[Federal Register Volume 88, Number 215 (Wednesday, November 8, 2023)]
[Notices]
[Pages 77145-77147]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-24681]



[[Page 77145]]

=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Department of Veterans Affairs (VA), Veterans Health 
Administration (VHA).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974, notice is hereby given 
that the VA is modifying the system of records entitled, ``Veteran 
Child Care Programs--VA'' (169VA10NC). This system is used to assist VA 
in assessing whether it should and can feasibly assist qualified 
Veterans who need childcare to receive health care services.

DATES: Comments on this amended system of records must be received no 
later than 30 days after date of publication in the Federal Register. 
If no public comment is received during the period allowed for comment 
or unless otherwise published in the Federal Register by the VA, the 
modified system of records will become effective a minimum of 30 days 
after date of publication in the Federal Register. If VA receives 
public comments, VA shall review the comments to determine whether any 
changes to the notice are necessary.

ADDRESSES: Comments may be submitted through www.Regulations.gov or 
mailed to VA Privacy Service, 810 Vermont Avenue NW, (005X6F), 
Washington, DC 20420. Comments should indicate that they are submitted 
in response to ``Veteran Child Care Programs--VA'' (169VA10NC). 
Comments received will be available at regulations.gov for public 
viewing, inspection or copies.

FOR FURTHER INFORMATION CONTACT: Stephania Griffin, VHA Chief Privacy 
Officer, Department of Veterans Affairs, 810 Vermont Avenue NW, 
Washington, DC 20420; telephone (704) 245-2492 (Note: this is not a 
toll-free number).

SUPPLEMENTARY INFORMATION: VA is amending the system of records by 
revising the System Number, System Location, System Manager, Purpose, 
Categories of Records, Records Source Categories, Routine Uses of 
Records Maintained in the System, Policies and Practices for Retention 
and Disposal of Records, and Policies and Practices for Retrieval of 
Records. VA is republishing the system notice in its entirety.
    The System Number is being updated from 169VA10NC to 169VA10 to 
reflect the current VHA organizational routing symbol. The System 
Location is being updated to include information on where to find 
address locations for VA facilities.
    The Purpose is being updated to reflect that the records are used 
to provide appropriate childcare services to children in the program 
and to clarify that research includes quality improvement activities. 
The Purpose is also being updated to remove reference to ordering and 
delivery of equipment.
    The System Manager is being updated to replace ADUSH for Clinical 
Operations, with Deputy Assistant Under Secretary for Health for 
Operations.
    The Categories of Records in the System is being updated to delete 
reference to the collection of Social Security Numbers as this 
information is not being captured.
    The Records Source Categories is being updated to include parent/
guardian. Routine use number 13 is being added to state, ``Data Breach 
Response and Remediation, for VA: To appropriate agencies, entities and 
persons when (1) VA suspects or has confirmed that there has been a 
breach of the system of records; (2) VA has determined that as a result 
of the suspected or confirmed breach there is a risk to individuals, VA 
(including its information systems, programs and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities or persons is reasonably necessary to assist 
in connection with VA efforts to respond to the suspected or confirmed 
breach or to prevent, minimize or remedy such harm.''
    Policies and Practices for Retrieval of Records is being updated to 
remove the Social Security Number.
    Policies and Practices for Retention and Disposal of Records is 
being updated to include VA Records Control Schedule (RCS) 10-1, Item 
Numbers 3075.1 and 3075.12.
    The Report of Intent to Amend a System of Records Notice and an 
advance copy of the system notice have been sent to the appropriate 
Congressional committees and to the Director of the Office of 
Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy 
Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000.

Signing Authority

    The Senior Agency Official for Privacy, or designee, approved this 
document and authorized the undersigned to sign and submit the document 
to the Office of the Federal Register for publication electronically as 
an official document of the Department of Veterans Affairs. Kurt D. 
DelBene, Assistant Secretary for Information and Technology and Chief 
Information Officer, approved this document on September 28, 2023 for 
publication.

    Dated: November 3, 2023
Amy L. Rose,
Government Information Specialist, VA Privacy Service, Office of 
Compliance, Risk and Remediation, Office of Information and Technology, 
Department of Veterans Affairs.

SYSTEM NAME:
    ``Veteran Child Care Programs--VA'' (169VA10).

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Records are located at each Department of Veterans Affairs (VA) 
health care facility where the childcare program is in place (in most 
cases, backup information is stored at off-site locations). Address 
locations for VA facilities are listed in Appendix 1 of the biennial 
publication of the VA Privacy Act Issuances. Subsidiary record 
information is maintained by individuals, organizations and/or agencies 
with whom VA has a contract or agreement to perform such services, as 
VA may deem practicable.

SYSTEM MANAGER(S):
    Official responsible for policies and procedures: Deputy Assistant 
Under Secretary for Health for Operations, Department of Veterans 
Affairs, 810 Vermont Avenue NW, Washington, DC 20420. Telephone 202-
461-7064 (this is not a toll-free number).

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    38 U.S.C. 501.

PURPOSE(S) OF THE SYSTEM:
    These records are used to provide appropriate childcare services to 
the children in the program; for statistical analysis to produce 
various management, workload tracking, and follow-up reports; for 
determining entitlement and eligibility for VA benefits; for quality 
assurance audits and reviews; to track and evaluate services for the 
planning, distribution and utilization of resources; and personnel 
management and evaluation. The data may be used for VA's extensive 
research programs, including quality improvement activities, in 
accordance with VA policy.

[[Page 77146]]

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    These records include information on children who receive childcare 
and the children's parents and/or guardians who are receiving treatment 
at VA.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The category of records in the system include: (1) Identifying 
information for child (e.g., name, birth date, age, telephone number); 
(2) child's primary care physician name and contact information; and 
(3) emergency contact information for parent/guardian (e.g., name of 
parent/guardian, address, relationship, telephone number, alternate 
contact person).

RECORD SOURCE CATEGORIES:
    Information in this system of records may be provided by the 
Veteran, parent/guardian of the child or family members.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Law Enforcement: To a Federal, state, local, territorial, tribal 
or foreign law enforcement authority or other appropriate entity 
charged with the responsibility of investigating or prosecuting a 
violation or potential violation of law, whether civil, criminal or 
regulatory in nature, or charged with enforcing or implementing such 
law, provided that the disclosure is limited to information that, 
either alone or in conjunction with other information, indicates such a 
violation or potential violation. The disclosure of the names and 
addresses of Veterans and their dependents from VA records under this 
routine use must also comply with the provisions of 38 U.S.C. 5701.
    2. Disease Tracking, Patient Outcomes, Other Health Information 
Required for Program Accountability: To another Federal agency or the 
District of Columbia's government in response to its request or at the 
initiation of VA, in connection with disease tracking, patient outcomes 
or other health information required for program accountability.
    3. Congress: To a Member of Congress or staff acting upon the 
Member's behalf when the Member or staff requests the information on 
behalf of, and at the request of, the parent/guardian of the child who 
is the subject of the record.
    4. National Archives and Records Administration (NARA): To the NARA 
in records management inspections conducted under 44 U.S.C. 2904 and 
2906, or other functions authorized by laws and policies governing NARA 
operations and VA records management responsibilities.
    5. Department of Justice (DoJ), Litigation, Administrative 
Proceeding: To the DoJ, or in a proceeding before a court, adjudicative 
body or other administrative body before which VA is authorized to 
appear, when:
    (a) VA or any component thereof;
    (b) Any VA employee in his or her official capacity;
    (c) Any VA employee in his or her individual capacity where DoJ has 
agreed to represent the employee; or
    (d) The United States, where VA determines that litigation is 
likely to affect the agency or any of its components, is a party to 
such proceedings or has an interest in such proceedings, and VA 
determines that use of such records is relevant and necessary to the 
proceedings.
    6. Equal Employment Opportunity Commission (EEOC): To the EEOC in 
connection with investigations of alleged or possible discriminatory 
practices, examination of Federal affirmative employment programs, or 
other functions of the Commission as authorized by law.
    7. Contractors: To contractors, grantees, experts, consultants, 
students, and others performing or working on a contract, service, 
grant, cooperative agreement, or other assignment for VA, when 
reasonably necessary to accomplish an agency function related to the 
records.
    8. Federal Agencies, Fraud and Abuse: To other Federal agencies to 
assist such agencies in preventing and detecting possible fraud or 
abuse by individuals in their operations and programs.
    9. Data Breach Response and Remediation, for Another Federal 
Agency: To another Federal agency or Federal entity, when VA determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing or remedying the risk 
of harm to individuals, the recipient agency or entity (including its 
information systems, programs and operations), the Federal Government, 
or national security, resulting from a suspected or confirmed breach.
    10. Family, Partner, for Notification of a Child's Status: To the 
extent necessary, on a need-to-know basis, and consistent with good 
ethical practices, to family members or persons with whom the child has 
a meaningful relationship.
    11. Federal Labor Relations Authority (FLRA): To the FLRA in 
connection with the investigation and resolution of allegations of 
unfair labor practices, the resolution of exceptions to arbitration 
awards when a question of material fact is raised, matters before the 
Federal Service Impasses Panel, and the investigation of representation 
petitions and the conduct or supervision of representation elections.
    12. Merit Systems Protection Board (MSPB): To the MSPB in 
connection with appeals, special studies of the civil service and other 
merit systems, review of rules and regulations, investigation of 
alleged or possible prohibited personnel practices, and such other 
functions promulgated in 5 U.S.C. 1205 and 1206, or as otherwise 
authorized by law.
    13. Data Breach Response and Remediation, for VA: To appropriate 
agencies, entities and persons when (1) VA suspects or has confirmed 
that there has been a breach of the system of records; (2) VA has 
determined that as a result of the suspected or confirmed breach there 
is a risk to individuals, VA (including its information systems, 
programs and operations), the Federal Government, or national security; 
and (3) the disclosure made to such agencies, entities or persons is 
reasonably necessary to assist in connection with VA efforts to respond 
to the suspected or confirmed breach or to prevent, minimize or remedy 
such harm.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are currently maintained on paper, microfilm, electronic 
media including images and scanned documents, or laser optical media in 
the consolidated health record at the health care facility where care 
was rendered.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by name or other assigned identifiers of the 
Veteran receiving VA services associated with the childcare episode.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records in this system are retained and disposed of in accordance 
with the schedule approved by the Archivist, VA Records Control 
Schedule (RCS) 10-1, Item Numbers 3075.1 and 3075.12.

ADMINISTRATIVE, TECHNICAL AND PHYSICAL SAFEGUARDS:
    1. Access to and use of national administrative databases, 
warehouses and data marts are limited to those

[[Page 77147]]

persons whose official duties require such access, and VA has 
established security procedures to ensure that access is appropriately 
limited. Information security officers and system data stewards review 
and authorize data access requests. VA regulates data access with 
security software that authenticates users and requires individually 
unique codes and passwords. VA provides information security training 
to all staff and instructs staff on the responsibility each person has 
for safeguarding data confidentiality.
    2. Physical access to computer rooms housing national 
administrative databases, warehouses and data marts is restricted to 
authorized staff and protected by a variety of security devices. 
Unauthorized employees, contractors and other staff are not allowed in 
computer rooms. The Federal Protective Service or other security 
personnel provide physical security for the buildings housing computer 
rooms and data centers.
    3. Data transmissions between operational systems and national 
administrative databases, warehouses and data marts maintained by this 
system of record are protected by state-of-the-art telecommunication 
software and hardware. This may include firewalls, intrusion detection 
devices, encryption and other security measures necessary to safeguard 
data as it travels across the VA Wide Area Network.
    4. In most cases, copies of back-up computer files are maintained 
at off-site locations.
    5. VA maintains Business Associate Agreements and Non-Disclosure 
Agreements where appropriate with contracted resources in order to 
maintain confidentiality of the information.

RECORD ACCESS PROCEDURE:
    Individuals seeking information on the existence and content of 
records in this system pertaining to where the child participated in 
the childcare program should contact the system manager in writing as 
indicated above. A request for access to records must contain the 
Veteran or primary caretaker's full name, address, telephone number, be 
signed by the requester, and describe the records sought in sufficient 
detail to enable VA personnel to locate them with a reasonable amount 
of effort.

CONTESTING RECORD PROCEDURES:
    Individuals seeking to contest or amend records in this system 
pertaining to them or their children should contact the system manager 
in writing as indicated above. A request to contest or amend records 
must state clearly and concisely what record is being contested, the 
reasons for contesting it, and the proposed amendment to the record.

NOTIFICATION PROCEDURE:
    Generalized notice is provided by the publication of this notice. 
For specific notice, see Record Access Procedure, above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    77 FR 56914 (September 14, 2012).

[FR Doc. 2023-24681 Filed 11-7-23; 8:45 am]
BILLING CODE P