AGENCY:

Department of Veterans Affairs (VA), Office of Information of Technology, Financial Service Center (FSC).

ACTION:

Notice of modified system of records.

SUMMARY:

Individuals Submitting Invoices-Vouchers for Payment and Accounting Transactional Data-VA (13VA047) is a compilation of records Start Printed Page 60270 received, controlled, managed, and employed for payment processing; general accounting; benefit payment distribution to veterans and their families; commercial vendor invoices for contract and reimbursement expenditures; payroll payments; and commercial government procurement and contracting data.

DATES:

Comments on this modified system of records must be received no later than 30 days after date of publication in the Federal Register . If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by VA, the modified system of records will become effective a minimum of 30 days after date of publication in the Federal Register . If VA receives public comments, VA shall review the comments to determine whether any changes to the notice are necessary.

ADDRESSES:

Written comments may be submitted through www.Regulation.gov; by mail or hand-delivery to Director, Regulation Policy and Management (00REG), Department of Veterans Affairs, 810 Vermont Ave. NW, Room 1064, Washington, DC 20420; or by fax to (202) 273–9026 (not a toll-free number). Comments should indicate that they are submitted in response to “Individuals Submitting Invoices-Vouchers for Payment and Accounting Transactional Data-VA” (13VA047). Copies of comments received will be available for public inspection in the Office of Regulation Policy and Management, Room 1063B, between the hours of 8:00 a.m. and 4:30 p.m., Monday through Friday (except holidays). Please call (202) 461–4902 for an appointment. (This is not a toll-free number.) In addition, comments may be viewed online at www.Regulations.gov.

FOR FURTHER INFORMATION CONTACT:

Jonathan Lindow, Director, Operations and Management Division, Financial Services Center, 7600 Metropolis Dr., Austin, TX 78744, Jonathan.Lindow@va.gov, 512–568–0626.

SUPPLEMENTARY INFORMATION:

The Point-of-Contact (POC), system manager and routine uses are being modified in this “Individuals Submitting Invoices Vouchers for Payment and Accounting Transactional Data-VA” (13VA047), along with some changes to covered systems. Individuals Submitting Invoices-Vouchers for Payment and Accounting Transactional Data-VA is a VA-wide financial management system of records utilized in VA's IT accounting systems for payment of benefits, vendor payments, invoice payment processing, payroll purposes, and acquisition records pertinent to maintaining acquisition methods, costs and processes. Information is collected from recipients, vendors, VA administrations, medical centers, and other Federal entities for rendering payment. This includes information on businesses and persons as a business conducting business with VA. Business/person's names may be duplicative requiring another method to ensure the correct business/person is identified. Data Universal Numbers (DUNs), Unique Entity Identifier (UEI) and/or Tax Identification Numbers (TINs) or Employment Identification Numbers (EIN) are used by businesses. In some cases, persons will use their social security number (SSN) as the TIN.

Updated authorities by which the data is collected are 31 U.S. Code 3512—Executive Agency Accounting and other Financial Management Reports and Plans; Federal Managers' Financial Integrity Act section 2 of 1982; Federal Financial Management Improvement Act of 1996; E-Government Act of 2002 title III., Federal Information Security Management Act (FISMA); Clinger Cohen Act of 1996; 38 CFR part 17 17.120–17.132; OMB Circular A–123, Management's Responsibility for Internal Control.

Additional Routine Uses were added based on revised guidelines to A–108 and updated standards for agency breach notification. Moreover, VA must be able to provide its own initiative information that pertains to a violation of laws to law enforcement authorities in order for them to investigate and enforce those laws. Under 38 U.S.C. 5701(a) and (f), VA may only disclose the names and addresses of veterans and their dependents to Federal entities with law enforcement responsibilities. This is distinct from the authority to disclose records in response to a qualifying request from a law enforcement entity, as authorized by Privacy Act subsection 5 U.S.C. 552a(b)(7). VA will administer financial and transactional information through benefit disbursement consuming HIPPA related data thus amending the routine uses to include: 14. Federal Agencies, Hospitals, for Referral by VA.; 15. Non-VA Doc, for Referral to VA; 25. Claims Representatives; and 26. Third Party, for Benefit or Discharge. Location of the system of records is a notable change to being stored, managed, and secured within a momentum cloud application.

Numerical order of routine uses from original SORN listing to revised version is amended to the below agency standardized format including the first ten routine uses:

1. Congress.

2. Data breach response and remedial efforts.

3. Data breach response and remedial efforts with another Federal agency.

4. Law Enforcement.

5. Litigation.

6. Contractors.

7. EEOC.

8. FLRA.

9. MSPB.

10. NARA & GSA.

Data breach response and remedial efforts. VA may, on its own initiative, disclose information from this system to appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that there has been a breach of the system of records; (2) the Department has determined that as a result of the suspected or confirmed compromise there is a risk of harm to individuals, the Department (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure is to agencies, entities, or persons whom VA determines are reasonably necessary to assist or carry out the Department's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. This routine use permits disclosures by the Department to respond to a suspected or confirmed data breach, including the conduct of any risk analysis or provision of credit protection services as provided in 38 U.S.C. 5724 and, in accordance with Veterans Benefits, Health Care, and Information Technology Act of 2006 5723–5724.

Data breach response and remedial efforts, for another Federal agency. VA may, on its own initiative, disclose information from this system to another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. In accordance with 38 U.S.C. 5723, VA will ensure that the Assistant Secretary for Information and Technology, in coordination with the Under Secretaries, Assistant Secretaries, and other key officials of the Department report to Congress, the Office of Management and Budget, and other entities as required by law and this section of the regulation to cooperate with notify and cooperate with officials other than officials of the Department of Start Printed Page 60271 data breaches when required. Use of information is necessary and proper to initiate investigations into confirmed data breaches involving other executive branch agencies.

Law Enforcement. VA may, on its own initiative, disclose information in this system, except the names and home addresses of veterans and their dependents, which is relevant to a suspected or reasonably imminent violation of law, whether civil, criminal or regulatory in nature and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, to a Federal, State, local, Tribal, or foreign agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule or order. VA may also disclose the names and addresses of veterans and their dependents to a Federal agency charged with the responsibility of investigating or prosecuting civil, criminal or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, rule or order issued pursuant thereto. Use of information is necessary and proper to cooperate with other federal agencies while prosecuting civil, criminal or regulatory violations of law.

Litigation. VA may disclose information to the Department of Justice (DoJ) or in a proceeding before a court, adjudicative body, or other administrative body before which VA is authorized to appear, when:

(a) VA or any component thereof;

(b) Any VA employee in his or her official capacity;

(c) Any VA employee in his or her individual capacity where DoJ has agreed to represent the employee; or

(d) The United States, where VA determines that litigation is likely to affect the agency or any of its components is a party to such proceedings or has an interest in such proceedings, and VA determines that use of such records is relevant and necessary to the proceedings.

Contractors. VA may disclose information from this system of records to contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for VA, when reasonably necessary to accomplish an agency function related to the records., in order for the contractor, subcontractor, public or private agency, or other entity or individual with whom VA has a contract or agreement to perform services under the contract or agreement. This routine use includes disclosures by an individual or entity performing services for VA to any secondary entity or individual to perform an activity that is necessary for individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to provide the service to VA. This routine use also applies to agreements that do not qualify as contracts defined by Federal procurement laws and regulations. VA may disclose information from this system of records to individuals, organizations private or public agencies, or other entities or individuals with whom VA has a contract or agreement to perform such services by contract or agreement, and performing duties on behalf of VA.

EEOC. VA may disclose information from this system to the Equal Employment Opportunity Commission (EEOC) when requested in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, or other functions of the Commission as authorized by law or regulation. VA must be able to provide information to EEOC to assist it in fulfilling its duties to protect employees' rights, as required by statute and regulation, and to protect VA employee rights.

FLRA. VA may disclose information from this system to the Federal Labor Relations Authority (FLRA), including its General Counsel, information related to the establishment of jurisdiction, investigation, and resolution of allegations of unfair labor practices, or in connection with the resolution of exceptions to arbitration awards when a question of material fact is raised; for it to address matters properly before the Federal Services Impasses Panel, investigate representation petitions, and conduct or supervise representation elections. VA must be able to provide information to FLRA to comply with the statutory mandate under which it operates and to cooperate with labor relation investigations.

MSPB. VA may disclose information from this system to the Merit Systems Protection Board (MSPB) when requested in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as authorized by law. VA must be able to provide information to MSPB to assist it in fulfilling its duties as required by statute and regulation and to cooperate with Merit Systems Protection Board concerning allegations of prohibited personnel practices. Disclosure may be made to a congressional office from the record of an individual in response to an inquiry from the congressional office made at the request of that individual.

Federal Agencies, for Computer Matches. VA may disclose identifying information, including social security number, concerning veterans, spouses of veterans, and the beneficiaries of veterans to other federal agencies for the purpose of conducting computer matches to obtain information to determine or verify eligibility of veterans receiving VA medical care under Title 38, U.S.C. VA must be able to provide limited personally identifiable information to other federal agencies for computer matching activities for the purpose of benefit payments to veterans and beneficiaries.

Federal Agencies, Hospitals, for Referral by VA. VA may disclose relevant health care information to: (1) a federal agency or non-VA health care provider or institution when VA refers a patient for hospital or nursing home care or medical services, or authorizes a patient to obtain non-VA medical services and the information is needed by the federal agency or non-VA institution on provider to perform the services; or (2) a federal agency or to a non-VA hospital (federal, state, and local public or private) or other medical installation having hospital facilities, organ banks, blood banks, or similar institutions, medical schools or clinics, or other groups or individuals that have contracted or agreed to provide medical services or share the use of medical resources under the provisions of 38 U.S.C. 513, 7409, 8111, or 8153, when treatment is rendered by VA under the terms of such contract or agreement or the issuance of an authorization, and the information is needed for purposes of medical treatment and/or follow-up, determining entitlement to a benefit, or for VA to effect recovery of the costs of the medical care. VA must be able to provide patient referral information for authorized hospital and/or nursing home care to a non-VA medical services provider for recovery of the costs of the medical care.

Federal Agencies, for Recovery of Medical Care Costs. VA may disclose patient identifying information to federal agencies and VA and government-wide third-party insurers responsible for payment of the cost of medical care for the identified patients, in order for VA to seek recovery of the medical care costs. These records may also be disclosed as part of a computer matching program to accomplish this purpose. Use of information is necessary Start Printed Page 60272 and proper as data within this system does not exclusively include financial, transactional, and benefit payout data.

Treasury, IRS. VA may disclose the name of a veteran or beneficiary, other information as is reasonably necessary to identify such individual, and any other information concerning the individual's indebtedness by virtue of a person's participation in a benefits program administered by VA, may be disclosed to the Department of the Treasury, Internal Revenue Service, for the collection of Title 38 benefit overpayments, overdue indebtedness, and/or costs of services provided to an individual not entitled to such services, by the withholding of all or a portion of the person's Federal income tax refund. The purpose of this disclosure is to collect a debt owed the VA by an individual by offset of his or her Federal income tax refund.

Treasury, to Report Waived Debt as Income. VA may disclose an individual's name, address, social security number, and the amount (excluding interest) of any indebtedness which is waived under 38 U.S.C. 3102, compromised under 4 CFR part 103, otherwise forgiven, or for which the applicable statute of limitations for enforcing collection has expired, to the Department of the Treasury, Internal Revenue Service, as a report of income under 26 U.S.C. 61(a)(12).

Treasury, for Payment or Reimbursement. VA may disclose information to the Department of the Treasury to facilitate payments to physicians, clinics, and pharmacies for reimbursement of services rendered, and to veterans for reimbursements of authorized expenses, or to collect, by set off or otherwise, debts owed the United States. Justification—VA established standardized Guardians Ad Litem, for Representation.VA may disclose information to a fiduciary or guardian ad litem in relation to his or her representation of a claimant in any legal proceeding, but only to the extent necessary to fulfill the duties of the fiduciary or guardian ad litem. This disclosure permits VA to provide individual information to an appointed VA Federal fiduciary or to the individual's guardian ad litem that is needed to fulfill appointed duties.

Guardians, for Incompetent Veterans. VA may disclose relevant information from this system of records in the course of presenting evidence to a court, magistrate, or administrative tribunal; in matters of guardianship, inquests, and commitments; to private attorneys representing veterans rated incompetent in conjunction with issuance of Certificates of Incompetency; and to probation and parole officers in connection with court-required duties.

Claims Representatives. VA may disclose information from this system of records relevant to a claim of a veteran or beneficiary, such as the name, address, the basis and nature of a claim, amount of benefit payment information, medical information, and military service and active duty separation information, at the request of the claimant to accredited service organizations, VA-approved claim agents, and attorneys acting under a declaration of representation, so that these individuals can aid claimants in the preparation, presentation, and prosecution of claims under the laws administered by VA. The name and address of a claimant will not, however, be disclosed to these individuals under this routine use if the claimant has not requested the assistance of an accredited service organization, claims agent or an attorney. VA must be able to disclose this information to accredited service organizations, VA-approved claim agents, and attorneys representing veterans so they can assist veterans by preparing, presenting, and prosecuting claims under the laws administered by VA.

Third Party, for Benefit or Discharge. Health care information concerning a non-judicially declared incompetent patient may be disclosed to a third party upon the written authorization of the patient's next of kin in order for the patient, or, consistent with the best interest of the patient, a member of the patient's family, to receive a benefit to which the patient or family member is entitled, or, to arrange for the patient's discharge from a VA medical facility. Sufficient data to make an informed determination will be made available to such next of kin. If the patient's next of kin are not reasonably accessible, the Chief of Staff, Director, or designee of the custodial VA medical facility may disclose health information for these purposes.

Signing Authority

The Senior Agency Official for Privacy, or designee, approved this document and authorized the undersigned to sign and submit the document to the Office of the Federal Register for publication electronically as an official document of the Department of Veterans Affairs. Kurt D. DelBene, Assistant Secretary for Information and Technology and Chief Information Officer, approved this document on July 25, 2023 for publication.

SYSTEM NAME:

“Individuals Submitting Invoices-Vouchers for Payment and Accounting Transactional Data-VA” (13VA047).

SECURITY CLASSIFICATION:

The information in this system is unclassified.

SYSTEM LOCATION:

VA Data Processing Center, Austin, Texas and fiscal offices of Central Office; field stations where fiscal transactions are processed; and application servers located in the VA managed enterprise service cloud enclave.

SYSTEM MANAGER(s):

Jonathan Lindow, Information System Owner, VA Financial Services Center (FSC), 7600 Metropolis Dr., Austin, TX 78744, Jonathan.Lindow@va.gov, (512) 981–4871. Pamela Smith, VA FSC Privacy Officer, Financial Services Center, 7600 Metropolis Dr., Austin, TX 78744, Pamela.Smith6@va.gov, (512) 937–4824.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

31 U.S. Code 3512- Executive Agency Accounting and other Financial Management Reports and Plans; Federal Managers' Financial Integrity Act section 2 of 1982; Federal Financial Management Improvement Act of 1996; E-Government Act of 2002 title III., Federal Information Security Modernization Act (FISMA) of 2014; Clinger Cohen Act of 1996; 38 CFR part 17 17.120–17.132; OMB Circular A–123, Management's Responsibility for Internal Control.

PURPOSE(S) OF THE SYSTEM:

Individuals Submitting Invoices-Vouchers for Payment and Accounting Transactional Data-VA is a VA-wide financial management system of records utilized in VA's IT accounting systems for payment of benefits, vendor payments, invoice payment processing, and payroll purposes. Information is collected from recipients, vendors, VA administrations, medical centers, and other Federal entities for rendering payment.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

VA Employees, VA Contractors, VA Volunteers, Veterans or Dependents, and Members of the Public and Individuals. Start Printed Page 60273

CATEGORIES OF RECORDS IN THE SYSTEM:

Commercial Vendor identification listings, invoiced payment records, claimant information, and banking and financial accounting information, including Full name, Address, Phone Number, Social Security Number, Medical Records, Claim/Statement Number, Date of Service, Beneficiary Information, Email Address, Date of Birth, Driver License (Number and State), License Plate, Place of Birth (City, State and Country), Banking Information (Routing/Bank Account Number, and Bank Name), Charge Card Number, Emergency Contact Information, and Unique Entity Identifier (UEI).

RECORD SOURCE CATEGORIES:

Commercial vendors; individual or legal representative as part of an application for a benefit, contract or reimbursement; Data could potentially be obtained from a VA administration, facility and/or medical center; Department of the Treasury; Internal Revenue Service; and other Federal entities.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

1. Congress: To a Member of Congress or staff acting upon the Member's behalf when the Member or staff requests the information on behalf of, and at the request of, the individual who is the subject of the record.

2. Data breach response and remediation, for VA: To appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that there has been a breach of the system of records,· (2) VA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, VA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with VA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

3. Data breach response and remediation, for another Federal agency: To another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

4. Law Enforcement: To a Federal, state, local, territorial, tribal, or foreign law enforcement authority or other appropriate entity charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing such law, provided that the disclosure is limited to information that, either alone or in conjunction with other information, indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature. The disclosure of the names and addresses of veterans and their dependents from VA records under this routine use must also comply with the provisions of 38 U.S.C. 5701.

5. DoJ for Litigation or Administrative Proceeding: To the Department of Justice (DoJ), or in a proceeding before a court, adjudicative body, or other administrative body before which VA is authorized to appear, when:

(a) VA or any component thereof;

(b) Any VA employee in his or her official capacity;

(c) Any VA employee in his or her individual capacity where DoJ has agreed to represent the employee; or

(d) The United States, where VA determines that litigation is likely to affect the agency or any of its components, is a party to such proceedings or has an interest in such proceedings, and VA determines that use of such records is relevant and necessary to the proceedings.

6. Contractors: To contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for VA, when reasonably necessary to accomplish an agency function related to the records.

7. OPM: To the Office of Personnel Management (OPM) in connection with the application or effect of civil service laws, rules, regulations, or OPM guidelines in particular situations.

8. EEOC: To the Equal Employment Opportunity Commission (EEOC) in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, or other functions of the Commission as authorized by law.

9. FLRA: To the Federal Labor Relations Authority (FLRA) in connection with the investigation and resolution of allegations of unfair labor practices, the resolution of exceptions to arbitration awards when a question of material fact is raised, matters before the Federal Service Impasses Panel, and the investigation of representation petitions and the conduct or supervision of representation elections.

10. MSPB: To the Merit Systems Protection Board (MSPB) in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as authorized by law.

11. NARA: To the National Archives and Records Administration (NARA) in records management inspections conducted under 44 U.S.C. 2904 and 2906, or other functions authorized by laws and policies governing NARA operations and VA records management responsibilities.

12. Federal Agencies, for Computer Matches: To other federal agencies for the purpose of conducting computer matches to obtain information to determine or verify eligibility of veterans receiving VA benefits or medical care under title 38.

13. Federal Agencies, Courts, Litigants, for Litigation or Administrative Proceedings: To another federal agency, court, or party in litigation before a court or in an administrative proceeding conducted by a Federal agency, when the government is a party to the judicial or administrative proceeding.

14. Health Care Providers, for Referral by VA: To: (1) a federal agency or health care provider when VA refers a patient for medical and other health services, or authorizes a patient to obtain such services and the information is needed by the federal agency or health care provider to perform the services; or (2) a federal agency or to health care provider under the provisions of 38 U.S.C. 513, 7409, 8111, or 8153, when treatment is rendered by VA under the terms of such contract or agreement or the issuance of an authorization, and the information is needed for purposes of medical treatment or follow-up, determination of eligibility for benefits, or recovery by VA of the costs of the treatment.

15. Health Care Providers, for Referral to VA: To a non-VA health care provider when that health care provider has referred the individual to VA for medical or other health services.

16. Federal Agencies, for Recovery of Medical Care Costs: To Federal agencies and government-wide third-party insurers responsible for payment of the cost of medical care for the identified patients, to seek recovery of the medical care costs. These records may also be Start Printed Page 60274 disclosed as part of a computer matching program to accomplish this purpose.

17. Treasury, for Withholding: To the Department of the Treasury for the collection of title 38 benefit overpayments, overdue indebtedness, or costs of services provided to an individual not entitled to such services, by the withholding of all or a portion of the person's Federal income tax refund, provided that the disclosure is limited to information concerning an individual's indebtedness by virtue of a person's participation in a benefits program administered by VA.

18. Treasury, to Report Waived Debt as Income: To the Department of the Treasury as a report of income under 26 U.S.C. 61(a)(12), provided that the disclosure is limited to information concerning an individual's indebtedness that is waived under 38 U.S.C. 3102, compromised under 4 CFR part 103, otherwise forgiven, or for which the applicable statute of limitations for enforcing collection has expired.

19. Treasury, for Payment or Reimbursement: To the Department of the Treasury to facilitate payments to physicians, clinics, and pharmacies for reimbursement of services rendered or to veterans for reimbursement of authorized expenses, as well as to collect, by set off or otherwise, debts owed the United States.

20. Guardians Ad Litem, for Representation: To a fiduciary or guardian ad litem in relation to his or her representation of a claimant in any legal proceeding as relevant and necessary to fulfill the duties of the fiduciary or guardian ad litem.

21. Guardians, Courts, for Incompetent Veterans: To a court, magistrate, or administrative tribunal in matters of guardianship, inquests, and commitments; to private attorneys representing veterans rated incompetent in conjunction with issuance of Certificates of Incompetency; or to probation and parole officers in connection with court-required duties.

22. Claims Representatives: To accredited service organizations, VA-approved claim agents, and attorneys acting under a declaration of representation, so that these individuals can aid claimants in the preparation, presentation, and prosecution of claims under the laws administered by VA upon the request of the claimant and provided that the disclosure is limited to information relevant to a claim, such as the name, address, the basis and nature of a claim, amount of benefit payment information, medical information, and military service and active duty separation information.

23. Third Party, for Benefit or Discharge: To a third party upon the written request of the patient's next-of-kin in order for a non-judicially declared incompetent patient or, consistent with the best interest of the patient, a member of the patient's family to receive a benefit to which the patient or family member is entitled or to arrange for the patient's discharge from a VA medical facility. Sufficient data to make an informed determination will be made available to such next-of-kin. If the patient's next-of-kin is not reasonably accessible, the Chief of Staff, Director, or designee of the custodial VA medical facility may disclose the information for these purposes.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are stored electronically on a VA server, in paper folders, magnetic discs, magnetic tape, and in a momentum cloud application. Paper documents may be scanned/digitized and stored for viewing electronically.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Alphabetically by name and numerically by identification number. Access to the records is restricted to VA Finance employees. These records are protected from outside access by Federal Protective Service.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Individuals Submitting Invoices-Vouchers for Payment and Accounting Transactional Data-VA system of records is retained as defined by its NARA approved the General Records Schedule (GRS) GRS 1.1: Financial Management and Reporting Records, item 010. Unscheduled records within this System of Records are indefinitely retained within the rules GRS, ERA Number DAA–GRS–2013–0003–0001 (Financial transaction records). Per NARA practice, documentation for permanent electronic records must be transferred with the related records using the disposition authority of the related electronic records rather than the GRS disposition authority.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

VA will store records produced within this system of records in an area that is physically and technologically secure from access by unauthorized persons at all times. Only authorized personnel will transport records within this system of records. VA will process records produced within this system of records under immediate supervision and control of authorized personnel in a manner that will protect the confidentiality of the records, so that unauthorized persons cannot retrieve any records by computer, remote terminal, or other means. VA will store records using FIPS 140–2 compliant encryption. Systems personnel must enter personal identification numbers when accessing records on the agencies' systems. VA will strictly limit authorization to those electronic records areas necessary for the authorized analyst to perform his or her official duties.

RECORD ACCESS PROCEDURES:

An individual wanting notification or access, including contesting the record, should mail or deliver a request to the office identified in the SORN. If an individual does not know the “office concerned,” the request may be addressed to the following with below requirements: PO or FOIA/PO of any VA field station or the Department of Veterans Affairs Central Office, 810 Vermont Avenue NW, Washington, DC 20420. The receiving office must promptly forward the mail request received to the office of jurisdiction clearly identifying it as “Privacy Act Request” and notify the requester of the referral. Approved VA authorization forms may be provided to individuals for use.

CONTESTING RECORD PROCEDURES:

An individual may request amendment of a record pertaining to him or her contained in a specific VA system of records by mailing or delivering the request to the office concerned. The request must be in writing and must conform to the following requirements: It must state the nature of the information in the record the individual believes to be inaccurate, irrelevant, untimely, or incomplete; why the record should be changed; and the amendment desired. The requester must be advised of the title and address of the VA official who can assist in preparing the request to amend the record if assistance is desired. Not later than business 10 days after the date of a request to amend a record, the VA official concerned will acknowledge in writing such receipt. If a determination for correction or amendment has not been made, the acknowledgement will inform the individual of when to expect information regarding the action taken on the request. VA will complete a review of the request to amend or correct a record within 30 business days of the date of receipt. Where VA agrees with the individual's request to amend his or her record(s), the requirements of 5 U.S.C. 552a(d) will be followed. The Start Printed Page 60275 record(s) will be corrected promptly, and the individual will be advised promptly of the correction.

If the record has previously been disclosed to any person or agency, and an accounting of the disclosure was made, prior recipients of the record will be informed of the correction. An approved VA notification of amendment form letter may be used for this purpose. An individual wanting notification or access, including contesting the record, should mail or deliver a request to the Privacy Office or FOIA/Privacy Office of any VA field station or the Department of Veterans Affairs Central Office, 810 Vermont Avenue NW, Washington, DC 20420.

NOTIFICATION PROCEDURES:

Notification for correcting the information will be accomplished by informing the individual to whom the record pertains by mail. The individual making the amendment must be advised in writing that the record has been amended and provided with a copy of the amended record. System Manager for the concerned VA system of records, Privacy Officer, or their designee, will notify the relevant persons or organizations who had previously received the record about the amendment.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

N/A

HISTORY:

Last full publication provided in 85 FR 22788 dated April 23, 2020.