# Privacy Act of 1974; System of Records
**AGENCY:**
Department of Veterans Affairs (VA), Veterans Health Administration (VHA).
**ACTION:**
Notice of a Modified System of Records.
**SUMMARY:**
Pursuant to the Privacy Act of 1974, notice is hereby given that the VA is modifying the system of records titled Veterans and Beneficiaries Purchased Care Community Health Care Claims, Correspondence, Eligibility, Inquiry and Payment Files—VA (54VA10NB3). This system is used for establishing and monitoring eligibility to receive VA benefits, processing claims for medical care and services, and processing stipends. This system also has a database that uses accumulator calculation and makes transactions using the Payer Electronic Data Interchange Transaction Application System to process claims for medical care and services and payments.
**DATES:**
Comments on this modified system of records must be received no later than 30 days after the Date of Publication in the *Federal Register* . If no public comment is received during the period allowed for comment or unless otherwise published in the *Federal Register* by VA, the modified system of records will become effective a minimum of 30 days after date of publication in the *Federal Register* . If VA receives public comments, VA shall review the comments to determine whether any changes to the notice are necessary.
**ADDRESSES:**
Comments may be submitted through *https://www.regulations.gov/* or mailed to VA Privacy Service, 810 Vermont Avenue NW, (005X6F), Washington, DC 20420. Comments should indicate that they are submitted in response to “Veterans and Beneficiaries Purchased Care Community Health Care Claims, Correspondence, Eligibility, Inquiry and Payment Files—VA” (54VA10NB3). Comments received will be available at *regulations.gov* for public viewing, inspection, or copies.
**FOR FURTHER INFORMATION CONTACT:**
Stephania Griffin, VHA Chief Privacy Officer, 810 Vermont Avenue NW, (10DH03A), Washington, DC 20420, *[email protected].* The telephone number is 704-245-2492 (Note: This is not a toll-free number).
**SUPPLEMENTARY INFORMATION:**
VA is modifying this system of records by revising the following sections: system number; system location; system manager; purpose of the system; categories of individuals covered by the system; categories of records in the system; record source categories; routine uses of records maintained in the system; policies and practices for storage of records; policies and practices for retrieval of records; administrative, technical and physical safeguards; record access procedure; contesting records procedures; and notification procedure. VA is republishing the system notice in its entirety.
The system number is being updated from 54VA10NB3 to 54VA10 to reflect the current VHA organizational routing symbol.
The system location is being updated due to an organizational realignment of VHA offices from the Chief Business Office, Purchased Care Office (CBOPC), 3773 Cherry Creek North Drive, Denver, Colorado 80209, to the Office of Integrated Veteran Care (OIVC), 3773 Cherry Creek North Drive, Denver, Colorado 80209. The records are also located at the VA Enterprise Cloud Data Centers/Amazon Web Services, 1915 Terry Avenue, Seattle, WA 98101.
The System Manager has changed from, “Chief Business Officer (10NB), VA Central Office, 810 Vermont Avenue NW, Washington, DC 20420. Official Maintaining the System: Deputy Chief Business Officer Purchased Care, Department of Veterans Affairs, P.O. Box 469060, Denver, CO 80246-9060” to “Chief Payer, *[email protected].* OIVC, 3773 Cherry Creek North Drive, Denver, Colorado 80209”.
The purpose is being updated to include, “This system also has a database that uses accumulator calculation and makes transactions using the Payer Electronic Data Interchange Transaction Application System to process claims for medical care, services, and payments.”
The categories of individuals covered by system number 1 is being amended to include beneficiaries, the Maintaining Internal Systems and Strengthening Integrated Outside Networks (MISSION) Act, and the Honoring our Promise to Address Comprehensive Toxics (PACT) Act. Number 4 is being amended to include MISSION Act, and PACT Act.
The categories of records in the system are being amended to include beneficiaries.
The record source categories is being amended to include beneficiaries and health care providers.
The following routine uses were updated:
The language in routine use at number 2 has been updated. Previously, it read, “Statistical and other data to Federal, state, and local Government agencies and national health organizations to assist in the development of programs that will be beneficial to health care recipients, to protect their rights under the law, and to ensure that they are receiving all health benefits to which they are entitled.” Routine use number 2 will now read as, “Governmental Agencies, Health Organizations, for Claimants' Benefits: To Federal, state, and local government agencies and national health organizations as reasonably necessary to assist in the development of programs that will be beneficial to claimants, to protect their rights under law, and assure that they are receiving all benefits to which they are entitled.”
The language in routine use number 3 has been updated. Previously, it read, “VA may disclose on its own initiative any information in this system, except the names and home addresses of Veterans and their family members or caregivers which is relevant to a suspected or reasonably imminent violation of law, whether civil, criminal or regulatory in nature, and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, to a Federal, state, local, tribal, or foreign agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule or order. On its own initiative, VA may also disclose the names and addresses of Veterans, their family members or caregivers to a federal agency charged with the responsibility of investigating or prosecuting civil, criminal or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, rule, or order issued pursuant thereto.” Routine use number 3 will now read as, “Law Enforcement: To a Federal, state, local, territorial, tribal, or foreign law enforcement authority or other appropriate entity charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing such law, provided that the disclosure is limited to information that, either alone or in conjunction with other information, indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature. The disclosure of the names and addresses of Veterans and their dependents from VA records under this routine use must also comply with the provisions of 38 U.S.C. 5701.”
The language in routine use number 8 has been updated. Previously, it read, “Any information in this system of records may be disclosed to the United States Department of Justice or United States Attorneys in order to prosecute or defend litigation involving or pertaining to the United States, or in which the United States has an interest.” Routine use number 8 will now read as, “The Department of Justice (DoJ), Litigation, Administrative Proceeding: To DoJ, or in a proceeding before a court, adjudicative body, or other administrative body before which VA is authorized to appear, when any of the following is a party to such proceedings or has an interest in such proceedings, and VA determines that use of such records is relevant and necessary to the proceedings:
(a) VA or any component thereof;
(b) Any VA employee in his or her official capacity;
(c) Any VA employee in his or her individual capacity where DoJ has agreed to represent the employee; or
(d) The United States, where VA determines that litigation is likely to affect the agency or any of its components.
Routine uses number 13 and number 14 are duplicates. Routine use number 14 will now state, “Federal Labor Relations Authority (FLRA): To the FLRA in connection with the investigation and resolution of allegations of unfair labor practices, the resolution of exceptions to arbitration awards when a question of material fact is raised, matters before the Federal Service Impasses Panel, and the investigation of representation petitions and the conduct or supervision of representation elections.”
The language in routine use number 16 has been updated. Previously, it read, “The name and address of a Veteran, family member, or caregiver may be disclosed to another Federal agency or to a contractor of that agency, at the written request of the head of that agency or designee of the head of that agency, for the purpose of conducting government research necessary to accomplish a statutory purpose of that agency.” Routine use number 16 will now read as, “Federal Agencies, for Research: To a Federal agency for the purpose of conducting research and data analysis to perform a statutory purpose of that Federal agency upon the written request of that agency.”
The language in Routine use number 23 has been updated. Previously, it read, “Relevant information from this system of records may be disclosed to individuals, organizations, private or public agencies, etc., with whom VA has a contract or agreement to perform such services as VA may deem practicable for the purposes of laws administered by VA in order for the contractor or subcontractor to perform the services of the contract or agreement.” Routine use number 23 will now read as, “Contractors: To contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for VA, when reasonably necessary to accomplish an agency function related to the records.”
The language in routine use number 27 has been updated. Previously, it read, “VA may, on its own initiative, disclose any information or records to appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that the integrity or confidentiality of information in the system of records has been compromised; (2) the Department has determined that as a result of the suspected or confirmed compromise, there is a risk of embarrassment or harm to the reputations of the record subjects, harm to economic or property interests, identity theft or fraud, or harm to the security, confidentiality, or integrity of this system or other systems or programs (whether maintained by the Department or another agency or entity) that rely upon the potentially compromised information; and (3) the disclosure is to agencies, entities, or persons whom VA determines are reasonably necessary to assist or carry out the Department's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. This routine use permits disclosures by the Department to respond to a suspected or confirmed data breach, including the conduct of any risk analysis or provision of credit protection services as provided in 38 U.S.C. 5724, as the terms are defined in 38 U.S.C. 5727.” Routine use number 27 will now read as, “Data breach response and remediation, for VA: To appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that there has been a breach of the system of records; (2) VA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, VA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with VA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.”
Routine use number 28 is being amended to state, “Any relevant information from this system of record may be disclosed to the Centers for Medicare and Medicaid, the SSA, or any other Federal or state agencies for the review and reporting of CHAMPVA and TRICARE health benefit claims.”
Routine use number 29 is being added to state, “Data breach response and remediation, for another Federal agency: To another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.”
Routine use number 30 is being added to state, “Merit Systems Protection Board (MSPB): To the MSPB in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as authorized by law.”
Routine use number 31 is being added to state, “Equal Employment Opportunity Commission (EEOC): To the EEOC in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, or other functions of the Commission as authorized by law.”
Policies and practices for storage of records is being updated to include Amazon Web Service Cloud. This section will remove, “paper folders, magnetic discs, and magnetic tape.”
Policies and practices for retrieval of records is being updated to include VA assigned integration control number, data file number (DFN), and DFN and beneficiary first name. This section is replacing paper records with electronic records.
Policies and practices for retention and disposal of records is being updated to remove, “item XXXVIII Civilian Health and Medical care (CHMC) Records. National Archives and Records Administration job number N1-015-3-1 Item 1-8b. (Master file) item 3, Destroy 6 years after all individuals in the record become ineligible for program benefits”. This section is being updated to include item number 1260.1.
The administrative, technical and physical safeguards section is being updated to replace “CBOPC” with “OIVC.” This section is also being updated to include, “The system is hosted in Amazon Web Services Government Cloud infrastructure as a service Cloud computing environment that has been authorized at the high-impact level under the Federal Risk and Authorization Management Program. The secure site-to-site encrypted network connection is limited to access through the VA trusted internet connection.” The following is being removed from this section, “Automated Data Processing (ADP) peripheral devices are generally placed in secure areas or are otherwise protected.”
Record access procedures is being amended to state, “Individuals seeking information on the existence and content of records in this system pertaining to them should contact the system manager in writing as indicated above or may write or visit the VA medical facility location where they normally receive their care. A request for access to records must contain the requester's full name, address, telephone number, be signed by the requester, and describe the records sought in sufficient detail to enable VA personnel to locate them with a reasonable amount of effort.”
Contesting record procedures is being amended to state, “Individuals seeking to contest or amend records in this system pertaining to them should contact the system manager in writing as indicated above or may write or visit the VA medical facility location where they normally receive their care. A request to contest or amend records must state clearly and concisely what record is being contested, the reasons for contesting it, and the proposed amendment to the record.”
Notification procedure is being amended to state, “Individuals who wish to be notified if a record in this system of records pertains to them should submit the request following the procedures described in “Record Access Procedures,” above.”
The Report of Intent to Amend a System of Records Notice and an advance copy of the system notice were sent to the appropriate Congressional committees and to the Director of the Office of Management and Budget (OMB) as required by 5 U.S.C. 552a(c) (Privacy Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000.
**Signing Authority**
The Senior Agency Official for Privacy, or designee, approved this document and authorized the undersigned to sign and submit the document to the Office of the Federal Register for publication electronically as an official document of the Department of Veterans Affairs. Eddie Pool, Deputy Chief Information Officer, Connectivity and Collaboration Services, Performing the Delegable Duties of the Assistant Secretary for Information and Technology and Chief Information Officer, approved this document on July 17, 2025, for publication.
Dated: September 10, 2025.
Saurav Devkota,
Government Information Specialist, VA Privacy Service, Office of Compliance, Risk and Remediation, Office of Information and Technology, Department of Veterans Affairs.
**SYSTEM NAME AND NUMBER:**
“Veterans and Beneficiaries Purchased Care Community Health Care Claims, Correspondence, Eligibility, Inquiry and Payment Files—VA” (54VA10).
**SECURITY CLASSIFICATION:**
Unclassified.
**SYSTEM LOCATION:**
Records are maintained at the Office of Integrated Veteran Care (OIVC), 3773 Cherry Creek North Drive, Denver, Colorado 80209. Records are also located at the Department of Veterans Affairs (VA) Enterprise Cloud Data Centers/Amazon Web Services, 1915 Terry Avenue, Seattle, WA 98101.
**SYSTEM MANAGER(S):**
Official responsible for policies and procedures: Chief Payer, *[email protected],* OIVC, 3773 Cherry Creek North Drive, Denver, CO 80209.
**AUTHORITY FOR MAINTENANCE OF THE SYSTEM:**
38 U.S.C. 501(a), 501(b), 1703, 1720G, 1724, 1725, 1728, 1781, 1787, 1802, 1803, 1812, 1813, 1821, Public Law 103-446 section 107 and Public Law 111-163 section 101.
**PURPOSE(S) OF THE SYSTEM:**
This system is used for establishing and monitoring eligibility to receive VA benefits, processing claims for medical care and services, and processing stipends. This system also has a database that uses accumulator calculation and makes transactions using the Payer Electronic Data Interchange Transaction Application System to process claims for medical care and services and payments.
**CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:**
Categories of individuals covered by the system include the following:
1. Family members and beneficiaries of Veterans who seek health care under 38 U.S.C. 1720G, 1781, 1787, 1802, 1803, 1812, 1813, 1821, MISSION Act, PACT Act, Public Law 103-446, 107 and Public Law 111-163 section 101.
2. Veterans seeking health care services in a foreign country under 38 U.S.C. 1724.
3. Veterans receiving community fee for-service benefits at VA expense under title 38 U.S.C. 1703, 1725 and 1728.
4. Health care providers treating individuals who receive care under 38 U.S.C. 1703, 1720G, 1724, 1725, 1728, 1781, 1787, 1803, 1812, 1813, 1821, MISSION Act, PACT Act, Public Law 103-446 section 107 and Public Law 111-163 section 101.
5. Caregivers of Veterans providing personal care services and in receipt of a stipend under 38 U.S.C. 1720G and Public Law 111-163 section 101.
**CATEGORIES OF RECORDS IN THE SYSTEM:**
Records maintained in the system include program applications, eligibility information concerning the Veteran, family members, beneficiaries, caregivers; other health insurance information to include information regarding eligibility or entitlement to other Federal medical programs, correspondence concerning individuals who have applied for benefits in these programs; claims (billing) for medical care and services; documents pertaining to claims for medical services; information related to claims processing; documents pertaining to stipend calculation and payment; documents pertaining to appeals; and third party liability information and recovery actions taken by VA and/or TRICARE. The record may include the name, address, and other identifying information concerning health care providers, services provided, amounts claimed and paid for health care services, amounts calculated and paid for stipends, medical records, and treatment and payment dates.
Additional information may include Veterans, who have applied for benefits in these programs; claims (billing) for medical care and services; documents pertaining to claims for medical services; information related to claims processing; documents pertaining to stipend calculation and payment; documents pertaining to appeals; and third-party liability information and recovery actions; family member, and caregiver identifying information (such as name, address, social security number, VA claim file number, date of birth), and military service information concerning the Veteran and spouse or other family member (when applicable—for example, dates, branch and character of service, medical information).
**RECORD SOURCE CATEGORIES:**
The Veteran sponsor, family member, beneficiary, caregiver, military service departments, private medical facilities and health care providers, electronic trading partners, contractors, Department of Defense (DoD), TRICARE, Defense Eligibility Enrollment Reporting System (DEERS), other Federal agencies, VA Regional Offices, Veterans Benefits Administration (VBA) automated record systems, VA medical centers and health care providers.
**ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:**
To the extent that records contained in the system include information protected by 45 CFR parts 160 and 164, (individually identifiable health information), and 38 U.S.C. 7332, (medical treatment information related to drug abuse, alcoholism or alcohol abuse, sickle cell anemia, or infection with the human immunodeficiency virus, that information cannot be disclosed under a routine use unless there is also specific statutory authority in 38 U.S.C. 7332 and regulatory authority in 45 CFR parts 160 and 164 permitting disclosure).
1. Eligibility and claim information from this system of records may be disclosed verbally or in writing. For example, disclosures may be made via correspondence, call service center, interactive voice recognition, portal or interactive web page, in response to an inquiry made by the claimant, claimant's guardian, claimant's next of kin, health care provider, trading partner, other Federal agency or contractor. Purposes of these disclosures are to assist the provider or claimant in obtaining reimbursement for claimed medical services, to facilitate billing processes, to verify beneficiary eligibility, and to provide payment information regarding claimed services. Eligibility or entitlement information disclosed may include the name, authorization number (social security number), effective dates of eligibility, reasons for any period of ineligibility, and other health insurance information of the named individual. Claim or stipend information disclosed may include payment information such as payment identification number, date of payment, date of service, amount billed, amount paid, name of payee, or reasons for non-payment.
2. *Governmental Agencies, Health Organizations, for Claimants' Benefits:* To Federal, state, and local government agencies and national health organizations as reasonably necessary to assist in the development of programs that will be beneficial to claimants, to protect their rights under law, and assure that they are receiving all benefits to which they are entitled.
3. *Law Enforcement:* To a Federal, state, local, territorial, tribal, or foreign law enforcement authority or other appropriate entity charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing such law, provided that the disclosure is limited to information that, either alone or in conjunction with other information, indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature. The disclosure of the names and addresses of Veterans and their dependents from VA records under this routine use must also comply with the provisions of 38 U.S.C. 5701.
4. *Federal Agencies, for Employment:* VA may disclose information to a Federal agency, except the United States Postal Service, or to the Washington, DC Government, in response to its request, in connection with that agency's decision on the hiring, transfer, or retention of an employee, the issuance of a security clearance, the letting of a contract, or the issuance of a license, grant, or other benefit by that agency.
5. *Congress:* To a Member of Congress or staff acting upon the Member's behalf when the Member or staff requests the information on behalf of, and at the request of, the individual who is the subject of the record.
6. *National Archives and Records Administration (NARA):* To NARA in records management inspections conducted under 44 U.S.C. 2904 and 2906, or other functions authorized by laws and policies governing NARA operations and VA records management responsibilities.
7. *Attorneys, Insurers, Employers:* To attorneys, insurance companies, employers, third parties liable or potentially liable under health plan contracts, and courts, boards, or commissions as relevant and necessary to aid VA in the preparation, presentation, and prosecution of claims authorized by law.
8. * The Department of Justice (DOJ), Litigation, Administrative Proceeding:* To DOJ, or in a proceeding before a court, an adjudicative body, or other administrative body before which VA is authorized to appear, when any of the following is a party to such proceedings or has an interest in such proceedings, and VA determines that use of such records is relevant and necessary to the proceedings:
(a) VA or any component thereof;
(b) Any VA employee in his or her official capacity;
(c) Any VA employee in his or her individual capacity where DOJ has agreed to represent the employee; or
(d) The United States, where VA determines that litigation is likely to affect the agency or any of its components.
9. *Federal Agencies, Courts, Litigants, for Litigation or Administrative Proceedings:* VA may disclose information to another Federal agency, court, or party in litigation before a court or in an administrative proceeding conducted by a Federal agency, when the Government is a party to the judicial or administrative proceeding.
10. Any information in this system of records may be disclosed to a state or municipal grand jury, a state or municipal court or a party in litigation, or to a state or municipal administrative agency functioning in a quasi-judicial capacity or a party to a proceeding being conducted by such agency, provided that any disclosure of claimant information made under this routine use must comply with the provisions of 38 CFR 1.511.
11. *Federal Agencies, for Recovery of Medical Care Costs:* VA may disclose information to Federal agencies and Governmentwide third-party insurers responsible for payment of the cost of medical care for the identified patients, to seek recovery of the medical care costs. These records may also be disclosed as part of a computer matching program to accomplish this purpose.
12. Any relevant information from this system of records may be disclosed to TRICARE, DoD and DEERS to the extent necessary to determine eligibility for the Civilian Health and Medical Program of the Department of Veterans Affairs (CHAMPVA) or TRICARE benefits, to develop and process CHAMPVA or TRICARE claims, and to develop cost- recovery actions for claims involving individuals not eligible for the services or claims involving potential third party liability.
13. *Consumer Reporting Agencies:* VA may disclose information as is reasonably necessary to identify such individual or concerning that individual's indebtedness to the United States by virtue of the person's participation in a benefits program administered by the Department, to a consumer reporting agency for the purpose of locating the individual, obtaining a consumer report to determine the ability of the individual to repay an indebtedness to the United States, or assisting in the collection of such indebtedness, provided that the provisions of 38 U.S.C. 57019(g)(2) and (4) have been met.
14. *Federal Labor Relations Authority (FLRA):* To the FLRA in connection with the investigation and resolution of allegations of unfair labor practices, the resolution of exceptions to arbitration awards when a question of material fact is raised, matters before the Federal Service Impasses Panel, and the investigation of representation petitions and the conduct or supervision of representation elections.
15. In response to an inquiry about a named individual from a member of the general public, disclosure of information may be made from this system of records to report the amount of VA monetary benefits being received by the individual. This disclosure is consistent with 38 U.S.C. 5701(c)(1).
16. *The Federal Agencies, for Research:* To a Federal agency for the purpose of conducting research and data analysis to perform a statutory purpose of that Federal agency upon the written request of that agency.
17. *Claims Representatives:* To accredited service organizations, VA-approved claim agents, and attorneys acting under a declaration of representation, so that these individuals can aid claimants in the preparation, presentation, and prosecution of claims under the laws administered by VA upon the request of the claimant and provided that the disclosure is limited to information relevant to a claim, such as the name, address, the basis and nature of a claim, amount of benefit payment information, medical information, and military service and active duty separation information.
18. *Guardians Ad Litem, for Representation:* To a fiduciary or guardian ad litem in relation to his or her representation of a claimant in any legal proceeding as relevant and necessary to fulfill the duties of the fiduciary or guardian ad litem.
19. *Treasury, To Report Waived Debt as Income:* To the Department of the Treasury as a report of income under 26 U.S.C. 61(a)(12), provided that the disclosure is limited to information concerning an individual's indebtedness that is waived under 38 U.S.C. 3102, compromised under 4 CFR part 103, otherwise forgiven, or for which the applicable statute of limitations for enforcing collection has expired.
20. *Treasury, for Withholding:* To the Department of the Treasury for the collection of title 38 benefit overpayments, overdue indebtedness, or costs of services provided to an individual not entitled to such services, by the withholding of all or a portion of the person's Federal income tax refund, provided that the disclosure is limited to information concerning an individual's indebtedness by virtue of a person's participation in a benefits program administered by VA.
21. *Social Security Administration (SSA), Department of Health and Human Services (HHS) for Social Security Number Validation:* To SSA and HHS, for the purpose of conducting computer matches to obtain information to validate the social security numbers maintained in VA records.
22. The name and address of any health care provider in this system of records who has received payment for claimed services on behalf of a Veteran, family member or caregiver may be disclosed in response to an inquiry from a member of the general public who requests assistance in locating medical providers who accept VA payment for health care services.
23. *Contractors:* To contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for VA, when reasonably necessary to accomplish an agency function related to the records.
24. Relevant information from this system of records may be disclosed to an accrediting Quality Review and Peer Review Organization in connection with the review of claims or other review activities associated with OIVC accreditation to professionally accepted claims processing standards.
25. *Federal Agencies, for Computer Matches:* To other Federal agencies for the purpose of conducting computer matches to obtain information to determine or verify eligibility of Veterans receiving VA benefits or medical care under title 38.
26. *Federal Agencies, Fraud and Abuse:* To other Federal agencies to assist such agencies in preventing and detecting possible fraud or abuse by individuals in their operations and programs.
27. *Data Breach Response and Remediation, for VA:* To appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that there has been a breach of the system of records; (2) VA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, VA (including its information systems, programs, and operations), the Federal Government, or national security; and
(3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with VA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
28. Any relevant information from this system of record may be disclosed to the Centers for Medicare and Medicaid, the SSA, or any other Federal or state agencies for the review and reporting of CHAMPVA and TRICARE health benefit claims.
29. *Data Breach Response and Remediation, for another Federal agency:* To another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.
30. *Merit Systems Protection Board (MSPB):* To MSPB in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and such other functions promulgated in 5 U.S.C. 1205 and § 1206, or as authorized by law.
31. *Equal Employment Opportunity Commission (EEOC):* To the EEOC in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, or other functions of the Commission as authorized by law.
**POLICIES AND PRACTICES FOR STORAGE OF RECORDS:**
Records are stored electronically in the Amazon Web Service Cloud. Paper documents may be scanned/digitized and stored for viewing electronically.
**POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:**
Electronic records are retrieved by name or VA claims file number or social security number of the Veteran, family member, or caregiver. Computer records are retrieved by name, the VA assigned Integration Control Number, data file number (DFN), DFN and beneficiary first name, Social Security Number of the Veteran, family member, caregiver, or VA claims file number of the Veteran.
**POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:**
Records in this system are retained and disposed of in accordance with the schedule approved by the Archivist of the United States, Record Control Schedule 10-1 item 1260.1.
**ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:**
Working spaces and record storage areas at OIVC are secured during all business and non-business hours. All entrance doors require an electronic pass card for entry. The OIVC Logistics Department issues electronic pass cards. OIVC staff control visitor entry by door release and escort. The building is equipped with an intrusion alarm system monitored by OIVC security staff during business hours and by a security service vendor during nonbusiness hours.
Electronic/digital records are stored in an electronically controlled storage filing area. Paper records in work areas are stored in locked file cabinets or locked rooms. Access to record storage areas is restricted to VA employees on a “need-to-know” basis. Access to the computer room is limited by appropriate locking devices and restricted to authorized VA employees and vendor personnel. Authorized VA employees may access information in the computer system by a series of individually unique passwords/codes.
The system is hosted in Amazon Web Services Government Cloud infrastructure as a service Cloud computing environment that has been authorized at the high-impact level under the Federal Risk and Authorization Management Program. The secure site- to-site encrypted network connection is limited to access via the VA trusted internet connection.
**RECORD ACCESS PROCEDURES:**
Individuals seeking information on the existence and content of records in this system pertaining to them should contact the system manager in writing as indicated above or write or visit the VA medical facility location where they normally receive their care. A request for access to records must contain the requester's full name, address, and telephone number, be signed by the requester and describe the records sought in sufficient detail to enable VA personnel to locate them with a reasonable amount of effort.
**CONTESTING RECORD PROCEDURES:**
Individuals seeking to contest or amend records in this system pertaining to them should contact the System Manager in writing as indicated above or may write or visit the VA medical facility location where they normally receive their care. A request to contest or amend records must state clearly and concisely what record is being contested, the reasons for contesting it, and the proposed amendment to the record.
**NOTIFICATION PROCEDURES:**
Individuals who wish to be notified if a record in this system of records pertains to them should submit the request following the procedures described in “Record Access Procedures,” above.
**EXEMPTIONS PROMULGATED FOR THE SYSTEM:**
None.
**HISTORY:**
68 FR 53784 (September 12, 2003), 74 FR 34398 (July 15, 2009), 80 FR 11527 (March 3, 2015).