AGENCY:

Department of Veterans Affairs (VA).

ACTION:

Notice of amendment to system of records.

SUMMARY:

As required by the Privacy Act of 1974, 5 U.S.C. 552a(e), notice is hereby given that the Department of Veterans Affairs (VA) is amending the system of records currently entitled “Compliance Records, Response, and Resolution of Reports of Persons Allegedly Involved in Compliance Violations—VA” (106VA17) as set forth in the Federal Register 66 FR 59842 and last amended Nov. 30, 2001. VA is amending the system of records by revising the Routine Uses of Records Maintained in the System Including Categories of Users and the Purpose of Such Uses. VA is republishing the system notice in its entirety.

DATES:

Comments on the amendment of this system of records must be received no later than September 16, 2009. If no public comment is received, the amended system will become effective September 16, 2009.

ADDRESSES:

Written comments may be submitted through http://www.Regulations.gov;​; by mail or hand-delivery to Director, Regulations Management (02Reg), Department of Veterans Affairs, 810 Vermont Avenue, NW., Room 1068, Washington, DC 20420; or by fax to (202) 273-9026. Comments received will be available for public inspection in the Office of Regulation Policy and Management, Room 1063B, between the hours of 8 a.m. and 4:30 p.m., Monday through Friday (except holidays). Please call (202) 461-4902 (this is not a toll-free number) for an appointment. In addition, during the comment period, comments may be viewed online through the Federal Docket Management System (FDMS) at http://www.Regulations.gov.

FOR FURTHER INFORMATION CONTACT:

Veterans Health Administration (VHA) Privacy Officer, Department of Veterans Affairs, 810 Vermont Avenue, NW., Washington, DC 20420; telephone (704) 245-2492.

SUPPLEMENTARY INFORMATION:

Routine use 13 was amended to read: Disclosure may be made to the National Archives and Records Administration (NARA) and the General Services Administration (GSA) in records management inspections conducted under authority of Title 44, Chapter 29, of the United States Code.

Routine use 14 was added to disclose information to the Department of Justice (DoJ), either on VA's initiative or in response to DoJ's request for the information, after either VA or DoJ determines that such information is relevant to DoJ's representation of the United States or any of its components in legal proceedings before a court or adjudicative body, provided that, in each case, the agency also determines prior to disclosure that release of the records to the DoJ is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. VA, on its own initiative, may disclose records in this system of records in legal proceedings before a court or administrative body after determining that the disclosure of the records to the court or administrative body is a use of the information contained in the records that is compatible with the purpose for which VA collected the records.

Routine use 15 was added to disclose information to other Federal agencies that may be made to assist such agencies in preventing and detecting possible fraud or abuse by individuals in their operations and programs.

Routine use 16 was added so that the VA may, on its own initiative, disclose any information or records to appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that the integrity or confidentiality of information in the system of records has been compromised; (2) the Department has determined that as a result of the suspected or confirmed compromise, there is a risk of embarrassment or harm to the reputations of the record subjects, harm to economic or property interests, identity theft or fraud, or harm to the security, confidentiality, or integrity of this system or other systems or programs (whether maintained by the Department or another agency or entity) that rely upon the potentially compromised information; and (3) the disclosure is to agencies, entities, or persons whom VA determines are reasonably necessary to assist or carry out the Department's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. This routine use permits disclosures by the Department to respond to a suspected or confirmed data breach, including the conduct of any risk analysis or provision of credit protection services as provided in 38 U.S.C. 5724, as the terms are defined in 38 U.S.C. 5727.

The Report of Intent to Amend a System of Records Notice and an advance copy of the system notice have been sent to the appropriate Congressional committees and to the Director of the Office of Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000.

110VA17

SYSTEM NAME:

Compliance Record, Response, and Resolution of Reports of Persons Allegedly Involved in Compliance Violations—VA

SYSTEM LOCATION:

All computerized and paper records are located at: Department of Veterans Affairs (VA) Central Office, 810 Vermont Avenue, NW., Washington, DC 20420; Veterans Integrated Service Networks (VISNs); and, VA health care facilities. Address locations for VA facilities are listed in VA Appendix 1 of the biennial publication of the Privacy Act Issuances.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

The following categories of individuals will be covered by the system: (1) Employees, (2) Veterans, (3) third parties such as contractors who conduct official business with the Veterans Health Administration (VHA), Start Printed Page 41491(4) family members or representatives of Veterans, and (5) subjects of complaints and complainants. Complainants are individuals who have reported a possible violation of law, rules, policies, regulations, or external program requirements, such as third-party payer billing guidelines.

Categories of records in the system:

Records (or information contained in records) in this system include allegations made by individuals calling the VHA Office of Compliance and Business Integrity Help Line, or through another source, to report a possible violation of law, rules, policies, procedures, regulations, or external program requirements such as third-party payer billing guidelines. Records also may contain reports of the reviews or investigations conducted at the medical center, VISN, or Central Office level to verify the reported allegations and take remedial action as needed. VHA Office of Compliance Office and Business Integrity will maintain a copy of these reports. Information in this system regarding reports of suspected non-compliance may include: (1) The name, home and work address and phone number of the complainant; (2) the name of the subject of the complaint; (3) the name or patient number of Veteran patient who received services associated with the complaint; (4) the date when the allegation was reported; (5) the date, location and nature of the alleged wrongdoing; and (6) the Compliance Office's identification number assigned to the case. The records will also include the status of each case (open or closed).

Information in the investigation records may include: (1) The name of the subject of an investigation; (2) the names of individuals whose work was reviewed as part of the investigation; (3) the names or patient numbers of Veteran patients whose medical records were reviewed in order to investigate the allegation; (4) the station at which an investigation took place; (5) the time period when the investigation took place; (6) the nature of the allegation; (7) the outcome of the investigation; (8) the recommended action; and, (9) the identification number assigned to the case. Information may be in the form of a narrative summary or synopsis, exhibits, or internal documentation and memoranda.

Records in the system will be a combination of computerized files and paper files. Both paper and electronic records may contain the information listed above, and may relate to complainants and subjects of complaints.

Authority for maintenance of the system:

Title 38 United States Code, section 501.

PURPOSE(S):

The purpose is to establish a process to receive reports of suspected compliance violations, and to maintain a system to respond to such allegations.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

To the extent that records contained in the system include information protected by 45 CFR Parts 160 and 164, i.e., individually identifiable health information, and 38 U.S.C. 7332, i.e., medical treatment information related to drug abuse, alcoholism or alcohol abuse, sickle cell anemia or infection with the human immunodeficiency virus, that information cannot be disclosed under a routine use unless there is also specific statutory authority in 38 U.S.C. 7332 and regulatory authority in 45 CFR Parts 160 and 164 permitting disclosure.

1. The record of an individual who is covered by this system may be disclosed to a Member of Congress or staff person acting for the member when the member or staff person requests the records on behalf of and at the request of that individual.

2. Any information in this system may be disclosed to a Federal agency, upon its official request, to the extent that it is relevant and necessary to that agency's decision regarding: the hiring, retention or transfer of an employee, the issuance of a security clearance, the letting of a contract, or the issuance or continuance of a license, grant or other benefit given by that agency. However, in accordance with an agreement with the U.S. Postal Service, disclosures to the U.S. Postal Service for decisions concerning the employment of Veterans will only be made with the Veteran's prior written consent.

3. Any information in this system may be disclosed to a State or local agency, upon its official request, to the extent that it is relevant and necessary to that agency's decision on: The hiring, transfer or retention of an employee, the issuance of a security clearance, the letting of a contract, or the issuance or continuance of a license, grant or other benefit by the agency; provided, that if the information pertains to a Veteran, the name and address of the Veteran will not be disclosed unless the name and address is provided first by the requesting State or local agency.

4. Any information in this system, except the name and address of a Veteran, may be disclosed to a Federal, State or local agency maintaining civil or criminal violation records, or other pertinent information such as prior employment history, prior Federal employment background investigations, or personal or educational background in order for VA to obtain information relevant to the hiring, transfer or retention of an employee, the letting of a contract, the granting of a security clearance, or the issuance of a grant or other benefit. The name and address of a Veteran may be disclosed to a Federal agency under this routine use if this information has been requested by the Federal agency in order to respond to the VA inquiry.

5. Any information in this system, except the name and address of a Veteran, which is relevant to a suspected violation or reasonably imminent violation of law, whether civil, criminal or regulatory in nature and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, may be disclosed to a Federal, State, local or foreign agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule or order issued pursuant thereto.

6. The name and address of a Veteran, which is relevant to a suspected violation or reasonably imminent violation of law, whether civil, criminal or regulatory in nature and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, may be disclosed to a Federal agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule or order issued pursuant thereto, in response to its official request.

7. The name and address of a Veteran, which is relevant to a suspected violation or reasonably imminent violation of law concerning public health or safety, whether civil, criminal or regulatory in nature and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, may be disclosed to any foreign, State or local governmental agency or instrumentality charged under applicable law with the protection of the public health or safety if a qualified representative of such organization, agency or instrumentality has made a written request that such name and address be provided for a purpose authorized by law.

8. Any information in this system may be disclosed to the U.S. Office of Special Counsel, upon its official request, when required for the Special Counsel's Start Printed Page 41492review of the complainant's allegations of prohibited personnel practices.

9. The name, address, telephone number, and other identifying data, including title, date and place of birth, social security number, and summary information concerning an individual who, for fraudulent or deceitful conduct either as an employee or while conducting or seeking to conduct business with the Agency, has been convicted of violating Federal or State law or has been debarred or suspended from doing business with VA, may be furnished to other Federal agencies to assist such agencies in preventing and detecting possible fraud or abuse by such individual in their operations and programs. This routine use applies to all information in this system of records which can be retrieved by name or by some identifier assigned to an individual, regardless of whether the information concerns the individual in a personal or in an entrepreneurial capacity.

10. Records from this system of records may be disclosed to a Federal agency or to a State or local government licensing board or to the Federation of State Medical Boards or a similar non-government entity which maintains records concerning individuals' employment histories or concerning the issuance, retention or revocation of licenses, certifications, or registration necessary to practice an occupation, profession or specialty, in order for the agency to obtain information relevant to an agency decision concerning the hiring, retention or termination of an employee or to inform a Federal agency or licensing boards or the appropriate non-government entities about the health care practices of a terminated, resigned or retired health care employee whose professional health care activity so significantly failed to conform to generally accepted standards of professional medical practice as to raise reasonable concern for the health and safety of patients in the private sector or from another Federal agency. These records may also be disclosed as part of an ongoing computer matching program to accomplish these purposes.

11. Disclosure of relevant information may be made to individuals, organizations, private or public agencies, etc., with whom VA has a contract or agreement to perform such services as VA may deem practicable for the purposes of laws administered by VA, in order for the contractor or subcontractor to perform the services of the contract or agreement.

12. For program review purposes and the seeking of accreditation or certification, disclosure may be made to survey teams of The Joint Commission, College of American Pathologists, American Association of Blood Banks, and similar national accreditation agencies or boards with which VA has a contract or agreement to conduct such reviews, but only to the extent that the information is necessary and relevant to the review.

13. Disclosure may be made to the National Archives and Records Administration (NARA) and the General Services Administration (GSA) in records management inspections conducted under authority of Title 44, Chapter 29, of the United States Code.

14. VA may disclose information from this system of records to the DoJ, either on VA's initiative or in response to DoJ's request for the information, after either VA or DoJ determines that such information is relevant to DoJ's representation of the United States or any of its components in legal proceedings before a court or adjudicative body, provided that, in each case, the agency also determines prior to disclosure that release of the records to the DoJ is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. VA, on its own initiative, may disclose records in this system of records in legal proceedings before a court or administrative body after determining that the disclosure of the records to the court or administrative body is a use of the information contained in the records that is compatible with the purpose for which VA collected the records.

15. Disclosure to other Federal agencies that may be made to assist such agencies in preventing and detecting possible fraud or abuse by individuals in their operations and programs.

16. VA may, on its own initiative, disclose any information or records to appropriate agencies, entities, and persons when: (1) VA suspects or has confirmed that the integrity or confidentiality of information in the system of records has been compromised; (2) the Department has determined that as a result of the suspected or confirmed compromise, there is a risk of embarrassment or harm to the reputations of the record subjects, harm to economic or property interests, identity theft or fraud, or harm to the security, confidentiality, or integrity of this system or other systems or programs (whether maintained by the Department or another agency or entity) that rely upon the potentially compromised information; and (3) the disclosure is to agencies, entities, or persons whom VA determines are reasonably necessary to assist or carry out the Department's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. This routine use permits disclosures by the Department to respond to a suspected or confirmed data breach, including the conduct of any risk analysis or provision of credit protection services as provided in 38 U.S.C. 5724, as the terms are defined in 38 U.S.C. 5727.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

All reports of suspected noncompliance with VHA business practice will be documented in a computerized database and assigned a unique identification number. Paper files which contain documents collected in association with reviewing the case, such as memoranda, policies, or examples of work produced as a result of the complaint should be electronically file.

Retrievability:

Both electronic and paper case files will be stored and individually retrieved by the same unique identification number, not by name.

Safeguards:

Access to computerized information in the database is restricted to authorized personnel on a need-to-know basis. Documentation will be maintained in a secure environment in the VHA Office of Compliance and Business Integrity, the Compliance and Business Integrity Officers located at the network and medical center. Physical access to printouts and data terminals will be limited to authorized personnel.

Access to file folders is restricted to authorized personnel on a need-to-know basis. Paper files should be maintained in file cabinets or closets and are locked after duty hours. These files are under the control of the Compliance and Business Integrity Officer or his or her designees.

Retention and disposal:

Computerized records will be retained indefinitely. Periodic system back-ups will be employed for record protection. If disk space is limited, the records will be archived to tape or disk in accordance with established practice. Paper records will be maintained and disposed of in accordance with records disposition authority approved by the Archivist of the United States.

System manager(S) and address:

VHA Office of Compliance and Business Integrity (10B3), Department of Start Printed Page 41493Veterans Affairs, 810 Vermont Avenue, NW., Washington, DC 20420.

Notification procedure:

An individual who wishes to know if a record is being maintained by VHA Office of Compliance and Business Integrity under his or her name or wants to determine the contents of such records should submit a written request or apply in person to the local VA medical center.

Record access procedure:

An individual who seeks access to or wishes to contest records maintained under his or her name in this system may write, call or visit the VHA Office of Compliance and Business Integrity (10B3).

Contesting record procedures:

(See Record Access Procedures above.)

Record source categories:

The information in this system will be obtained from calls that are received through the VHA Compliance and Business Integrity Help Line and reports received through other sources. Information is obtained from VHA employees, Veterans, third parties such as contractors, and VHA records which may include billing data, patient medical records, policies and procedures, and memoranda.