AGENCY:

Department of Veterans Affairs (VA), Office of Mental Health and Suicide Prevention (OMHSP).

ACTION:

Notice of a new system of records.

SUMMARY:

The Privacy Act of 1974 requires that all agencies publish in the Federal Register a notice of the existence and character of their systems of records. Notice is hereby given that the Department of Veterans Affairs (VA) is establishing a new system of records entitled, “PAWS Portal-VA” (212VA10). “PAWS” is an acronym for “Puppies Assisting Wounded Servicemembers”.

DATES:

Comments on this new system of records must be received no later than 30 days after date of publication in the Federal Register . If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by VA, the new system of records will become effective a minimum of 30 days after date of publication in the Federal Register . If VA receives public comments, VA shall review the comments to determine whether any changes to the notice are necessary.

ADDRESSES:

Comments may be submitted through www.Regulations.gov or mailed to VA Privacy Service, 810 Vermont Avenue NW, (005R1A), Washington, DC 20420. Comments should indicate that they are submitted in response to “PAWS Portal-VA” (212VA10). Comments received will be available at www.Regulations.gov for public viewing, inspection or copies.

FOR FURTHER INFORMATION CONTACT:

Stephania Griffin, Veterans Health Administration (VHA) Privacy Officer, Department of Veterans Affairs, 810 Vermont Avenue NW, Washington, DC 20420, stephania.griffin@va.gov, telephone number 704–245–2492 (Note: This is not a toll-free number).

SUPPLEMENTARY INFORMATION:

I. Description of Proposed Systems of Records

Information in this system of records is used to establish and maintain records of individuals participating in the Puppies Assisting Wounded Servicemembers for Veterans (PAWS) program. The Puppies Assisting Wounded Servicemembers for Veterans Therapy Act (hereinafter referred to as “the Act”) was signed into law by the President on August 25, 2021 (Pub. L. 117–37, 125, Stat. 329). Section (2) of the Act requires VA to conduct a pilot program to provide canine training to eligible Veterans. Section 2(h) establishes VA's reporting requirements associated with the five-year pilot. Information is maintained in the PAWS Portal. The Portal will be the administrative repository of information required to support the program with ongoing assessment and monitoring. Designated VA staff will enter the contact and assessment information into the portal for each Veteran. This information will be available to service dog organizations (SDOs) to track attendance. Additionally, de-identified data generated from the PAWS Portal will be used in reports to OMHSP, VA Central Office and Congress on the effectiveness of the program. The PAWS Portal will collect Veteran patient demographic data to evaluate the success of the program.

II. Proposed Routine Use Disclosures of Data in the System

We are proposing to establish the following routine use disclosures of information maintained in the system.

1. Congress: VA may disclose information to a Member of Congress or staff acting upon the Member's behalf when the Member or staff requests the information on behalf of, and at the request of, the individual who is the subject of the record.

2. Data breach response and remediation, for VA: VA may disclose information to appropriate agencies, Start Printed Page 32293 entities, and persons when (1) VA suspects or has confirmed that there has been a breach of the system of records,· (2) VA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, VA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with VA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

3. Data breach response and remediation, for another Federal agency: VA may disclose information to another Federal agency or Federal entity, when VA determines that the information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

4. Law Enforcement: VA may disclose information to a Federal, state, local, territorial, tribal, or foreign law enforcement authority or other appropriate entity charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing such law, provided that the disclosure is limited to information that, either alone or in conjunction with other information, indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature. The disclosure of the names and addresses of Veterans and their dependents from VA records under this routine use must also comply with the provisions of 38 U.S.C. 5701.

5. DoJ for Litigation or Administrative Proceeding: VA may disclose information to the Department of Justice (DoJ), or in a proceeding before a court, adjudicative body, or other administrative body before which VA is authorized to appear, when:

(a) VA or any component thereof;

(b) Any VA employee in his or her official capacity;

(c) Any VA employee in his or her individual capacity where DoJ has agreed to represent the employee; or

(d) The United States, where VA determines that litigation is likely to affect the agency or any of its components, is a party to such proceedings or has an interest in such proceedings, and VA determines that use of such records is relevant and necessary to the proceedings.

6. Contractors: VA may disclose information to contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for VA, when reasonably necessary to accomplish an agency function related to the records.

7. OPM: VA may disclose information to the Office of Personnel Management (OPM) in connection with the application or effect of civil service laws, rules, regulations, or OPM guidelines in particular situations.

8. EEOC: VA may disclose information to the Equal Employment Opportunity Commission (EEOC) in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, or other functions of the Commission as authorized by law.

9. FLRA: VA may disclose information to the Federal Labor Relations Authority (FLRA) in connection with: the investigation and resolution of allegations of unfair labor practices, the resolution of exceptions to arbitration awards when a question of material fact is raised; matters before the Federal Service Impasses Panel; and the investigation of representation petitions and the conduct or supervision of representation elections.

10. MSPB: VA may disclose information to the Merit Systems Protection Board (MSPB) in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as authorized by law.

11. NARA: VA may disclose information to the National Archives and Records Administration (NARA) in records management inspections conducted under 44 U.S.C. 2904 and 2906, or other functions authorized by laws and policies governing NARA operations and VA records management responsibilities.

12. Health Care Providers, for Referral by VA: VA may disclose information to: (1) a Federal agency or health care provider when VA refers a patient for medical and other health services, or authorizes a patient to obtain such services and the information is needed by the Federal agency or health care provider to perform the services; or (2) a Federal agency or to health care provider under the provisions of 38 U.S.C. 513, 7409, 8111, or 8153, when treatment is rendered by VA under the terms of such contract or agreement or the issuance of an authorization, and the information is needed for purposes of medical treatment or follow-up, determination of eligibility for benefits, or recovery by VA of the costs of the treatment.

13. Health Care Providers, for Referral to VA: VA may disclose information to a non-VA health care provider when that health care provider has referred the individual to VA for medical or other health services.

14. Covered Entities, for their Health Care Operations: VA may disclose information to a covered entity for their health care operations, provided that the entity either has or had a relationship with the individual, and the disclosure is for the purpose of:

(a) Conducting quality assessment and improvement activities; patient safety activities as defined in 42 CFR 3.20; population-based activities relating to improving health or reducing health care costs, protocol development, case management, and care coordination; contacting of health care providers and patients with information about treatment alternatives; and related functions that do not include treatment;

(b) Reviewing the competence or qualifications of health care professionals; evaluating practitioner and provider performance, health plan performance; conducting training programs for health care practitioners, trainees, and students; training of non-health care professionals; accreditation, certification, licensing, or credentialing activities; or

(c) Health care fraud and abuse detection or compliance.

15. Federal Agencies, for Research: VA may disclose information to a Federal agency for the purpose of conducting research and data analysis to perform a statutory purpose of that Federal agency upon the written request of that agency.

16. Researchers, for Research: VA may disclose information to epidemiological and other research facilities approved by the Under Secretary for Health for research purposes determined to be necessary and proper, provided that the names and addresses of Veterans and their dependents will not be disclosed unless those names and addresses are first provided to VA by the facilities making the request.

17. OMB: VA may disclose information to the Office of Management and Budget (OMB) for the performance of its statutory Start Printed Page 32294 responsibilities for evaluating Federal programs.

18. Nonprofits, for Release of Name and/or Address (RONA): VA may disclose information to a nonprofit organization if the release is directly connected with the conduct of programs and the utilization of benefits under title 38, provided that the disclosure is limited the names and addresses of present or former members of the armed services or their beneficiaries, the records will not be used for any purpose other than that stated in the request, and the organization is aware of the penalty provision of 38 U.S.C. 5701(f).

Signing Authority

The Senior Agency Official for Privacy, or designee, approved this document and authorized the undersigned to sign and submit the document to the Office of the Federal Register for publication electronically as an official document of the Department of Veterans Affairs. Kurt D. DelBene, Assistant Secretary for Information and Technology and Chief Information Officer, approved this document on April 7, 2023 for publication.

SYSTEM NAME AND NUMBER: “PAWS PORTAL–VA” (212VA10)

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

These records are the responsibility of the Office of Mental Health and Suicide Prevention (OMHSP), Veterans Health Administration, Department of Veterans Affairs. The OMHSP is located at 810 Vermont Avenue NW, Washington, DC 20420. Records are maintained in the Microsoft Government Cloud at the Boydton Data Center in Boydton, Virginia.

SYSTEM MANAGER(S):

Stacey Pollack, Ph.D., National Mental Health Director, Program Policy Implementation, Office of Mental Health and Suicide Prevention, 810 Vermont Avenue NW, Washington, DC 20420, telephone number 202–738–2932 (Note: This is not a toll-free number).

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

The Puppies Assisting Wounded Servicemembers for Veterans Therapy Act (hereinafter referred to as “the Act”) was signed into law by the President on August 25, 2021 (Pub. L. 117–37, 125, Stat. 329).

PURPOSE(S) OF THE SYSTEM:

The “PAWS Portal–VA” will be used to store information that is shared between the VA medical centers (VAMCs) participating as the pilot sites, and the service dog organizations (SDOs) providing the training. The Portal will be used to track Veteran attendance in the program as well as the management and effectiveness of the program. The Portal may also be used to determine the impact on Veteran care and capture information on Veteran satisfaction with the program. Additionally, de-identified data generated from the PAWS Portal will be used in reports to OMHSP, VA Central Office and Congress on the effectiveness of the program.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

The records in the system are on Veterans who have received VA health care benefits under 38 U.S.C, Chapter 17, and SDO trainers participating in the program.

CATEGORIES OF RECORDS IN THE SYSTEM:

Information entered into the PAWS Portal includes demographic information, such as name, address, phone number, email address, and the last four of the Veteran's Social Security number. In addition, information regarding the Veteran's attendance in the program is collected, such as date of trainings and location of trainings. SDO trainer names and their email addresses are collected in this system. Eligibility-related information may also be collected, such as referrals, VA staff evaluations, correspondence, and documentation of phone calls, and any information regarding a safety issue around Veterans, SDO trainers, or dogs.

RECORD SOURCE CATEGORIES:

Information in this system of records is provided by Veteran participants in the pilot program, the PAWS Portal VA staff, and by the SDO and their trainers.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

To the extent that records contained in the system include information protected by 45 CFR parts 160 and 164, i.e., individually identifiable health information of VHA or any of its business associates, and 38 U.S.C. 7332, i.e., medical treatment information related to drug abuse, sickle cell anemia, or infection with the human immunodeficiency virus, that information cannot be disclosed under a routine use unless there is also specific disclosure authority in both 38 U.S.C. 7332 and 45 CFR parts 160 and 164.

1. Congress: VA may disclose information to a Member of Congress or staff acting upon the Member's behalf when the Member or staff requests the information on behalf of, and at the request of, the individual who is the subject of the record.

2. Data breach response and remediation, for VA: VA may disclose information to appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that there has been a breach of the system of records; (2) VA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, VA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with VA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

3. Data breach response and remediation, for another Federal agency: VA may disclose information to another Federal agency or Federal entity, when VA determines that the information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

4. Law Enforcement: VA may disclose information to a Federal, state, local, territorial, tribal, or foreign law enforcement authority or other appropriate entity charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing such law, provided that the disclosure is limited to information that, either alone or in conjunction with other information, indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature. The disclosure of the names and addresses of Veterans and their dependents from VA records under this routine use must also comply with the provisions of 38 U.S.C. 5701.

5. DoJ for Litigation or Administrative Proceeding: VA may disclose information to the Department of Justice (DoJ), or in a proceeding before a court, adjudicative body, or other administrative body before which VA is authorized to appear, when: Start Printed Page 32295

(a) VA or any component thereof;

(b) Any VA employee in his or her official capacity;

(c) Any VA employee in his or her individual capacity where DoJ has agreed to represent the employee; or

(d) The United States, where VA determines that litigation is likely to affect the agency or any of its components, is a party to such proceedings or has an interest in such proceedings, and VA determines that use of such records is relevant and necessary to the proceedings.

6. Contractors: VA may disclose information to contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for VA, when reasonably necessary to accomplish an agency function related to the records.

7. OPM: VA may disclose information to the Office of Personnel Management (OPM) in connection with the application or effect of civil service laws, rules, regulations, or OPM guidelines in particular situations.

8. EEOC: VA may disclose information to the Equal Employment Opportunity Commission (EEOC) in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, or other functions of the Commission as authorized by law.

9. FLRA: VA may disclose information to the Federal Labor Relations Authority (FLRA) in connection with: the investigation and resolution of allegations of unfair labor practices, the resolution of exceptions to arbitration awards when a question of material fact is raised; matters before the Federal Service Impasses Panel; and the investigation of representation petitions and the conduct or supervision of representation elections.

10. MSPB: VA may disclose information to the Merit Systems Protection Board (MSPB) in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as authorized by law.

11. NARA: VA may disclose information to the National Archives and Records Administration (NARA) in records management inspections conducted under 44 U.S.C. 2904 and 2906, or other functions authorized by laws and policies governing NARA operations and VA records management responsibilities.

12. Health Care Providers, for Referral by VA: VA may disclose information to: (1) a Federal agency or health care provider when VA refers a patient for medical and other health services, or authorizes a patient to obtain such services and the information is needed by the Federal agency or health care provider to perform the services; or (2) a Federal agency or to health care provider under the provisions of 38 U.S.C. 513, 7409, 8111, or 8153, when treatment is rendered by VA under the terms of such contract or agreement or the issuance of an authorization, and the information is needed for purposes of medical treatment or follow-up, determination of eligibility for benefits, or recovery by VA of the costs of the treatment.

13. Health Care Providers, for Referral to VA: VA may disclose information to a non-VA health care provider when that health care provider has referred the individual to VA for medical or other health services.

14. Covered Entities, for their Health Care Operations: VA may disclose information to a covered entity for their health care operations, provided that the entity either has or had a relationship with the individual, and the disclosure is for the purpose of:

(a) Conducting quality assessment and improvement activities; patient safety activities as defined in 42 CFR 3.20; population-based activities relating to improving health or reducing health care costs, protocol development, case management, and care coordination; contacting of health care providers and patients with information about treatment alternatives; and related functions that do not include treatment;

(b) Reviewing the competence or qualifications of health care professionals; evaluating practitioner and provider performance, health plan performance; conducting training programs for health care practitioners, trainees, and students; training of non-health care professionals; accreditation, certification, licensing, or credentialing activities; or

(c) Health care fraud and abuse detection or compliance.

15. Federal Agencies, for Research: VA may disclose information to a Federal agency for the purpose of conducting research and data analysis to perform a statutory purpose of that Federal agency upon the written request of that agency.

16. Researchers, for Research: VA may disclose information to epidemiological and other research facilities approved by the Under Secretary for Health for research purposes determined to be necessary and proper, provided that the names and addresses of Veterans and their dependents will not be disclosed unless those names and addresses are first provided to VA by the facilities making the request.

17. OMB: VA may disclose information to the Office of Management and Budget (OMB) for the performance of its statutory responsibilities for evaluating Federal programs.

18. Nonprofits, for Release of Name and/or Address (RONA): VA may disclose information to a nonprofit organization if the release is directly connected with the conduct of programs and the utilization of benefits under title 38, provided that the disclosure is limited the names and addresses of present or former members of the armed services or their beneficiaries, the records will not be used for any purpose other than that stated in the request, and the organization is aware of the penalty provision of 38 U.S.C. 5701(f).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

These records are maintained in electronic storage media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records are retrieved by the Veteran's name, phone number, email address, the last four of their Social Security number, program attendance records or by any combination of these identifiers. Records are also retrieved by the name and email address of the SDO trainers participating in the program.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records will be retained and destroyed in accordance with the VA Records Control Schedule, RCS 10–1, 6400.2: Temporary, records are to be filed within the Veteran's electronic health records (DAA–0015–2015–0005–0003) and 6400.3: Temporary, cutoff originals and copies at the end of calendar year. Destroy 7 years after cutoff (DAA–0015–2015–0005–0004).

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

1. On an annual basis, employees are required to sign a computer access agreement acknowledging their understanding of confidentiality requirements. In addition, all employees receive annual privacy awareness and information security training. 2. Access to electronic records is deactivated when no longer required for official duties. Recurring monitors are in place to ensure compliance with nationally and locally established security Start Printed Page 32296 measures. 3. Strict control measures are enforced to ensure that access to and disclosure from all records are limited to VA and the SDO employees whose official duties warrant access to those files. 4. Access to the PAWS Portal is restricted and requires approval prior to access. Restricted access will be provided to enable workflow management to administer, monitor and track services delivered via the PAWS Portal.

RECORD ACCESS PROCEDURES:

Individuals seeking information regarding access to and contesting of the PAWS Portal records may write or visit the VA health care facility where the PAWS program was attended or the VA health care facility that referred the Veteran to participate in the PAWS program offsite.

CONTESTING RECORD PROCEDURES:

(See Record Access Procedures above.)

NOTIFICATION PROCEDURES:

An individual who wishes to determine whether a record is being maintained in this system under his or her name or other personal identifier, or wants to review the contents of such record, should submit a written request, or apply in person to the VA health care facility where the PAWS program was attended or to the VA health care facility that referred the Veteran to participate in the PAWS program offsite. All inquiries must reasonably describe the portion of the medical record involved and the place and approximate date that medical care was provided. Inquiries should include the patient's full name, Social Security number, and return address.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.