AGENCY:

Veterans Health Administration (VHA), Department of Veterans Affairs (VA).

ACTION:

Notice of a modified system of records.

SUMMARY:

Pursuant to the Privacy Act of 1974, notice is hereby given that the VA is modifying the system of records entitled, “Telephone Service for Clinical Care Records-VA” (113VA112). This system is used to provide clinical and administrative support to patient care as well as provide medical and administrative documentation of the care and/or services provided in Call Centers. This system is also used for improving Call Center staff's ability to provide telephone care services to Veterans and the quality of the service by having immediate access to records of calls made previously by the Veteran.

DATES:

Comments on this amended system of records must be received no later than 30 days after date of publication in the Federal Register . If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by the VA, the modified system of records will become effective a minimum of 30 days after date of publication in the Federal Register . If VA receives public comments, VA shall review the comments to determine whether any changes to the notice are necessary.

ADDRESSES:

Comments may be submitted through www.Regulations.gov or mailed to VA Privacy Service, 810 Vermont Avenue NW, (005R1A), Washington, DC 20420. Comments should indicate that they are submitted in response to “Telephone Service for Clinical Care Records-VA” (113VA112). Comments received will be available at regulations.gov for public viewing, inspection or copies.

FOR FURTHER INFORMATION CONTACT:

Stephania Griffin, VHA Chief Privacy Officer, Department of Veterans Affairs, 810 Vermont Avenue NW, Washington, DC 20420; telephone (704) 245–2492 (Note: this is not a toll-free number).

SUPPLEMENTARY INFORMATION:

VA is modifying the system of records by revising the System Number; System Location; System Manager; Purpose of the System; Categories of Individuals Covered by the System; Records Source Categories; Routine Uses of Records Maintained in the System; Policies and Practices for Storage of Records; and Policies and Practices for Retention and Disposal of Records. VA is republishing the system notice in its entirety.

The System Number will be changed from 113VA112 to 113VA10 to reflect the current VHA organizational routing symbol.

The System Location is being modified to remove “records located at each Call Center.” This section will include the Corporate Data Warehouse, Austin Information Technology Center (AITC) in Austin, Texas. Also, Employee Education Systems is being replaced with Institute for Learning, Education and Development (ILEAD).

The System Manager is being updated to replace, “with, Assistant Under Secretary for Health” for “Integrated Veteran Care.”

The Purpose of the System is being modified to remove “Utilization Review Accreditation Commission (URAC) for the accreditation of a Call Center or facility.” This section will include another accreditation agency.

Categories of Individuals Covered by the System is being modified to include non-enrolled patients.

Categories of Records is being updated to replace 79VA19 with 79VA10, and 24VA19 is replaced with 24VA10A7.

The language in Routine Use #7 is being updated to include other licensed health care practitioners.

The following routine use is added and will be routine use #17, “Data Breach Response and Remediation, For Another Agency: To another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in; (1) responding to a suspected or confirmed breach; or (2) preventing, minimizing or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs and operations), the Federal Government or national security, resulting from a suspected or confirmed breach.”

Policies and Practices for Storage of Records is being modified to remove “automated storage media, such as magnetic tape, disc or laser optical media.” This section will now include “VistA and Computerized Patient Record System.”

Policies and Practices for Retention and Disposal of Records is being modified to include Item Numbers 1930.2 and 1930.4.

The Report of Intent to Amend a System of Records Notice and an advance copy of the system notice have been sent to the appropriate Congressional committees and to the Director of the Office of Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000.

Signing Authority

The Senior Agency Official for Privacy, or designee, approved this document and authorized the undersigned to sign and submit the document to the Office of the Federal Register for publication electronically as an official document of the Department of Veterans Affairs. Kurt D. DelBene, Assistant Secretary for Information and Technology and Chief Information Officer, approved this document on April 7, 2023 for publication.

SYSTEM NAME AND NUMBER:

“Telephone Service for Clinical Care Records-VA” (113VA10).

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Records are located at each of the Veterans Integrated Service Network (VISN) Offices, which are operated at the Department of Veteran Affairs (VA) health care facilities or at contractor locations; and the Corporate Data Warehouse, Austin Information Technology Center (AITC) in Austin, Texas. In addition, information from clinical symptom calls is maintained in the patient's medical record at VA health care facilities; VISNs; and at the VA Institute for Learning, Education and Development (ILEAD), 810 Vermont Avenue NW, Washington, DC 20420. VA facility addresses are listed in VA Appendix 1 of the biennial publication of VA Privacy Act Issuances. Start Printed Page 32290

SYSTEM MANAGER(S):

Official responsible for policies and procedures for Clinical Contact Centers: Assistant Under Secretary for Health for Integrated Veteran Care, VA, 810 Vermont Avenue NW, (16A), Washington, DC 20420. Telephone number (202) 461–4242 (this is not a toll-free number). Officials maintaining the system: Network and/or facility director at the Network and/or facility where the individuals are associated.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

38 U.S.C. 501.

PURPOSE(S) OF THE SYSTEM:

The purpose of these records is to provide clinical and administrative support to patient care as well as provide medical and administrative documentation of the care and/or services provided in Call Centers. The records may also be used to improve Call Center staff's ability to provide telephone care services to Veterans and the quality of the service by having immediate access to records of calls made previously by the Veteran. Records may likewise be used for purposes of notifying VA providers of the patient's condition and status, the criteria used to judge the status of the patient and/or the information given to the external provider on follow-up steps that they must take to receive authorization for the care. Records may also be used to assess and improve the quality of the services provided through telephone care services and to produce various management and patient follow-up reports. Records may additionally be used to respond to patients, families and other inquiries, including at times non-VA clinicians and The Joint Commission (TJC) or another accreditation agency. Records, when stripped of individual patient identifiers, may also be used to conduct health care related studies, statistical analysis and resource allocation. The clinical information is integrated into the patient's overall health record, into quality improvement plans and activities of the facility, such as utilization review and risk management. Records are also used to improve Call Center services, such as patient education, the improved integration of clinical care, the provision of telephone care services and communication.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

The records include information concerning individual enrolled and non-enrolled patients.

CATEGORIES OF RECORDS IN THE SYSTEM:

The records may include information related to:

1. Clinical care such as clinical symptoms, questions asked about symptoms, answers received, clinical protocol used, and advice provided. It might include doctors' orders for patient care such as nursing care; current medications; scheduling and delivery; consultations, radiology, laboratory and other diagnostic and therapeutic examinations and results; clinical protocol and other reference materials; education provided, including title of education material and reports of contact with individuals or groups. It includes information related to the patient's or family member's understanding of the advice given and their plan of action and, sometimes, the effectiveness of those actions.

2. Record of all calls made to the Call Center, including caller questions about medications, their uses and side effects, requests for renewals of prescriptions, appointment changes, benefits information and the actions taken related to each call, including the notification of providers and other staffs about the call.

3. Contact information from private sector medical facilities or clinicians contacting the VA about issues such as enrolled Veterans' visits to an emergency department or admissions to a community medical center.

RECORD SOURCE CATEGORIES:

Record sources include enrolled patients; patients' families and friends; private medical facilities and their clinical and administrative staff; health care professionals; Patient Medical Records-VA (24VA10A7); Veterans Health Information Systems and Technology Architecture (VistA) (79VA10); VA health care providers; and Call Center nurses and administrative staff.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

To the extent that records contained in the system include information protected by 45 CFR parts 160 and 164, i.e., individually identifiable health information of VHA or any of its business associates, and 38 U.S.C. 7332; i.e., medical treatment information related to drug abuse, alcoholism or alcohol abuse, sickle cell anemia, or infection with the human immunodeficiency virus, that information cannot be disclosed under a routine use unless there is also specific statutory authority in both 38 U.S.C. 7332 and 45 CFR parts 160, 161, and 164.

1. Congress: To a Member of Congress or staff acting upon the Member's behalf when the Member or staff requests the information on behalf of, and at the request of, the individual who is the subject of the record.

2. To the Department of Justice (DoJ), Litigation, Administrative Proceeding: To DoJ, or in a proceeding before a court, adjudicative body or other administrative body before which VA is authorized to appear, when:

(a) VA or any component thereof;

(b) Any VA employee in his or her official capacity;

(c) Any VA employee in his or her individual capacity where DoJ has agreed to represent the employee; or

(d) The United States, where VA determines that litigation is likely to affect the agency or any of its components,

is a party to such proceedings or has an interest in such proceedings and VA determines that the use of such records is relevant and necessary to the proceedings.

3. State Licensing Boards (SLBs), for Licensing: To a Federal agency, a State or local government licensing board, the Federation of State Medical Boards or a similar non-governmental entity that maintains records concerning individuals' employment histories or concerning the issuance, retention or revocation of licenses, certifications or registration necessary to practice an occupation, profession or specialty. This information can be used to inform such non-governmental entities about the health care practices of a terminated, resigned or retired health care employee whose professional health care activity so significantly failed to conform to generally accepted standards of professional medical practice as to raise reasonable concern for the health and safety of patients in the private sector or from another Federal agency. These records may also be disclosed as part of an ongoing computer matching program to accomplish these purposes.

4. TJC, for Accreditation: To survey teams of TJC, College of American Pathologists, American Association of Blood Banks and similar national accreditation agencies or boards with which VA has a contract or agreement to conduct such reviews, as relevant and necessary for the purpose of program review or the seeking of accreditation or certification.

5. Former Employee, Contractor or Representative, for SLB Reporting: To a former VA employee or contractor, as well as the authorized representative of Start Printed Page 32291 a current or former employee or contractor of VA, in connection with or in consideration of reporting that the individual's professional health care activity so significantly failed to conform to generally accepted standards of professional medical practice as to raise reasonable concern for the health and safety of patients, to a Federal agency, a State or local government licensing board or the Federation of State Medical Boards or a similar nongovernmental entity that maintains records concerning individuals' employment histories or concerning the issuance, retention or revocation of licenses, certifications or registration necessary to practice an occupation, profession or specialty.

6. National Practitioner Data Bank (NPDB), for Hiring or Privileging: To the NPDB at the time of hiring or clinical privileging/re-privileging of health care practitioners, and at other times as deemed necessary by VA, in order for VA to obtain information relevant to a Department decision concerning the hiring, privileging/re-privileging, retention or termination of the applicant or employee.

7. NPDB, SLB, for Medical Malpractice: To the NPDB or an SLB in the State in which a practitioner is licensed, in which the VA facility is located or in which an act or omission occurred upon which a medical malpractice claim was based when VA reports information concerning; (1) Any payment for the benefit of a physician, dentist or other licensed health care practitioner that was made as the result of a settlement or judgment of a claim of medical malpractice, if an appropriate determination is made in accordance with Department policy that payment was related to substandard care, professional incompetence or professional misconduct on the part of the individual; (2) a final decision that relates to possible incompetence or improper professional conduct that adversely affects the clinical privileges of a physician, dentist, or other licensed health care practitioner for a period longer than 30 days; or (3) the acceptance of the surrender of clinical privileges or any restriction of such privileges by a physician, dentist, or other licensed health care practitioner either while under investigation by the health care entity relating to possible incompetence or improper professional conduct or in return for not conducting such an investigation or proceeding. These records may also be disclosed as part of a computer matching program to accomplish these purposes.

8. Medical School, for Evaluating Students: To a medical or nursing school, other health care related training institution or other facility with which VA has an affiliation, sharing agreement, contract or similar arrangement, when the student or provider is enrolled at or employed by the school or training institution or other facility, and the information is needed for personnel management, rating or evaluation purposes, provided that VA discloses from a named patient's VA medical record that relates to the performance of a health care student or provider.

9. Contractors: To contractors, grantees, experts, consultants, students and others performing or working on a contract, service, grant, cooperative agreement or other assignment for VA, when reasonably necessary to accomplish an agency function related to the records.

10. Federal Agencies, for Employment: To a Federal agency, except the United States Postal Service, or to the District of Columbia government, in response to its request, in connection with that agency's decision on the hiring, transfer or retention of an employee, the issuance of a security clearance, the letting of a contract, or the issuance of a license, grant or other benefit by that agency.

11. Family or Partner, for Notification of Patient Status: To family members or the persons with whom the patient has a meaningful relationship, by appropriate VA personnel, to the extent necessary, on a need-to-know basis, and consistent with good medical-ethical practices.

12. Law Enforcement: To a Federal, State, local, Territorial, Tribal or foreign law enforcement authority or other appropriate entity charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing such law, provided that the disclosure is limited to information that, either alone or in conjunction with other information, indicates a violation or potential violation of law, whether civil, criminal or regulatory in nature. The disclosure of the names and addresses of Veterans and their dependents from VA records under this routine use must also comply with the provisions of 38 U.S.C. 5701.

13. Non-VA physician or medical facility staff: To a non-VA physician or medical facility staff caring for a Veteran for the purpose of providing relevant clinical information in an urgent or emergent situation.

14. National Archives and Records Administration (NARA): To NARA in records management inspections conducted under 44 U.S.C. 2904 and 2906, or other functions authorized by laws and policies governing NARA operations and VA records management responsibilities.

15. Federal Agencies, Fraud and Abuse: To other Federal agencies to assist such agencies in preventing and detecting possible fraud or abuse by individuals in their operations and programs.

16. Data Breach Response and Remediation, for VA: To appropriate agencies, entities and persons when; (1) VA suspects or has confirmed that there has been a breach of the system of records; (2) VA has determined that as a result of the suspected or confirmed breach there is a risk to individuals, VA (including its information systems, programs and operations), the Federal Government or national security; and (3) the disclosure made to such agencies, entities or persons is reasonably necessary to assist in connection with VA efforts to respond to the suspected or confirmed breach or to prevent, minimize or remedy such harm.

17. Data Breach Response and Remediation, for Another Federal Agency: To another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in; (1) responding to a suspected or confirmed breach; or (2) preventing, minimizing or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs and operations), the Federal Government or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are maintained in the electronic health record, VistA and Computerized Patient Record System.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records in this system are retrieved by name, Social Security Number or other assigned identifier of the enrolled Veteran who is calling or about whom the call is being made.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records in this system are retained and disposed of in accordance with the schedule approved by the Archivist of the United States, VHA Records Control Schedule 10–1, Item Numbers 1930.2 and 1930.4. Start Printed Page 32292

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

1. Access to patient-specific information located in Call Center databases and storage areas is restricted to VA employees and contract personnel on a “need-to-know” basis; strict control measures are enforced to ensure that disclosure to these individuals is also based on this same principle. Generally, VA Call Center areas are locked after normal duty hours or when the Call Center is closed, and the facilities are protected from outside access by the Federal Protective Service or other security personnel.

2. Access to VA and contracted Call Centers and computer rooms is generally limited by appropriate locking devices and restricted to authorized VA employees and vendor personnel. Information in VistA may be accessed by authorized VA employees or authorized contract employees. Access to file information is controlled at two levels; the system recognized authorized employees or contract employees by a series of individually unique passwords/codes as a part of each data message, and personnel are limited to only that information in the file which is needed in the performance of their official duties. Information that is downloaded from VistA and maintained on VA is afforded similar storage and access protections as the data that is maintained in the original files access to information stored on automated storage media at other VA and contract locations is controlled by individually unique passwords/codes.

3. Remote access to VHA information in VistA is provided to those Call Center employees, either VA or contract staff, that require access to information stored in the health record. Access to this information is protected through hardened user access and is controlled by individual unique passwords. Additionally, contracted Call Centers, either VA or private sector, are required to have a separate computer security plan that meets national information security requirements.

RECORD ACCESS PROCEDURES:

Individuals seeking information on the existence and content of records in this system pertaining to them should contact the system manager in writing as indicated above or may write or visit the VA facility location where they normally receive their care. A request for access to records must contain the requester's full name, address, telephone number, be signed by the requester, and describe the records sought in sufficient detail to enable VA personnel to locate them with a reasonable amount of effort.

CONTESTING RECORD PROCEDURES:

Individuals seeking to contest or amend records in this system pertaining to them should contact the system manager in writing as indicated above. A request to contest or amend records must state clearly and concisely what record is being contested, the reasons for contesting it, and the proposed amendment to the record.

NOTIFICATION PROCEDURES:

Generalized notice is provided by the publication of this notice. For specific notice, see Record Access Procedure, above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

67 FR 63497 (October 11, 2002); 74 FR 21742 (May 8, 2009).