AGENCY:

Department of Veterans Affairs (VA).

ACTION:

Notice of new system of records—Compliance Records, Response, and Resolution of Reports of Persons Allegedly Involved in Compliance Violations—VA.

SUMMARY:

As required by the Privacy Act of 1974, 5 U.S.C. 552a(e), notice is hereby given that the Department of Veterans Affairs (VA) is adding a new system of records, “Compliance Records, Response, and Resolution of Reports of Persons Allegedly Involved in Compliance Violations—VA” (106VA17).

DATES:

Comments on the establishment of this system of records must be received no later than December 31, 2001. If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by VA, the new system will become effective December 31, 2001.

ADDRESSES:

Written comments concerning the proposed new system of records may be submitted to the Office of Regulations Management (02D), Department of Veterans Affairs, 810 Vermont Avenue, NW., Washington, DC 20420. Comments will be available for public inspection at the above address in the Office of Regulations Management, Room 1158, between the hours of 8 a.m. and 4:30 p.m., Monday through Friday (except holidays).

FOR FURTHER INFORMATION CONTACT:

Veterans Health Administration (VHA) Privacy Act Officer, Department of Veterans Affairs, 810 Vermont Avenue, NW., Washington, DC 20420, telephone (727) 320-1839.

SUPPLEMENTARY INFORMATION:

I. Description of the Proposed Systems of Records

The Compliance and Business Integrity (CBI) Program, although originally modeled after Health and Human Services (HHS)-Office of Inspector General's (OIG) hospital compliance program, has evolved into a program that meets program requirements specific to VA. Management of the CBI Program falls under the direction of the VHA Chief Financial Officer (CFO). The CBI Program assures the organizational and business structure within which patient care takes place is in compliance with laws, regulations, policies and standards, which impact the business. It also reduces business risk and serves as a management function that is interdisciplinary in nature, focuses on business processes and acts as a fiduciary of public resources. An integral component of the Compliance and Business Integrity (CBI) Program is the establishment of a Confidential Disclosure Program (CDP) designed to ensure activities of VHA are conducted in compliance with public law, established regulations and recognized standards of business practice. The CDP assures integrity of business and operational processes within VHA by providing a mechanism for employees to raise questions and report concerns about potential non-compliance and is consistent with similar reporting and tracking mechanisms identified by HHS-OIG as integral to effective health care compliance programs. Two elements of the CDP are the CBI Helpline and the Compliance Reporting and Tracking System (CIRTS). Together, they comprise the core of the CDP. VHA has contracted for the CBI Helpline, which serves as an anonymous avenue for employees and others to access the CDP in an attempt to assure the integrity of VHA business and operational processes.

The CBI Helpline is established to control the receipt and disposition of reports and/or concerns related to the following VHA areas: Enrollment; Means Testing; Eligibility; Pre-certification and certification/utilization review; Standards pertaining to documentation, coding and billing; Audits, reviews, inquiries and remediation; Accounts receivable and Start Printed Page 59843payable; Excluded individuals and/or entities screening and sanctions listings; Information protection, record retention, managing requests for information; Provider documentation supporting business processes; Overpayments; Questionable conduct on the part of managers, supervisors or employees as related to business processes; and any other matter relating to the business integrity of VHA operations.

The Compliance Line is primarily for use by VHA employees who observe co-workers at their jobs on a regular basis. However, there is nothing to prevent others, such as veterans or their family members, from observing and reporting suspected compliance violations by VHA staff. VHA employees will be made aware of the Compliance Line and how to use it through general compliance awareness training, as well as various other promotional materials, such as brochures, posters, the creation of a web site, etc. Veterans and their families, and third parties, such as contractors conducting official business with VHA, will have access to information about the Compliance Line through posters and other printed material that may be displayed throughout VHA facilities.

The system of records will cover complainants and subjects of complaints. Complainants may be employees, veterans or their family members, or third parties, such as contractors, who conduct official business with VHA. Subjects of complaints may be VHA staff named individually, or VHA departments or facilities (for example, “the billing office” at a particular hospital). Complainants desiring to raise a question and report a concern regarding the integrity of business and operational processes within VHA may report it to the Compliance Office through the Compliance Line. Depending on the nature of the report, it will be appropriately referred to another office (for example, the Office of Inspector General; Office of Resolution Management) or to the Compliance Office. This system of records applies only to those records that are maintained by the Compliance Office.

The system of records will contain personal and demographic information provided through the Compliance Line or other sources by complainants, and personal information that has been collected during an appropriate review/investigation. Such information may include: (1) The name, home and work address and phone number of the complainant; (2) name of the subject of the complaint; (3) name and/or patient number of the veteran patient who received services associated with the complaint; (4) the date when the allegation was reported; (5) the date, location and nature of the alleged wrongdoing; and, (6) the Compliance Office's identification number assigned to the case. The records may also include correspondence between the Compliance Office and the Compliance Line vendor as to the status of each case (open or closed).

The system of records will also contain the information gathered when reports of suspected compliance violations are thoroughly documented and investigated to determine their veracity. Information in the investigation records may include: (1) The name of the subject of an investigation; (2) the names of individuals whose work was reviewed as part of the investigation; (3) the names and/or patient numbers of veteran patients whose medical records were reviewed in order to investigate the allegation; (4) the station at which an investigation took place; (5) the time period when the investigation took place; (6) the nature of the allegation; (7) the outcome of the investigation; (8) the recommended action; and, (9) the Compliance Office's identification number assigned to the case. Information may be in the form of a narrative summary or synopsis, exhibits, or VHA documentation and memoranda.

Records in the system will be a combination of computerized files and paper files. Both paper and electronic records may contain the information listed above, and may relate to complainants and subjects of complaints. All reports of suspected noncompliance will be documented in a computerized database and assigned a unique identification number. This number will also be used to identify any paper files associated with the case as the review or investigation proceeds. Paper files may contain documents collected in association with reviewing the case, such as memoranda, policies, or examples of work produced as a result of the complaint. Both electronic and paper case files will be stored and individually retrieved by the unique identification number, not by name.

Access to information in the database will be restricted to authorized personnel on a need-to-know basis by means of passwords and authorized user identification codes. Computer system documentation will be maintained in a secure environment in the VHA CFO Compliance Office, VA Central Office, and in the Compliance Offices at the network and medical center locations. Access to printouts and data terminals will be limited to authorized personnel in the Compliance Program.

Access to paper file folders will be restricted to authorized personnel on a need-to-know basis. Paper files will be maintained in file cabinets or closets that will be locked after duty hours. These files will be under the control of the Compliance Officer or his/her designee. Buildings are protected from unauthorized access by a protective service.

Computerized records will be retained indefinitely. Periodic system back-ups will be employed for record protection. If disk space is limited, the records will be archived to tape or disk in accordance with established practice. Paper records will be maintained and disposed of in accordance with records disposition authority approved by the Archivist of the United States.

An individual who wishes to know if a computerized or paper record is being maintained by the VHA Compliance Office under his or her name in this system, or wants to learn the contents of such records, will be able to submit a written request or apply in person to the VHA CFO (17), Department of Veterans Affairs, 810 Vermont Avenue, NW., Washington, DC 20420. An individual who seeks access to or wishes to contest records maintained under his or her name in this system may write, call or visit the VHA CFO (17), Department of Veterans Affairs, 810 Vermont Avenue, NW., Washington, DC 20420.

II. Proposed Routine Use Disclosures of Data in the System

We are proposing to establish the following routine use disclosures of information that will be maintained in the system:

1. To a Member of Congress or staff person acting for the Member when the Member or staff person requests the records on behalf of and at the request of that individual.

Individuals sometimes request the help of a Member of Congress in resolving some issues relating to a matter before VA. The Member of Congress then writes VA, and VA must be able to give sufficient information to be responsive to the inquiry.

2. To a Federal, State or local agency, upon its official request, to the extent that it is relevant and necessary to that agency's decision regarding: the hiring, retention or transfer of an employee, the issuance of a security clearance, the letting of a contract, or the issuance or continuance of a license, grant or other benefit given by that agency. However, in accordance with an agreement with the U.S. Postal Service, disclosures to the U.S. Postal Service for decisions Start Printed Page 59844concerning the employment of veterans will only be made with the veteran's prior written consent.

VA must be able to provide information to agencies conducting background checks on applicants for employment or licensure.

3. To a Federal, State, or local agency maintaining civil or criminal violation records, or other pertinent information in order for VA to obtain information relevant to the hiring, transfer or retention of an employee, letting of a contract, granting of a security clearance, or the issuance of a grant.

VA needs to obtain information from other agencies in order to conduct background and security clearance checks on applicants for VA employment, contractors, or persons requesting a grant.

4. To a Federal, State, local or foreign agency charged with the responsibility of investigating or prosecuting civil, criminal or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, rule or order issued pursuant thereto. The names and addresses of veterans may only be disclosed:

• To a Federal agency when it is relevant to a suspected violation or reasonably imminent violation of law.
• To a State or local agency under a written request when it is relevant to a suspected violation or reasonably imminent violation of law concerning public health or safety.

VA must be able to comply with the requirements of agencies charged with enforcing the law conducting investigations. VA must also be able to provide information to State or local agencies charged with protecting the public health as set forth in State law.

5. Any information in this system may be disclosed to the U.S. Office of Special Counsel, upon its official request, when required for the Special Counsel's review of the complainant's allegations of prohibited personnel practices.

VA must be able to provide pertinent information to the U.S. Office of Special Counsel, an independent Federal investigative and prosecutorial agency, to assist in a review conducted by that agency.

6. Disclosure to other Federal agencies to assist such agencies in preventing and detecting possible fraud or abuse by individuals in their operations and programs.

Abuse of Federal programs costs the Federal Government and taxpayers large sums of money every year. Information contained in VA records may help detect and/or prevent fraud and abuse of other agency programs. VA must be able to assist other Federal agencies in their efforts to detect and prevent fraud or abuse in their programs.

7. Disclosure to a Federal Agency or to a State or local government licensing board and/or to the Federation of State Medical Boards or a similar non-government entity which maintains records concerning individuals' employment histories or concerning the issuance, retention or revocation of licenses, certifications, or registration necessary to practice an occupation, profession or specialty in order:

• For the agency to obtain information relevant to an agency decision concerning the hiring, retention or termination of an employee;
• To inform a Federal agency or licensing boards or the appropriate non-government entities about the health care practices of a terminated, resigned or retired health care employee whose professional health care activity so significantly failed to conform to generally accepted standards of professional medical practice as to raise reasonable concern for the health and safety of patients in the private sector or from another Federal agency; or
• As part of an ongoing computer matching program to accomplish these purposes.

8. Relevant information from this system of records related to final adverse actions taken against a health care provider, supplier, or practitioner may be disclosed to the Health Integrity and Protection Data Bank (HIPDB) (45 CFR part 61).

VA must report final adverse actions to the Department of Health and Human Services National Databank, HIPDB, in accordance with the Health Insurance Portability and Accountability Act of 1996 and promulgated regulation in Title 45, Code of Federal Regulations.

9. Disclosure of relevant information may be made to individuals, organizations, private or public agencies, etc., with whom VA has a contract or agreement to perform such services as VA may deem practicable for the purposes of laws administered by VA, in order for the contractor or subcontractor to perform the services of the contract or agreement.

VA occasionally contracts out certain of its functions when this would contribute to effective and efficient operations. VA must be able to give a contractor whatever information is necessary for the contractor to fulfill its duties. In these situations, safeguards are provided in the contract prohibiting the contractor from using or disclosing the information for any purpose other than that described in the contract.

10. Disclosure to survey teams of the Joint Commission on Accreditation of Healthcare Organizations (JCAHO), College of American Pathologists, American Association of Blood Banks, and similar national accreditation agencies or boards with which VA has a contract or agreement to conduct such reviews.

VA must be able to disclose information for program review purposes and the seeking of accreditation and/or certification of health care facilities and programs.

11. Disclosure to the National Archives and Records Administration (NARA) in records management inspections conducted under authority of Title 44 United States Code.

NARA is responsible for archiving old records no longer actively used, but which may be appropriate for preservation and in general for the physical maintenance of the Federal Government's records. VA must be able to turn records over to this agency in order to determine the proper disposition of such records.

III. Compatibility of the Proposed Routine Uses

The Privacy Act permits VA to disclose information about individuals without their consent for a routine use when the information will be used for a purpose that is compatible with the purpose for which VA collected the information. In all of the routine use disclosures described above, the recipient of the information will use the information either in connection with a matter relating to one of VA's programs, or will use the information to provide a benefit to VA, or will disclose as required by law.

The notice of intent to publish and an advance copy of the system notice have been sent to the appropriate Congressional committees and to the Director of the Office of Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000.

106VA17

SYSTEM NAME:

Compliance Records, Response, and Resolution of Reports of Persons Allegedly Involved in Compliance Violations-VA.

SYSTEM LOCATION:

All computerized and paper records are located at: Department of Veterans Affairs (VA) Headquarters, 810 Vermont Avenue, NW, Washington, DC 20420; Start Printed Page 59845Veterans Integrated Services Networks (VISN); and, VA health care facilities. Address locations for VA facilities are listed in VA Appendix 1 of the biennial publication of the Privacy Act Issuances.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

The following categories of individuals will be covered by the system: (1) Employees, (2) veterans, (3) third parties such as contractors who conduct official business with the Veterans Health Administration (VHA), and (4) subjects of complaints and complainants. Complainants are individuals who have reported a possible violation of law, rules, policies, regulations, or external program requirements, such as third-party payor billing guidelines.

CATEGORIES OF RECORDS IN THE SYSTEM:

Records (or information contained in records) in this system include allegations made by individuals calling VHA's Compliance Line, or through another source, to report a possible violation of law, rules, policies, regulations, or external program requirements such as third-party payor billing guidelines. Records also may contain reports of the reviews or investigations conducted at the medical center, VISN, or Headquarters level to verify the reported allegations and take remedial action as needed. The VHA Compliance Office will maintain a copy of these reports. Information in this system regarding reports of suspected non-compliance may include: (1) The name, home and work address and phone number of the complainant; (2) the name of the subject of the complaint; (3) the name and/or patient number of veteran patient who received services associated with the complaint; (4) the date when the allegation was reported; (5) the date, location and nature of the alleged wrongdoing; and (6) the Compliance Office's identification number assigned to the case. The records may also include correspondence between the Compliance Office and the Compliance Line contractor as to the status of each case (open or closed).

Information in the investigation records may include: (1) The name of the subject of an investigation; (2) the names of individuals whose work was reviewed as part of the investigation; (3) the names and/or patient numbers of veteran patients whose medical records were reviewed in order to investigate the allegation; (4) the station at which an investigation took place; (5) the time period when the investigation took place; (6) the nature of the allegation; (7) the outcome of the investigation; (8) the recommended action; and, (9) the Compliance Office's identification number assigned to the case. Information may be in the form of a narrative summary or synopsis, exhibits, or internal documentation and memoranda.

Records in the system will be a combination of computerized files and paper files. Both paper and electronic records may contain the information listed above, and may relate to complainants and subjects of complaints.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Title 38 United States Code, section 501.

PURPOSE(S):

The purpose is to establish a process to receive reports of suspected compliance violations, and to maintain a system to respond to such allegations.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

1. The record of an individual who is covered by this system may be disclosed to a Member of Congress or staff person acting for the member when the member or staff person requests the records on behalf of and at the request of that individual.

2. Any information in this system may be disclosed to a Federal agency, upon its official request, to the extent that it is relevant and necessary to that agency's decision regarding: the hiring, retention or transfer of an employee, the issuance of a security clearance, the letting of a contract, or the issuance or continuance of a license, grant or other benefit given by that agency. However, in accordance with an agreement with the U.S. Postal Service, disclosures to the U.S. Postal Service for decisions concerning the employment of veterans will only be made with the veteran's prior written consent.

3. Any information in this system may be disclosed to a State or local agency, upon its official request, to the extent that it is relevant and necessary to that agency's decision on: The hiring, transfer or retention of an employee, the issuance of a security clearance, the letting of a contract, or the issuance or continuance of a license, grant or other benefit by the agency; provided, that if the information pertains to a veteran, the name and address of the veteran will not be disclosed unless the name and address is provided first by the requesting State or local agency.

4. Any information in this system, except the name and address of a veteran, may be disclosed to a Federal, State or local agency maintaining civil or criminal violation records, or other pertinent information such as prior employment history, prior Federal employment background investigations, and/or personal or educational background in order for VA to obtain information relevant to the hiring, transfer or retention of an employee, the letting of a contract, the granting of a security clearance, or the issuance of a grant or other benefit. The name and address of a veteran may be disclosed to a Federal agency under this routine use if this information has been requested by the Federal agency in order to respond to the VA inquiry.

5. Any information in this system, except the name and address of a veteran, which is relevant to a suspected violation or reasonably imminent violation of law, whether civil, criminal or regulatory in nature and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, may be disclosed to a Federal, State, local or foreign agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule or order issued pursuant thereto.

6. The name and address of a veteran, which is relevant to a suspected violation or reasonably imminent violation of law, whether civil, criminal or regulatory in nature and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, may be disclosed to a Federal agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule or order issued pursuant thereto, in response to its official request.

7. The name and address of a veteran, which is relevant to a suspected violation or reasonably imminent violation of law concerning public health or safety, whether civil, criminal or regulatory in nature and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, may be disclosed to any foreign, State or local governmental agency or instrumentality charged under applicable law with the protection of the public health or safety if a qualified representative of such organization, agency or instrumentality has made a written request that such name and address be provided for a purpose authorized by law.

8. Any information in this system may be disclosed to the U.S. Office of Special Counsel, upon its official request, when Start Printed Page 59846required for the Special Counsel's review of the complainant's allegations of prohibited personnel practices.

9. The name, address, and other identifying data, including title, date and place of birth, social security number, and summary information concerning an individual who, for fraudulent or deceitful conduct either as an employee or while conducting or seeking to conduct business with the Agency, has been convicted of violating Federal or State law or has been debarred or suspended from doing business with VA, may be furnished to other Federal agencies to assist such agencies in preventing and detecting possible fraud or abuse by such individual in their operations and programs. This routine use applies to all information in this system of records which can be retrieved by name or by some identifier assigned to an individual, regardless of whether the information concerns the individual in a personal or in an entrepreneurial capacity.

10. Records from this system of records may be disclosed to a Federal agency or to a State or local government licensing board and/or to the Federation of State Medical Boards or a similar non-government entity which maintains records concerning individuals' employment histories or concerning the issuance, retention or revocation of licenses, certifications, or registration necessary to practice an occupation, profession or specialty, in order for the agency to obtain information relevant to an agency decision concerning the hiring, retention or termination of an employee or to inform a Federal agency or licensing boards or the appropriate non-government entities about the health care practices of a terminated, resigned or retired health care employee whose professional health care activity so significantly failed to conform to generally accepted standards of professional medical practice as to raise reasonable concern for the health and safety of patients in the private sector or from another Federal agency. These records may also be disclosed as part of an ongoing computer matching program to accomplish these purposes.

11. Relevant information from this system of records related to final adverse actions taken against a health care provider, supplier, or practitioner may be disclosed to the Health Integrity and Protection Data Bank (HIPDB) (45 CFR part 61). The information to be reported includes: (1) The name and Taxpayer Identification Number (as defined in section 7701 (a)(41) of the Internal Revenue Code of 1986) of any health care provider, supplier, or practitioner who is the subject of a final adverse action; (2) the name of any health care entity, if known, with which a health care provider, supplier, or practitioner, who is the subject of a final adverse action, is affiliated or associated; (3) the nature of the final adverse action and whether such action is on appeal; and (4) a description of the acts or omissions and injuries upon which the final adverse action was based, and such other information as the Secretary, Department of Health and Human Services, determines by regulation is required for appropriate interpretation of information reported. Information reported will be considered confidential and shall not be disclosed except as specified in the HIPDB regulations.

12. Disclosure of relevant information may be made to individuals, organizations, private or public agencies, etc., with whom VA has a contract or agreement to perform such services as VA may deem practicable for the purposes of laws administered by VA, in order for the contractor or subcontractor to perform the services of the contract or agreement.

13. For program review purposes and the seeking of accreditation and/or certification, disclosure may be made to survey teams of the Joint Commission on Accreditation of Healthcare Organizations (JCAHO), College of American Pathologists, American Association of Blood Banks, and similar national accreditation agencies or boards with which VA has a contract or agreement to conduct such reviews but only to the extent that the information is necessary and relevant to the review.

14. Disclosure may be made to the National Archives and Records Administration (NARA) in records management inspections conducted under authority of Title 44 United States Code.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:

STORAGE:

All reports of suspected noncompliance will be documented in a computerized database and assigned a unique identification number. Paper files may also be maintained which contain documents collected in association with reviewing the case, such as memoranda, policies, or examples of work produced as a result of the complaint.

RETRIEVABILITY:

Both electronic and paper case files will be stored and individually retrieved by the unique identification number, not by name.

SAFEGUARDS:

Access to computerized information in the database is restricted to authorized personnel on a need-to-know basis by means of passwords and authorized user identification codes. Computer system documentation will be maintained in a secure environment in the VHA Office of the Chief Financial Officer (CFO) Compliance Office, and in the Compliance Offices at the network and medical center locations. Physical access to printouts and data terminals will be limited to authorized personnel in the Compliance Program.

Access to file folders is restricted to authorized personnel on a need-to-know basis. Paper files are maintained in file cabinets or closets and are locked after duty hours. These files are under the control of the Compliance Officer or his/her designees. Buildings are protected from unauthorized access by a protective service.

RETENTION AND DISPOSAL:

Computerized records will be retained indefinitely. Periodic system back-ups will be employed for record protection. If disk space is limited, the records will be archived to tape or disk in accordance with established practice. Paper records will be maintained and disposed of in accordance with records disposition authority approved by the Archivist of the United States.

SYSTEM MANAGER(S) AND ADDRESS:

VHA Chief Financial Officer (17), Department of Veterans Affairs, 810 Vermont Avenue, NW., Washington, DC 20420.

NOTIFICATION PROCEDURE:

An individual who wishes to know if a record is being maintained by the VHA CFO Compliance Office under his or her name in this system or wants to determine the contents of such records should submit a written request or apply in person to the VHA CFO (17).

RECORD ACCESS PROCEDURES:

An individual who seeks access to or wishes to contest records maintained under his or her name in this system may write, call or visit the VHA CFO (17).

CONTESTING RECORD PROCEDURES:

(See Record Access Procedures above.)

RECORD SOURCE CATEGORIES:

The information in this system will be obtained from calls that are received on the Compliance Line and reports Start Printed Page 59847received through other sources. Information is obtained from VHA employees, veterans, third parties such as contractors, and VHA records which may include billing data, patient medical records, policies and procedures, and memoranda.