[Federal Register Volume 85, Number 79 (Thursday, April 23, 2020)]
[Notices]
[Pages 22788-22797]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-08611]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Office of Information of Technology, Department of Veterans 
Affairs (VA).

ACTION: Notice of Modified System of Records.

-----------------------------------------------------------------------

SUMMARY: Individuals Submitting Invoices-Vouchers for Payment and 
Accounting Transactional Data-VA is a compilation of records received, 
controlled, managed, and employed for payment processing; general 
accounting; benefit payment distribution to veterans and their 
families; commercial vendor invoices for contract and reimbursement 
expenditures; and payroll payments.

DATES: Comments on this modified system of records must be received no 
later than 30 days after date of publication in the Federal Register. 
If no public comment is received during the period allowed for comment 
or

[[Page 22789]]

unless otherwise published in the Federal Register by VA, the modified 
system of records will become effective a minimum of 30 days after date 
of publication in the Federal Register. If VA receives public comments, 
VA shall review the comments to determine whether any changes to the 
notice are necessary.

ADDRESSES: Written comments may be submitted through 
www.Regulation.gov; by mail or hand-delivery to Director, Regulation 
Policy and Management (00REG), Department of Veterans Affairs, 810 
Vermont Ave. NW, Room 1064, Washington, DC 20420; or by fax to (202) 
273-9026 (not a toll free number). Comments should indicate that they 
are submitted in response to 13-VA047 Individuals Submitting Invoices-
Vouchers for Payment and Accounting Transactional Data-VA. Copies of 
comments received will be available for public inspection in the Office 
of Regulation Policy and Management, Room 1063B, between the hours of 
8:00 a.m. and 4:30 p.m., Monday through Friday (except holidays). 
Please call (202) 461 4902 for an appointment. (This is not a toll-free 
number.) In addition, comments may be viewed online at 
www.Regulations.gov.

FOR FURTHER INFORMATION CONTACT: Jaime Manzano, [email protected], 
(512) 460-5307.

SUPPLEMENTARY INFORMATION: Individuals Submitting Invoices-Vouchers for 
Payment and Accounting Transactional Data-VA is a VA-wide financial 
management system of records utilized in VA's IT accounting systems for 
payment of benefits, vendor proposals payments and quotes, invoice 
payment processing, and payroll purposes. Information is collected from 
recipients, vendors, VA administrations, medical centers, and other 
Federal entities for rendering payment.
    Updated authorities by which the data is collected are 31 U.S.C. 
3512--Executive Agency Accounting and other Financial Management 
Reports and Plans; Federal Managers' Financial Integrity Act Section 2 
of 1982; Federal Financial Management Improvement Act of 1996; E-
Government Act of 2002 Title III., Federal Information Security 
Management Act (FISMA); Clinger Cohen Act of 1996; 38 CFR part 17 
Sec. Sec.  17.120-17.132; OMB Circular A-123, Management's 
Responsibility for Internal Control; and OMB Circular A-127, Financial 
Management Systems.
    Additional Routine Uses were added based on revised guidelines to 
A-108 and updated standards for agency breach notification. Moreover, 
VA must be able to provide its own initiative information that pertains 
to a violation of laws to law enforcement authorities in order for them 
to investigate and enforce those laws. Under 38 U.S.C. 5701(a) and (f), 
VA may only disclose the names and addresses of veterans and their 
dependents to Federal entities with law enforcement responsibilities. 
This is distinct from the authority to disclose records in response to 
a qualifying request from a law enforcement entity, as authorized by 
Privacy Act subsection 5 U.S.C. 552a(b)(7). VA will administer 
financial and transactional information through benefit disbursement 
consuming HIPPA related data thus amending the routine uses to include: 
14.Federal Agencies, Hospitals, for Referral by VA.; 15.Non-VA Doc, for 
Referral to VA; 18.Researchers, for Research; 25.Claims 
Representatives; and 26.Third Party, for Benefit or Discharge. Location 
of the system of records is a notable change to being stored, managed, 
and secured within a momentum cloud application.
    Numerical order of routine uses from original SORN listing to 
revised version is amended to the below agency standardized format 
including the first ten routine uses:

1. Congress.
2. Data breach response and remedial efforts.
3. Data breach response and remedial efforts with another Federal 
agency.
4. Law Enforcement.
5. Litigation.
6. Contractors.
7. EEOC.
8. FLRA.
9. MSPB.
10. NARA & GSA.

    Congress. VA may disclose information from the record of an 
individual in response to an inquiry from the congressional office made 
at the request of that individual. VA must be able to provide 
information about individuals to adequately respond to inquiries from 
Members of Congress at the request of constituents who have sought 
their assistance. Justification--VA established standardized Routine 
Use. Disclosures may be made to a congressional office from the record 
of an individual in response to an inquiry from the congressional 
office made at the request of the individual to whom the record 
pertains. The disclosure must be within the scope of the individual's 
request and release of individually identifiable treatment records 
relating to alcohol, drug abuse, sickle cell anemia, or human 
immunodeficiency virus/AIDS must be specifically addressed in the 
individual's request to the congressional office for assistance. In 
those cases, however, where the congressional inquiry indicates that 
the request is being made on behalf of a person other than the 
individual whose record is to be disclosed, the congressional office 
should be advised that the written consent of the subject of the record 
is required. The Privacy Act limitation on disclosure of personal 
information contained in any VA system of records shall not apply to 
any Chairman/Head of a committee in the House of Representatives or the 
United States Senate Veterans' Affairs or Appropriations Committees 
(including the Subcommittees on VA, HUD, and Independent Agencies) if 
an official request for the disclosure has been made for an oversight 
purpose on a matter within the jurisdiction of the Committee or 
Subcommittee. Use case--Use of information is necessary and proper to 
ensure the veteran and whom they entrust and deem necessary have access 
to advocate on their behalf.
    Data breach response and remedial efforts. To appropriate agencies, 
entities, and persons when (1) VA suspects or has confirmed that there 
has been a breach of the system of records; (2) VA has determined that 
as a result of the suspected or confirmed breach there is a risk of 
harm to individuals, VA (including its information systems, programs, 
and operations), the Federal Government, or national security; and (3) 
the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with [the agency's] 
efforts to respond to the suspected or confirmed breach or to prevent, 
minimize, or remedy such harm. Justification--VA established 
standardized Routine Use. This routine use permits disclosures by the 
Department to respond to a suspected or confirmed data breach, 
including the conduct of any risk analysis or provision of credit 
protection services as provided in 38 U.S.C. 5724 and, in accordance 
with Veterans Benefits, Health Care, and Information Technology Act of 
2006 Sec. Sec.  5723--5724. VA may notify officials other than 
officials within the Department of data breaches when required. In the 
instance of 20 or more individuals affected, VA may provide notice to 
Director of Office of Management and Budget and other such Federal 
entities as determined relevant through quantitative and qualitative 
risk analyses whether independent or internal on a confirmed data 
breach. Specifically, VA may authorize an independent risk analysis by 
a non-VA entity and/or Office of Inspector General in cases involving 
PII and/or PHI.

[[Page 22790]]

Findings of such risk analysis may endorse and invoke provisioning of 
credit monitoring for all those affected. Use Case--Use of information 
is necessary and proper to mitigate the effect of a confirmed data 
breach through provisioning credit monitoring. Notification of non-
federal entities in compliance and risk assessment capacity to perform 
prevention strategies.
    Data breach response and remedial efforts with another Federal 
agency. To another Federal agency or Federal entity, when VA determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national security, resulting from a suspected or 
confirmed breach. Justification--VA established standardized Routine 
Use: In accordance with U.S.C 38Sec.  5723, (7) VA will ensure that the 
Assistant Secretary for Information and Technology, in coordination 
with the Under Secretaries, Assistant Secretaries, and other key 
officials of the Department report to Congress, the Office of 
Management and Budget, and other entities as required by law and this 
section of the regulation to cooperate with notify and cooperate with 
officials other than officials of the Department of data breaches when 
required. Use Case--Use of information is necessary and proper to 
initiate investigations into confirmed data breaches involving other 
executive branch agencies.
    Law Enforcement. VA may disclose information in this system, except 
the names and home addresses of veterans and their dependents, which is 
relevant to a suspected or reasonably imminent violation of law, 
whether civil, criminal or regulatory in nature and whether arising by 
general or program statute or by regulation, rule or order issued 
pursuant thereto, to a Federal, State, local, Tribal, or foreign agency 
charged with the responsibility of investigating or prosecuting such 
violation, or charged with enforcing or implementing the statute, 
regulation, rule or order. Justification--VA established standardized 
Routine Use: VA may also disclose the names and addresses of veterans 
and their dependents to a Federal agency charged with the 
responsibility of investigating or prosecuting civil, criminal or 
regulatory violations of law, or charged with enforcing or implementing 
the statute, regulation, rule or order issued pursuant thereto. Use 
Case--Use of information is necessary and proper to cooperate with 
other federal agencies while prosecuting civil, criminal or regulatory 
violations of law.
    Litigation. It shall be a routine use of the records in this system 
of records to disclose them to the Department of Justice when
    (a) VA, or any component thereof; or
    (b) any employee of VA in his or her official capacity; or
    (c) any employee of VA in his or her individual capacity where the 
Department of Justice has agreed to represent the employee; or
    (d) the United States, where VA determines that litigation is 
likely to affect VA or any of its components is a party to litigation 
or has an interest in such litigation and the use of such records by 
the Department of Justice is deemed by VA to be relevant and necessary 
to the litigation.
    Use Case--Use of information is necessary and proper to disclose 
records in this system of records in legal proceedings before a court 
or administrative body.
    Contractors. VA may disclose information from this system of 
records to individuals, organizations, private or public agencies, or 
other entities or individuals with whom VA has a contract or agreement 
to perform such services as VA may deem practicable for the purposes of 
laws administered by VA, in order for the contractor, subcontractor, 
public or private agency, or other entity or individual with whom VA 
has a contract or agreement to perform services under the contract or 
agreement. This routine use includes disclosures by an individual or 
entity performing services for VA to any secondary entity or individual 
to perform an activity that is necessary for individuals, 
organizations, private or public agencies, or other entities or 
individuals with whom VA has a contract or agreement to provide the 
service to VA. This routine use also applies to agreements that do not 
qualify as contracts defined by Federal procurement laws and 
regulations. Justification--VA established standardized Routine Use: VA 
may disclose information from this system of records to individuals, 
organizations private or public agencies, or other entities or 
individuals with whom VA has a contract or agreement to perform such 
services on behalf of VA acting in such capacity as an agent of VA on a 
need to know basis. Use Case--Use of information is necessary and 
proper to disclose records from this system of records for entities 
contracted, entered into an agreement, and performing duties on behalf 
of VA.
    EEOC. VA may disclose information from this system to the Equal 
Employment Opportunity Commission (EEOC) when requested in connection 
with investigations of alleged or possible discriminatory practices, 
examination of Federal affirmative employment programs, or other 
functions of the Commission as authorized by law or regulation. 
Justification--VA established standardized Routine Use: VA must be able 
to provide information to EEOC to assist it in fulfilling its duties to 
protect employees' rights, as required by statute and regulation. Use 
Case--Use of information is necessary and proper to disclose records 
from this system of records to protect VA employee rights.
    FLRA. VA may disclose information from this system to the Federal 
Labor Relations Authority (FLRA), including its General Counsel, 
information related to the establishment of jurisdiction, 
investigation, and resolution of allegations of unfair labor practices, 
or in connection with the resolution of exceptions to arbitration 
awards when a question of material fact is raised; for it to address 
matters properly before the Federal Services Impasses Panel, 
investigate representation petitions, and conduct or supervise 
representation elections. Justification--VA established standardized 
Routine Use: VA must be able to provide information to FLRA to comply 
with the statutory mandate under which it operates. Use Case--Use of 
information is necessary and proper to cooperate with labor relation 
investigations.
    MSPB. VA may disclose information from this system to the Merit 
Systems Protection Board (MSPB), or the Office of the Special Counsel, 
when requested in connection with appeals, special studies of the civil 
service and other merit systems, review of rules and regulations, 
investigation of alleged or possible prohibited personnel practices, 
and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as 
authorized by law. Justification--VA established standardized Routine 
Use: VA must be able to provide information to MSPB to assist it in 
fulfilling its duties as required by statute and regulation. Use Case--
Use of information is necessary and proper to cooperate with Merit 
Systems Protection Board and/or Office of Special Counsel concerning 
allegations of prohibited personnel practices. Disclosure may be made 
to a congressional office from the record of an individual in response 
to

[[Page 22791]]

an inquiry from the congressional office made at the request of that 
individual.
    Disclosure may be made to NARA (National Archives and Records 
Administration) GSA (General Services Administration) in records 
management inspections conducted under authority of 44 U.S.C. 2904 and 
2906. (In present SORN and will not Change)
    Transfer payment information necessary to complete payment of 
claims and to furnish income data Form 1099 to the Treasury Department 
in order to effect payment of claims to vendors and to furnish income 
information. (In present SORN and will not Change)
    In the event that a system of records maintained by this agency to 
carry out its functions indicates a violation or potential violation of 
law, whether civil, criminal or regulatory in nature, and whether 
arising by general statute or particular program statute, or by 
regulation, rule or order issued pursuant thereto, the relevant records 
in the system of records may be referred, as a routine use, to the 
appropriate agency, whether Federal, State, local or foreign, charged 
with the responsibility of investigating or prosecuting such violation 
or charged with enforcing or implementing the statute, or rule, 
regulation or order issued pursuant thereto. (Deleted and replaced with 
more up-to-date)
    A record from this system of records may be disclosed as a `routine 
use' to a Federal, State or local agency or to a non-governmental 
organization maintaining civil, criminal or other relevant information, 
such as current licenses, registration or certification, if necessary 
to obtain information relevant to an agency decision concerning the 
hiring or retention of an employee, the use of an individual as a 
consultant, attending or to provide fee basis health care, the issuance 
of a security clearance, the letting of a contract, or the issuance of 
a license, grant or other benefits. These records may also be disclosed 
as part of an ongoing computer matching program to accomplish these 
purposes. (Deleted and updated by--In Original SORN--Deleted or 
Replaced by updated Routine Use detailed below)
    A record from this system of records may be disclosed to a Federal, 
State or local agency, in response to its request, in connection with 
the hiring or retention of an employee, the issuance of a security 
clearance, the reporting of an investigation of an employee, the 
letting of a contract, or the issuance of a license, grant, or other 
benefit by the requesting agency, to the extent that the information is 
relevant and necessary to the requesting agency's decision on the 
matter. (Deleted and updated by--In Original SORN--Deleted or Replaced 
by updated Routine Use detailed below)
    Relevant information from this system of records, including the 
nature and amount of financial obligation, may be disclosed as a 
routine use, in order to assist the Veterans Administration in the 
collection of unpaid financial obligations owed the VA, to a debtor's 
employing agency or commanding officer so that the debtor-employee may 
be counseled by his or her Federal employer or commanding officer. This 
purpose is consistent with 5 U.S.C. 5514, 4 CFR 102.5, and section 206 
of Executive Order 11222 of May 8, 1965 (30 FR 6469). (Deleted and 
updated by--In Original SORN--Deleted or Replaced by updated Routine 
Use detailed below)
    Relevant information from this system of records, including 
available identifying data regarding the debtor, such as name of 
debtor, last known address of debtor, name of debtor's spouse, social 
security account number of debtor, VA insurance number, VA loan number, 
VA claim number, place of birth and date of birth of debtor, name and 
address of debtor's employer or firm and dates of employment, may be 
disclosed to other Federal agencies, State probate courts, State 
drivers license bureaus, and State automobile title and license bureaus 
as a routine use in order to obtain current address, locator and credit 
report assistance in the collection of unpaid financial obligations 
owed the U.S. This purpose is consistent with the Federal Claims 
Collection Act of 1966 (Pub. L. 89-508, 31 U.S.C. 951-953) and 4 CFR 
parts 101-105. (Deleted and updated by--In Original SORN--Deleted or 
Replaced by updated Routine Use detailed below)
    Records from this system of records may be disclosed to a Federal 
Agency or to a State or local government licensing board and/or to the 
Federation of State Medical Boards or a similar nongovernment entity 
which maintains records concerning individuals' employment histories or 
concerning the issuance, retention or revocation of licenses, 
certifications, or registration necessary to practice an occupation, 
profession or specialty, in order for the Agency to obtain information 
relevant to an Agency decision concerning the hiring, retention or 
termination of an employee or to inform a Federal Agency or licensing 
boards or the appropriate nongovernment entities about the health care 
practices of a terminated, resigned or retired health care employee 
whose professional health care activity so significantly failed to 
conform to generally accepted standards of professional medical 
practice as to raise reasonable concern for the health and safety of 
patients in the private sector or from another Federal Agency. These 
records may also be disclosed as part of an ongoing computer matching 
program to accomplish these purposes. (Deleted and updated by--In 
Original SORN--Deleted or Replaced by updated Routine Use detailed 
below)
    Relevant information (excluding medical treatment information 
related to drug or alcohol abuse, infection with the human 
immunodeficiency virus or sickle cell anemia) may be disclosed to the 
Department of Health and Human Services (HHS) for the purpose of 
identifying improper duplicate payments made by Medicare fiscal 
intermediaries where VA authorized and was responsible for payment for 
medical services obtained at non-VA health care facilities. The purpose 
of the review is for HHS to identify duplicate payments and initiate 
recovery of identified overpayments and, where warranted, initiate 
fraud investigations, or, to seek reimbursement from VA for those 
services which were authorized by VA and for which no payment, or 
partial payment, was made by VA. HHS will provide information to 
identify the patient to include the patient name, address, Social 
Security number, date of birth, and information related to the period 
of medical treatment for which payment was made by Medicare to include 
the name and address of the hospital, the admission and discharge 
dates, the services for which payment was made, and the dates and 
amounts of payment. Information disclosed from this system of records 
will be limited to that information that is necessary to confirm or 
disprove an inappropriate payment by Medicare. These records may also 
be disclosed as part of an ongoing computer matching program to 
accomplish these purposes. (Deleted and updated by--In Original SORN--
Deleted or Replaced by updated Routine Use detailed below)
    Identifying information in this system, including name, address, 
social security number and other information as is reasonably necessary 
to identify such individual, may be disclosed to the National 
Practitioner Data Bank at the time of hiring and/or clinical 
privileging/reprivileging of health care practitioners, and other times 
as deemed necessary by VA, in order for VA to obtain information 
relevant to a Department decision concerning the hiring, privileging/
reprivileging, retention or termination of the applicant or employee. 
(Deleted and updated by--In Original SORN--Deleted or Replaced by 
updated Routine Use detailed below)

[[Page 22792]]

    Relevant information from this system of records may be disclosed 
to the National Practitioner Data Bank and/or State Licensing Board in 
the State(s) in which a practitioner is licensed, in which the VA 
facility is located, and/or in which an act or omission occurred upon 
which a medical malpractice claim was based when VA reports information 
concerning: (1) Any payment for the benefit of a physician, dentist, or 
other licensed health care practitioner which was made as the result of 
a settlement or judgment of a claim of medical malpractice if an 
appropriate determination is made in accordance with agency policy that 
payment was related to substandard care, professional incompetence or 
professional misconduct on the part of the individual; (2) a final 
decision which relates to possible incompetence or improper 
professional conduct that adversely affects the clinical privileges of 
a physician or dentist for a period longer than 30 days; or, (3) the 
acceptance of the surrender of clinical privileges or any restriction 
of such privileges by a physician or dentist either while under 
investigation by the health care entity relating to possible 
incompetence or improper professional conduct, or in return for not 
conducting such an investigation or proceeding. These records may also 
be disclosed as part of a computer matching program to accomplish these 
purposes. (Deleted and updated by--In Original SORN--Deleted or 
Replaced by updated Routine Use detailed below)
    Federal Agencies, for Computer Matches. VA may disclose identifying 
information, including social security number, concerning veterans, 
spouses of veterans, and the beneficiaries of veterans to other federal 
agencies for the purpose of conducting computer matches to obtain 
information to determine or verify eligibility of veterans receiving VA 
medical care under Title 38, U.S.C. Office Enterprise Integration (OEI) 
may disclose limited individual identification information to another 
Federal agency for the purpose of matching and acquiring information 
held by that agency for OPP to use for the purposes stated for this 
system of records. Justification--VA established standardized Routine 
Use: VA must be able to provide limited personally identifiable 
information to other federal agencies for computer matching activities 
for the purpose of benefit payments to veterans and beneficiaries. Use 
Case--Use of information is necessary and proper to conduct computer 
matching activities with regards to payments and verification of VA 
payment if VA is considered a Source Agency. (New Routine Use)
    Federal Agencies, for Litigation. It shall be a routine use of the 
records in this system of records to disclose them to the Department of 
Justice when
    (a) VA, or any component thereof; or
    (b) any employee of VA in his or her official capacity; or
    (c) any employee of VA in his or her individual capacity where the 
Department of Justice has agreed to represent the employee; or
    (d) the United States, where VA determines that litigation is 
likely to affect VA or any of its components is a party to litigation 
or has an interest in such litigation and the use of such records by 
the Department of Justice is deemed by VA to be relevant and necessary 
to the litigation. Justification--VA established standardized Routine 
Use: VA may disclose records in this system of records in legal 
proceedings another federal agency, court, or party in litigation 
before a court or other administrative proceeding conducted by an 
agency if VA is a party to the proceeding and needs to disclose the 
information to protect its interests. Use Case--Use of information is 
necessary and proper to disclose records in this system of records in 
legal proceedings before a court or administrative body. (New Routine 
Use)
    Federal Agencies, Hospitals, for Referral by VA. VA may disclose 
relevant health care information to: (1) A federal agency or non-VA 
health care provider or institution when VA refers a patient for 
hospital or nursing home care or medical services, or authorizes a 
patient to obtain non-VA medical services and the information is needed 
by the federal agency or non-VA institution on provider to perform the 
services; or (2) a federal agency or to a non-VA hospital (federal, 
state, and local public or private) or other medical installation 
having hospital facilities, organ banks, blood banks, or similar 
institutions, medical schools or clinics, or other groups or 
individuals that have contracted or agreed to provide medical services 
or share the use of medical resources under the provisions of 38 U.S.C. 
513, 7409, 8111, or 8153, when treatment is rendered by VA under the 
terms of such contract or agreement or the issuance of an 
authorization, and the information is needed for purposes of medical 
treatment and/or follow-up, determining entitlement to a benefit, or 
for VA to effect recovery of the costs of the medical care. 
Justification--VA established standardized Routine Use: VA must be able 
to provide patient referral information for authorized hospital and/or 
nursing home care to a non-VA medical services provider for recovery of 
the costs of the medical care. Use Case--Use of information is 
necessary and proper as data within this system does not exclusively 
include financial, transactional, and benefit payout data it also 
includes VHA PHI information that is funneled in by VISTA. (New Routine 
Use)
    Federal Agencies, for Recovery of Medical Care Costs. VA may 
disclose patient identifying information to federal agencies and VA and 
government-wide third-party insurers responsible for payment of the 
cost of medical care for the identified patients, in order for VA to 
seek recovery of the medical care costs. These records may also be 
disclosed as part of a computer matching program to accomplish this 
purpose. Justification--Use of information is necessary and proper as 
data within this system does not exclusively include financial, 
transactional, and benefit payout data it also includes VHA PHI 
information that is funneled in by VISTA. (New Routine Use) Use Case--
Use of information is necessary and proper as data within this system 
does not exclusively include financial, transactional, and benefit 
payout data it also includes VHA PHI information that is funneled in by 
VISTA. (New Routine Use)
    Researchers, for Research. VA may disclose information from this 
system, except the names and home addresses of veterans and their 
dependents (unless name and address is furnished by the requester), for 
research purposes determined to be necessary and proper, to 
epidemiological and other research facilities approved by the Under 
Secretary for Health. Justification--The data within this system does 
not just include financial, transactional, and benefit payout data it 
also includes VHA PHI information that is funneled in by VISTA. Use 
Case--Use of information is necessary and proper as data within this 
system does not exclusively include financial, transactional, and 
benefit payout data it also includes VHA PHI information that is 
funneled in by VISTA. (New Routine Use)
    Treasury, IRS. VA may disclose the name of a veteran or 
beneficiary, other information as is reasonably necessary to identify 
such individual, and any other information concerning the individual's 
indebtedness by virtue of a person's participation in a benefits 
program administered by VA, may be disclosed to the Department of the 
Treasury, Internal Revenue Service, for the collection of Title 38 
benefit overpayments, overdue indebtedness, and/or costs of services 
provided to an

[[Page 22793]]

individual not entitled to such services, by the withholding of all or 
a portion of the person's Federal income tax refund. The purpose of 
this disclosure is to collect a debt owed the VA by an individual by 
offset of his or her Federal income tax refund. Justification--VA 
established standardized Routine Use: VA must be able to provide 
information to MSPB to assist it in fulfilling its duties as required 
by statute and regulation. Use Case--Use of information is necessary 
and proper to cooperate with Merit Systems Protection Board and/or 
Office of Special Counsel concerning allegations of prohibited 
personnel practices. (New Routine Use)
    Treasury, to Report Waived Debt as Income. VA may disclose an 
individual's name, address, social security number, and the amount 
(excluding interest) of any indebtedness which is waived under 38 
U.S.C. 3102, compromised under 4 CFR part 103, otherwise forgiven, or 
for which the applicable statute of limitations for enforcing 
collection has expired, to the Department of the Treasury, Internal 
Revenue Service, as a report of income under 26 U.S.C. 61(a)(12). 
Justification--VA established standardized Routine Use: VA must be able 
to provide information to MSPB to assist it in fulfilling its duties as 
required by statute and regulation. Use Case--Use of information is 
necessary and proper to cooperate with Merit Systems Protection Board 
and/or Office of Special Counsel concerning allegations of prohibited 
personnel practices. (New Routine Use)
    Treasury, for Payment or Reimbursement. VA may disclose information 
to the Department of the Treasury to facilitate payments to physicians, 
clinics, and pharmacies for reimbursement of services rendered, and to 
veterans for reimbursements of authorized expenses, or to collect, by 
set off or otherwise, debts owed the United States. Justification--VA 
established standardized Routine Use: VA must be able to provide 
information to MSPB to assist it in fulfilling its duties as required 
by statute and regulation. Use Case--Use of information is necessary 
and proper to cooperate with Merit Systems Protection Board and/or 
Office of Special Counsel concerning allegations of prohibited 
personnel practices. (New Routine Use)
    Guardians Ad Litem, for Representation.VA may disclose information 
to a fiduciary or guardian ad litem in relation to his or her 
representation of a claimant in any legal proceeding, but only to the 
extent necessary to fulfill the duties of the fiduciary or guardian ad 
litem. This disclosure permits VA to provide individual information to 
an appointed VA Federal fiduciary or to the individual's guardian ad 
litem that is needed to fulfill appointed duties. Justification--VA 
established standardized Routine Use: VA must be able to provide 
information to MSPB to assist it in fulfilling its duties as required 
by statute and regulation. Use Case--Use of information is necessary 
and proper to cooperate with Merit Systems Protection Board and/or 
Office of Special Counsel concerning allegations of prohibited 
personnel practices. (New Routine Use)
    Guardians, for Incompetent Veterans. VA may disclose relevant 
information from this system of records in the course of presenting 
evidence to a court, magistrate, or administrative tribunal; in matters 
of guardianship, inquests, and commitments; to private attorneys 
representing veterans rated incompetent in conjunction with issuance of 
Certificates of Incompetency; and to probation and parole officers in 
connection with court-required duties. Justification--VA established 
standardized Routine Use: VA must be able to provide information to 
MSPB to assist it in fulfilling its duties as required by statute and 
regulation. Use Case--Use of information is necessary and proper to 
cooperate with Merit Systems Protection Board and/or Office of Special 
Counsel concerning allegations of prohibited personnel practices. (New 
Routine Use)
    Claims Representatives. VA may disclose information from this 
system of records relevant to a claim of a veteran or beneficiary, such 
as the name, address, the basis and nature of a claim, amount of 
benefit payment information, medical information, and military service 
and active duty separation information, at the request of the claimant 
to accredited service organizations, VA-approved claim agents, and 
attorneys acting under a declaration of representation, so that these 
individuals can aid claimants in the preparation, presentation, and 
prosecution of claims under the laws administered by VA. The name and 
address of a claimant will not, however, be disclosed to these 
individuals under this routine use if the claimant has not requested 
the assistance of an accredited service organization, claims agent or 
an attorney. VA must be able to disclose this information to accredited 
service organizations, VA-approved claim agents, and attorneys 
representing veterans so they can assist veterans by preparing, 
presenting, and prosecuting claims under the laws administered by VA. 
Justification--VA established standardized Routine Use: VA must be able 
to provide information to MSPB to assist it in fulfilling its duties as 
required by statute and regulation. Use Case--Use of information is 
necessary and proper to cooperate with Merit Systems Protection Board 
and/or Office of Special Counsel concerning allegations of prohibited 
personnel practices. (New Routine Use)
    Third Party, for Benefit or Discharge. Health care information 
concerning a non-judicially declared incompetent patient may be 
disclosed to a third party upon the written authorization of the 
patient's next of kin in order for the patient, or, consistent with the 
best interest of the patient, a member of the patient's family, to 
receive a benefit to which the patient or family member is entitled, 
or, to arrange for the patient's discharge from a VA medical facility. 
Sufficient data to make an informed determination will be made 
available to such next of kin. If the patient's next of kin are not 
reasonably accessible, the Chief of Staff, Director, or designee of the 
custodial VA medical facility may disclose health information for these 
purposes. Justification--VA established standardized Routine Use: VA 
must be able to provide information to MSPB to assist it in fulfilling 
its duties as required by statute and regulation. Use Case--Use of 
information is necessary and proper to cooperate with Merit Systems 
Protection Board and/or Office of Special Counsel concerning 
allegations of prohibited personnel practices. (New Routine Use)

Signing Authority

    The Senior Agency Official Privacy, or designee, approved this 
document and authorized the undersigned to sign and submit the document 
to the Office of the Federal Register for publication electronically as 
an official document of the Department of Veterans Affairs. James P. 
Gfrerer, Assistant Secretary for Information and Technology and Chief 
Information Officer, Department of Veterans Affairs, approved this 
document on May 30, 2019 for publication.

    Dated: April 20, 2020.
Amy L. Rose,
Program Analyst, VA Privacy Service, Department of Veterans Affairs.

SYSTEM NAME:
    Individuals Submitting Invoices-Vouchers for Payment and Accounting 
Transactional Data-VA 13VA047.

SECURITY CLASSIFICATION:
    The information in this system is unclassified.

[[Page 22794]]

SYSTEM LOCATION:
    VA Data Processing Center, Austin, Texas and fiscal offices of 
Central Office; field stations where fiscal transactions are processed; 
and application server located in the VA managed enterprise service 
cloud enclave.

SYSTEM MANAGER(S):
    Tammy Watson, System Owner, VA Financial Services Center (FSC), 
Austin, TX 78741.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    31 U.S.C. 3512--Executive Agency Accounting and other Financial 
Management Reports and Plans; Federal Managers' Financial Integrity Act 
Section 2 of 1982; Federal Financial Management Improvement Act of 
1996; E-Government Act of 2002 Title III., Federal Information Security 
Modernization Act (FISMA) of 2014; Clinger Cohen Act of 1996; 38 CFR 
part 17 Sec. Sec.  17.120-17.132; OMB Circular A-123, Management's 
Responsibility for Internal Control; and OMB Circular A-127, Financial 
Management Systems.

PURPOSE(S) OF THE SYSTEM:
    Individuals Submitting Invoices-Vouchers for Payment and Accounting 
Transactional Data-VA is a VA-wide financial management system of 
records utilized in VA's IT accounting systems for payment of benefits, 
vendor payments, invoice payment processing, and payroll purposes. 
Information is collected from recipients, vendors, VA administrations, 
medical centers, and other Federal entities for rendering payment.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Contractors, vendors, salaried employees, non-salaried employees, 
consultants, physicians and dentists, and patients and veterans.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Commercial Vendor identification listings, invoiced payment 
records, claimant information, and banking and financial accounting 
information.

RECORD SOURCE CATEGORIES:
    Commercial vendors; individual or legal representative as part of 
an application for a benefit, contract or reimbursement; Data could 
potentially be obtained from a VA administration, facility and/or 
medical center; Department of Treasury; Internal Revenue Service; and 
other Federal entities.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    To the extent that records contained in the system include 
information protected by 45 CFR parts 160 and 164, i.e., individually 
identifiable health information, and 38 U.S.C. 7332, i.e., medical 
treatment information related to drug abuse, alcoholism or alcohol 
abuse, sickle cell anemia or infection with the human immunodeficiency 
virus, that information cannot be disclosed under a routine use unless 
there is also specific statutory authority in 38 U.S.C. 7332 and 
regulatory authority in 45 CFR parts 160 and 164 permitting disclosure.
    1. Congress. VA may disclose information from the record of an 
individual in response to an inquiry from the congressional office made 
at the request of that individual. VA must be able to provide 
information about individuals to adequately respond to inquiries from 
Members of Congress at the request of constituents who have sought 
their assistance.
    2. Data breach response and remedial efforts. To appropriate 
agencies, entities, and persons when (1) VA suspects or has confirmed 
that there has been a breach of the system of records; (2) VA has 
determined that as a result of the suspected or confirmed breach there 
is a risk of harm to individuals, VA (including its information 
systems, programs, and operations), the Federal Government, or national 
security; and (3) the disclosure made to such agencies, entities, and 
persons is reasonably necessary to assist in connection with VA efforts 
to respond to the suspected or confirmed breach or to prevent, 
minimize, or remedy such harm.
    3. Data breach response and remedial efforts with another Federal 
agency. To another Federal agency or Federal entity, when VA determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national security, resulting from a suspected or 
confirmed breach.
    4. Law Enforcement. VA may disclose information in this system, 
except the names and home addresses of veterans and their dependents, 
which is relevant to a suspected or reasonably imminent violation of 
law, whether civil, criminal or regulatory in nature and whether 
arising by general or program statute or by regulation, rule or order 
issued pursuant thereto, to a Federal, State, local, Tribal, or foreign 
agency charged with the responsibility of investigating or prosecuting 
such violation, or charged with enforcing or implementing the statute, 
regulation, rule or order. VA may also disclose the names and addresses 
of veterans and their dependents to a Federal agency charged with the 
responsibility of investigating or prosecuting civil, criminal or 
regulatory violations of law, or charged with enforcing or implementing 
the statute, regulation, rule or order issued pursuant thereto.
    5. Litigation. It shall be a routine use of the records in this 
system of records to disclose them to the Department of Justice when
    (e) VA, or any component thereof; or
    (f) any employee of VA in his or her official capacity; or
    (g) any employee of VA in his or her individual capacity where the 
Department of Justice has agreed to represent the employee; or
    (h) the United States, where VA determines that litigation is 
likely to affect VA or any of its components is a party to litigation 
or has an interest in such litigation and the use of such records by 
the Department of Justice is deemed by VA to be relevant and necessary 
to the litigation.
    6. Contractors. VA may disclose information from this system of 
records to individuals, organizations, private or public agencies, or 
other entities or individuals with whom VA has a contract or agreement 
to perform such services as VA may deem practicable for the purposes of 
laws administered by VA, in order for the contractor, subcontractor, 
public or private agency, or other entity or individual with whom VA 
has a contract or agreement to perform services under the contract or 
agreement. This routine use includes disclosures by an individual or 
entity performing services for VA to any secondary entity or individual 
to perform an activity that is necessary for individuals, 
organizations, private or public agencies, or other entities or 
individuals with whom VA has a contract or agreement to provide the 
service to VA. This routine use also applies to agreements that do not 
qualify as contracts defined by Federal procurement laws and 
regulations.
    7. EEOC. VA may disclose information from this system to the Equal 
Employment Opportunity Commission (EEOC) when requested in connection 
with investigations of alleged or possible discriminatory practices, 
examination of Federal affirmative employment programs, or

[[Page 22795]]

other functions of the Commission as authorized by law or regulation. 
VA must be able to provide information to EEOC to assist it in 
fulfilling its duties to protect employees' rights, as required by 
statute and regulation.
    8. FLRA. VA may disclose information from this system to the 
Federal Labor Relations Authority (FLRA), including its General 
Counsel, information related to the establishment of jurisdiction, 
investigation, and resolution of allegations of unfair labor practices, 
or in connection with the resolution of exceptions to arbitration 
awards when a question of material fact is raised; for it to address 
matters properly before the Federal Services Impasses Panel, 
investigate representation petitions, and conduct or supervise 
representation elections. VA must be able to provide information to 
FLRA to comply with the statutory mandate under which it operates.
    9. MSPB. VA may disclose information from this system to the Merit 
Systems Protection Board (MSPB), or the Office of the Special Counsel, 
when requested in connection with appeals, special studies of the civil 
service and other merit systems, review of rules and regulations, 
investigation of alleged or possible prohibited personnel practices, 
and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as 
authorized by law. VA must be able to provide information to MSPB to 
assist it in fulfilling its duties as required by statute and 
regulation.
    10. NARA. VA may disclose information from this system to the 
National Archives and Records Administration (NARA) in records 
management inspections conducted under Title 44, U.S.C. NARA is 
responsible for archiving old records which are no longer actively used 
but may be appropriate for preservation, and for the physical 
maintenance of the Federal government's records. VA must be able to 
provide the records to NARA in order to determine the proper 
disposition of such records.
    11. Federal Agencies, for Computer Matches. VA may disclose 
identifying information, including social security number, concerning 
veterans, spouses of veterans, and the beneficiaries of veterans to 
other federal agencies for the purpose of conducting computer matches 
to obtain information to determine or verify eligibility of veterans 
receiving VA medical care under Title 38, U.S.C. Office Enterprise 
Integration (OEI) may disclose limited individual identification 
information to another Federal agency for the purpose of matching and 
acquiring information held by that agency for OPP to use for the 
purposes stated for this system of records.
    12. Federal Agencies, for Litigation. VA may disclose information 
to another federal agency, court, or party in litigation before a court 
or other administrative proceeding conducted by an agency, if VA is a 
party to the proceeding and needs to disclose the information to 
protect its interests
    13. Federal Agencies, Hospitals, for Referral by VA. VA may 
disclose relevant health care information to: (1) A federal agency or 
non-VA health care provider or institution when VA refers a patient for 
hospital or nursing home care or medical services, or authorizes a 
patient to obtain non-VA medical services and the information is needed 
by the federal agency or non-VA institution on provider to perform the 
services; or (2) a federal agency or to a non-VA hospital (federal, 
state, and local public or private) or other medical installation 
having hospital facilities, organ banks, blood banks, or similar 
institutions, medical schools or clinics, or other groups or 
individuals that have contracted or agreed to provide medical services 
or share the use of medical resources under the provisions of 38 U.S.C. 
513, 7409, 8111, or 8153, when treatment is rendered by VA under the 
terms of such contract or agreement or the issuance of an 
authorization, and the information is needed for purposes of medical 
treatment and/or follow-up, determining entitlement to a benefit, or 
for VA to effect recovery of the costs of the medical care.
    14. Federal Agencies, for Recovery of Medical Care Costs. VA may 
disclose patient identifying information to federal agencies and VA and 
government-wide third-party insurers responsible for payment of the 
cost of medical care for the identified patients, in order for VA to 
seek recovery of the medical care costs. These records may also be 
disclosed as part of a computer matching program to accomplish this 
purpose.
    15. Researchers, for Research. VA may disclose information from 
this system, except the names and home addresses of veterans and their 
dependents (unless name and address is furnished by the requester), for 
research purposes determined to be necessary and proper, to 
epidemiological and other research facilities approved by the Under 
Secretary for Health.
    16. Treasury, IRS. VA may disclose the name of a veteran or 
beneficiary, other information as is reasonably necessary to identify 
such individual, and any other information concerning the individual's 
indebtedness by virtue of a person's participation in a benefits 
program administered by VA, may be disclosed to the Department of the 
Treasury, Internal Revenue Service, for the collection of Title 38 
benefit overpayments, overdue indebtedness, and/or costs of services 
provided to an individual not entitled to such services, by the 
withholding of all or a portion of the person's Federal income tax 
refund. The purpose of this disclosure is to collect a debt owed the VA 
by an individual by offset of his or her Federal income tax refund.
    17. Treasury, to Report Waived Debt as Income. VA may disclose an 
individual's name, address, social security number, and the amount 
(excluding interest) of any indebtedness which is waived under 38 
U.S.C. 3102, compromised under 4 CFR part 103, otherwise forgiven, or 
for which the applicable statute of limitations for enforcing 
collection has expired, to the Department of the Treasury, Internal 
Revenue Service, as a report of income under 26 U.S.C. 61(a)(12).
    18. Treasury, for Payment or Reimbursement. VA may disclose 
information to the Department of the Treasury to facilitate payments to 
physicians, clinics, and pharmacies for reimbursement of services 
rendered, and to veterans for reimbursements of authorized expenses, or 
to collect, by set off or otherwise, debts owed the United States.
    19. Guardians Ad Litem, for Representation.VA may disclose 
information to a fiduciary or guardian ad litem in relation to his or 
her representation of a claimant in any legal proceeding, but only to 
the extent necessary to fulfill the duties of the fiduciary or guardian 
ad litem. This disclosure permits VA to provide individual information 
to an appointed VA Federal fiduciary or to the individual's guardian ad 
litem that is needed to fulfill appointed duties.
    20. Guardians, for Incompetent Veterans. VA may disclose relevant 
information from this system of records in the course of presenting 
evidence to a court, magistrate, or administrative tribunal; in matters 
of guardianship, inquests, and commitments; to private attorneys 
representing veterans rated incompetent in conjunction with issuance of 
Certificates of Incompetency; and to probation and parole officers in 
connection with court-required duties.
    21. Claims Representatives. VA may disclose information from this 
system of records relevant to a claim of a veteran or beneficiary, such 
as the name, address, the basis and nature of a claim, amount of 
benefit payment information, medical information, and military

[[Page 22796]]

service and active duty separation information, at the request of the 
claimant to accredited service organizations, VA-approved claim agents, 
and attorneys acting under a declaration of representation, so that 
these individuals can aid claimants in the preparation, presentation, 
and prosecution of claims under the laws administered by VA. The name 
and address of a claimant will not, however, be disclosed to these 
individuals under this routine use if the claimant has not requested 
the assistance of an accredited service organization, claims agent or 
an attorney. VA must be able to disclose this information to accredited 
service organizations, VA-approved claim agents, and attorneys 
representing veterans so they can assist veterans by preparing, 
presenting, and prosecuting claims under the laws administered by VA.
    22. Third Party, for Benefit or Discharge. Health care information 
concerning a non-judicially declared incompetent patient may be 
disclosed to a third party upon the written authorization of the 
patient's next of kin in order for the patient, or, consistent with the 
best interest of the patient, a member of the patient's family, to 
receive a benefit to which the patient or family member is entitled, 
or, to arrange for the patient's discharge from a VA medical facility. 
Sufficient data to make an informed determination will be made 
available to such next of kin. If the patient's next of kin are not 
reasonably accessible, the Chief of Staff, Director, or designee of the 
custodial VA medical facility may disclose health information for these 
purposes.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are stored electronically on a VA server, in paper folders, 
magnetic discs, magnetic tape, and in a momentum cloud application. 
Paper documents may be scanned/digitized and stored for viewing 
electronically.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    VA Directive 6300, Records and Information Management; VA Directive 
6502, VA Enterprise Privacy Program; and VA Handbook 6300.4, Procedures 
for Processing Requests for Records Subject to the Privacy Act.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Individuals Submitting Invoices-Vouchers for Payment and Accounting 
Transactional Data-VA system of records is retained as defined by its 
NARA approved Records Control Schedule, MP-4, Part X and within rules 
of the General Records Schedule (GRS). Unscheduled records within this 
System of Records are indefinitely retained within the rules GRS, ERA 
Number DAA-GRS-2013-005-002 (Permanent Retention). Per NARA practice, 
documentation for permanent electronic records must be transferred with 
the related records using the disposition authority of the related 
electronic records rather than the GRS disposition authority.
    Agency policy and responsibility for media and electronic 
sanitization is explicated in VA Handbook 6500.1, Electronic Media 
Sanitization. This Handbook sets forth policies and responsibilities 
for the proper sanitization of electronic media prior to repair, 
disposal, reuse, or recycling. These guidelines are in accordance with 
Federal Information Processing Standard (FIPS) 200, Minimum Security 
Requirements for Federal Information and Information Systems; and NIST 
Special Publication 800-88 Revision 1, Guidelines for Media 
Sanitization.
    VA Directive 6371, Destruction of Temporary Paper Records, is 
Agency policy for the destruction of temporary paper records.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    VA will store records produced within this system of records in an 
area that is physically and technologically secure from access by 
unauthorized persons at all times. Only authorized personnel will 
transport records within this system of records. VA will process 
records produced within this system of records under immediate 
supervision and control of authorized personnel in a manner that will 
protect the confidentiality of the records, so that unauthorized 
persons cannot retrieve any records by computer, remote terminal, or 
other means. VA will store records using FIPS 140-2 compliant 
encryption. Systems personnel must enter personal identification 
numbers when accessing records on the agencies' systems. VA will 
strictly limit authorization to those electronic records areas 
necessary for the authorized analyst to perform his or her official 
duties.

RECORD ACCESS PROCEDURES:
    An individual wanting notification or access, including contesting 
the record, should mail or deliver a request to the office identified 
in the SORN. If an individual does not know the ``office concerned,'' 
the request may be addressed to the following with below requirements: 
PO or FOIA/PO of any VA field station or the Department of Veterans 
Affairs Central Office, 810 Vermont Avenue NW, Washington, DC 20420. 
The receiving office must promptly forward the mail request received to 
the office of jurisdiction clearly identifying it as ``Privacy Act 
Request'', and notify the requester of the referral. Approved VA 
authorization forms, may be provided to individuals for use.

CONTESTING RECORD PROCEDURES:
    An individual may request amendment of a record pertaining to him 
or her contained in a specific VA system of records by mailing or 
delivering the request to the office concerned. The request must be in 
writing and must conform to the following requirements: It must state 
the nature of the information in the record the individual believes to 
be inaccurate, irrelevant, untimely, or incomplete; why the record 
should be changed; and the amendment desired. The requester must be 
advised of the title and address of the VA official who can assist in 
preparing the request to amend the record if assistance is desired. Not 
later than business 10 days after the date of a request to amend a 
record, the VA official concerned will acknowledge in writing such 
receipt. If a determination for correction or amendment has not been 
made, the acknowledgement will inform the individual of when to expect 
information regarding the action taken on the request. VA will complete 
a review of the request to amend or correct a record within 30 business 
days of the date of receipt. Where VA agrees with the individual's 
request to amend his or her record(s), the requirements of 5 U.S.C. 
552a(d) will be followed. The record(s) will be corrected promptly, and 
the individual will be advised promptly of the correction.
    If the record has previously been disclosed to any person or 
agency, and an accounting of the disclosure was made, prior recipients 
of the record will be informed of the correction. An approved VA 
notification of amendment form letter may be used for this purpose. An 
individual wanting notification or access, including contesting the 
record, should mail or deliver a request to the Privacy Office or FOIA/
Privacy Office of any VA field station or the Department of Veterans 
Affairs Central Office, 810 Vermont Avenue NW, Washington, DC 20420.

NOTIFICATION PROCEDURES:
    Notification for correcting the information will be accomplished by 
informing the individual to whom the record pertains by mail. The 
individual making the amendment must be advised

[[Page 22797]]

in writing that the record has been amended and provided with a copy of 
the amended record. System Manager for the concerned VA system of 
records, Privacy Officer, or their designee, will notify the relevant 
persons or organizations whom had previously received the record about 
the amendment. If 38 U.S.C. 7332-protected information was amended, the 
individual must provide written authorization to allow the sharing of 
the amendment with relevant persons or organizations request to amend a 
record must be acknowledged in writing within 10 workdays of receipt. 
If a determination has not been made within this time period, the 
System Manager for the concerned VA system of records or designee, and/
or the facility Privacy Officer, or designee, must advise the 
individual when the facility expects to notify the individual of the 
action taken on the request. The review must be completed as soon as 
possible, in most cases within 30 workdays from receipt of the request. 
If the anticipated completion date indicated in the acknowledgment 
cannot be met, the individual must be advised, in writing, of the 
reasons for the delay and the date action is expected to be completed. 
The delay may not exceed 90 calendar days from receipt of the request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    N/A.

HISTORY:
    VA 13VA047, Individuals Submitting Invoices-Vouchers for Payment -
VA--published prior to 1995.

[FR Doc. 2020-08611 Filed 4-22-20; 8:45 am]
 BILLING CODE P