[Federal Register Volume 86, Number 82 (Friday, April 30, 2021)]
[Notices]
[Pages 23045-23048]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-09084]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Veterans Health Administration, Department of Veterans Affairs 
(VA).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: As required by the Privacy Act of 1974, notice is hereby given 
that the Department of Veterans Affairs (VA) is publishing SORN 
``Veterans Tracking Application (VTA)--VA'' (163VA005Q3). The VTA is a 
joint Veterans Affairs (VA)/Department of Defense (DoD) application 
that supports the effective management and tracking of Veteran and 
Service member beneficiaries at all levels of the continuum of care. 
VTA tracks the Service member through the Integrated Disability 
Evaluation System (IDES) and monitors benefits applications and 
administrative details.

DATES: This modified system of records is effective November 19, 2020.

ADDRESSES: Comments may be submitted through www.Regulations.gov or 
mailed to VA Privacy Service, 810 Vermont Avenue NW, (005R1A), 
Washington, DC 20420. Comments should indicate that they are submitted 
in response to ``Veterans Tracking Application (VTA)--VA'' 
(163VA005Q3). Comments received will be available at regulations.gov 
for public viewing, inspection or copies.

FOR FURTHER INFORMATION CONTACT: Delwin Johnson, Product Line Manager 
(VTA), Office of Information & Technology, Department of Veterans 
Affairs, 810 Vermont Ave. NW, Washington, DC 20420, (202) 367-4033 and 
[email protected].

SUPPLEMENTARY INFORMATION: The Department is amending its system of 
records entitled ``Veterans Tracking Application (VTA)/Federal Case 
Management Tool (FCMT)'' (160VA005Q3) by removing FCMT, as VTA is now a 
standalone application. VTA now falls underneath the product line 
``Eligibility and Enrollment (E&E)'' and the points of contact have 
been modified.

[[Page 23046]]

Signing Authority

    The Senior Agency Official for Privacy, or designee, approved this 
document and authorized the undersigned to sign and submit the document 
to the Office of the Federal Register for publication electronically as 
an official document of the Department of Veterans Affairs. Dominic A. 
Cussatt, Acting Assistant Secretary of Information and Technology and 
Chief Information Officer, approved this document on March 23, 2021 for 
publication.

    Dated: April 27, 2021.
Amy L. Rose,
Program Analyst, VA Privacy Service, Office of Information Security, 
Office of Information and Technology, Department of Veterans Affairs.

SYSTEM NAME AND NUMBER:
    ``Veterans Tracking Application (VTA)--VA'' (163VA005Q3).

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    The VTA system containing its associated records is maintained at 
the Austin Information Technology Center (AITC) at 1615 East Woodward 
Street, Austin, Texas 78772. A second VTA database with an identical 
set of records is being established at a disaster recovery site at the 
Hines Information Technology Center (Hines ITC) at Hines, Illinois. All 
records are maintained electronically.

SYSTEM MANAGER(S):
    Delwin Johnson, Product Line Manager (VTA), Office of Information & 
Technology, Department of Veterans Affairs, 810 Vermont Ave. NW, 
Washington, DC 20420, (202) 367-4033 and [email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The authority for maintaining this system is Title 38 U.S.C., 5106.

PURPOSE(S) OF THE SYSTEM:
    VTA will work to replace manual processes that result in delays in 
coordinating or managing care for our Veterans. VTA and the associated 
database support programs throughout the VA. The VTA provides the VA 
tracking information on members of the armed forces who are receiving 
care from a DoD Military Treatment Facility (MTF), a VA health care 
facility, or who already have Veteran status. The VTA provides tracking 
of the Veteran/Service member's arrival at the initial VA health care 
facility and provides date and location information for subsequent 
transfers to other health facilities. In addition to the Veteran 
patient population, VTA records benefit tracking information for all 
severely injured Veterans requesting benefits. This history includes 
all benefit award details to include application dates, award 
decisions, dates and amounts. The purpose of the VTA is to track the 
initial arrival of a Service member into the VA and DoD health care 
systems and their subsequent movement among VA health facilities, as 
well as monitor benefits application and administration details.
    The records and information may be used for analysis to produce 
various management, workload tracking, and follow-up reports for our 
Veterans; to track and evaluate the ordering and delivery of services 
and patient care; for the planning, distribution and utilization of 
resources; and to allocate clinical and administrative support to 
patient medical care.
    In addition, the data may be used to assist in workload allocation 
for patient treatment services including provider panel management, 
nursing care, clinic appointments, surgery, prescription processing, 
diagnostic and therapeutic procedures; to plan and schedule training 
activities for employees; for audits, reviews and investigations 
conducted by the network directors office and VA Central Office; for 
quality assurance audits, reviews and investigations; for law 
enforcement investigations; and for personnel management, evaluation 
and employee ratings, and performance evaluations.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The category of the individuals covered by the VTA database 
encompasses Veterans and Service members.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The record, or information contained in the record, may include 
identifying information (e.g., name, contact information, Social 
Security number), association to dependents, cross reference to other 
names used, military service participation and status information 
(branch of service, rank, enter on duty date, release from active duty 
date, military occupations, type of duty), reason and nature of active 
duty separation (completion of commitment, disability, hardship, etc.), 
combat/environmental exposures (combat pay, combat awards, theater 
location), combat deployments (period of deployment, location/country), 
Guard/Reserve activations (type of activation), military casualty/
disabilities (line of duty death, physical examination board status, 
serious/very serious injury status, recovery plans, DoD rated 
disabilities), benefit participation, eligibility and usage, and VA 
compensation (rating, award amount).

RECORD SOURCE CATEGORIES:
    Information in this system of records is provided by components of 
the Department of Defense and Department of Veterans Affairs.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    HIPAA:
    Note: To the extent that records contained in the system include 
individually identifiable health information protected by 45 CFR parts 
160 and 164, that information may not be disclosed under a routine use 
unless there is also specific disclosure authority in 45 CFR parts 160 
and 164.

    38 U.S.C. 7332:
    Note: To the extent that records contained in the system include 
individually-identifiable patient information protected by 38 U.S.C. 
7332, that information cannot be disclosed under a routine use unless 
there is also specific disclosure authority in 38 U.S.C. 7332.

    HIPAA & 38 U.S.C. 7332:
    Note: To the extent that records contained in the system include 
information protected by 45 CFR parts 160 and 164, i.e., individually 
identifiable health information of VHA or any of its business 
associates, and 38 U.S.C. 7332, i.e., medical treatment information 
related to drug abuse, alcoholism or alcohol abuse, sickle cell anemia, 
or infection with the human immunodeficiency virus, that information 
cannot be disclosed under a routine use unless there is also specific 
disclosure authority in both 38 U.S.C. 7332 and 45 CFR parts 160 and 
164.

    1. Congress: VA may disclose information to a Member of Congress or 
staff acting upon the Member's behalf when the Member or staff requests 
the information on behalf of, and at the request of, the individual who 
is the subject of the record.

    2. Data Breach Response and Remediation, for VA: VA may disclose 
information to appropriate agencies, entities, and persons when (1) VA 
suspects or has confirmed that there has been a breach of the system of 
records, (2) VA has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, VA (including 
its information systems, programs, and operations), the Federal

[[Page 23047]]

Government, or national security; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with VA's efforts to respond to the suspected or confirmed 
breach or to prevent, minimize, or remedy such harm involving.

    3. Data Breach Response and Remediation, for Another Federal 
Agency: VA may disclose information to another Federal agency or 
Federal entity, when VA determines that the information is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.

    4. Law Enforcement: VA may disclose information that, either alone 
or in conjunction with other information, indicates a violation or 
potential violation of law, whether civil, criminal, or regulatory in 
nature, to a Federal, state, local, territorial, tribal, or foreign law 
enforcement authority or other appropriate entity charged with the 
responsibility of investigating or prosecuting such violation or 
charged with enforcing or implementing such law. The disclosure of the 
names and addresses of veterans and their dependents from VA records 
under this routine use must also comply with the provisions of 38 
U.S.C. 5701. If the disclosure is in response to a request from a law 
enforcement entity, the request must meet the requirements for a 
qualifying law enforcement request under the Privacy Act, 5 U.S.C. 
552a(b)(7).

    5. DoJ for Litigation or Administrative Proceeding: VA may disclose 
information to the Department of Justice (DoJ), or in a proceeding 
before a court, adjudicative body, or other administrative body before 
which VA is authorized to appear, when:
    (a) VA or any component thereof;
    (b) Any VA employee in his or her official capacity;
    (c) Any VA employee in his or her official capacity where DoJ has 
agreed to represent the employee; or
    (d) The United States, where VA determines that litigation is 
likely to affect the agency or any of its components,
    is a party to such proceedings or has an interest in such 
proceedings, and VA determines that use of such records is relevant and 
necessary to the proceedings, provided, however, that in each case VA 
determines the disclosure is compatible with the purpose for which the 
records were collected. If the disclosure is in response to a subpoena, 
summons, investigative demand, or similar legal process, the request 
must meet the requirements for a qualifying law enforcement request 
under the Privacy Act, 5 U.S.C. 552a(b)(7), or an order from a court of 
competent jurisdiction under 552a(b)(11).

    6. Contractors: VA may disclose information to contractors, 
grantees, experts, consultants, students, and others performing or 
working on a contract, service, grant, cooperative agreement, or other 
assignment for VA, when reasonably necessary to accomplish an agency 
function related to the records.

    7. OPM: VA may disclose information to the Office of Personnel 
Management (OPM) in connection with the application or effect of civil 
service laws, rules, regulations, or OPM guidelines in particular 
situations.
    8. EEOC: VA may disclose information to the Equal Employment 
Opportunity Commission (EEOC) in connection with investigations of 
alleged or possible discriminatory practices, examination of Federal 
affirmative employment programs, or other functions of the Commission 
as authorized by law.
    8. FLRA: VA may disclose information to the Federal Labor Relations 
Authority (FLRA) in connection with: The investigation and resolution 
of allegations of unfair labor practices, the resolution of exceptions 
to arbitration awards when a question of material fact is raised; 
matters before the Federal Service Impasses Panel; and the 
investigation of representation petitions and the conduct or 
supervision of representation elections.

    9. MSPB: VA may disclose information to the Merit Systems 
Protection Board (MSPB) and the Office of the Special Counsel in 
connection with appeals, special studies of the civil service and other 
merit systems, review of rules and regulations, investigation of 
alleged or possible prohibited personnel practices, and such other 
functions promulgated in 5 U.S.C. 1205 and 1206, or as authorized by 
law.

    10. NARA: VA may disclose information to NARA in records management 
inspections conducted under 44 U.S.C. 2904 and 2906, or other functions 
authorized by laws and policies governing NARA operations and VA 
records management responsibilities.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are transmitted between approved VA and DoD office/systems 
and VTA over secure telecommunications (i.e. SFTP, secure web services) 
using approved encryption technologies. Records (or information 
contained in records) are maintained in electronic format in the VTA 
database. Information from VTA is disseminated in three ways: (1) 
Approved VA and DoD systems electronically request and receive data 
from VTA over the internal VA and DoD network; (2) data is provided 
over the secure telecommunications between VTA and approved VA and DoD 
office/systems for reconciliation of records; (3) periodic electronic 
data extracts of subsets of information contained in VTA are provided 
to approved VA and DoD offices/systems over the internal VA network and 
DoD network. Backups of VTA data are created regularly and stored in a 
secure off-site facility.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Electronic files are retrieved using various unique identifiers 
belonging to the individual to whom the information pertains to include 
such identifiers as name, claim file number, Social Security number and 
date of birth.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    VA retains selected information for purposes of making eligibility 
determinations for VA benefits. The information retained may be 
included in the VA records that are maintained and disposed of in 
accordance with the appropriate record disposition authority approved 
by the Archivist of the United States.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    1. Physical Security: The primary VTA system is located in the AITC 
and the backup disaster recovery system is located in the Hines ITC. 
Access to data processing centers is generally restricted to center 
employees, custodial personnel, Federal Protective Service and other 
security personnel. Access to computer rooms is restricted to 
authorized operational personnel through electronic passage technology. 
All other persons needing access to computer rooms are escorted.
    2. System Security: Access to the VA network is protected by the 
usage of ``PIV''. Once on the VA network, separate ID and password 
credentials are required to gain access to the VTA server and/or 
database. Access to the server and/or database is granted to only

[[Page 23048]]

a limited number of system administrators and database administrators. 
In addition, VTA has undergone certification and accreditation. Users 
of VTA access the system via AccessVA. Users must also register through 
VTA and obtain a VTA Account. Within the VTA system, users are 
designated a role which determines their access to specific data. Based 
on a risk assessment that followed National Institute of Standards and 
Technology Vulnerability and Threat Guidelines, the system is 
considered stable and operational. VTA has received a final Authority 
to Operate (ATO). The system was found to be operationally secure, with 
very few exceptions or recommendations for change.

RECORD ACCESS PROCEDURES:
    (See notification procedure below.)

CONTESTING RECORD PROCEDURES:
    (See notification procedure below.)

NOTIFICATION PROCEDURES:
    Individuals seeking information on the existence and content of a 
record pertaining to them should contact the system manager, in 
writing, at the above address. Requests should contain the full name, 
address and telephone number of the individual making the inquiry.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    Not Applicable.

HISTORY:
    This SORN was originally published in the Federal Register on April 
19, 2012, 77 FR 23543. The SORN was subsequently amended in the Federal 
Register on April 15, 2014, 79 FR 21352.

[FR Doc. 2021-09084 Filed 4-29-21; 8:45 am]
BILLING CODE P