§Why CasetextPricing

Privacy Act of 1974

69 Fed. Reg. 59991 (Oct. 6, 2004)

Privacy Act of 1974

Download PDF
Federal RegisterOct 6, 2004
69 Fed. Reg. 59991 (Oct. 6, 2004)

AGENCY:

Department of Veterans Affairs (VA).

ACTION:

Notice of new system of records.

SUMMARY:

The Privacy Act of 1974 (5 U.S.C. 552a(e)(4)) requires that all agencies publish in the Federal Register a notice of the existence and character of their systems of records. Notice is hereby given that the Department of Veterans Affairs (VA) is establishing a new system of records entitled “My Health e Vet Administrative Records—VA” 130VA19.

DATES:

Comments on this new system of records must be received no later than November 5, 2004. If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by VA, the new system will become effective November 5, 2004.

ADDRESSES:

Written comments concerning the proposed new system of records may be submitted by: Mail or hand-delivery to Director, Regulations Management (00REG1), Department of Veterans Affairs, 810 Vermont Avenue, NW., Room 1068, Washington, DC 20420; fax to (202) 273-9026; or e-mail to VAregulations@mail.va.gov. All comments received will be available for public inspection in the Office of Regulation Policy and Management, Room 1063B, between the hours of 8 a.m. and 4:30 p.m., Monday through Friday (except holidays). Please call (202) 273-9515 for an appointment.

FOR FURTHER INFORMATION CONTACT:

Veterans Health Administration (VHA) Privacy Officer, Department of Veterans Affairs, 810 Vermont Avenue, NW., Washington, DC 20420, telephone (727) 320-1839.

SUPPLEMENTARY INFORMATION:

Background: My Health e Vet is a web-based system that provides veterans with information and tools that they can use to increase their knowledge about health conditions, increase communication with their care providers and improve their own health. Participating veterans can request on-line prescription refills, view upcoming appointments, and check their co-payment balances. Through a web-based environment, the VA will also provide a secure and private health space where veterans can enter their own medical information in a “self-entered” health information section, and request a download of copies of key portions of their official VA health record. Veterans can personalize this private environment with links to explanatory material that may help them understand their health record and how to improve their health. As My Health e Vet is refined, VA plans to offer more services to veterans, such as secure electronic messaging with their VA health care providers.

While VA is the authoritative source of veterans' VA medical records, once veterans request copies of key portions of their medical records, VA will download the copies into a secure and private health space where they are owned and maintained by the veteran.

The veteran's self-entered health information is also owned and maintained by the veteran in the My Health e Vet secure and private health space. This self-entered health information is only included in the veteran's official VA medical record upon the veteran's request and upon the VA's medical determination that it is appropriate to include it in the official medical record.

The VA does not provide access to the veteran's personal health information in My Health e Vet in medical emergency situations. However, if a non-VA health care provider requires information from VA medical records to treat a veteran patient, the non-VA health care provider should contact the VA facility where the veteran patient was last treated to obtain that information.

This new on-line environment, which is consistent with existing VA clinical practices, allows veterans to share all or part of the information in their account with other individuals, such as family members, and VA and non-VA health care providers.

VA will only release the health information in the veteran's private and secure health space when authorized to do so by the veteran user, except in very limited circumstances. These limited circumstances include in response to a court order or a subpoena signed by a judge, or in response to a written request from a law enforcement agency. Further details about the operation and maintenance of My Health e Vet are provided to qualified individuals at the time they register for the My Health e Vet program.

In order to administer the My Health e Vet program and support the provision of the above benefits to veterans, VHA is retaining administrative information, including personally identifiable information, on users and information technology (IT) administrators of My Health e Vet electronic services. This administrative information is stored in the My Health e Vet Administrative Records System, and constitutes a system of records.

I. Description of Proposed System of Records

The proposed My Health e Vet Administrative Records System contains administrative information created or collected during the course of operating My Health e Vet, and is provided by veterans and other qualified individuals, their delegates and grantees, Veterans Health Information Systems and Technology Architecture (VistA) IT systems, VA employees, contractors, and subcontractors. At this time, the My Health e Vet program is planning to maintain minimal administrative records at each local facility, while maintaining more comprehensive administrative records at a central location in the VA Austin Automation Center. The records kept locally support the local VA My Health e Vet training programs, sensitive information reviews and VA's annual reporting requirements under the Freedom of Information Act (FOIA) for those veterans who sign up for electronic access to copies of key portions of their health records.

The more comprehensive repository of administrative information is being housed at the Austin Automation Center (AAC). This information is used to support My Health e Vet electronic services, such as requests for prescription refill, co-payment and appointment information, entry of personal health metrics, and requests for copies of key portions of the personal health information on-line. This information may also be used for business administrative reports for system operators and VA managers to ensure that the My Health e Vet system is meeting performance expectations and being used within legal boundaries.

The information needed to support My Health e Vet program activities and electronic services includes such information as: The person's full name; My Health e Vet User ID; date of birth; e-mail address; telephone number; mother's maiden name; zip code; place and date of registration for My Health e Vet electronic record access; delegate and grantee user IDs associated with My Health e Vet users; level of access to My Health e Vet electronic services; date and type of transaction; patient integration control number (ICN); and other administrative data needed for My Health e Vet roles and services.

II. Proposed Routine Use Disclosures of Data in the System

These routine uses only apply to the My Health e Vet administrative information described in this system of records notice. These routine uses do not apply to the veteran's personal health information maintained in the private and secure health space which is not owned by VA or subject to the system of records requirements. VHA is proposing the following routine use disclosures of information to be maintained in the system:

1. Relevant information may be disclosed to individuals, organizations, private or public agencies, etc., with whom VA has a contract or agreement, including sub-contractors, to perform such services as VA may deem practical for the purposes of laws administered by VA, in order for the contractor to perform the services of the contract or agreement.

VA must be able to give contractors whatever information is necessary to fulfill their duties. In these situations, safeguards are provided in the contract prohibiting the contractor from using or disclosing the information for any purpose other than that described in the contract.

2. On its own initiative, VA may disclose information, except for the names of My Health e Vet users, to a Federal, state, local, tribal or foreign agency charged with the responsibility of investigating or prosecuting civil, criminal or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, rule or order issued pursuant thereto. On its own initiative, the VA may also disclose the names of My Health e Vet users to a Federal agency charged with the responsibility of investigating or prosecuting civil, criminal or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, rule or order issued pursuant thereto.

VA must be able to comply with the requirements of agencies charged with enforcing the law and conducting investigations. VA must also be able to provide administrative information to state or local agencies charged with protecting the public's health as set forth in state law.

3. Disclosure may be made to National Archives and Records Administration (NARA) for it to perform its records management inspection responsibilities and its role as Archivist of the United States under authority of Title 44 United States Code (U.S.C.).

NARA is responsible for archiving old records no longer actively used but which may be appropriate for preservation; they are responsible in general for the physical maintenance of the Federal government's records. VA must be able to turn records over to these agencies in order to determine the proper disposition of such records.

4. Any information in this system of records may be disclosed to the United States Department of Justice or United States Attorneys in order to prosecute or defend litigation involving or pertaining to the United States, or in which the United States has an interest.

By law, the Department of Justice represents VA in all litigation and must be given record access when deemed necessary to provide appropriate representation.

5. Disclosure may be made to a Congressional office from this system of records in response to an inquiry from the congressional office made at the request of the individual who is the subject of the records.

In special cases, individuals request the help of a member of Congress in resolving issues relating to a matter before VA. The member of Congress then writes VA, and VA must be able to give sufficient information to respond to the inquiry.

III. Compatibility of the Proposed Routine Uses

The Privacy Act permits VA to disclose information about individuals without their consent for a routine use when the information, in this case administrative information, will be used for a purpose that is compatible with the purpose for which VA collected it. In all of the routine use disclosures described above, either the recipient of the administrative information will use the information in connection with the My Health e Vet program, a matter relating to one of VA's programs to provide a benefit to VA, or to meet legal requirements for disclosure.

The notice of intent to publish, and an advance copy of the system notice have been sent to the appropriate Congressional committees and to the Director of Office of Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000.

Approved: September 20, 2004.

Anthony J. Principi,

Secretary of Veterans Affairs.

130VA19

SYSTEM NAME:

My Health e Vet Administrative Records—VA.

SYSTEM LOCATION:

Veterans Health Administration (VHA) local facilities and the Austin Automation Center (AAC), 1615 Woodward Street, Austin, Texas 78772. Address locations for VA facilities are listed in VA Appendix 1 of the biennial publications of the VA systems of records.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals covered encompass:

(1) All individuals who successfully register for a My Health e Vet account;

(2) Representatives of the above individuals who have been provided grantee or delegate access to My Health e Vet including, but not limited to, family members, friends, or VA and non-VA health care providers;

(3) VA health care providers; and

(4) VHA Information Technology (IT) staff and/or their contractors and subcontractors who may need to enter identifying, administrative information into the system to initiate, support and maintain electronic services for My Health e Vet participants.

CATEGORIES OF RECORDS IN THE SYSTEM:

The records include personally identifiable information, such as an individual's full name; My Health e Vet User Identifier (ID); date of birth; social security number; e-mail address; telephone number; mother's maiden name; ZIP code; place and date of registration for My Health e Vet; delegate and grantee user IDs associated with My Health e Vet accounts; level of access to My Health e Vet electronic services; date and type of transaction; patient internal control number (ICN); and other administrative data needed for My Health e Vet roles and services.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Title 38, United States Code, Section 501.

PURPOSE(S):

The information in the My Health e Vet Administrative Records is needed to operate the My Health e Vet program, in particular, to authenticate and register veterans, to authenticate and register other appropriate individuals, to authenticate My Health e Vet administrators, to retrieve the veteran's information for filling prescription refill requests, provide users the ability to view appointments and co-payment balances, to extract health information from VistA, and provide other associated My Health e Vet electronic services for future phases of the My Health e Vet program. The administrative information may also be used to create administrative business reports for system operators and VA managers who are responsible for ensuring that the My Health e Vet system is meeting performance expectations and is in compliance with applicable Federal laws and regulations.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

1. Disclosure of information in this system of records may be made to private or public sector organizations, individuals, agencies, etc., with whom VA has a contract or agreement, including subcontractors, in order to administer the My Health e Vet program, or perform other such services as VA deems appropriate and practical for the purposes of administering VA laws.

2. On its own initiative, VA may disclose information, except for the names of My Health e Vet users and system administrators, to a Federal, State, local, tribal or foreign agency charged with the responsibility of investigating or prosecuting civil, criminal or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, rule or order issued pursuant thereto. On its own initiative, the VA may also disclose the names of My Health e Vet users and system administrators to a Federal agency charged with the responsibility of investigating or prosecuting civil, criminal or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, rule or order issued pursuant thereto.

3. Disclosure may be made to National Archives and Records Administration (NARA) to support its records management inspections responsibilities and its role as Archivist of the United States under authority of Title 44 United States Code (U.S.C).

4. Any information in this system of records may be disclosed to the United States Department of Justice or United States Attorneys in order to prosecute or defend litigation involving or pertaining to the United States, or in which the United States has an interest.

5. Disclosure may be made to a Congressional office from the record of an individual in response to an inquiry from the congressional office made at the request of that individual.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:

STORAGE:

These administrative records are maintained on paper and electronic media, including hard drive disks, which are backed up to tape at regular intervals.

RETRIEVABILITY:

Records may be retrieved by an individual's name, user ID, date of registration for My Health e Vet electronic services, ZIP code, the VA-assigned ICN, date of birth and/or social security number, if provided.

SAFEGUARDS:

1. Access to and use of the My Health e Vet Administrative Records are limited to those persons whose official duties require such access; VA has established security procedures to ensure that access is appropriately limited. Information security officers and system data stewards review and authorize data access requests. VA regulates data access with security software that authenticates My Health e Vet administrative users and requires individually unique codes and passwords. VA provides information security training to all staff and instructs staff on the responsibility each person has for safeguarding data confidentiality. VA regularly updates security standards and procedures that are applied to systems and individuals supporting this program.

2. Physical access to computer rooms housing the My Health e Vet Administrative Records is restricted to authorized staff and protected by a variety of security devices. Unauthorized employees, contractors, and other staff are not allowed in computer rooms. The Federal Protective Service or other security personnel provide physical security for the buildings housing computer systems and data centers.

3. Data transmissions between operational systems and My Health e Vet Administrative Records maintained by this system of records are protected by telecommunications software and hardware as prescribed by VA standards and practices. This includes firewalls, encryption, and other security measures necessary to safeguard data as it travels across the VA Wide Area Network.

4. Copies of back-up computer files are maintained at secure off-site locations.

RETENTION AND DISPOSAL:

Records are maintained and disposed of in accordance with the records disposition authority approved by the Archivist of the United States. Records from this system that are needed for audit purposes will be disposed of 6 years after a user's account becomes inactive. Routine records will be disposed of when the agency determines they are no longer needed for administrative, legal, audit, or other operational purposes. These retention and disposal statements are pursuant to the National Archives and Records Administration (NARA) General Records Schedules GRS 20, item 1c and GRS 24, item 6a.

SYSTEM MANAGER(S) AND ADDRESS:

Official responsible for policies and procedures: Deputy Chief Information Officer for Health (19), Department of Veterans Affairs, 810 Vermont Avenue, NW., Washington, DC 20420. Officials maintaining this system of record: The local VA facility (Address locations for VA facilities are listed in VA Appendix 1 of the biennial publications of the VA systems of records) and the Chief, Technical Infrastructure Division (31), Austin Automation Center, 1615 Woodward Street, Austin, Texas 78772.

NOTIFICATION PROCEDURE:

Individuals who wish to determine whether a record is being maintained under their name in this system or wish to determine the contents of such records have two options:

1. Submit a written request or apply in person to the VA facility where the records are located. VA facility location information can be found in the Facilities Locator section of VA's Web site at http://www.va.gov;; or

2. Submit a written request or apply in person to the Chief of the Technical Infrastructure Division (31), Austin Automation Center, 1615 Woodward Street, Austin, Texas 78772.

Inquiries should include the person's full name, User ID, date of birth and return address.

RECORD ACCESS PROCEDURE:

Individuals seeking information regarding access to and contesting of records in this system may write or call their local VA facility and/or the Chief of the Technical Infrastructure Division (31), Austin Automation Center, 1615 Woodward Street, Austin, Texas 78772. If making a call, dial (512) 326-6780 to reach the VA Austin Automation Center Help Desk and ask to speak with the Chief of the Technical Infrastructure Division.

CONTESTING RECORD PROCEDURES:

(See Record Access Procedures above.)

RECORD SOURCE CATEGORIES:

The sources of information for this system of records include the individuals covered by this notice and an additional contributor, as listed below:

(1) All individuals who successfully register for a My Health e Vet account;

(2) Representatives of the above individuals who have been provided access to the private health space by the veteran user, including but not limited to, family members, friends, or VA and non-VA health care providers;

(3) VA health care providers;

(4) VHA IT staff and/or their contractors and subcontractors who may need to enter information into the system to initiate, support and maintain My Health e Vet electronic services for My Health e Vet users; and

(5) VistA systems.

[FR Doc. 04-22437 Filed 10-5-04; 8:45 am]

BILLING CODE 8320-01-P