[Federal Register Volume 86, Number 14 (Monday, January 25, 2021)]
[Notices]
[Pages 6988-6992]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-01501]
-----------------------------------------------------------------------
DEPARTMENT OF VETERANS AFFAIRS
Privacy Act of 1974; System of Records
AGENCY: Department of Veterans Affairs (VA).
ACTION: Notice of a Modified System of Records.
-----------------------------------------------------------------------
SUMMARY: As required by the Privacy Act of 1974, notice is hereby given
that the Department of Veterans Affairs (VA) is amending the system of
records currently entitled, ``Patient Advocate Tracking System
(PATS)[dash]VA'' (100VA10NS10) as set forth in the Federal Register. VA
is amending the system of records by revising the System Name, System
Number; System Location; System Manager; Record Source Categories;
Routine Uses of Records Maintained in the System, Including Categories
of Users and the Purposes of Such Uses; Policies and Practices for
Retention and Disposal of Records; and Physical, Administrative and
Procedural Safeguards. VA is republishing the system notice in its
entirety.
DATES: Comments on this amended system of records must be received no
later than February 24, 2021. If no public comment is received during
the period allowed for comment or unless otherwise published in the
Federal Register by the VA, the new system will become effective
February 24, 2021.
ADDRESSES: Written comments may be submitted through
www.Regulations.gov; by mail or hand-delivery to Director, Regulation
Policy and Management (00REG), Department of Veterans Affairs, 810
Vermont Avenue NW, Room 1064, Washington, DC 20420; or by fax to (202)
273-9026 (Note: not a toll-free number). Comments should indicate they
are submitted in response to ``Patient Representation Program
Records[dash]VA''. Copies of comments received will be available for
public inspection in the Office of Regulation Policy and Management,
Room 1063B, between the hours of 8:00 a.m. and 4:30 p.m., Monday
through Friday (except holidays). Please call (202) 461-4902 for an
appointment (Note: not a toll-free number). In addition, comments may
be viewed online at www.Regulations.gov.
FOR FURTHER INFORMATION CONTACT: Stephania Griffin, Veterans Health
Administration (VHA) Privacy Officer, Department of Veterans Affairs,
810 Vermont Avenue NW, Washington, DC 20420; telephone (704) 245-2492.
[[Page 6989]]
SUPPLEMENTARY INFORMATION: The System Name is being changed from
``Patient Advocate Tracking System (PATS)[dash]VA'' to ``Patient
Advocate Tracking System Replacement (PATS-R)-VA''.
The System Number will be changed from 100VA10NS10 to 100VA10H to
reflect the current organizational alignment.
The System Location is being amended to replace the PATS
application from being located at Falling Waters to Martinsburg, West
Virginia. Being removed from this section is, ``A limited set of
information is transferred from this central system in Falling Waters
to Austin Automation Center. This limited set of information
transferred to Austin Automation Center is utilized to run specific
reports for central business office.'' Being added to the section is
that PATS Report of Contact (ROC) encounter data, entered by Patient
Advocate users of the application, resides in the centralized PATS
database at Austin Information Technology Center (AITC). This ROC data
is transferred nightly from the PATS database at AITC to the PATS
Reports database at Hines Information Technology Center (HITC) to be
utilized to run ROC issue activity and trending reports by Patient
Advocates for submission to their VA Medical Center (VAMC)/Integrated
Health Care System Director, Service Chiefs and Customer Care leaders
to assess service activity and provide feedback to identify trends for
process improvement and achieve best practices.
The System Manager is being amended to replace Director, National
Veteran Service and Advocacy Program with Executive Director, VHA
Office of Patient Advocacy.
The Records Source Categories is being amended to replace 24VA136
with 24VA10A7 and to will now include Veterans Health Information
Systems and Technology Architecture (VistA) Records-VA (79VA10P2) and
integrated systems.
The Routine Uses of Records Maintained in the System has been
amended to change Joint Commission for Accreditation of Healthcare
Organizations (JCAHO) to The Joint Commission (TJC) in Routine use #6.
Routine Use #18 has been amended by clarifying the language to
state, ``VA may disclose any information or records to appropriate
agencies, entities, and persons when (1) VA suspects or has confirmed
that there has been a breach of the system of records; (2) VA has
determined that as a result of the suspected or confirmed breach there
is a risk to individuals, VA (including its information systems,
programs, and operations), the Federal Government, or national
security; and (3) the disclosure made to such agencies, entities, or
persons is reasonably necessary to assist in connection with VA efforts
to respond to the suspected or confirmed breach or to prevent,
minimize, or remedy such harm.''
Routine Use #19 is being added to state, ``VA may disclose
information from this system to another Federal agency or Federal
entity, when VA determines that information from this system of records
is reasonably necessary to assist the recipient agency or entity in (1)
responding to a suspected or confirmed breach or (2) preventing,
minimizing, or remedying the risk of harm to individuals, the recipient
agency or entity (including its information systems, programs, and
operations), the Federal Government, or national security, resulting
from a suspected or confirmed breach. VA needs this routine use for the
data breach response and remedial efforts with another Federal
agency.''
New Routine Use #20 is being added to state, ``VA may disclose
relevant information in response to an inquiry from a member of the
general public or third party about the named individual.'' VA needs
this routine use to permit disclosure to a Veteran when a complaint was
submitted on his/her behalf or if a Congressional member submits the
complaint but is not retrieved by his/her name or other unique
identifier.
The Policies and Practices for Retention and Disposal of Records is
being amended to replace Section XLV as authorized by the National
Archives and Records Administration of the United States with Subject
Identification Code (SIC) 1300.1, records are to be maintained for (7)
years as authorized by the National Archives and Records Administration
of the United States (N1-15-05-2, Item 1).
The Physical, Administrative and Procedural Safeguards is being
amended to replace the PATS data center as being located in Falling
Waters, WV, to being located in Martinsburg, West Virginia. Also, the
Austin VA Data Processing Center is being replaced with the Austin
Information Technology Center (AITC).
The Report of Intent to Amend a System of Records Notice and an
advance copy of the system notice have been sent to the appropriate
Congressional committees and to the Director of the Office of
Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy
Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000.
Signing Authority
The Senior Agency Official for Privacy, or designee, approved this
document and authorized the undersigned to sign and submit the document
to the Office of the Federal Register for publication electronically as
an official document of the Department of Veterans Affairs. James P.
Gfrerer, Assistant Secretary of Information and Technology and Chief
Information Officer, approved this document on June 3, 2020 for
publication.
Dated: January 19, 2021.
Amy L. Rose,
Program Analyst, VA Privacy Service, Office of Information Security,
Office of Information and Technology, Department of Veterans Affairs.
SYSTEM NAME AND NUMBER:
``Patient Advocate Tracking System Replacement (PATS-R)-VA''
(100VA10H)
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The PATS application is installed on a centrally located system in
Martinsburg, West Virginia. The backup system in case of disaster
recovery scenario is located at Hines Information Technology Center
(HITC). The data entered into the application also resides on this
central system. PATS Report of Contact (ROC) encounter data, entered by
Patient Advocate users of the Application, resides in the centralized
PATS database at Austin Information Technology Center (AITC).
Patient contacts, as recorded in ROCs, are coded using issue codes
in order to facilitate tracking of these encounters to show where
system improvements might be made. Aggregate data are maintained at the
Network and Headquarters levels for the development of reports to make
system wide changes. Records are collected and stored electronically
for ease of retrieval by individual patient names and ease in compiling
aggregate data. This ROC data is transferred nightly from the PATS
database at AITC to the PATS Reports database at HITC to be utilized to
run ROC issue activity and trending reports by Patient Advocates for
submission to their VAMC/Integrated Health Care System Director,
Service Chiefs and Customer Care leaders to assess service activity and
provide feedback to identify trends for process improvement and achieve
best practices.
SYSTEM MANAGER(S):
Official responsible for policies and procedures; Executive
Director, VHA
[[Page 6990]]
Office of Patient Advocacy, Department of Veterans Affairs, 810 Vermont
Avenue NW, Washington, DC 20420. Telephone number 202-461-7607 (this is
not a toll-free number). Officials maintaining the system are the
Director at the facility where the individual were associated.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Title 38, United States Code, Chapter 73, section 7301(b).
PURPOSE(S) OF THE SYSTEM:
The records may be used for such purposes as producing various
management and patient follow-up reports; responding to patient and
other inquiries; conducting health care-related studies, statistical
analysis, and resource allocation planning; providing clinical and
administrative support to patient medical care; audits, reviews and
investigations conducted by the staff of the health care facility,
Veterans Integrated Service Network (VISN), VHA Headquarters, and VA's
Office of Inspector General; law enforcement investigations; quality
improvement reviews and investigations; personnel management and
evaluation; employee ratings and performance evaluations; employee
disciplinary or other adverse action, including discharge; advising
health care professional licensing or monitoring bodies or similar
entities or activities of VA and former VA health care personnel;
accreditation of a facility by an entity such as the Joint Commission;
and, notifying medical schools of medical students' performance. The
information is integrated into the overall quality improvement plans
and activities of the facility and used to improve services and
communications, as well as, to track categories of complaints and the
locations of complaints in order to improve the delivery of health
care.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The records include information concerning individual patients,
Veterans who have applied for care, their friends, their families, VA
health care providers and members of the community. Members of the
community include, but are not limited to, Congressional liaisons,
Veterans Service Organizations and attorneys.
CATEGORIES OF RECORDS IN THE SYSTEM:
The records may include information maintained in paper records,
and entered into a centralized web-based system, PATS, related to
concerns and complaints regarding an individual's medical care, VA
benefits, and/or encounters with health care facility personnel or
other patients. The records include information that is compiled to
review, investigate, and resolve these issues.
RECORD SOURCE CATEGORIES:
The patient, family members, and friends, employers or other third
parties when otherwise unobtainable from the patient or family;
employees, Patient Medical Records-VA (24VA10P2); Veterans Health
Information Systems and Technology Architecture (VistA) Records-VA
(79VA10P2); private medical facilities and health care professionals;
State and local agencies; other Federal agencies; VISNs, Veterans
Benefits Administration automated record systems including Veterans and
Beneficiaries Identification and Records Location Subsystem-VA (38VA23)
and the Compensation, Pension, Education and Rehabilitation Records-VA
(58VA21/22); PATS Legacy; and various automated and/or integrated
systems providing clinical and managerial support at VA health care
facilities.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
To the extent that records contained in the system include
information protected by 45 CFR parts 160 and 164, i.e., individually
identifiable health information, and 38 U.S.C. 7332, i.e., medical
treatment information related to drug abuse, alcoholism or alcohol
abuse, sickle cell anemia or infection with the human immunodeficiency
virus, that information cannot be disclosed under a routine use unless
there is also specific statutory authority in 38 U.S.C. 7332 and
regulatory authority in 45 CFR parts 160 and 164 permitting disclosure.
1. The record of an individual who is covered by a system of
records may be disclosed to a Member of Congress, or a staff person
acting for the Member, when the Member or staff person requests the
record on behalf of and at the written request of the individual.
2. Disclosure may be made to the National Archives and Records
Administration (NARA) and the General Services Administration (GSA) for
the purpose of records management inspections conducted under authority
of Title 44, Chapter 29 of the United States Code.
3. VA may disclose information from this system of records to the
Department of Justice (DoJ), either on VA's initiative or in response
to DoJ's request for the information, after either VA or DoJ determines
that such information is relevant to DoJ's representation of the United
States or any of its components in legal proceedings before a court or
adjudicative body, provided that, in each case, the agency also
determines prior to disclosure that release of the records to the DoJ
is limited to circumstances where relevant and necessary to the
litigation. VA may disclose records in this system of records in legal
proceedings before a court or administrative body after determining
that release of the records to the DoJ is limited to circumstances
where relevant and necessary to the litigation.
4. Disclosure may be made to any facility regarding the hiring,
performance, or other personnel-related information with which there
is, or there is proposed to be, an affiliation, sharing agreement,
contract, or similar arrangement for purposes of establishing,
maintaining, or expanding any such relationship.
5. Disclosure may be made to a Federal agency or to a State or
local government licensing board and/or to the Federation of State
Medical Boards or a similar non-government entity which maintains
records concerning individual employment histories or concerning the
issuance, retention or revocation of licenses, certifications, or
registration necessary to practice an occupation, profession or
specialty, in order for the Department to obtain information relevant
to a Department decision concerning the hiring, retention or
termination of an employee boards or the appropriate nongovernment
entities about the health care practices of employees who resigned,
were terminated, or retired and whose professional health care activity
so significantly failed to conform to generally accepted standards of
professional medical practice as to raise reasonable concern for the
health and safety of patients receiving medical care in the private
sector or from another Federal agency. These records may also be
disclosed as part of an ongoing computer-matching program to accomplish
these purposes.
6. VA may disclose information for program review purposes and the
seeking of accreditation and/or certification to survey teams of The
Joint Commission (TJC), College of American Pathologists, American
Association of Blood Banks, and similar national accreditation agencies
or boards with which VA has a contract or agreement to conduct such
reviews, but only to the extent that the information is necessary and
relevant to the review.
7. Disclosure may be made to a State or local government entity or
national certifying body which has the authority to make decisions
concerning the issuance, retention or revocation of
[[Page 6991]]
licenses, certifications or registrations required to practice a health
care profession, when requested in writing by an investigator or
supervisory official of the licensing entity or national certifying
body for the purpose of making a decision concerning the issuance,
retention or revocation of the license, certification or registration
of a named health care professional.
8. Disclosure of information to the Federal Labor Relations
Authority, including its General Counsel, when requested in connection
with the investigation and resolution of allegations of unfair labor
practices, in connection with the resolution of exceptions to
arbitrator awards when a question of material fact is raised, in
connection with matters before the Federal Service Impasses Panel, and
to investigate representation petitions and conduct or supervise
representation elections.
9. Disclosure of relevant information may be made to individuals,
organizations, private or public agencies, etc., with whom VA has a
contract or agreement to perform such services as VA may deem
practicable for the purposes of laws administered by VA, in order for
the contractor or subcontractor to perform the services of the contract
or agreement.
10. Disclosure may be made to a Federal agency, in response to its
request, in connection with the hiring or retention of an employee, the
issuance of a security clearance, the reporting of an investigation of
an employee, the letting of a contract, or the issuance of a license,
grant, or other benefit by the requesting agency, to the extent that
the information is relevant and necessary to the requesting agency's
decision on the matter.
11. Disclosure may be made to a Federal, State or local agency
maintaining civil, criminal or other relevant information such as
current licenses, if necessary to obtain information relevant to any
agency decision concerning the hiring or retention of an employee, the
issuance of a security clearance, the letting of a contract, or the
issuance of a license, grant or other health, educational or welfare
benefit.
12. Disclosure of information may be made to the next-of-kin and/or
the person(s) with whom the patient has a meaningful relationship to
the extent necessary and on a need-to-know basis consistent with good
medical-ethical practices.
13. A record containing the name(s) and address(es) of present or
former members of the armed services and/or their dependents may be
disclosed under certain circumstances to any criminal or civil law
enforcement governmental agency or instrumentality charged under
applicable law with the protection of the public's health or safety, if
a qualified representative of such organization, agency or
instrumentality has made a standing written request that such name(s)
or address(es) be provided for a purpose authorized by law; provided
that the record(s) will not be used for any purpose other than that
stated in the request and that organization, agency or instrumentality
is aware of the penalty provision of 38 U.S.C. 5701(f).
14. VA may disclose any information in this system, except the
names and home addresses of Veterans and their dependents, which is
relevant to a suspected or reasonably imminent violation of law,
whether civil, criminal or regulatory in nature and whether arising by
general or program statute or by regulation, rule or order issued
pursuant thereto, to a Federal, State, local, tribal, or foreign agency
charged with the responsibility of investigating or prosecuting such
violation, or charged with enforcing or implementing the statute,
regulation, rule or order. VA may also disclose the names and addresses
of Veterans and their dependents to a Federal agency charged with the
responsibility of investigating or prosecuting civil, criminal or
regulatory violations of law, or charged with enforcing or implementing
the statute, regulation, rule or order issued pursuant thereto.
15. Disclosure may be made to the Equal Employment Opportunity
Commission when requested in connection with investigations of alleged
or possible discrimination practices, examination of Federal
affirmative employment programs, compliance with the Uniform Guidelines
of Employee Selection Procedures, or other functions of the Commission
as authorized by law or regulation.
16. Disclosure may be made to officials of the Merit Systems
Protection Board, including the Office of the Special Counsel, when
requested in connection with appeals, special studies of the civil
service and other merit systems, review of rules and regulations,
investigation of alleged or possible prohibited personnel practices,
and such other functions, promulgated in 5 U.S.C. 1205-1206, or as may
be authorized by law.
17. Disclosure to other Federal agencies may be made to assist such
agencies in preventing and detecting possible fraud or abuse by
individuals in their operations and programs.
18. VA may disclose any information or records to appropriate
agencies, entities, and persons when (1) VA suspects or has confirmed
that there has been a breach of the system of records; (2) VA has
determined that as a result of the suspected or confirmed breach there
is a risk to individuals, VA (including its information systems,
programs, and operations), the Federal Government, or national
security; and (3) the disclosure made to such agencies, entities, or
persons is reasonably necessary to assist in connection with VA efforts
to respond to the suspected or confirmed breach or to prevent,
minimize, or remedy such harm.
19. VA may disclose information from this system to another Federal
agency or Federal entity, when VA determines that information from this
system of records is reasonably necessary to assist the recipient
agency or entity in (1) responding to a suspected or confirmed breach
or (2) preventing, minimizing, or remedying the risk of harm to
individuals, the recipient agency or entity (including its information
systems, programs, and operations), the Federal Government, or national
security, resulting from a suspected or confirmed breach.
20. VA may disclose relevant information in response to an inquiry
from a member of the general public or third party about the named
individual.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained on paper, microfilm, magnetic tape, disk, or
laser optical media. In most cases, copies of back-up computer files
are maintained at off-site locations.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrieved by name, social security number or other
assigned identifiers of the individuals on whom they are maintained.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Paper records and information stored on electronic storage media
are maintained and disposed of in accordance with Records Control
Schedule 10-1, Subject Identification Code (SIC) 1300.1, and are to be
maintained for (7) years as authorized by the National Archives and
Records Administration of the United States (N1-15-05-2, Item 1).
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
1. Access to VA working and storage areas are restricted to VA
employees on
[[Page 6992]]
a ``need-to-know'' basis; strict control measures are enforced to
ensure that disclosure to these individuals is also based on this same
principle. Generally, VA file areas are locked after normal duty hours
and the facilities are protected from outside access by the Federal
Protective Service or other security personnel.
2. PATS is a web-based application installed on central computer
systems in a data center at Martinsburg, West Virginia. The systems are
maintained by authorized personnel. The end users access the
application using the Web browser installed on their desktops.
Additionally, access to computer rooms at health care facilities is
generally limited by appropriate locking devices and restricted to
authorized VA employees and vendor personnel. Automated Data Processing
(ADP) peripheral devices are placed in secure areas (areas that are
locked or have limited access) or are otherwise protected. Information
in VistA may be accessed by authorized VA employees. Access to PATS
application and data in the application is controlled at two levels;
the systems recognize authorized employees by series of individually
unique passwords/codes as a part of each data message, and the
employees are limited to only that information in the application which
is needed in the performance of their official duties. Information that
is downloaded from PATS and maintained on personal computers are
afforded similar storage and access protections as the data that is
maintained in the original files. Access to information stored on
automated storage media at other VA locations is controlled by
individually unique passwords/codes.
3. Access to the AITC is generally restricted to Center employees,
custodial personnel, Federal Protective Service and other security
personnel. Access to computer rooms is restricted to authorized
operational personnel through electronic locking devices. All other
persons gaining access to computer rooms are escorted. Information
stored in the computer may be accessed by authorized VA employees at
remote locations including VA health care facilities, Information
Systems Centers, VA Central Office, and Veteran Integrated Service
Networks. Access is controlled by individually unique passwords/codes
which must be changed periodically by the employee.
RECORD ACCESS PROCEDURE:
Individuals seeking information regarding access to and contesting
of records in this system may write, call or visit the VA facility
location where they are or were employed or made contact.
CONTESTING RECORD PROCEDURES:
(See Record Access Procedures above.)
NOTIFICATION PROCEDURE:
Individuals who wish to determine whether this system of records
contains information about them should contact the VA facility location
at which they are or were employed or made or have contact. Inquiries
should include the person's full name, social security number, dates of
employment, date(s) of contact, and return address.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
Last full publication provided in 74 FR 26766 dated June 3, 2009.
[FR Doc. 2021-01501 Filed 1-22-21; 8:45 am]
BILLING CODE 8320-01-P