| Page Range | 6094-6100 | |
| FR Document | 2018-02760 |
[Federal Register Volume 83, Number 29 (Monday, February 12, 2018)] [Notices] [Pages 6094-6100] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2018-02760] ----------------------------------------------------------------------- DEPARTMENT OF VETERANS AFFAIRS Privacy Act of 1974; System of Records AGENCY: Veterans Health Administration (VHA). ACTION: Notice of a modified system of records. ----------------------------------------------------------------------- SUMMARY: As required by the Privacy Act of 1974, notice is hereby given that the Department of Veterans Affairs (VA) is amending the system of records entitled, ``National Patient Databases-VA'' (121VA10P2) as set forth in 79 FR 8245. VA is amending the system of records by revising the System Number, Purpose, Routine Uses of Records Maintained in the System, Record Source Category, and Appendix. VA is republishing the system notice in its entirety. DATES: Comments on the amendment of this system of records must be received no later than March 14, 2018. If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by VA, the amended system will become effective March 14, 2018. ADDRESSES: Written comments may be submitted through www.Regulations.gov; by mail or hand-delivery to Director, Regulation Policy and Management (00REG), Department of Veterans Affairs, 810 Vermont Ave. NW, Room 1064, Washington, DC 20420; or by fax to (202) 273-9026 (not a toll-free number). Comments should indicate that they are submitted in response to ``National Patient Databases-VA''. Copies of comments received will be available for public inspection in the Office of Regulation Policy and Management, Room 1063B, between the hours of 8:00 a.m. and 4:30 p.m., Monday through Friday (except holidays). Please call (202) 461-4902 for an appointment. (This is not a toll-free number.) In addition, comments may be viewed online at www.Regulations.gov. FOR FURTHER INFORMATION CONTACT: Veterans Health Administration (VHA) Privacy Officer, Department of Veterans Affairs, 810 Vermont Avenue NW, Washington, DC 20420; telephone (704) 245-2492. (This is not a toll- free number.) SUPPLEMENTARY INFORMATION: The System Number is being changed from 120VA10P2 to 121VA10A7 to reflect the current organizational alignment. The Purpose has been amended to replace Healthcare Associated Infections & Influenza Surveillance System (HAIISS) with National Center for Patient Safety Public Health System. The Routine Uses of Records Maintained in the System has been amended by adding language to Routine Use #21 which states, ``a. Effective Response. A federal agency's ability to respond quickly and effectively in the event of a breach of federal data is critical to its efforts to prevent or minimize any consequent harm. An effective response necessitates disclosure of information regarding the breach to those individuals affected by it, as well as to persons and entities in a position to cooperate, either by assisting in notification to affected individuals or playing a role in preventing or minimizing harms from the breach. b. Disclosure of Information. Often, the information to be disclosed to such persons and entities is maintained by federal agencies and is subject to the Privacy Act (5 U.S.C. 552a). The Privacy Act prohibits the disclosure of any record in a system of records by any means of communication to any person or agency absent the written consent of the subject individual, unless the disclosure falls within one of twelve statutory exceptions. This routine use is required in order to ensure an agency is in the best position to respond in a timely and effective manner, in accordance with 5 U.S.C. 552a(b)(3) of the Privacy Act, agencies should publish a routine use for appropriate systems specifically applying to the disclosure of information in connection with response and remedial efforts in the event of a data breach.'' Adding Routine Use #27 which states, ``Disclosure of Veteran identifiers and demographic information (e.g., name, social security number (SSN), address, date of birth) may be made to an organization with whom VA has a documented partnership, arrangement or agreement (e.g., Health Information Exchange (HIE), Health Information Service Provider (HISP) Direct, CommonWell Health Alliance network), for the purpose of identifying and correlating patients.'' VA needs this ability to share demographic information for correlation and identification purposes. Routine use #28 is being added to state, ``VA may disclose relevant health care information to the Centers for Disease Control and Prevention (CDC) and/or their designee in response to its request or at the initiation of VA, in connection with disease-tracking, patient outcomes, bio-surveillance, or other health information required for program accountability.'' VA needs the ability to conduct disease tracking to impact patient outcomes, respond to public health threats, and to contribute significantly to the CDC's ability to conduct and monitor public health surveillance. Routine use #29 is being added to state, ``VA may, on its own initiative, disclose information from this system to another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. VA needs this routine use for the data breach response and remedial efforts with another Federal agency. Routine use #30 is being added to state, ``VA may disclose relevant healthcare and demographic information to health and welfare agencies, housing resources, and community providers, consistent with good medical-ethical practices, for Veterans assessed by or engaged in VA homeless programs for purposes of coordinating care, expediting access to housing, providing medical and related services, participating in coordinated entry processes, reducing Veteran homelessness, identifying homeless individuals in need of immediate assistance and ensuring program accountability by assigning and tracking responsibility for urgently required care.'' VA needs this routine use to effectively and efficiently collaborate with partner agencies by sharing information documented in the Homeless Operations Management and Evaluation System (HOMES) for the explicit purpose of improving timeliness and access to necessary services for Veterans in the homeless continuum. The Record Source Category is being amended to replace 89VA16 with [[Page 6095]] 89VA10NB to reflect the current organizational alignment. Appendix 4 has been amended by: 1. Removing the ``Oncology Tumor Registry (ONC)'' which is now incorporated in the VA Central Cancer Registry (VACCR); therefore, ONC is no longer needed as a separate registry. 2. Amending the Veterans Affairs Surgical Quality Improvement Program (VASQIP) address is being amended to replace VA National Surgery Office (10NC2), 810 Vermont Avenue NW, Washington, DC 20420 with Region 06 Office of Information and Technology (OI&T) Data Center, Denver, CO 80220. 3. Replacing HAIISS Data Warehouse is being replaced with National Center for Patient Safety Public Health System (NCPSPHS) due to the HAISS being discontinued, therefore adding NCPSPHS represented a change of mission as well as data content. 4. ``Public Health Reference Network'' is being replaced with NCPSPHS due to the information technology (IT) system being discontinued and a name change to better describe the mission of the IT system within VHA. 5. Adding the ``Inpatient Evaluation Center (IPEC) Legionella Case Report Module'', which are located at the Austin Information Technology Center, 1615 Woodward Street, Austin, TX 78772. IPEC is being added as system to record aggregate data about hospitalized patients, the Legionnaire Module was added to record individual patient data with a patient identifier used to track patients diagnosed with Legionnaire's Disease. 6. Adding the ``Veterans Integrated Registry Platform'', which a new health registry platform designed to host VHA health registries. The Report of Intent to Amend a System of Records Notice and an advance copy of the system notice have been sent to the appropriate Congressional committees and to the Director of Office of Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy Act) and guidelines issued by OMB (65 FR 77677), Signing Authority: The Secretary of Veterans Affairs, or designee, approved this document and authorized the undersigned to sign and submit the document to the Office of the Federal Register for publication electronically as an official document of the Department of Veterans Affairs. Gina S. Farrisee, Deputy Chief of Staff, approved this document on July 24, 2017, for publication. Dated: February 7, 2018. Kathleen M. Manwell, Program Analyst, VA Privacy Service, Office of Privacy Information and Identity Protection, Office of Quality, Privacy and Risk, Office of Information and Technology, Department of Veterans Affairs. SYSTEM NAME: National Patient Databases-VA (121VA10A7) SECURITY CLASSIFICATION: None. SYSTEM LOCATION: Records are maintained at VA medical centers, VA data processing centers, Veterans Integrated Service Networks (VISN), and Office of Information field offices. Address location for each VA national patient database is listed in VA Appendix 4 at the end of this document. SYSTEM MANAGER(S): Officials responsible for policies and procedures: Assistant Deputy Under Secretary for Informatics and Information Governance (10P2), Department of Veterans Affairs, 810 Vermont Avenue NW, Washington, DC 20420. Officials maintaining this system of records: Director, National Data Systems (10P2C), Austin Information Technology Center, 1615 Woodward Street, Austin, Texas 78772. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: Title 38 United States Code Section 501. PURPOSE(S) OF THE SYSTEM: The records and information may be used for statistical analysis to produce various management, workload tracking, and follow-up reports; to track and evaluate the ordering and delivery of equipment, services, and patient care; for the planning, distribution, and utilization of resources; to monitor the performance of VISNs; and to allocate clinical and administrative support to patient medical care. The data may be used for VA's extensive research programs in accordance with VA policy. In addition, the data may be used to assist in workload allocation for patient treatment services including provider panel management, nursing care, clinic appointments, surgery, prescription processing, diagnostic and therapeutic procedures; to plan and schedule training activities for employees; for audits, reviews, and investigations conducted by the network directors office and VA Central Office; for quality assurance audits, reviews, and investigations; for law enforcement investigations; and for personnel management, evaluation and employee ratings, and performance evaluations. Survey data will be collected for the purpose of measuring and monitoring national, VISN, and facility-level performance on the Veterans Health Administration's (VHA) Veteran Health Care Service Standards (VHSS) pursuant to Executive Order 12862 and VHA Customer Service Standards Directive. The VHSS are designed to measure levels of patient satisfaction in areas that patients have defined as important in receiving quality, patient-centered health care. Results of the survey data analysis are shared throughout the VHA system. The External Peer Review Program (EPRP) data are collected in order to provide medical centers and outpatient clinics with diagnosis and procedure-specific quality of care information. EPRP is a contracted review of care, specifically designated to collect data to be used to improve the quality of care. The Veteran Homeless records and information will be used for case management in addition to statistical analysis to produce various management, workload tracking, and follow-up reports; to track and evaluate the goal of ending Veteran homelessness. National Center for Patient Safety Public Health System data will be available to VHA clinicians to use for the monitoring of health care-associated infections and for the transmittal of data to state/local health departments for biosurveillance purposes. CATEGORIES OF INDIVIDUALS COVERED BY THIS SYSTEM: The records contain information for all individuals (1) Receiving health care from VHA, and (2) Providing the health care. Individuals encompass Veterans and their immediate family members, members of the Armed Services, current and former employees, trainees, contractors, subcontractors, consultants, volunteers, and other individuals working collaboratively with VA. CATEGORIES OF RECORDS IN THE SYSTEM: The records may include information and health information related to: 1. Patient medical record abstract information including, but not limited to, information from Patient Medical Record--VA (24VA10P2). 2. Identifying information (e.g., name, birth date, death date, admission date, discharge date, gender, social security number, taxpayer identification number); address information (e.g., home and/or mailing address, home telephone number, emergency contact information such as name, address, telephone number, and relationship); prosthetic and sensory aid serial numbers; medical record numbers; integration control numbers; information related to medical [[Page 6096]] examination or treatment (e.g., location of VA medical facility providing examination or treatment, treatment dates, medical conditions treated or noted on examination); information related to military service and status; 3. Medical benefit and eligibility information; 4. Patient workload data such as admissions, discharges, and outpatient visits; resource utilization such as laboratory tests, x- rays; 5. Patient Satisfaction Survey Data which include questions and responses; 6. EPRP data capture; 7. Online Data Collection system supported by Northeast Program Evaluation Center and VHA Support Service Center to include electronic information from all Veteran homeless programs and external sources; and 8. Clinically oriented information associated with My HealtheVet such as secure messages. RECORD SOURCE CATEGORIES: Information in this system of records is provided by Veterans, VA employees, VA computer systems, Veterans Health Information Systems and Technology Architecture, VA medical centers, VA Health Eligibility Center, VA program offices, VISNs, VA Austin Automation Center, the Food and Drug Administration (FDA), Department of Defense (DOD), Department of Housing and Urban Development (HUD), Survey of Healthcare Experiences of Patients, EPRP, and the following Systems Of Records: `Patient Medical Records--VA' (24VA10P2), `National Prosthetics Patient Database--VA' (33VA113), `Healthcare Eligibility Records--VA' (89VA10NB), VA Veterans Benefits Administration automated record systems (including the Veterans and Beneficiaries Identification and Records Location Subsystem--VA (38VA23)), and subsequent iterations of those systems of records. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: To the extent that records contained in the system include information protected by 38 U.S.C. 7332, i.e., medical treatment information related to drug abuse, alcoholism or alcohol abuse, sickle cell anemia or infection with the human immunodeficiency virus; information protected by 38 U.S.C. 5705, i.e., quality assurance records; or information protected by 45 CFR Parts 160 and 164, i.e., individually identifiable health information, such information cannot be disclosed under a routine use unless there is also specific statutory authority permitting the disclosure. VA may disclose protected health information pursuant to the following routine uses where required or permitted by law. 1. VA may disclose on its own initiative any information in this system, except the names and home addresses of Veterans and their dependents, that is relevant to a suspected or reasonably imminent violation of law, whether civil, criminal, or regulatory in nature and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, to a Federal, state, local, tribal, or foreign agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule, or order. On its own initiative, VA may also disclose the names and addresses of Veterans and their dependents to a Federal agency charged with the responsibility of investigating or prosecuting civil, criminal, or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, rule, or order issued pursuant thereto. 2. Disclosure may be made to any source from which additional information is requested (to the extent necessary to identify the individual, inform the source of the purpose(s) of the request, and identify the type of information requested), when necessary to obtain or provide information relevant to an individual's eligibility, care history, or other benefits across different Federal, state, or local, public health, health care, or program benefit agencies that improves the quality and safety of health care for our Veterans. 3. Disclosure may be made to a Federal agency in the executive, legislative, or judicial branch, state and local Government or the District of Columbia government in response to its request or at the initiation of VA, in connection with disease tracking, patient outcomes, or other health information required for program accountability. 4. Disclosure may be made to the National Archives and Records Administration and the General Services Administration for records management inspections under authority of Title 44, Chapter 29, of the United States Code. 5. VA may disclose information in this system of records to the Department of Justice (DOJ), either on VA's initiative or in response to DOJ's request for the information, after either VA or DOJ determines that such information is relevant to DOJ's representation of the United States or any of its components in legal proceedings before a court or adjudicative body, provided that, in each case, the agency also determines prior to disclosure that disclosure of the records to the DOJ is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. VA, on its own initiative, may disclose records in this system of records in legal proceedings before a court or administrative body after determining that the disclosure of the records to the court or administrative body is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. 6. Records from this system of records may be disclosed to a Federal agency or to a state or local government licensing board and/or to the Federation of State Medical Boards or a similar nongovernment entity that maintains records concerning individuals' employment histories or concerning the issuance, retention, or revocation of licenses, certifications, or registration necessary to practice an occupation, profession, or specialty, in order for the agency to obtain information relevant to an agency decision concerning the hiring, retention, or termination of an employee. 7. Records from this system of records may be disclosed to inform a Federal agency, licensing boards, or appropriate non-governmental entities about the health care practices of a terminated, resigned, or retired health care employee whose professional health care activity so significantly failed to conform to generally accepted standards of professional medical practice as to raise reasonable concern for the health and safety of patients receiving medical care in the private sector or from another Federal agency. 8. For program review purposes and the seeking of accreditation and/or certification, disclosure may be made to survey teams of the Joint Commission, College of American Pathologists, American Association of Blood Banks, and similar national accreditation agencies or boards with whom VA has a contract or agreement to conduct such reviews but only to the extent that the information is necessary and relevant to the review. 9. Disclosure may be made to a national certifying body that has the authority to make decisions concerning the issuance, retention, or revocation of licenses, certifications, or registrations required to practice a health care profession, when requested in writing by an investigator or supervisory official of the national certifying body for the purpose of making a decision concerning the issuance, retention, or [[Page 6097]] revocation of the license, certification, or registration of a named health care professional. 10. Records from this system that contain information listed in 5 U.S.C. 7114(b)(4) may be disclosed to officials of labor organizations recognized under 5 U.S.C. Chapter 71 when relevant and necessary to their duties of exclusive representation concerning personnel policies, practices, and matters affecting working conditions. 11. Disclosure may be made to the representative of an employee of all notices, determinations, decisions, or other written communications issued to the employee in connection with an examination ordered by VA under medical evaluation (formerly fitness-for duty) examination procedures or Department-filed disability retirement procedures. 12. VA may disclose information to officials of the Merit Systems Protection Board, or the Office of Special Counsel, when requested in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and such other functions, promulgated in 5 U.S.C. 1205 and 1206, or as may be authorized by law. 13. VA may disclose information to the Equal Employment Opportunity Commission when requested in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, or for other functions of the Commission as authorized by law or regulation. 14. VA may disclose information to the Federal Labor Relations Authority (including its General Counsel) information related to the establishment of jurisdiction, the investigation and resolution of allegations of unfair labor practices, or information in connection with the resolution of exceptions to arbitration awards when a question of material fact is raised; to disclose information in matters properly before the Federal Services Impasses Panel, and to investigate representation petitions and conduct or supervise representation elections. 15. Disclosure of medical record data, excluding name and address, unless name and address are furnished by the requester, may be made to non-Federal research facilities for research purposes determined to be necessary and proper when approved in accordance with VA policy. 16. Disclosure of name(s) and address(s) of present or former personnel of the Armed Services, and/or their dependents, may be made to: (a) A Federal department or agency, at the written request of the head or designee of that agency; or (b) directly to a contractor or subcontractor of a Federal department or agency, for the purpose of conducting Federal research necessary to accomplish a statutory purpose of an agency. When disclosure of this information is made directly to a contractor, VA may impose applicable conditions on the department, agency, and/or contractor to insure the appropriateness of the disclosure to the contractor. 17. Disclosure may be made to individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to perform such services as VA may deem practicable for the purposes of laws administered by VA, in order for the contractor, subcontractor, public or private agency, or other entity or individual with whom VA has an agreement or contract to perform the services of the contract or agreement. This routine use includes disclosures by the individual or entity performing the service for VA to any secondary entity or individual to perform an activity that is necessary for individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to provide the service to VA. 18. Disclosure may be made to a congressional office from the record of an individual in response to an inquiry from the congressional office made at the request of that individual. 19. VA may disclose information to a Federal agency for the conduct of research and data analysis to perform a statutory purpose of that Federal agency upon the prior written request of that agency, provided that there is legal authority under all applicable confidentiality statutes and regulations to provide the data and the VHA Office of Information has determined prior to the disclosure that VHA data handling requirements are satisfied. 20. Disclosure of limited individual identification information may be made to another Federal agency for the purpose of matching and acquiring information held by that agency for VHA to use for the purposes stated for this system of records. 21. VA may, on its own initiative disclose any information or records to appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that the integrity or confidentiality of information in the system of records has been compromised; (2) VA has determined that as a result of the suspected or confirmed compromise there is a risk of embarrassment or harm to the reputations of the record subjects, harm to economic or property interests, identity theft or fraud, or harm to the security, confidentiality, or integrity of this system or other systems or programs (whether maintained by VA or another agency or entity) that rely upon the potentially compromised information; and (3) the disclosure is to agencies, entities, or persons whom VA determines are reasonably necessary to assist or carry out VA's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. This routine use permits disclosures by VA to respond to a suspected or confirmed data breach, including the conduct of any risk analysis or provision of credit protection services as provided in 38 U.S.C. 5724, as the terms are defined in 38 U.S.C. 5727. a. Effective Response. A federal agency's ability to respond quickly and effectively in the event of a breach of federal data is critical to its efforts to prevent or minimize any consequent harm. An effective response necessitates disclosure of information regarding the breach to those individuals affected by it, as well as to persons and entities in a position to cooperate, either by assisting in notification to affected individuals or playing a role in preventing or minimizing harms from the breach. b. Disclosure of Information. Often, the information to be disclosed to such persons and entities is maintained by federal agencies and is subject to the Privacy Act (5 U.S.C. 552a). The Privacy Act prohibits the disclosure of any record in a system of records by any means of communication to any person or agency absent the written consent of the subject individual, unless the disclosure falls within one of twelve statutory exceptions. In order to ensure an agency is in the best position to respond in a timely and effective manner, in accordance with 5 U.S.C. 552a(b)(3) of the Privacy Act, agencies should publish a routine use for appropriate systems specifically applying to the disclosure of information in connection with response and remedial efforts in the event of a data breach. 22. On its own initiative, VA may disclose to the general public via an internet website, Primary Care Management Module information, including the names of its providers, provider panel sizes and reports on provider performance measures of quality when approved in accordance with VA policy. [[Page 6098]] 23. Disclosure to other Federal agencies may be made to assist such agencies in preventing and detecting possible fraud or abuse by individuals in their operations and programs. 24. VA may disclose names and addresses of present or former members of the Armed Services and/or their dependents under certain circumstances: (a) To any nonprofit organization, if the release is directly connected with the conduct of programs and the utilization of benefits under Title 38, or (b) to any criminal or civil law enforcement governmental agency or instrumentality charged under applicable law with the protection of the public health or safety, if a qualified representative of such organization, agency, or instrumentality has made a written request for such names or addresses for a purpose authorized by law, provided that the records will not be used for any purpose other than that stated in the request and that the organization, agency, or instrumentality is aware of the penalty provision of 38 U.S.C. 5701(f). 25. VA may disclose information, including demographic information, to HUD for the purpose of reducing homelessness among Veterans by implementing the Federal strategic plan to prevent and end homelessness and by evaluating and monitoring the HUD-Veterans Affairs Supported Housing program. 26. VA may disclose health care information to the FDA, or a person subject to the jurisdiction of the FDA, with respect to FDA-regulated products, for purposes of reporting adverse events; product defects or problems, or biological product deviations; tracking products; enabling product recalls, repairs, or replacements; and/or conducting post marketing surveillance. 27. Disclosure of Veteran identifiers and demographic information (e.g., name, SSN, address, date of birth) may be made to an organization with whom VA has a documented partnership, arrangement or agreement (e.g., HIE, HISP, Direct and CommonWell Health Alliance Network) for the purpose of identifying and correlating patients. 28. VA may disclose relevant health care information to the CDC and/or their designee in response to its request or at the initiation of VA, in connection with disease-tracking, patient outcomes, bio- surveillance, or other health information required for program accountability. 29. VA may, on its own initiative, disclose information from this system to another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. 30. VA may disclose relevant healthcare and demographic information to health and welfare agencies, housing resources, and community providers, consistent with good medical-ethical practices, for Veterans assessed by or engaged in VA homeless programs for purposes of coordinating care, expediting access to housing, providing medical and related services, participating in coordinated entry processes, reducing Veteran homelessness, identifying homeless individuals in need of immediate assistance and ensuring program accountability by assigning and tracking responsibility for urgently required care. POLICIES AND PRACTICES FOR STORAGE OF RECORDS: Records are maintained on electronic storage media including magnetic tape, disk, and laser optical media. POLICIES AND PRACTICES FOR RETRIEVABILITY OF RECORDS: Records are retrieved by name, social security number or other assigned identifiers of the individuals on whom they are maintained. POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: The records are disposed of in accordance with General Records Schedule 20, item 4. Item 4 provides for deletion of data files when the agency determines that the files are no longer needed for administrative, legal, audit, or other operational purposes. ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: 1. Access to and use of national patient databases are limited to those persons whose official duties require such access, and VA has established security procedures to ensure that access is appropriately limited. Information security officers and system data stewards review and authorize data access requests. VA regulates data access with security software that authenticates users and requires individually unique codes and passwords. VA provides information security training to all staff and instructs staff on the responsibility each person has for safeguarding data confidentiality. 2. VA maintains Business Associate Agreements and Non-Disclosure Agreements with contracted resources in order to maintain confidentiality of the information. 3. Physical access to computer rooms housing national patient databases is restricted to authorized staff and protected by a variety of security devices. Unauthorized employees, contractors, and other staff are not allowed in computer rooms. The Federal Protective Service or other security personnel provide physical security for the buildings housing computer rooms and data centers. 4. Data transmissions between operational systems and national patient databases maintained by this system of record are protected by state-of-the-art telecommunication software and hardware. This may include firewalls, encryption, and other security measures necessary to safeguard data as it travels across the VA Wide Area Network. Data may be transmitted via a password protected spreadsheet and placed on the secured share point Web portal by the user that has been provided access to their secure file. Data can only be accessed by authorized personnel from each facility within the Polytrauma System of Care and the Physical Medicine and Rehabilitation Program Office. 5. In most cases, copies of back-up computer files are maintained at off-site locations. RECORD ACCESS PROCEDURE: Individuals seeking information regarding access to and contesting of records in this system may write or call the Director of National Data Systems (10P2C), Austin Information Technology Center, 1615 Woodward Street, Austin, Texas 78772, or call the VA National Service Desk and ask to speak with the VHA Director of National Data Systems at (512) 326-6780. CONTESTING RECORD PROCEDURES: (See Record Access procedures above). NOTIFICATION PROCEDURE: Individuals who wish to determine whether this system of records contains information about them should contact the Director of National Data Systems (10P2C), Austin Information Technology Center, 1615 Woodward Street, Austin, Texas 78772. Inquiries should include the person's full name, social security number, location and dates of employment or location and dates of treatment, and their return address. EXEMPTIONS PROMULGATED FOR THE SYSTEM: None. [[Page 6099]] HISTORY: Last full publication provided in 79 FR 8245 dated February 11, 2014. VA APPENDIX 4 ------------------------------------------------------------------------ Database name Location ------------------------------------------------------------------------ Addiction Severity Index (ASI)......... Veterans Affairs Medical Center, 7180 Highland Drive, Pittsburg, PA 15206. Bidirectional Health Information SunGard, 1500 Spring Garden Exchange (BHIE). Street, Philadelphia, PA 19130. Breast Care Registry................... Austin Information Technology Center, 1615 Woodward Street, Austin, TX 78772. VA Clinical Assessment Reporting and Denver VA Medical Center, 1055 Tracking (CART) Program. Clermont Street, Denver, CO 80220. Consolidated Mail Outpatient Pharmacy Southwest CMOP, 3675 East (CMOP) Centralized Database System. Britannia Drive, Tucson, AZ 85706. Converged Registries Solution (CRS).... Austin Information Technology Center, 1615 Woodward Street, Austin, TX 78772. Cruetzfelet-Jakob Disease Lookback Cincinnati VA Medical Center, Dataset (CJDLD). 3200 Vine Street, Cincinnati, OH 45220. Defense and Veterans Eye Injury Austin Information Technology Registry (DVEIR). Center, 1615 Woodward Street, Austin, TX 78772. Dental Encounter System (DES).......... Austin Information Technology Center, 1615 Woodward Street, Austin, TX 78772. Eastern Pacemaker Surveillance Center Veterans Affairs Medical Database. Center, 50 Irving Street NW, Washington, DC 20422. Emerging Pathogens Initiative (EPI).... Austin Information Technology Center, 1615 Woodward Street, Austin, TX 78772. Federal Health Information Exchange SunGard, 1500 Spring Garden (FHIE). Street, Philadelphia, PA 19130. Financial Clinical Data Mart (FCDM).... Austin Information Technology Center, 1615 Woodward Street, Austin, TX 78772. Former Prisoner of War Statistical Austin Information Technology Tracking System. Center, 1615 Woodward Street, Austin, TX 78772. Functional Status and Outcome Database Austin Information Technology (FSOD). Center, 1615 Woodward Street, Austin, TX 78772. Home Based Primary Care (HBC).......... Austin Information Technology Center, 1615 Woodward Street, Austin, TX 78772. Homeless Operational Management & Austin Information Technology Evaluation System (HOMES). Center, 1615 Woodward Street, Austin, Texas 78772. Homeless Veterans Registry............. Austin Information Technology Center, 1615 Woodward Street, Austin, TX 78772. Implant Tracking Registry.............. Austin Information Technology Center, 1615 Woodward Street, Austin, TX 78772. IPEC Legionella Case Report Module..... Austin Information Technology Center, 1615 Woodward Street, Austin, TX 78772. Mammography Quality Standards (MQS) VA. Veterans Affairs Medical Center, 508 Fulton Street, Durham, NC 27705. Master Veteran Index................... Austin Information Technology Center, 1615 Woodward Street, Austin, TX 78772. Medical SAS File (MDP) (Medical Austin Information Technology District Planning (MEDIPRO)). Center, 1615 Woodward Street, Austin, TX 78772. Multiple Sclerosis Surveillance Request Austin Information Technology (MSSR) Registry. Center, 1615 Woodward Street, Austin, TX 78772. National Center for Patient Safety Veterans Affairs Medical Public Health System (NCPSPHS). Center, 3801 Miranda Avenue, Palo Alto, CA 94304. National Mental Health Database System Veterans Affairs Medical (NMHDS). Center, 7180 Highland Drive, Pittsburgh, PA 15206. National Medical Information System Austin Information Technology (NMIS). Center, 1615 Woodward Street, Austin, TX 78772. National Survey of Veterans (NSV)...... Austin Information Technology Center, 1615 Woodward Street, Austin, TX 78772. Patient Assessment File (PAF).......... Austin Information Technology Center, 1615 Woodward Street, Austin, TX 78772. Pharmacy Benefits Management (PBM)..... Veterans Affairs Medical Center, 5th Avenue and Roosevelt Road, Hines, IL 60141. Remote Order Entry System (ROES)....... Denver Distribution Center, 155 Van Gordon Street, Lakewood, CO 80228-1709. Resident Assessment Instrument/Minimum Austin Information Technology Data Set (RAI/MDS). Center, 1615 Woodward Street, Austin, TX 78772. Traumatic Brain Injury (TBI) Registry.. Austin Information Technology Center, 1615 Woodward Street, Austin, TX 78772. VA National Clozapine Registry (NCCC).. Veterans Affairs Medical Center, 4500 South Lancaster Road, Dallas, TX 75216. Veterans Affairs Surgical Quality VA National Surgery Office Improvement Program (VASQIP). (10NC2), 810 Vermont Avenue NW, Washington, DC 20420. VA Vital Status File (VSF)............. Austin Information Technology Center, 1615 Woodward Street, Austin, TX 78772. Veterans Administration Central Cancer Veterans Affairs Medical Registry (VACCR). Center, 50 Irving Street NW, Washington, DC 20422. [[Page 6100]] Veterans Health Administration Support Austin Information Technology Service Center (VSSC). Center, 1615 Woodward Street, Austin, TX 78772. Veterans Integrated Registry Platform.. Austin Information Technology Center, 1615 Woodward Street, Austin, TX 78772. War Related Illness and Injury Study VA Palo Alto Health Care Center (WRIISC) Database. System, 3801 Miranda Avenue, Mail Code 151Y, Palo Alto, CA 94304. ------------------------------------------------------------------------ [FR Doc. 2018-02760 Filed 2-9-18; 8:45 am] BILLING CODE 8320-01-P
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Notice of a modified system of records. | |
| Dates | Comments on the amendment of this system of records must be received no later than March 14, 2018. If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by VA, the amended system will become effective March 14, 2018. | |
| Contact | Veterans Health Administration (VHA) Privacy Officer, Department of Veterans Affairs, 810 Vermont Avenue NW, Washington, DC 20420; telephone (704) 245-2492. (This is not a toll- free number.) | |
| FR Citation | 83 FR 6094 |