of 
complaints and complainants. Complainants are individuals who have 
reported a possible violation of law, rules, policies, regulations, or 
external program requirements, such as third-party payer billing 
guidelines.

Categories of records in the system:
    Records (or information contained in records) in this system 
include allegations made by individuals calling the VHA Office of 
Compliance and Business Integrity Help Line, or through another source, 
to report a possible violation of law, rules, policies, procedures, 
regulations, or external program requirements such as third-party payer 
billing guidelines. Records also may contain reports of the reviews or 
investigations conducted at the medical center, VISN, or Central Office 
level to verify the reported allegations and take remedial action as 
needed. VHA Office of Compliance Office and Business Integrity will 
maintain a copy of these reports. Information in this system regarding 
reports of suspected non-compliance may include: (1) The name, home and 
work address and phone number of the complainant; (2) the name of the 
subject of the complaint; (3) the name or patient number of Veteran 
patient who received services associated with the complaint; (4) the 
date when the allegation was reported; (5) the date, location and 
nature of the alleged wrongdoing; and (6) the Compliance Office's 
identification number assigned to the case. The records will also 
include the status of each case (open or closed).
    Information in the investigation records may include: (1) The name 
of the subject of an investigation; (2) the names of individuals whose 
work was reviewed as part of the investigation; (3) the names or 
patient numbers of Veteran patients whose medical records were reviewed 
in order to investigate the allegation; (4) the station at which an 
investigation took place; (5) the time period when the investigation 
took place; (6) the nature of the allegation; (7) the outcome of the 
investigation; (8) the recommended action; and, (9) the identification 
number assigned to the case. Information may be in the form of a 
narrative summary or synopsis, exhibits, or internal documentation and 
memoranda.
    Records in the system will be a combination of computerized files 
and paper files. Both paper and electronic records may contain the 
information listed above, and may relate to complainants and subjects 
of complaints.

Authority for maintenance of the system:
    Title 38 United States Code, section 501.

PURPOSE(S):
    The purpose is to establish a process to receive reports of 
suspected compliance violations, and to maintain a system to respond to 
such allegations.

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    To the extent that records contained in the system include 
information protected by 45 CFR Parts 160 and 164, i.e., individually 
identifiable health information, and 38 U.S.C. 7332, i.e., medical 
treatment information related to drug abuse, alcoholism or alcohol 
abuse, sickle cell anemia or infection with the human immunodeficiency 
virus, that information cannot be disclosed under a routine use unless 
there is also specific statutory authority in 38 U.S.C. 7332 and 
regulatory authority in 45 CFR Parts 160 and 164 permitting disclosure.
    1. The record of an individual who is covered by this system may be 
disclosed to a Member of Congress or staff person acting for the member 
when the member or staff person requests the records on behalf of and 
at the request of that individual.
    2. Any information in this system may be disclosed to a Federal 
agency, upon its official request, to the extent that it is relevant 
and necessary to that agency's decision regarding: the hiring, 
retention or transfer of an employee, the issuance of a security 
clearance, the letting of a contract, or the issuance or continuance of 
a license, grant or other benefit given by that agency. However, in 
accordance with an agreement with the U.S. Postal Service, disclosures 
to the U.S. Postal Service for decisions concerning the employment of 
Veterans will only be made with the Veteran's prior written consent.
    3. Any information in this system may be disclosed to a State or 
local agency, upon its official request, to the extent that it is 
relevant and necessary to that agency's decision on: The hiring, 
transfer or retention of an employee, the issuance of a security 
clearance, the letting of a contract, or the issuance or continuance of 
a license, grant or other benefit by the agency; provided, that if the 
information pertains to a Veteran, the name and address of the Veteran 
will not be disclosed unless the name and address is provided first by 
the requesting State or local agency.
    4. Any information in this system, except the name and address of a 
Veteran, may be disclosed to a Federal, State or local agency 
maintaining civil or criminal violation records, or other pertinent 
information such as prior employment history, prior Federal employment 
background investigations, or personal or educational background in 
order for VA to obtain information relevant to the hiring, transfer or 
retention of an employee, the letting of a contract, the granting of a 
security clearance, or the issuance of a grant or other benefit. The 
name and address of a Veteran may be disclosed to a Federal agency 
under this routine use if this information has been requested by the 
Federal agency in order to respond to the VA inquiry.
    5. Any information in this system, except the name and address of a 
Veteran, which is relevant to a suspected violation or reasonably 
imminent violation of law, whether civil, criminal or regulatory in 
nature and whether arising by general or program statute or by 
regulation, rule or order issued pursuant thereto, may be disclosed to 
a Federal, State, local or foreign agency charged with the 
responsibility of investigating or prosecuting such violation, or 
charged with enforcing or implementing the statute, regulation, rule or 
order issued pursuant thereto.
    6. The name and address of a Veteran, which is relevant to a 
suspected violation or reasonably imminent violation of law, whether 
civil, criminal or regulatory in nature and whether arising by general 
or program statute or by regulation, rule or order issued pursuant 
thereto, may be disclosed to a Federal agency charged with the 
responsibility of investigating or prosecuting such violation, or 
charged with enforcing or implementing the statute, regulation, rule or 
order issued pursuant thereto, in response to its official request.
    7. The name and address of a Veteran, which is relevant to a 
suspected violation or reasonably imminent violation of law concerning 
public health or safety, whether civil, criminal or regulatory in 
nature and whether arising by general or program statute or by 
regulation, rule or order issued pursuant thereto, may be disclosed to 
any foreign, State or local governmental agency or instrumentality 
charged under applicable law with the protection of the public health 
or safety if a qualified representative of such organization, agency or 
instrumentality has made a written request that such name and address 
be provided for a purpose authorized by law.
    8. Any information in this system may be disclosed to the U.S. 
Office of Special Counsel, upon its official request, when required for 
the Special Counsel's

[[Page 41492]]

review of the complainant's allegations of prohibited personnel 
practices.
    9. The name, address, telephone number, and other identifying data, 
including title, date and place of birth, social security number, and 
summary information concerning an individual who, for fraudulent or 
deceitful conduct either as an employee or while conducting or seeking 
to conduct business with the Agency, has been convicted of violating 
Federal or State law or has been debarred or suspended from doing 
business with VA, may be furnished to other Federal agencies to assist 
such agencies in preventing and detecting possible fraud or abuse by 
such individual in their operations and programs. This routine use 
applies to all information in this system of records which can be 
retrieved by name or by some identifier assigned to an individual, 
regardless of whether the information concerns the individual in a 
personal or in an entrepreneurial capacity.
    10. Records from this system of records may be disclosed to a 
Federal agency or to a State or local government licensing board or to 
the Federation of State Medical Boards or a similar non-government 
entity which maintains records concerning individuals' employment 
histories or concerning the issuance, retention or revocation of 
licenses, certifications, or registration necessary to practice an 
occupation, profession or specialty, in order for the agency to obtain 
information relevant to an agency decision concerning the hiring, 
retention or termination of an employee or to inform a Federal agency 
or licensing boards or the appropriate non-government entities about 
the health care practices of a terminated, resigned or retired health 
care employee whose professional health care activity so significantly 
failed to conform to generally accepted standards of professional 
medical practice as to raise reasonable concern for the health and 
safety of patients in the private sector or from another Federal 
agency. These records may also be disclosed as part of an ongoing 
computer matching program to accomplish these purposes.
    11. Disclosure of relevant information may be made to individuals, 
organizations, private or public agencies, etc., with whom VA has a 
contract or agreement to perform such services as VA may deem 
practicable for the purposes of laws administered by VA, in order for 
the contractor or subcontractor to perform the services of the contract 
or agreement.
    12. For program review purposes and the seeking of accreditation or 
certification, disclosure may be made to survey teams of The Joint 
Commission, College of American Pathologists, American Association of 
Blood Banks, and similar national accreditation agencies or boards with 
which VA has a contract or agreement to conduct such reviews, but only 
to the extent that the information is necessary and relevant to the 
review.
    13. Disclosure may be made to the National Archives and Records 
Administration (NARA) and the General Services Administration (GSA) in 
records management inspections conducted under authority of Title 44, 
Chapter 29, of the United States Code.
    14. VA may disclose information from this system of records to the 
DoJ, either on VA's initiative or in response to DoJ's request for the 
information, after either VA or DoJ determines that such information is 
relevant to DoJ's representation of the United States or any of its 
components in legal proceedings before a court or adjudicative body, 
provided that, in each case, the agency also determines prior to 
disclosure that release of the records to the DoJ is a use of the 
information contained in the records that is compatible with the 
purpose for which VA collected the records. VA, on its own initiative, 
may disclose records in this system of records in legal proceedings 
before a court or administrative body after determining that the 
disclosure of the records to the court or administrative body is a use 
of the information contained in the records that is compatible with the 
purpose for which VA collected the records.
    15. Disclosure to other Federal agencies that may be made to assist 
such agencies in preventing and detecting possible fraud or abuse by 
individuals in their operations and programs.
    16. VA may, on its own initiative, disclose any information or 
records to appropriate agencies, entities, and persons when: (1) VA 
suspects or has confirmed that the integrity or confidentiality of 
information in the system of records has been compromised; (2) the 
Department has determined that as a result of the suspected or 
confirmed compromise, there is a risk of embarrassment or harm to the 
reputations of the record subjects, harm to economic or property 
interests, identity theft or fraud, or harm to the security, 
confidentiality, or integrity of this system or other systems or 
programs (whether maintained by the Department or another agency or 
entity) that rely upon the potentially compromised information; and (3) 
the disclosure is to agencies, entities, or persons whom VA determines 
are reasonably necessary to assist or carry out the Department's 
efforts to respond to the suspected or confirmed compromise and 
prevent, minimize, or remedy such harm. This routine use permits 
disclosures by the Department to respond to a suspected or confirmed 
data breach, including the conduct of any risk analysis or provision of 
credit protection services as provided in 38 U.S.C. 5724, as the terms 
are defined in 38 U.S.C. 5727.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    All reports of suspected noncompliance with VHA business practice 
will be documented in a computerized database and assigned a unique 
identification number. Paper files which contain documents collected in 
association with reviewing the case, such as memoranda, policies, or 
examples of work produced as a result of the complaint should be 
electronically file.

Retrievability:
    Both electronic and paper case files will be stored and 
individually retrieved by the same unique identification number, not by 
name.

Safeguards:
    Access to computerized information in the database is restricted to 
authorized personnel on a need-to-know basis. Documentation will be 
maintained in a secure environment in the VHA Office of Compliance and 
Business Integrity, the Compliance and Business Integrity Officers 
located at the network and medical center. Physical access to printouts 
and data terminals will be limited to authorized personnel.
    Access to file folders is restricted to authorized personnel on a 
need-to-know basis. Paper files should be maintained in file cabinets 
or closets and are locked after duty hours. These files are under the 
control of the Compliance and Business Integrity Officer or his or her 
designees.

Retention and disposal:
    Computerized records will be retained indefinitely. Periodic system 
back-ups will be employed for record protection. If disk space is 
limited, the records will be archived to tape or disk in accordance 
with established practice. Paper records will be maintained and 
disposed of in accordance with records disposition authority approved 
by the Archivist of the United States.

System manager(S) and address:
    VHA Office of Compliance and Business Integrity (10B3), Department 
of

[[Page 41493]]

Veterans Affairs, 810 Vermont Avenue, NW., Washington, DC 20420.

Notification procedure:
    An individual who wishes to know if a record is being maintained by 
VHA Office of Compliance and Business Integrity under his or her name 
or wants to determine the contents of such records should submit a 
written request or apply in person to the local VA medical center.

Record access procedure:
    An individual who seeks access to or wishes to contest records 
maintained under his or her name in this system may write, call or 
visit the VHA Office of Compliance and Business Integrity (10B3).

Contesting record procedures:
    (See Record Access Procedures above.)

Record source categories:
    The information in this system will be obtained from calls that are 
received through the VHA Compliance and Business Integrity Help Line 
and reports received through other sources. Information is obtained 
from VHA employees, Veterans, third parties such as contractors, and 
VHA records which may include billing data, patient medical records, 
policies and procedures, and memoranda.

[FR Doc. E9-19628 Filed 8-14-09; 8:45 am]
BILLING CODE 8320-01-P