Privacy Act of 1974; System of Records

AGENCY:

Veterans Health Administration, Department of Veterans Affairs (VA).

ACTION:

Notice of a modified system of records.

SUMMARY:

As required by the Privacy Act of 1974, notice is hereby given that the Department of Veterans Affairs (VA) is publishing SORN “Veterans Tracking Application (VTA)—VA” (163VA005Q3). The VTA is a joint Veterans Affairs (VA)/Department of Defense (DoD) application that supports the effective management and tracking of Veteran and Service member beneficiaries at all levels of the continuum of care. VTA tracks the Service member through the Integrated Disability Evaluation System (IDES) and monitors benefits applications and administrative details.

DATES:

This modified system of records is effective November 19, 2020.

ADDRESSES:

Comments may be submitted through www.Regulations.gov or mailed to VA Privacy Service, 810 Vermont Avenue NW, (005R1A), Washington, DC 20420. Comments should indicate that they are submitted in response to “Veterans Tracking Application (VTA)—VA” (163VA005Q3). Comments received will be available at regulations.gov for public viewing, inspection or copies.

FOR FURTHER INFORMATION CONTACT:

Delwin Johnson, Product Line Manager (VTA), Office of Information & Technology, Department of Veterans Affairs, 810 Vermont Ave. NW, Washington, DC 20420, (202) 367-4033 and Delwin.Johnson2@va.gov.

SUPPLEMENTARY INFORMATION:

The Department is amending its system of records entitled “Veterans Tracking Application (VTA)/Federal Case Management Tool (FCMT)” (160VA005Q3) by removing FCMT, as VTA is now a standalone application. VTA now falls underneath the product line “Eligibility and Enrollment (E&E)” and the points of contact have been modified.

Signing Authority

The Senior Agency Official for Privacy, or designee, approved this document and authorized the undersigned to sign and submit the document to the Office of the Federal Register for publication electronically as an official document of the Department of Veterans Affairs. Dominic A. Cussatt, Acting Assistant Secretary of Information and Technology and Chief Information Officer, approved this document on March 23, 2021 for publication.

SYSTEM NAME AND NUMBER:

“Veterans Tracking Application (VTA)—VA” (163VA005Q3).

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

The VTA system containing its associated records is maintained at the Austin Information Technology Center (AITC) at 1615 East Woodward Street, Austin, Texas 78772. A second VTA database with an identical set of records is being established at a disaster recovery site at the Hines Information Technology Center (Hines ITC) at Hines, Illinois. All records are maintained electronically.

SYSTEM MANAGER(S):

Delwin Johnson, Product Line Manager (VTA), Office of Information & Technology, Department of Veterans Affairs, 810 Vermont Ave. NW, Washington, DC 20420, (202) 367-4033 and Delwin.Johnson2@va.gov.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

The authority for maintaining this system is Title 38 U.S.C., 5106.

PURPOSE(S) OF THE SYSTEM:

VTA will work to replace manual processes that result in delays in coordinating or managing care for our Veterans. VTA and the associated database support programs throughout the VA. The VTA provides the VA tracking information on members of the armed forces who are receiving care from a DoD Military Treatment Facility (MTF), a VA health care facility, or who already have Veteran status. The VTA provides tracking of the Veteran/Service member's arrival at the initial VA health care facility and provides date and location information for subsequent transfers to other health facilities. In addition to the Veteran patient population, VTA records benefit tracking information for all severely injured Veterans requesting benefits. This history includes all benefit award details to include application dates, award decisions, dates and amounts. The purpose of the VTA is to track the initial arrival of a Service member into the VA and DoD health care systems and their subsequent movement among VA health facilities, as well as monitor benefits application and administration details.

The records and information may be used for analysis to produce various management, workload tracking, and follow-up reports for our Veterans; to track and evaluate the ordering and delivery of services and patient care; for the planning, distribution and utilization of resources; and to allocate clinical and administrative support to patient medical care.

In addition, the data may be used to assist in workload allocation for patient treatment services including provider panel management, nursing care, clinic appointments, surgery, prescription processing, diagnostic and therapeutic procedures; to plan and schedule training activities for employees; for audits, reviews and investigations conducted by the network directors office and VA Central Office; for quality assurance audits, reviews and investigations; for law enforcement investigations; and for personnel management, evaluation and employee ratings, and performance evaluations.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

The category of the individuals covered by the VTA database encompasses Veterans and Service members.

CATEGORIES OF RECORDS IN THE SYSTEM:

The record, or information contained in the record, may include identifying information (e.g., name, contact information, Social Security number), association to dependents, cross reference to other names used, military service participation and status information (branch of service, rank, enter on duty date, release from active duty date, military occupations, type of duty), reason and nature of active duty separation (completion of commitment, disability, hardship, etc.), combat/environmental exposures (combat pay, combat awards, theater location), combat deployments (period of deployment, location/country), Guard/Reserve activations (type of activation), military casualty/disabilities (line of duty death, physical examination board status, serious/very serious injury status, recovery plans, DoD rated disabilities), benefit participation, eligibility and usage, and VA compensation (rating, award amount).

RECORD SOURCE CATEGORIES:

Information in this system of records is provided by components of the Department of Defense and Department of Veterans Affairs.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

HIPAA:

Note: To the extent that records contained in the system include individually identifiable health information protected by 45 CFR parts 160 and 164, that information may not be disclosed under a routine use unless there is also specific disclosure authority in 45 CFR parts 160 and 164.

38 U.S.C. 7332:

Note: To the extent that records contained in the system include individually-identifiable patient information protected by 38 U.S.C. 7332, that information cannot be disclosed under a routine use unless there is also specific disclosure authority in 38 U.S.C. 7332.

HIPAA & 38 U.S.C. 7332:

Note: To the extent that records contained in the system include information protected by 45 CFR parts 160 and 164, i.e., individually identifiable health information of VHA or any of its business associates, and 38 U.S.C. 7332, i.e., medical treatment information related to drug abuse, alcoholism or alcohol abuse, sickle cell anemia, or infection with the human immunodeficiency virus, that information cannot be disclosed under a routine use unless there is also specific disclosure authority in both 38 U.S.C. 7332 and 45 CFR parts 160 and 164.

1. Congress: VA may disclose information to a Member of Congress or staff acting upon the Member's behalf when the Member or staff requests the information on behalf of, and at the request of, the individual who is the subject of the record.

2. Data Breach Response and Remediation, for VA: VA may disclose information to appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that there has been a breach of the system of records, (2) VA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, VA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with VA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm involving.

3. Data Breach Response and Remediation, for Another Federal Agency: VA may disclose information to another Federal agency or Federal entity, when VA determines that the information is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

4. Law Enforcement: VA may disclose information that, either alone or in conjunction with other information, indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature, to a Federal, state, local, territorial, tribal, or foreign law enforcement authority or other appropriate entity charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing such law. The disclosure of the names and addresses of veterans and their dependents from VA records under this routine use must also comply with the provisions of 38 U.S.C. 5701. If the disclosure is in response to a request from a law enforcement entity, the request must meet the requirements for a qualifying law enforcement request under the Privacy Act, 5 U.S.C. 552a(b)(7).

5. DoJ for Litigation or Administrative Proceeding: VA may disclose information to the Department of Justice (DoJ), or in a proceeding before a court, adjudicative body, or other administrative body before which VA is authorized to appear, when:

(a) VA or any component thereof;

(b) Any VA employee in his or her official capacity;

(c) Any VA employee in his or her official capacity where DoJ has agreed to represent the employee; or

(d) The United States, where VA determines that litigation is likely to affect the agency or any of its components,

is a party to such proceedings or has an interest in such proceedings, and VA determines that use of such records is relevant and necessary to the proceedings, provided, however, that in each case VA determines the disclosure is compatible with the purpose for which the records were collected. If the disclosure is in response to a subpoena, summons, investigative demand, or similar legal process, the request must meet the requirements for a qualifying law enforcement request under the Privacy Act, 5 U.S.C. 552a(b)(7), or an order from a court of competent jurisdiction under 552a(b)(11).

6. Contractors: VA may disclose information to contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for VA, when reasonably necessary to accomplish an agency function related to the records.

7. OPM: VA may disclose information to the Office of Personnel Management (OPM) in connection with the application or effect of civil service laws, rules, regulations, or OPM guidelines in particular situations.

8. EEOC: VA may disclose information to the Equal Employment Opportunity Commission (EEOC) in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, or other functions of the Commission as authorized by law.

8. FLRA: VA may disclose information to the Federal Labor Relations Authority (FLRA) in connection with: The investigation and resolution of allegations of unfair labor practices, the resolution of exceptions to arbitration awards when a question of material fact is raised; matters before the Federal Service Impasses Panel; and the investigation of representation petitions and the conduct or supervision of representation elections.

9. MSPB: VA may disclose information to the Merit Systems Protection Board (MSPB) and the Office of the Special Counsel in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as authorized by law.

10. NARA: VA may disclose information to NARA in records management inspections conducted under 44 U.S.C. 2904 and 2906, or other functions authorized by laws and policies governing NARA operations and VA records management responsibilities.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are transmitted between approved VA and DoD office/systems and VTA over secure telecommunications (i.e. SFTP, secure web services) using approved encryption technologies. Records (or information contained in records) are maintained in electronic format in the VTA database. Information from VTA is disseminated in three ways: (1) Approved VA and DoD systems electronically request and receive data from VTA over the internal VA and DoD network; (2) data is provided over the secure telecommunications between VTA and approved VA and DoD office/systems for reconciliation of records; (3) periodic electronic data extracts of subsets of information contained in VTA are provided to approved VA and DoD offices/systems over the internal VA network and DoD network. Backups of VTA data are created regularly and stored in a secure off-site facility.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Electronic files are retrieved using various unique identifiers belonging to the individual to whom the information pertains to include such identifiers as name, claim file number, Social Security number and date of birth.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

VA retains selected information for purposes of making eligibility determinations for VA benefits. The information retained may be included in the VA records that are maintained and disposed of in accordance with the appropriate record disposition authority approved by the Archivist of the United States.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

1. Physical Security: The primary VTA system is located in the AITC and the backup disaster recovery system is located in the Hines ITC. Access to data processing centers is generally restricted to center employees, custodial personnel, Federal Protective Service and other security personnel. Access to computer rooms is restricted to authorized operational personnel through electronic passage technology. All other persons needing access to computer rooms are escorted.

2. System Security: Access to the VA network is protected by the usage of “PIV”. Once on the VA network, separate ID and password credentials are required to gain access to the VTA server and/or database. Access to the server and/or database is granted to only a limited number of system administrators and database administrators. In addition, VTA has undergone certification and accreditation. Users of VTA access the system via AccessVA. Users must also register through VTA and obtain a VTA Account. Within the VTA system, users are designated a role which determines their access to specific data. Based on a risk assessment that followed National Institute of Standards and Technology Vulnerability and Threat Guidelines, the system is considered stable and operational. VTA has received a final Authority to Operate (ATO). The system was found to be operationally secure, with very few exceptions or recommendations for change.

RECORD ACCESS PROCEDURES:

(See notification procedure below.)

CONTESTING RECORD PROCEDURES:

(See notification procedure below.)

NOTIFICATION PROCEDURES:

Individuals seeking information on the existence and content of a record pertaining to them should contact the system manager, in writing, at the above address. Requests should contain the full name, address and telephone number of the individual making the inquiry.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

Not Applicable.

HISTORY:

This SORN was originally published in the Federal Register on April 19, 2012, 77 FR 23543. The SORN was subsequently amended in the Federal Register on April 15, 2014, 79 FR 21352.