[Federal Register Volume 89, Number 86 (Thursday, May 2, 2024)]
[Notices]
[Pages 35929-35932]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-09529]


-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Veterans Health Administration (VHA), Department of Veterans 
Affairs (VA).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974, notice is hereby given 
that the VA is modifying the system of records titled, ``Investigative 
Database-OMI-VA'' (162VA10E1B). This system is used to document the 
investigative activities of the Office of the Medical Inspector (OMI).

DATES: Comments on this amended system of records must be received no 
later than June 3, 2024. If no public comment is received during the 
period allowed for comment or unless otherwise published in the Federal 
Register by the VA, the modified system of records will become 
effective a minimum of 30 days after date of publication in the Federal 
Register. If VA receives public comments, VA shall review the comments 
to determine whether any changes to the notice are necessary.

ADDRESSES: Comments may be submitted through www.Regulations.gov or 
mailed to VA Privacy Service, 810 Vermont Avenue NW, (005X6F), 
Washington, DC 20420. Comments should indicate that they are submitted 
in response to ``Investigative Database-OMI-VA'' (162VA10E1B). Comments 
received will be available at regulations.gov for public viewing, 
inspection or copies.

FOR FURTHER INFORMATION CONTACT: Stephania Griffin, VHA Chief Privacy 
Officer, Department of Veterans Affairs, 810 Vermont Avenue NW, 
Washington, DC 20420; telephone (704) 245-2492 (Note: this is not a 
toll-free number).

SUPPLEMENTARY INFORMATION: VA is amending the system of records by 
revising the System Number; System Location; System Manager; Purpose; 
Categories of Individuals Covered by the System; Categories of Records 
in the System; Records Source Categories; Policies and Practices for 
Storage of Records; Policies and Practices for Retention and Disposal 
of Records; Safeguards; Record Access Procedure; Contesting Records 
Procedures; and Notification Procedure. VA is republishing the system 
notice in its entirety.
    The System Number is being updated from 162VA10E1B to 162VA10 to 
reflect the current VHA organizational routing symbol.
    The System Location is being updated to remove, ``Additional 
records are maintained by the Austin Information Technology Center, 
1615 Woodward Street, Austin, Texas 78772, and subject to their 
security control.''
    The System Manager is being updated to replace Correspondence 
Analyst, with Executive Assistant.
    The Purpose is being updated to remove, ``to perform statistical 
analysis to produce various management and follow-up reports. The data 
may be used for VA's extensive quality improvement programs in 
accordance with VA policy. In addition, the data may be used for law 
enforcement investigations. Survey data will be collected for the 
purpose of measuring and monitoring various aspects and outcomes of 
National, Veterans Integrated Service Network (VISN) and Facility-Level 
performance. Results of the survey data analysis are shared throughout 
the Veterans Health Administration (VHA) system.''
    The Categories of Individuals Covered by the System is being 
updated to remove, ``their immediate family members, members of the 
armed services, subcontractors, consultants, volunteers.''
    The Categories of Records in the System is being updated to replace 
24VA10P2 with 24VA10A7. Number 3 is being removed, ``Medical benefit 
and eligibility information.'' Renumbering as number 4 is now number 3, 
and so on. Number 5 is also being removed ``Patient Satisfaction Survey 
Data which include questions and responses.''
    The Records Source Categories is being updated to remove, ``VA 
Health Eligibility Center, the Food and Drug Administration, the 
Department of Defense, ``Income Verification Records-VA'' (89VA10NB), 
VA Veterans Benefits Administration automated record systems (including 
the ``Veterans and Beneficiaries Identification and Records Location 
Subsystem-VA'' (38VA23), and subsequent iterations of those systems of 
records.'' 24VA10P2 will be replaced with 24VA10A7 and 33VA113 will be 
replaced with 33VA10.
    Policies and Practices for Storage of Records is being updated to 
remove, ``paper, magnetic tape, disk, encrypted flash memory, and laser 
optical media''.
    Policies and Practices for Retention and Disposal of Records is 
being updated to include Item Numbers 1160.1 and 1160.2.
    Administrative, Technical and Physical Safeguards is being updated 
to remove from number 4 ``an elevator card reader for floor access and 
a separate VHA card reader for access to the office area; and in locked 
storage (paper).''
    Record Access Procedure is being updated to reflect the following 
language: ``Individuals seeking information on the existence and 
content of records in this system pertaining to them should contact the 
system manager in writing as indicated above or write or visit the VA 
facility location where they normally receive their care. A request for 
access to records must contain the requester's full name, address, 
telephone number, be signed by the requester, and describe the records 
sought in sufficient detail to enable VA personnel to locate them with 
a reasonable amount of effort.''
    Contesting Records Procedures is being updated to reflect the 
following language, ``Individuals seeking to contest or amend records 
in this system pertaining to them should contact the system manager in 
writing as indicated above, or may write or visit the VA facility 
location where they normally

[[Page 35930]]

receive their care. A request to contest or amend records must state 
clearly and concisely what record is being contested, the reasons for 
contesting it, and the proposed amendment to the record.''
    Notification Procedure is being updated to state, ``Generalized 
notice is provided by the publication of this notice. For specific 
notice, see Record Access Procedure, above.''
    The Report of Intent to Amend a System of Records Notice and an 
advance copy of the system notice have been sent to the appropriate 
Congressional committees and to the Director of the Office of 
Management and Budget (OMB) as required by the Privacy Act and 
guidelines issued by OMB, December 12, 2000.

Signing Authority

    The Senior Agency Official for Privacy, or designee, approved this 
document and authorized the undersigned to sign and submit the document 
to the Office of the Federal Register for publication electronically as 
an official document of the Department of Veterans Affairs. Kurt D. 
DelBene, Assistant Secretary for Information and Technology and Chief 
Information Officer, approved this document on March 26, 2024 for 
publication.

    Dated: April 29, 2024.
Amy L. Rose,
Government Information Specialist, VA Privacy Service, Office of 
Compliance, Risk and Remediation, Office of Information and Technology, 
Department of Veterans Affairs.

SYSTEM NAME:
    ``Investigative Database-OMI-VA'' (162VA10).

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Records are located at the Office of the Medical Inspector (OMI) in 
secure files within the OMI and indexed on a secure document management 
server within the Department of Veterans Affairs (VA) Central Office 
firewall.

 SYSTEM MANAGER(S):
    Official responsible for maintaining this system of records: 
Executive Assistant, OMI, Department of Veterans Affairs, 810 Vermont 
Avenue NW, Washington, DC 20420. Telephone 202-815-9508 (this is not a 
toll-free number).

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    38 U.S.C. 501.

PURPOSE(S) OF THE SYSTEM:
    The purpose of this system is to document the investigative 
activities of the OMI, and to monitor the activities of VA Medical 
Centers in fulfilling action plans developed in response to OMI 
reports.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The records contain information for individuals (1) Receiving 
health care from the Veterans Health Administration (VHA), and (2) VHA 
providers that are providing the health care. Individuals encompass 
Veterans, current and former employees, trainees, contractors, and 
other individuals working collaboratively with VA.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The records may include information and health information related 
to:
    1. Patient medical record abstract information including 
information from ``Patient Medical Record--VA'' (24VA10A7);
    2. Identifying information (e.g., name, birth date, death date, 
admission date, discharge date, gender, Social Security Number, 
taxpayer identification number); address information (e.g., home and/or 
mailing address, home and/or cell telephone number, emergency contact 
information such as name, address, telephone number and relationship); 
prosthetic and sensory aid serial numbers; medical record numbers; 
integration control numbers; information related to medical examination 
or treatment (e.g., location of VA medical facility providing 
examination or treatment, treatment dates, medical conditions treated 
or noted on examination); information related to military service and 
status;
    3. Patient aggregate workload data such as admissions, discharges 
and outpatient visits; resource utilization such as laboratory tests, 
x-rays and prescriptions;
    4. Data captured from various VA databases. According to VHA 
Directive 1038, Role of the Office of the Medical Inspector, Paragraph 
4k., ``OMI, as a component of VHA, has legal authority under applicable 
Federal privacy laws and regulations to access and use any information, 
including health information, maintained in VHA records for the 
purposes of health care operations and health care oversight.''; and
    5. Documents and reports produced and received by OMI in the course 
of its investigations.

RECORD SOURCE CATEGORIES:
    Information in this system of records is provided by Veterans, VA 
employees, VA computer systems, Veterans Health Information Systems and 
Technology Architecture (VistA), VA medical centers, VA program 
offices, Veterans Integrated Service Networks (VISNs), Austin 
Information Technology Center, the Department of Defense, Survey of 
Healthcare Experiences of Patients, External Peer Review Program, and 
the following Systems of Records: ``Patient Medical Records-VA'' 
(24VA10A7) and ``National Prosthetics Patient Database- VA'' (33VA10).

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    To the extent that records contained in the system include 
information protected by 45 CFR parts 160 and 164, i.e., individually 
identifiable health information, and 38 U.S.C. 7332, i.e., medical 
treatment information related to drug abuse, alcoholism or alcohol 
abuse, sickle cell anemia or infection with the human immunodeficiency 
virus, that information cannot be disclosed under a routine use unless 
there is also specific statutory authority in 38 U.S.C. 7332 and 
regulatory authority in 45 CFR parts 160 and 164 permitting disclosure.
    1. Congress: To a Member of Congress or staff acting upon the 
Member's behalf when the Member or staff requests the information on 
behalf of, and at the request of, the individual who is the subject of 
the record.
    2. National Archives and Records Administration (NARA): To the NARA 
in records management inspections conducted under 44 U.S.C. 2904 and 
2906, or other functions authorized by laws and policies governing NARA 
operations and VA records management responsibilities.
    3. Department of Justice (DoJ), Litigation, Administrative 
Proceeding: To the DoJ, or in a proceeding before a court, adjudicative 
body or other administrative body before which VA is authorized to 
appear, when:
    (a) VA or any component thereof;
    (b) Any VA employee in his or her official capacity;
    (c) Any VA employee in his or her individual capacity where DoJ has 
agreed to represent the employee; or
    (d) The United States, where VA determines that litigation is 
likely to affect the agency or any of its components,
    is a party to such proceedings or has an interest in such 
proceedings, and VA determines that use of such records is relevant and 
necessary to the proceedings.
    4. Governmental Agencies, for VA Hiring, Security Clearance, 
Contract, License, Grant: To a Federal, state, local or other 
governmental agency maintaining civil or criminal violation

[[Page 35931]]

records, or other pertinent information, such as employment history, 
background investigations, or personal or educational background, to 
obtain information relevant to VA's hiring, transfer or retention of an 
employee, issuance of a security clearance, letting of a contract, or 
issuance of a license, grant, or other benefit. The disclosure of the 
names and addresses of Veterans and their dependents from VA records 
under this routine use must also comply with the provisions of 38 
U.S.C. 5701.
    5. Law Enforcement: To a Federal, State, local, territorial, Tribal 
or foreign law enforcement authority or other appropriate entity 
charged with the responsibility of investigating or prosecuting a 
violation or potential violation of law, whether civil, criminal, or 
regulatory in nature, or charged with enforcing or implementing such 
law, provided that the disclosure is limited to information that, 
either alone or in conjunction with other information, indicates such a 
violation. The disclosure of the names and addresses of Veterans and 
their dependents from VA records under this routine use must also 
comply with the provisions of 38 U.S.C. 5701.
    6. Attorneys Representing Clients: To assist attorneys in 
representing their clients, any information in this system may be 
disclosed to attorneys representing subjects of investigations, 
including Veterans, Federal Government employees, retirees, volunteers, 
contractors, subcontractors or private citizens.
    7. Federal Labor Relations Authority (FLRA): To the FLRA in 
connection with the investigation and resolution of allegations of 
unfair labor practices, the resolution of exceptions to arbitration 
awards when a question of material fact is raised; matters before the 
Federal Service Impasses Panel; and the investigation of representation 
petitions and the conduct or supervision of representation elections.
    8. Equal Employment Opportunity Commission (EEOC): To the EEOC in 
connection with investigations of alleged or possible discriminatory 
practices, examination of Federal affirmative employment programs, or 
other functions of the Commission as authorized by law.
    9. Merit Systems Protection Board (MSPB): To the MSPB in connection 
with appeals, special studies of the civil service and other merit 
systems, review of rules and regulations, investigation of alleged or 
possible prohibited personnel practices, and such other functions 
promulgated in 5 U.S.C. 1205 and 1206, or as otherwise authorized by 
law.
    10. Guardians, Courts, for Incompetent Veterans: To a court, 
magistrate or administrative tribunal in matters of guardianship, 
inquests, and commitments; to private attorneys representing Veterans 
rated incompetent in conjunction with issuance of Certificates of 
Incompetency; or to probation and parole officers in connection with 
court-required duties.
    11. State Licensing Board, for Licensing: To a Federal agency, a 
State or local government licensing board, the Federation of State 
Medical Boards, or a similar non-governmental entity that maintains 
records concerning individuals' employment histories or concerning the 
issuance, retention or revocation of licenses, certifications or 
registration necessary to practice an occupation, profession or 
specialty, to inform such non-governmental entities about the health 
care practices of a terminated, resigned or retired health care 
employee whose professional health care activity so significantly 
failed to conform to generally accepted standards of professional 
medical practice as to raise reasonable concern for the health and 
safety of patients in the private sector or from another Federal 
agency. These records may also be disclosed as part of an ongoing 
computer matching program to accomplish these purposes.
    12. Contractors: To contractors, grantees, experts, consultants, 
students and others performing or working on a contract, service, 
grant, cooperative agreement or other assignment for VA, when 
reasonably necessary to accomplish an agency function related to the 
records.
    13. Federal Agencies, Fraud and Abuse: To other Federal agencies to 
assist such agencies in preventing and detecting possible fraud or 
abuse by individuals in their operations and programs.
    14. Data Breach Response and Remediation, for VA: To appropriate 
agencies, entities and persons when (1) VA suspects or has confirmed 
that there has been a breach of the system of records; (2) VA has 
determined that as a result of the suspected or confirmed breach there 
is a risk to individuals, VA (including its information systems, 
programs and operations), the Federal Government, or national security; 
and (3) the disclosure made to such agencies, entities or persons is 
reasonably necessary to assist in connection with VA efforts to respond 
to the suspected or confirmed breach or to prevent, minimize or remedy 
such harm.
    15. Data Breach Response and Remediation, for Another Federal 
Agency: To another Federal agency or Federal entity, when VA determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing or remedying the risk 
of harm to individuals, the recipient agency or entity (including its 
information systems, programs and operations), the Federal Government, 
or national security, resulting from a suspected or confirmed breach.
    16. Office of Special Counsel: To the Office of the Special Counsel 
for investigation and inquires of alleged or possible prohibited 
personnel practices.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are maintained on electronic storage media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by name, Social Security Number or other 
assigned identifiers of the individuals on whom they are maintained.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records in this system are retained and disposed of in accordance 
with the schedule approved by the Archivist of the United States, VA 
Records Control Schedule (RCS) 10-1, Item Numbers 1160.1 and 1160.2.

ADMINISTRATIVE, TECHNICAL AND PHYSICAL SAFEGUARDS:
    1. Access to and use of national administrative databases, 
warehouses and data marts are limited to those persons whose official 
duties require such access, and VA has established security procedures 
to ensure that access is appropriately limited. Information security 
officers and system data stewards review and authorize data access 
requests. VA regulates data access with security software that 
authenticates users and requires individually unique codes and 
passwords. VA provides information security training to all staff and 
instructs staff on the responsibility each person has for safeguarding 
data confidentiality.
    2. VA maintains Business Associate Agreements and Non-Disclosure 
Agreements where appropriate with contracted resources in order to 
maintain confidentiality of the information.
    3. Physical access to computer rooms housing national 
administrative databases, warehouses and data marts are restricted to 
authorized staff and

[[Page 35932]]

protected by a variety of security devices. Unauthorized employees, 
contractors and other staff are not allowed in computer rooms. The 
Federal Protective Service or other security personnel provide physical 
security for the buildings housing computer rooms and data centers.
    4. All materials containing real or scrambled Social Security 
numbers are kept only on secure, encrypted VHA servers, personal 
computers, laptops or media. All email transmissions of such files use 
Public Key Infrastructure (PKI) encryption. If a recipient does not 
have PKI, items are mailed or sent to a secure fax. Paper records 
containing Social Security numbers are secured in locked cabinets or 
offices within the OMI area. Access to OMI requires passing a security 
officer. All materials, both paper and electronic, that are no longer 
required are shredded/obliterated in accordance with VHA guidelines. 
Materials required for case documentation and follow up are archived in 
our secure document management server (electronic).
    5. In most cases, copies of back-up computer files are maintained 
at off-site locations.

RECORD ACCESS PROCEDURES:
    Individuals seeking information on the existence and content of 
records in this system pertaining to them should contact the system 
manager in writing as indicated above or write or visit the VA facility 
location where they normally receive their care. A request for access 
to records must contain the requester's full name, address, telephone 
number, be signed by the requester, and describe the records sought in 
sufficient detail to enable VA personnel to locate them with a 
reasonable amount of effort.

CONTESTING RECORD PROCEDURES:
    Individuals seeking to contest or amend records in this system 
pertaining to them should contact the system manager in writing as 
indicated above. A request to contest or amend records must state 
clearly and concisely what record is being contested, the reasons for 
contesting it, and the proposed amendment to the record.

NOTIFICATION PROCEDURES:
    Generalized notice is provided by the publication of this notice. 
For specific notice, see Record Access Procedure, above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    85 FR 7404 (February 7, 2020).

[FR Doc. 2024-09529 Filed 5-1-24; 8:45 am]
BILLING CODE 8320-01-P