[Federal Register Volume 86, Number 230 (Friday, December 3, 2021)]
[Notices]
[Pages 68721-68724]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-26257]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Veterans Health Administration (VHA), Department of Veterans 
Affairs (VA).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974, notice is hereby given 
that the Department of Veterans Affairs (VA) proposes to establish a 
new system of records entitled, ``Federal Case Management Tool'' 
(FCMT). FCMT is a web-based application that supports VA and the 
Department of Defense (DoD) with the effective management and tracking 
of Veteran and Service member beneficiaries at all levels of the 
continuum of care.

DATES: Comments on this new system of records must be received no later 
than 30 days after date of publication in the Federal Register. If no 
public comment is received during the period allowed for comment or 
unless otherwise published in the Federal Register by VA, the new 
system of records will become effective a minimum of 30 days after date 
of publication in the Federal Register. If VA receives public comments, 
VA shall review the comments to determine whether any changes to the 
notice are necessary.

ADDRESSES: Comments may be submitted through www.Regulations.gov or 
mailed to VA Privacy Service, 810 Vermont Avenue NW, (005R1A), 
Washington, DC 20420. Comments should indicate that they are submitted 
in response to ``Federal Case Management Tool (FCMT)--VA'' (202VA005Q). 
Comments received will be available at regulations.gov for public 
viewing, inspection, or copies.

FOR FURTHER INFORMATION CONTACT: Freda Perry, Project Manager, Federal 
Case Management Tool (FCMT), Office of Information & Technology, 
Department of Veterans Affairs, 810 Vermont Avenue NW, (005QF3), 
Washington, DC 20420, (202) 802-7882, and [email protected]; Paul 
Zeien, Director, Education Veterans Readiness and Employment Product 
Line--EVREPL (FCMT), Office of Information & Technology, Department of 
Veterans Affairs, 5000 S 5th Avenue, Hines, IL 60141, (708) 483-5432 
and [email protected].

SUPPLEMENTARY INFORMATION: The Department is establishing a new system 
of records entitled ``Federal Case Management Tool (FCMT),'' as it was 
previously connected to the Veterans Tracking Application (VTA)/Federal 
Case Management Tool (FCMT) (160VA005Q3) system of records, originally 
published in the Federal Register on April 19, 2012, and amended on 
Aril 15, 2014. Due to the separation of Federal Case Management Tool 
(FCMT) from Veterans Tracking Application (VTA), the VTA/FCMT system of 
records was again amended on March 8, 2020, and republished as Veterans 
Tracking Application (163CA005Q3), a standalone application that now 
falls under the product line ``Eligibility and Enrollment (E&E)'' at 
VHA. Accordingly, FCMT is being established as a new system of records 
encompassing a standalone application that now falls under ``Education 
Veterans Readiness and Employment Product Line (EVREPL)''.

Signing Authority

    The Senior Agency Official for Privacy, or designee, approved this 
document and authorized the undersigned to sign and submit the document 
to the Office of the Federal Register for publication electronically as 
an official document of the Department of Veterans Affairs. Neil C. 
Evans, M.D., Chief Officer, Connected Care, Performing the Delegable 
Duties of the Assistant Secretary for Information and Technology and 
Chief Information Officer, approved this document on October 21, 2021 
for publication.

    Dated: November 30, 2021.
Amy L. Rose,
Program Analyst, VA Privacy Service, Office of Information Security, 
Office of Information and Technology, Department of Veterans Affairs.

SYSTEM NAME AND NUMBER:
    Federal Case Management Tool (FCMT)--VA (202VA005Q)

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Systems of records are generally maintained on information systems 
owned, operated by, or operated on behalf of the Department. The 
primary FCMT system is in the Microsoft Government Community Cloud 
(GCC), a government-authorized cloud-service provider, with Microsoft 
Global Foundation Services (GFS) Datacenters in Boydton, Virginia; Des 
Moines, Iowa; Dallas, Texas; and Phoenix, Arizona. For security 
reasons, Microsoft does not disclose the physical location of the data 
centers. For more information, please refer to the JAB FedRAMP ATO for 
Microsoft Dynamics CRM.

SYSTEM MANAGER(S):
    Paul Zeien, Director--Education Veterans Readiness and Employment 
Product Line--EVREPL (FCMT), Office of Information & Technology, 
Department of Veterans Affairs, 5000 S 5th Avenue, Hines, IL 60141 
(708) 483-5432 and [email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The authority for maintaining this system is Title 38 U.S.C. 5106.

PURPOSE(S) OF THE SYSTEM:
    The purpose of the FCMT is to track the initial arrival of a 
Service member into the VA and DoD health care systems and their 
subsequent movement among VA health facilities, as well as monitor 
benefits application and administration details. This history includes 
all benefit award details to include application dates, award 
decisions, dates, and amounts.
    The records and information may be used for analysis to produce 
various management, workload tracking, and follow-up reports for our 
Veterans; to track and evaluate the ordering and delivery of services 
and patient care; for the planning, distribution and utilization of 
resources; and to allocate clinical and administrative support to 
patient medical care.
    In addition, the data may be used to assist in workload allocation 
for patient treatment services including provider panel management, 
nursing care, clinic

[[Page 68722]]

appointments, surgery, prescription processing, diagnostic and 
therapeutic procedures; to plan and schedule training activities for 
employees; for audits, reviews and investigations conducted by the 
network directors office and VA Central Office; for quality assurance 
audits, reviews and investigations; for law enforcement investigations; 
and for personnel management, evaluation and employee ratings, and 
performance evaluations.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    These records include information on Service Members (SM) and 
Veterans as described for the Federal Recovery Coordinator Program 
(FRCP), severely injured/visually severely impaired (SI/VSI), Case 
Management for Veterans Benefits Administration (VBA), Veterans Health 
Administration (VHA) Liaison, and Chapter 63 Special Outreach programs.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The records may include identifying information (e.g., name, 
contact information, Social Security number), association to 
dependents, cross reference to other names used, military service 
participation and status information (branch of service, rank, enter on 
duty date, release from active duty date, military occupations, type of 
duty), reason and nature of active duty separation (completion of 
commitment, disability, hardship, etc.), combat/environmental exposures 
(combat pay, combat awards, theater location), combat deployments 
(period of deployment, location/country), Guard/Reserve activations 
(type of activation), military casualty/disabilities (line of duty 
death, physical examination board status, serious/very serious injury 
status, recovery plans, DoD rated disabilities), benefit participation, 
eligibility and usage, and VA compensation (rating, award amount).

RECORD SOURCE CATEGORIES:
    Information in this system of records is provided by VA Department 
of Defense Identity Repository (VADIR) for the Department of Defense 
and Department of Veterans Affairs.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    1. Congress
    VA may disclose information to a Member of Congress or staff acting 
upon the Member's behalf when the Member or staff requests the 
information on behalf of, and at the request of, the individual who is 
the subject of the record.
    2. Data Breach Response and Remediation, for VA
    VA may disclose information to appropriate agencies, entities, and 
persons when (1) VA suspects or has confirmed that there has been a 
breach of the system of records, (2) VA has determined that as a result 
of the suspected or confirmed breach there is a risk of harm to 
individuals, VA (including its information systems, programs, and 
operations), the Federal Government, or national security; and (3) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with VA's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    3. Data Breach Response and Remediation, for Another Federal Agency
    VA may disclose information to another Federal agency or Federal 
entity, when VA determines that information is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national security, resulting from a suspected or 
confirmed breach.
    4. Law Enforcement
    VA may disclose information that, either alone or in conjunction 
with other information, indicates a violation or potential violation of 
law, whether civil, criminal, or regulatory in nature, to a Federal, 
state, local, territorial, tribal, or foreign law enforcement authority 
or other appropriate entity charged with the responsibility of 
investigating or prosecuting such violation or charged with enforcing 
or implementing such law. The disclosure of the names and addresses of 
veterans and their dependents from VA records under this routine use 
must also comply with the provisions of 38 U.S.C. 5701.
    5. DoJ for Litigation or Administrative Proceeding
    VA may disclose information to the Department of Justice (DoJ), or 
in a proceeding before a court, adjudicative body, or other 
administrative body before which VA is authorized to appear, when:
    (a) VA or any component thereof;
    (b) Any VA employee in his or her official capacity;
    (c) Any VA employee in his or her official capacity where DoJ has 
agreed to represent the employee; or
    (d) The United States, where VA determines that litigation is 
likely to affect the agency or any of its components, is a party to 
such proceedings or has an interest in such proceedings, and VA 
determines that use of such records is relevant and necessary to the 
proceedings.
    6. Contractors
    VA may disclose information to contractors, grantees, experts, 
consultants, students, and others performing or working on a contract, 
service, grant, cooperative agreement, or other assignment for VA, when 
reasonably necessary to accomplish an agency function related to the 
records.
    7. OPM
    VA may disclose information to the Office of Personnel Management 
(OPM) in connection with the application or effect of civil service 
laws, rules, regulations, or OPM guidelines in particular situations.
    8. EEOC
    VA may disclose information to the Equal Employment Opportunity 
Commission (EEOC) in connection with investigations of alleged or 
possible discriminatory practices, examination of Federal affirmative 
employment programs, or other functions of the Commission as authorized 
by law.
    9. FLRA
    VA may disclose information to the Federal Labor Relations 
Authority (FLRA) in connection with: The investigation and resolution 
of allegations of unfair labor practices, the resolution of exceptions 
to arbitration awards when a question of material fact is raised; 
matters before the Federal Service Impasses Panel; and the 
investigation of representation petitions and the conduct or 
supervision of representation elections.
    10. MSPB
    VA may disclose information to the Merit Systems Protection Board 
(MSPB) and the Office of the Special Counsel in connection with 
appeals, special studies of the civil service and other merit systems, 
review of rules and regulations, investigation of alleged or possible 
prohibited personnel practices, and such other functions promulgated in 
5 U.S.C. 1205 and 1206, or as authorized by law.
    11. NARA
    VA may disclose information to NARA in records management 
inspections conducted under 44 U.S.C. 2904 and 2906, or other functions 
authorized by laws and policies governing NARA operations and VA 
records management responsibilities.
    12. Federal Agencies, for Research
    VA may disclose information to a Federal agency for the purpose of

[[Page 68723]]

conducting research and data analysis to perform a statutory purpose of 
that Federal agency upon the prior written request of that agency.
    13. Federal Agencies, for Computer Matches
    VA may disclose information from this system to other federal 
agencies for the purpose of conducting computer matches to obtain 
information to determine or verify eligibility of veterans receiving VA 
benefits or medical care under Title 38, U.S.C.
    14. Federal Agencies, Courts, Litigants, for Litigation or 
Administrative Proceedings
    VA may disclose information to another federal agency, court, or 
party in litigation before a court or in an administrative proceeding 
conducted by a Federal agency, when the government is a party to the 
judicial or administrative proceeding.
    15. Governmental Agencies, Health Organizations, for Claimants' 
Benefits
    VA may disclose information to Federal, state, and local government 
agencies and national health organizations as reasonably necessary to 
assist in the development of programs that will be beneficial to 
claimants, to protect their rights under law, and assure that they are 
receiving all benefits to which they are entitled.
    16. Health Care Providers, for Referral by VA
    VA may disclose information to: (1) A federal agency or health care 
provider when VA refers a patient for medical and other health 
services, or authorizes a patient to obtain such services and the 
information is needed by the federal agency or health care provider to 
perform the services; or (2) a federal agency or to health care 
provider under the provisions of 38 U.S.C. 513, 7409, 8111, or 8153, 
when treatment is rendered by VA under the terms of such contract or 
agreement or the issuance of an authorization, and the information is 
needed for purposes of medical treatment or follow-up, determination of 
eligibility for benefits, or recovery by VA of the costs of the 
treatment.
    17. Health Care Provider, for Referral to VA
    VA may disclose information to a non-VA health care provider when 
that health care provider has referred the individual to VA for medical 
or other health services.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are transmitted between approved VA and DoD office/systems 
and FCMT over secure telecommunications (i.e., SFTP, secure web 
services) using approved encryption technologies. Records (or 
information contained in records) are maintained in electronic format 
in the FCMT database. Information from FCMT is disseminated in three 
ways: (1) Approved VA and DoD systems electronically request and 
receive data from FCMT over the internal VA and DoD network; (2) data 
is provided over the secure telecommunications between FCMT and 
approved VA and DoD office/systems for reconciliation of records; (3) 
periodic electronic data extracts of subsets of information contained 
in FCMT are provided to approved VA and DoD offices/systems over the 
internal VA network and DoD network. FCMT is currently on the Microsoft 
Government Community Cloud and all backups are located there as well.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved using name, claim file number, social 
security number, date of birth, and other unique identifiers belonging 
to the individual to whom the information pertains.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are electronically imaged and established by VA as the 
official record, its paper contents (with the exception of documents 
that are on hold due to pending litigation, and service treatment 
records and other documents that are the property of DoD), are 
reclassified as duplicate--non record keeping--copies of the official 
record, and will be destroyed in accordance with Records Control 
Schedule VB-1, Part 1 Section XIII, Item 13-052.100 as authorized by 
NARA. All paper documentation that is not the property of VA (e.g., 
DoD-owned documentation) is currently stored by VA after scanning, 
pending a policy determination as to its final disposition. All 
documentation being held pursuant to active litigation is held in its 
native format during the pendency of the litigation. All FCMT records 
are stored on a secure VA server, pending permanent transfer to NARA 
where they will be maintained as historical records. Once an electronic 
record has been transferred into NARA custody, the record will be fully 
purged and deleted from the VA system in accordance with governing 
records control schedules using commercial off the shelf (COTS) 
software designed for the purpose. Once purged, the record will be 
unavailable on the VA system, and will only be accessible through NARA.
    Prior to destruction of any paper source documentation reclassified 
as duplicate copies, VA engages in a comprehensive and multi-layered 
quality control and validation program to ensure material that has been 
electronically imaged is completely and accurately uploaded into the 
VBMS eFolder. To guarantee the integrity and completeness of the 
record, VA engages in industry-best practices, using state-of-the-art 
equipment, random sampling, independent audit, and 100% VA review 
throughout the claims adjudication process. Historically, VA's success 
rate in ensuring the accuracy and completeness of the electronic record 
routinely and consistently exceeds 99%. Furthermore, no paper document 
is ever destroyed while any related claim or appeal for VA benefits is 
still pending. VA waits 3 years after the final adjudication of any 
claim or appeal before destroying the paper duplicate copies that have 
been scanned into the FCMT. As noted, the electronic image of the paper 
document is retained indefinitely as a permanent record either by VA or 
NARA.
    Decisions to destroy VR&E paper counseling records are to be made 
in accordance with Records Control Schedule (RCS), RCS VB-1, Part I, 
Field in Section VII, dated January 31, 2014. Automated storage media 
containing temporary working information are retained until a claim is 
decided, and then destroyed. All other automated storage media are 
retained and disposed of in accordance with disposition authorization 
approved by NARA. Education file folders in paper are retained at the 
servicing Regional Processing Office. Education paper folders may be 
destroyed in accordance with the times set forth in the VBA Records 
Management, Records Control Schedule VB-1, Part 1, Section VII, as 
authorized by NARA.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    1. Physical Security: The primary FCMT system is in the Microsoft 
Government Community Cloud (GCC), and the backup disaster recovery 
system is located on the Government Community Cloud as well. Access to 
data processing centers is generally restricted to center employees, 
custodial personnel, Federal Protective Service, and other security 
personnel. Access to computer rooms is restricted to authorized 
operational personnel through electronic passage technology. All other 
persons needing access to computer rooms are escorted.
    2. System Security: Access to the VA network is protected by the 
usage of ``PIV''. Once on the VA network, separate ID and password 
credentials are required to gain access to the FCMT

[[Page 68724]]

server and/or database. Access to the server and/or database is granted 
to only a limited number of system administrators and database 
administrators. In addition, FCMT has undergone certification and 
accreditation. Users of FCMT access the system via AccessVA. Users must 
also register through FCMT and obtain a FCMT Account. Within the VTA 
system, users are designated a role which determines their access to 
specific data. Based on a risk assessment that followed National 
Institute of Standards and Technology Vulnerability and Threat 
Guidelines, the system is considered stable and operational. FCMT is in 
a minor application under the BAM CRM Authority to Operate (ATO). The 
system is in the process of requesting a stand-alone Authority to 
Operate (ATO) as a major application.

RECORD ACCESS PROCEDURES:
    Individuals seeking information on the existence and content of 
records in this system pertaining to them should contact the system 
manager in writing as indicated above. A request for access to records 
must contain the requester's full name, address, telephone number, be 
signed by the requester, and describe the records sought in sufficient 
detail to enable VA personnel to locate them with a reasonable amount 
of effort.

CONTESTING RECORD PROCEDURES:
    Individuals seeking to contest or amend records in this system 
pertaining to them should contact the system manager in writing as 
indicated above. A request to contest or amend records must state 
clearly and concisely what record is being contested, the reasons for 
contesting it, and the proposed amendment to the record.

NOTIFICATION PROCEDURES:
    Generalized notice is provided by the publication of this notice. 
For specific notice, see Record Access Procedure, above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None, this is a new SORN.

[FR Doc. 2021-26257 Filed 12-2-21; 8:45 am]
BILLING CODE P