AGENCY:

Department of Veterans Affairs (VA), Veterans Health Administration (VHA).

ACTION:

Notice of a Modified System of Records.

SUMMARY:

Pursuant to the Privacy Act of 1974, notice is hereby given that the VA is modifying the system of records entitled, “Blood Donor Information-VA” (04VA10P4D) as set forth in the Federal Register . This system is used to track donor medical history, donation intervals, results of donor testing, as well as report positive or abnormal test results, blood and hematopoietic progenitor cells (HPC) and/or blood components produced from the donation.

DATES:

Comments on this amended system of records must be received no later than 30 days after date of publication in the Federal Register . If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by the VA, the modified system of records will become effective a minimum of 30 days after date of publication in the Federal Register . If VA receives public comments, VA shall review the comments to determine whether any changes to the notice are necessary.

ADDRESSES:

Comments may be submitted through www.Regulations.gov or mailed to VA Privacy Service, 810 Vermont Avenue NW, (005X6F), Washington, DC 20420. Comments should indicate that they are submitted in response to “Blood Donor Information-VA” (04VA10P4D). Comments received will be available at www.Regulations.gov for public viewing, inspection or copies.

FOR FURTHER INFORMATION CONTACT:

Stephania Griffin, VHA Chief Privacy Officer, Department of Veterans Affairs, 810 Vermont Avenue NW, Washington, DC 20420; telephone (704) 245–2492 (Note: this is not a toll-free number).

SUPPLEMENTARY INFORMATION:

VA is amending the system of records by revising the System Name; System Number; System Location; System Manager; Categories of Records in the System; Records Source Categories; Routine Uses of Records Maintained in the System; Policies and Practices for Retrieval of Records; Policies and Practices for Retention and Disposal of Records; and Administrative, Technical and Physical Safeguards. VA is republishing the system notice in its entirety.

The System Name is being updated from “Blood Donor Information-VA” to “Blood Product and Information-VA”

The System Number is being updated from 04VA10P4D to 04VA10 to reflect the current VHA organizational routing symbol.

The System Location is being updated to include “HPC (stem cells) records are maintained at the South Texas VA Health Care System.” The System Manager is updated to replace “Chief Consultant, Diagnostic Services (10P4D)”, with “Executive Director, Pathology and Laboratory Medicine. Telephone number 858–642–3511 (this is not a toll-free number).”

The Purpose of the System, Categories of Records in the System, and Policies and Practices for Retrieval of Records are being modified to include “HPC” or “HPC (stem cells).”

The Records Source Categories is being updated to include: “5. HPC counts.” “6. VA information systems, such as the Veterans Health Information System and Technology Architecture (VistA).”

Routine Use #2 is being updated to reflect the following language, “Referral to Non-VA Health Care Provider: To a non-VA health care provider or institution when VA refers a patient for medical service. These disclosures may be made: blood availability, location, quantity on hand, and blood type for use by the area donor collection coordinators to answer and fill requests from health care facilities in need of type-specific blood. For HPC products, disclosure from bone marrow transplant physicians for the availability, transfer and infusion of stored products.”

Routine Use #5 is being deleted and updated as it is duplicative of Routine Use #6. Routine Use #5 is being updated to state “Data Breach Response and Remediation, for VA: To appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that there has been a breach of the system of records; (2) VA has determined that as a result of the suspected or confirmed breach there is a risk to individuals, VA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, or persons is reasonably necessary to assist in connection with VA efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.”

Policies and Practices for Retention and Disposal of Records being updated to remove “Section VIII-Laboratory Services of the VHA Records Control Schedule 10–1, Item number 113–31/36, National Archives and Records Administration under the National Archives Job No. N1–15–02–04.” This section is being updated to state, “The records are disposed of in accordance with VHA Records Control Schedule 10–1, Item Number 7100.1–7100.27.”

Administrative, Technical and Physical Safeguards is being updated to remove, “Employees file records and file records of public figures or otherwise sensitive medical record files are stored in separate locked files,” from #1.

The Report of Intent to Amend a System of Records Notice and an advance copy of the system notice have been sent to the appropriate Congressional committees and to the Director of the Office of Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000.

Signing Authority

The Senior Agency Official for Privacy, or designee, approved this document and authorized the undersigned to sign and submit the document to the Office of the Federal Register for publication electronically as an official document of the Department of Veterans Affairs. Kurt D. DelBene, Assistant Secretary for Information and Technology and Chief Information Officer, approved this document on May 10, 2023 for publication.

SYSTEM NAME AND NUMBER:

“Blood Product and Information-VA” (04VA10)

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Blood donor records are maintained at VA health care facilities that currently or previously collected blood donations. Hematopoietic Progenitor Cells (HPC) (stem cells) records are maintained at the South Texas VA Health Care System. Addresses are listed in VA Appendix I of the biennial publication of Privacy Act Issuances.

SYSTEM MANAGER(S):

Executive Director, Pathology and Laboratory Medicine, Department of Start Printed Page 42011 Veterans Affairs, 810 Vermont Avenue NW, Washington, DC 20420. Telephone number 858–642–3511 (this is not a toll-free number).

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

38 U.S.C. 501; 21 CFR 200–299, 600–680; 42 CFR 493.1105.

PURPOSE(S) OF THE SYSTEM:

The purpose of these records is to track donor and patient medical history, donation intervals, results of infectious disease testing, as well as reporting positive or abnormal test results for HPC and/or blood components produced from the donation.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

These records include information on individuals who donate or have donated blood or HPC products at a VHA health care facility or blood bank for patient care.

CATEGORIES OF RECORDS IN THE SYSTEM:

The blood donor and HPC records may contain sufficient information ( i.e., donor name, Social Security number, or other unique identifier, date of donation, and type of donation, type of components produced by the donation, mandated tests results, and disposition of the HPC, blood or blood component) to provide a mechanism to track a blood or HPC product from the time of donor or patient registration through the final disposition of each prepared blood product or HPC from that donation. For this system of records, final disposition is defined as transferred, transfused, or discarded.

RECORD SOURCE CATEGORIES:

Record sources include the following:

1. Blood donor. 2. Private hospitals and local blood banks. 3. Private physicians. 4. Non-VA Laboratories. 5. HPC counts. 6. VA information systems, such as VistA.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

To the extent that records contained in the system include information protected by 45 CFR parts 160 and 164, i.e., individually identifiable health information of VHA or any of its business associates, and 38 U.S.C. 7332, i.e., medical treatment information related to drug abuse, alcoholism or alcohol abuse, sickle cell anemia, or infection with the human immunodeficiency virus, that information cannot be disclosed under a routine use unless there is also specific disclosure authority in both 38 U.S.C. 7332 and 45 CFR parts 160, 161, and 164.

1. Blood or HPC Source: To Federal, State, local, and tribal medical facilities regarding the source from which blood or HPC was received. Such requests may be initiated by a qualified medical practitioner in the event that a donor's or patient's medical condition warrants it.

2. Non-VA Health Care Provider: To a non-VA health care provider or institution when VA refers a patient for medical service. These disclosures may be made: blood availability, location, quantity on hand, and blood type for use by the area donor collection coordinators to answer and fill requests from health care facilities in need of type-specific blood. For HPC products, disclosure from bone marrow transplant physicians for the availability, transfer and infusion of stored products.

3. Law Enforcement: To a Federal, state, local, territorial, tribal, or foreign law enforcement authority or other appropriate entity charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing such law, provided that the disclosure is limited to information that, either alone or in conjunction with other information, indicates a violation or potential violation of law, whether civil, criminal or regulatory in nature. The disclosure of the names and addresses of Veterans and their dependents from VA records under this routine use must also comply with the provisions of 38 U.S.C. 5701.

4. Congress: To a Member of Congress or staff acting upon the Member's behalf when the Member or staff requests the information on behalf of, and at the request of, the individual who is the subject of the record.

5. Data Breach Response and Remediation, for VA: To appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that there has been a breach of the system of records; (2) VA has determined that as a result of the suspected or confirmed breach there is a risk to individuals, VA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities or persons is reasonably necessary to assist in connection with VA efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

6. National Archives and Records Administration (NARA): To NARA in records management inspections conducted under 44 U.S.C. 2904 and 2906, or other functions authorized by laws and policies governing NARA operations and VA records management responsibilities.

7. Contractors: To contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement or other assignment for VA, when reasonably necessary to accomplish an agency function related to the records.

8. Department of Justice (DOJ), Litigation, Administrative Proceeding: To DOJ, or in a proceeding before a court, adjudicative body, or other administrative body before which VA is authorized to appear, when:

(a) VA or any component thereof;

(b) Any VA employee in his or her official capacity;

(c) Any VA employee in his or her individual capacity where DOJ has agreed to represent the employee; or

(d) The United States, where VA determines that litigation is likely to affect the agency or any of its components is a party to such proceedings or has an interest in such proceedings, and VA determines that use of such records is relevant and necessary to the proceedings.

9. Federal Agencies, Fraud and Abuse: To other Federal agencies in order to assist such agencies in preventing and detecting possible fraud or abuse by individuals in their operations and programs.

10. Data Breach Response and Remediation, for Another Federal Agency: To another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are maintained on paper documents and electronic media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

1. All manual records in this system are retrieved by name and social security number or other unique identifier of donor, cross-indexed by blood type. 2. All electronic records in this system are retrieved by name, unique identifier, social security number, blood type, antibodies and date of last donation. Start Printed Page 42012

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

The records in this system are retained and disposed of in accordance with the schedule approved by the Archivist of the United States, VHA Records Control Schedule 10–1, Item number 7100.1–7100.27.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

1. Access to VA working space and record storage areas is restricted to VA employees on a “need-to-know” basis. Generally, VA file areas are locked after normal duty hours and are protected from outside access by the Federal Protective Service. Strict control measures are enforced to ensure that disclosure is limited to a “need to know” basis.

2. Strict control measures are enforced to ensure that access to and disclosure of all records, including electronic files, are limited to VA employees whose official duties warrant access to those files. The system recognizes authorized employees by a series of individually unique passwords/codes and the employees are limited to only that information in the file which is needed in the performance of their official duties.

RECORD ACCESS PROCEDURES:

Individuals seeking information on the existence and content of records in this system pertaining to them should contact the system manager in writing as indicated above or inquire in person at the VA health care facility where medical service was provided or volunteered. A request for access to records must contain the requester's full name, address, telephone number, be signed by the requester, and describe the records sought in sufficient detail to enable VA personnel to locate them with a reasonable amount of effort.

CONTESTING RECORD PROCEDURES:

Individuals seeking to contest or amend records in this system pertaining to them should contact the system manager in writing as indicated above or inquire in person at the VA health care facility where they normally receive their care. A request to contest or amend records must state clearly and concisely what record is being contested, the reasons for contesting it and the proposed amendment to the record.

NOTIFICATION PROCEDURE:

Generalized notice is provided by the publication of this notice. For specific notice, see Record Access Procedure, above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

66 FR 20860 (April 25, 2001), 73 FR 74574 (December 8, 2008), 80 FR 58815 (September 30, 2015).