Privacy Act of 1974; System of Records

Issuing agencies

Abstract

Pursuant to the Privacy Act of 1974, notice is hereby given that the VA is modifying the system of records titled, "Administrative Data Repository-VA" (150VA19). This system is used as the source for the information necessary to uniquely identify a person across the Veterans Health Administration (VHA), act as a record locator system for person records across the Administration, master the identity data and synchronize updates and changes to all the systems that know that person.

Full Text

<html>
<head>
<title>Federal Register, Volume 88 Issue 211 (Thursday, November 2, 2023)</title>
</head>
<body><pre>
[Federal Register Volume 88, Number 211 (Thursday, November 2, 2023)]
[Notices]
[Pages 75387-75391]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2023-24193]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Veterans Health Administration (VHA), Department of Veterans 
Affairs (VA).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974, notice is hereby given 
that the VA is modifying the system of records titled, ``Administrative 
Data Repository-VA'' (150VA19). This system is used as the source for 
the information necessary to uniquely identify a person across the 
Veterans Health Administration (VHA), act as a record locator system 
for person records across the Administration, master the identity data 
and synchronize updates and changes to all the systems that know that 
person.

DATES: Comments on this modified system of records must be received no 
later than 30 days after date of publication in the Federal Register. 
If no public comment is received during the period allowed for comment 
or unless otherwise published in the Federal Register by VA, the 
modified system of records will become effective a minimum of 30 days 
after date of publication in the Federal Register. If VA receives 
public comments, VA shall review the comments to determine whether any 
changes to the notice are necessary.

ADDRESSES: Comments may be submitted through <a href="http://www.regulations.gov">www.regulations.gov</a> or 
mailed to VA Privacy Service, 810 Vermont Avenue NW, (005X6F), 
Washington, DC 20420. Comments should indicate that they are submitted 
in response to ``Administrative Data Repository-VA'' (150VA19). 
Comments received will be available at <a href="http://regulations.gov">regulations.gov</a> for public 
viewing, inspection or copies.

FOR FURTHER INFORMATION CONTACT: Stephania Griffin, VHA Chief Privacy 
Officer, Department of Veterans Affairs, 810 Vermont Avenue NW, 
Washington, DC 20420; <a href="/cdn-cgi/l/email-protection#26755243564e47484f470861544f40404f4866504708414950"><span class="__cf_email__" data-cfemail="86d5f2e3f6eee7e8efe7a8c1f4efe0e0efe8c6f0e7a8e1e9f0">[email&#160;protected]</span></a>, telephone number 704-
245-2492 (Note: this is not a toll-free number).

SUPPLEMENTARY INFORMATION: VA is amending the system of records by 
revising the System Name; System Number; System Location; System 
Manager; Purpose; Categories of Individuals Covered by the System; 
Categories of Records in the System; Record Source Categories; Routine 
Uses of Records Maintained in the System; Policies and Practices for 
Storage of Records; Policies and Practices for Retention and Disposal 
of Records; Record Access Procedure; Contesting Records Procedures; 
Notification Procedure; and Administrative, Technical and Physical 
Safeguards. VA is republishing the system notice in its entirety.
    The System Name is being updated from ``Administrative Data 
Repository-VA'' to ``Enterprise Identity and Demographics Records-VA''.
    The System Number will be changed from 150VA19 to 150VA10 to 
reflect the current VHA organizational routing symbol.
    The System Location has been updated to replace Austin Automation

[[Page 75388]]

Center with Austin Information Technology Center (AITC). The section 
will include that records are also hosted in a Federal Information 
Security Management Act (FISMA)--high VA Enterprise Cloud (VAEC). At 
the Enterprise Level this information is stored and maintained within 
the VA Master Person Index (VA MPI), which is defined as the 
authoritative data source for this information. The section was also 
amended to remove the statement, ``Information from these records or 
copies of records may be maintained at the Department of Veterans 
Affairs, 810 Vermont Avenue NW, Washington, DC, VA Data Processing 
Centers, VA CIO Field Offices, Veterans Integrated Service Network.''
    The System Manager is being updated to remove ``Chief Information 
Officer'' and replace ``Director National Data Systems'' with 
``Director Data Quality <a href="/cdn-cgi/l/email-protection#0d7b656c3c3d3865646a65686c61796564636b626a627b697c61686c69687f7e65647d4d7b6c236a627b"><span class="__cf_email__" data-cfemail="dfa9b7beeeefeab7b6b8b7babeb3abb7b6b1b9b0b8b0a9bbaeb3babebbbaadacb7b6af9fa9bef1b8b0a9">[email&#160;protected]</span></a>, 
Enterprise Help Desk 855-673-4357.''
    The Purpose has been amended to remove that the following: 
``records are used to establish person identity throughout only the VHA 
enterprise'' and has been expanded to the VA enterprise. The purpose of 
the system of records is to provide a repository for the administrative 
information that is used to accomplish the purposes described within 
this document including determining Veteran benefits and eligibility. 
The records include information provided by patients, providers, 
employees, volunteers, trainees, contractors and others that receive IT 
access to our computer systems and information obtained during routine 
work, including VHA patient care. Quality assurance information that is 
protected by 38 U.S.C. 7311 and 38 CFR 17.500-17.511 is not within the 
scope of the Privacy Act and, therefore, is not included in this system 
of records or filed in a manner in which the information may be 
retrieved by reference to an individual identifier.''
    The Purpose section will now reflect the following language: ``The 
purpose of these records is to serve as the source for the information 
necessary to uniquely identify a person across Veterans Health 
Administration, act as a record locator system for person records 
across the Administration, master the identity data and synchronize 
updates and changes to all the systems that know that person. The data 
may be used for VA's extensive research programs in accordance with VA 
policy. The data is used to identify and provide benefits for all 
persons of interest to VA and to establish the Integration Control 
Number (ICN) as VA's unique enterprise identifier. The information will 
also be used to identify the VA MPI as authoritative for this data and 
defines the mastering and synchronizing of this data with integrated 
partners. The VA MPI also provides authoritative data for the identity 
of Veterans and beneficiaries; current and former patients; Veterans 
Health Administration (VHA), Veterans Benefits Administration (VBA) and 
National Cemetery Administration (NCA) beneficiaries; employees; 
providers; volunteers; trainees; contractors; and individuals working 
collaboratively with VA. These identity management services are used 
across the enterprise and with external sharing partners.''
    The Categories of Individuals Covered by this System is being 
amended to include caregivers; patients; current and former VHA, VBA, 
and NCA beneficiaries. Also included are individuals examined or 
treated under contract or resource sharing agreements; individuals who 
have applied for 38 U.S.C. ch. 1 benefits, but do not meet the 
requirements under 38 U.S.C. ch. 1 to receive such benefits; 
individuals who were provided medical care under emergency conditions 
for humanitarian reasons and pensioned members of allied forces 
provided healthcare services under 38 U.S.C. ch. 1.
    The Categories of Records in the System is being amended to replace 
``1. Administrative assignments or categorization of duties of certain 
VHA personnel'' with ``1. Information used to establish unique 
enterprise identifiers, VA ICNs and all associated system identifiers 
and related metadata. This information is used to create a unique 
identifier for all persons of interest to VA and all other systems that 
have integrated with the VA MPI.''
    The following text within Categories of Records in the System will 
be removed: ``2. education and continuing education (e.g., name and 
address of schools and dates of attendance, courses attended and 
scheduled to attend, grades, type of degree, certificate, etc.); 
information related to military service and status; qualifications for 
employment (e.g., license, degree, registration or certification, 
experience); Veteran enrollment and eligibility information including 
financial assessments.'' This will now be replaced with ``2. Identity 
information such as name, date of birth, birth sex, administrative sex, 
self-identified gender identity, pronoun, preferred name, Social 
Security Number, taxpayer identification number, date of death). Other 
demographic information such as home and/or mailing address, home 
telephone number, emergency contact information such as name, address, 
telephone number and relationship; and associated audit and necessary 
metadata.''
    Additionally, being removed from this section is: ``3. Electronic 
messages used for network communication between VHA systems.''
    Record Source Categories is being updated to remove: ``Information 
in this system of records is provided by patients, employees, 
providers, IT users, and others that work collaboratively with VHA.'' 
This section will now reflect the following language: ``Information in 
this system of records is provided by Veterans, VA employees, VA Health 
Eligibility Center, VHA Program Offices, VA medical facilities, VISNs 
and the following Systems Of Records: Veterans Health Information 
Systems and Technology Architecture (VistA) Records-VA (79VA10), 
Veterans Affairs Profile-VA (VA Profile) (192VA30) and any associated 
system of records that is utilizing VA MPI identity management 
services.''
    The following routine uses have been added:
    12. Federal Agencies, for Research: To a Federal agency to conduct 
research and data analysis to perform a statutory purpose of that 
Federal agency upon the prior written request of that agency, provided 
that there is legal authority under all applicable confidentiality 
statutes and regulations to provide the data and the VHA Office of 
Informatics has determined prior to the disclosure that VHA data 
handling requirements are satisfied.
    13. Housing and Urban Development (HUD): To HUD for the purpose of 
reducing homelessness among Veterans by implementing the Federal 
strategic plan to prevent and end homelessness as well as by evaluating 
and monitoring the HUD Veterans Affairs Supported Housing program.
    14. Federal Agencies, for Computer Matches: To other Federal 
agencies for the purpose of conducting computer matches to obtain 
information to determine or verify eligibility of veterans receiving VA 
benefits or medical care under title 38.
    15. Non-VA Health Care Providers, for Treatment: To a non-VA 
healthcare provider, such as the Department Health and Human Services, 
for the purpose of treating any VA patient, including Veterans.
    16. Governmental Agencies, Health Organizations, for Claimants' 
Benefits: To Federal, State and local government agencies and national 
health organizations as reasonably necessary to

[[Page 75389]]

assist in the development of programs that will be beneficial to 
claimants, to protect their rights under law, and ensure they are 
receiving all benefits to which they are entitled.
    17. Law Enforcement, for Locating Fugitive: To any Federal, State, 
local, Territorial, Tribal, or foreign law enforcement agency in order 
to identify, locate, or report a known fugitive felon, in compliance 
with 38 U.S.C. 5313B(d).
    18. Business Partners, for Collaborative Efforts: To individuals or 
entities with whom VA has a written agreement or arrangement to perform 
such services as VA may deem practical for the purpose of laws 
administered by VA or for identifying and correlating patients.
    19. Data Breach Response and Remediation, for VA: To appropriate 
agencies, entities and persons when (1) VA suspects or has confirmed 
that there has been a breach of the system of records; (2) VA has 
determined that as a result of the suspected or confirmed breach there 
is a risk to individuals, VA (including its information systems, 
programs and operations), the Federal Government, or national security; 
and (3) the disclosure made to such agencies, entities or persons 
reasonably necessary to assist in connection with VA efforts to respond 
to the suspected or confirmed breach or to prevent, minimize or remedy 
such harm.
    Policies and Practices for Storage of Records is being updated to 
replace ``Records are maintained at the Corporate Franchise Data Center 
which is a VA operated facility. Information is stored on disk media.'' 
with ``Records are stored electronically.''
    Policies and Practices for Retrieval of Records is being updated to 
include date of birth and ICN.
    Policies and Practices for Retention and Disposal of Records is 
being modified to include: ``The records are maintained and disposed of 
in accordance with the schedule approved by the Archivist of the United 
States, General Records Schedule 4, item 2.''
    Administrative, Technical and Physical Safeguards are being updated 
to include: ``4. The system is hosted in Amazon Web Services Government 
Cloud infrastructure as a service cloud computing environment that has 
been authorized at the high-impact level under the Federal Risk and 
Authorization Management Program. The secure site-to-site encrypted 
network connection is limited to access via the VA trusted internet 
connection.''
    Record Access Procedure is being updated to reflect the following 
language: ``Individuals seeking information on the existence and 
content of records in this system pertaining to them should contact the 
system manager in writing as indicated above, or write, call or visit 
the VA facility location where they normally receive their care. A 
request for access to records must contain the requester's full name, 
address, telephone number, be signed by the requester, and describe the 
records sought in sufficient detail to enable VA personnel to locate 
them with a reasonable amount of effort.''
    Contesting Records Procedures is being updated to reflect the 
following language: ``Individuals seeking to contest or amend records 
in this system pertaining to them should contact the system manager in 
writing as indicated above, or write or visit the VA facility location 
where they normally receive their care. A request to contest or amend 
records must state clearly and concisely what record is being 
contested, the reasons for contesting it, and the proposed amendment to 
the record.''
    Notification Procedure is being updated to state: ``Generalized 
notice is provided by the publication of this notice. For specific 
notice, see Record Access Procedure, above.''
    The Report of Intent to Amend a System of Records Notice and an 
advance copy of the system notice have been sent to the appropriate 
Congressional committees and to the Director of the Office of 
Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy 
Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000.

Signing Authority

    The Senior Agency Official for Privacy, or designee, approved this 
document and authorized the undersigned to sign and submit the document 
to the Office of the Federal Register for publication electronically as 
an official document of the Department of Veterans Affairs. Kurt D. 
DelBene, Assistant Secretary for Information and Technology and Chief 
Information Officer, approved this document on September 27, 2023 for 
publication.

    Dated: October 30, 2023.
Amy L. Rose,
Government Information Specialist, VA Privacy Service, Office of 
Compliance, Risk and Remediation, Office of Information and Technology, 
Department of Veterans Affairs.

SYSTEM NAME AND NUMBER:
    ``Enterprise Identity and Demographics Records-VA'' (150VA10).

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Records are hosted in a containerized environment at a federally 
rated Federal Information Security Management Act (FISMA)-high data 
center in the Department of Veterans Affairs (VA) Austin Information 
Technology Center (AITC) at 1615 Woodward Street, Austin, Texas 78772. 
Records are also hosted in a FISMA-high VA Enterprise Cloud (VAEC). At 
the Enterprise Level this information is stored and maintained within 
the VA Master Person Index (VA MPI) which is defined as the 
authoritative data source for this information.

SYSTEM MANAGER(S):
    Director Data Quality, <a href="/cdn-cgi/l/email-protection#c0b6a8a1f1f0f5a8a9a7a8a5a1acb4a8a9aea6afa7afb6a4b1aca5a1a4a5b2b3a8a9b080b6a1eea7afb6"><span class="__cf_email__" data-cfemail="16607e772726237e7f717e73777a627e7f78707971796072677a7377727364657e7f6656607738717960">[email&#160;protected]</span></a> or 
the Enterprise Help Desk at 855-673-4357, Corporate Franchise Center, 
1615 Woodward Street, Austin, Texas 78772.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    38 U.S.C. 501 and 7304.

PURPOSE(S) OF THE SYSTEM:
    The purpose of these records is to serve as the source for the 
information necessary to: uniquely identify a person across the 
Veterans Health Administration (VHA), act as a record locator system 
for person records across the Administration, master the identity data 
and synchronize updates and changes to all the systems that know that 
person. The data may be used for VA's extensive research programs in 
accordance with VA policy. The data is used to identify and provide 
benefits for all persons of interest to VA and to establish the 
Integration Control Number (ICN) as VA's unique enterprise identifier. 
The information is also used to identify the VA MPI as authoritative 
for this data and defines the mastering and synchronizing of this data 
with integrated partners. The VA MPI also provides authoritative data 
for the identity of Veterans and beneficiaries; current and former 
patients; Veterans Health Administration (VHA), Veterans Benefits 
Administration (VBA) and National Cemetery Administration (NCA) 
beneficiaries; employees; providers; volunteers; trainees; contractors; 
and individuals working collaboratively with VA. These identity 
management services are used across the enterprise and with external 
sharing partners.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The records include information on caregivers; patients; current 
and former VHA, VBA, and NCA beneficiaries;

[[Page 75390]]

employees; providers; volunteers; trainees; contractors; as well as 
individuals working collaboratively with VHA. Also included are 
individuals examined or treated under contract or resource sharing 
agreements; individuals who have applied for 38 U.S.C. ch. 1 benefits, 
but who do not meet the requirements under 38 U.S.C. ch. 1 to receive 
such benefits; individuals who were provided medical care under 
emergency conditions for humanitarian reasons; and pensioned members of 
allied forces provided healthcare services under 38 U.S.C ch. 1.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The records include information related to:
    1. Information used to establish and maintain unique enterprise 
identifiers for VA ICNs and all associated system identifiers and 
related metadata. This information is used to create a unique 
identifier of all persons of interest to VA and all other systems that 
have correlated to the VA MPI.
    2. Identity information such as name, date of birth, birth sex, 
administrative sex, self-identified gender identity, pronoun, preferred 
name, Social Security Number, taxpayer identification number, date of 
death. Other demographic information such as home and/or mailing 
address; home telephone number; emergency contact information such as 
name, address, telephone number, and relationship; and associated audit 
and necessary metadata.
    3. Healthcare providers' Social Security Number and National 
Provider Identifier.

RECORD SOURCE CATEGORIES:
    Information in this system of records is provided by Veterans, VA 
employees, VA Health Eligibility Center, VHA Program Offices, VA 
medical facilities, VISNs, VBA, NCA and the following systems of 
records: Veterans Health Information Systems and Technology 
Architecture (VistA) Records-VA (79VA10), Veterans Affairs Profile-VA 
(VA Profile) (192VA30), and any associated system of record notices 
that is utilizing VA MPI identity management services.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    1. Congress: To a Member of Congress or staff acting upon the 
Member's behalf when the Member or staff requests the information on 
behalf of, and at the request of, the individual who is the subject of 
the record.
    2. National Archives and Records Administration (NARA): To NARA in 
records management inspections conducted under 44 U.S.C. 2904 and 2906, 
or other functions authorized by laws and policies governing NARA 
operations and VA records management responsibilities.
    3. Disclosure may be made to other Government agencies in support 
of data exchanges of electronic medical record information approved by 
the individual.
    4. Law Enforcement: To a Federal, State, local, Territorial, Tribal 
or foreign law enforcement authority or other appropriate entity 
charged with the responsibility of investigating or prosecuting a 
violation or potential violation of law, whether civil, criminal, or 
regulatory in nature, or charged with enforcing or implementing such 
law, provided that the disclosure is limited to information that, 
either alone or in conjunction with other information, indicates such a 
violation or potential violation. The disclosure of the names and 
addresses of Veterans and their dependents from VA records under this 
routine use must also comply with the provisions of 38 U.S.C. 5701.
    5. Department of Justice (DoJ), Litigation, Administrative 
Proceeding: To DoJ, or in a proceeding before a court, adjudicative 
body, or other administrative body before which VA is authorized to 
appear, when:
    (a) VA or any component thereof;
    (b) Any VA employee in their official capacity;
    (c) Any VA employee in their individual capacity where DoJ has 
agreed to represent the employee; or
    (d) The United States, where VA determines that litigation is 
likely to affect the agency or any of its components is a party to such 
proceedings or has an interest in such proceedings, and VA determines 
that use of such records is relevant and necessary to the proceedings.
    6. Contractors: To contractors, grantees, experts, consultants, 
students and others performing or working on a contract, service, 
grant, cooperative agreement or other assignment for VA, when 
reasonably necessary to accomplish an agency function related to the 
records.
    7. Federal Agencies, Fraud and Abuse: To other Federal agencies to 
assist such agencies in preventing and detecting possible fraud or 
abuse by individuals in their operations and programs.
    8. Equal Employment Opportunity Commission (EEOC): To the EEOC in 
connection with investigations of alleged or possible discriminatory 
practices, examination of Federal affirmative employment programs or 
other functions of the Commission as authorized by law.
    9. Federal Labor Relations Authority (FLRA): To the FLRA in 
connection with the investigation and resolution of allegations of 
unfair labor practices, the resolution of exceptions to arbitration 
awards when a question of material fact is raised; matters before the 
Federal Service Impasses Panel; and the investigation of representation 
petitions and the conduct or supervision of representation elections.
    10. Merit Systems Protection Board (MSPB): To the MSPB in 
connection with appeals, special studies of the civil service and other 
merit systems, review of rules and regulations, investigation of 
alleged or possible prohibited personnel practices and such other 
functions promulgated in 5 U.S.C. 1205 and 1206, or as authorized by 
law.
    11. Data Breach Response and Remediation, for Another Federal 
Agency: To another Federal agency or Federal entity, when VA determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing or remedying the risk 
of harm to individuals, the recipient agency or entity (including its 
information systems, programs and operations), the Federal Government, 
or national security, resulting from a suspected or confirmed breach.
    12. Federal Agencies, for Research: VA may disclose information to 
a Federal agency for the conduct of research and data analysis to 
perform a statutory purpose of that Federal agency upon the prior 
written request of that agency, provided that there is legal authority 
under all applicable confidentiality statutes and regulations to 
provide the data and the VHA Office of Informatics has determined prior 
to the disclosure that VHA data handling requirements are satisfied.
    13. Housing and Urban Development (HUD): To HUD for the purpose of 
reducing homelessness among Veterans by implementing the Federal 
strategic plan to prevent and end homelessness as well as by evaluating 
and monitoring the HUD Veterans Affairs Supported Housing program.
    14. Federal Agencies, for Computer Matches: To other Federal 
agencies for the purpose of conducting computer matches to obtain 
information to determine or verify eligibility of veterans receiving VA 
benefits or medical care under title 38.
    15. Non-VA Health Care Providers, for Treatment: To a non-VA 
healthcare

[[Page 75391]]

provider, such as the Department Health and Human Services, for the 
purpose of treating any VA patient, including Veterans.
    16. Governmental Agencies, Health Organizations, for Claimants' 
Benefits: To Federal, State and local government agencies and national 
health organizations as reasonably necessary to assist in the 
development of programs that will be beneficial to claimants, to 
protect their rights under law, and ensure they are receiving all 
benefits to which they are entitled.
    17. Law Enforcement, for Locating Fugitive: To any Federal, State, 
local, Territorial, Tribal, or foreign law enforcement agency in order 
to identify, locate, or report a known fugitive felon, in compliance 
with 38 U.S.C. 5313B(d).
    18. Business Partners, for Collaborative Efforts: To individuals or 
entities with whom VA has a written agreement or arrangement to perform 
such services as VA may deem practical for the purpose of laws 
administered by VA or for identifying and correlating patients.
    19. Data Breach Response and Remediation, for VA: To appropriate 
agencies, entities and persons when (1) VA suspects or has confirmed 
that there has been a breach of the system of records; (2) VA has 
determined that as a result of the suspected or confirmed breach there 
is a risk to individuals, VA (including its information systems, 
programs and operations), the Federal Government, or national security; 
and (3) the disclosure made to such agencies, entities or persons 
reasonably necessary to assist in connection with VA efforts to respond 
to the suspected or confirmed breach or to prevent, minimize or remedy 
such harm.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records in this system are stored electronically.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by identifiers such as full name, Social 
Security Number, date of birth, ICN and other assigned unique 
identifiers of the individuals on whom they are maintained.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    The records are maintained and disposed of in accordance with the 
schedule approved by the Archivist of the United States, General 
Records Schedule 4, item 2.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    1. Access to VA working and storage areas is restricted to VA 
employees on a ``need-to-know'' basis; strict control measures are 
enforced to ensure that disclosure to these individuals is also based 
on this same principle. Generally, VA file areas are locked after 
normal duty hours and the facilities are protected from outside access 
by the Federal Protective Service or other security personnel.
    2. Access to file information is controlled at two levels: the 
systems recognize authorized employees by a series of individually 
unique passwords/codes as a part of each data message, and the 
employees are limited to only that information in the file which is 
needed in the performance of their official duties. Information that is 
downloaded from this system and maintained on personal computers is 
afforded similar storage and access protections as the data that is 
maintained in the original files. Access to information stored on 
automated storage media at other VA locations is controlled by 
individually unique passwords/codes.
    3. Access to the AITC is generally restricted to center employees, 
custodial personnel, Federal Protective Service and other security 
personnel. Access to computer rooms is restricted to authorized 
operational personnel through electronic locking devices. All other 
persons gaining access to computer rooms are escorted. Information 
stored in the computer may be accessed by authorized VA employees at 
remote locations including VA healthcare facilities, Information 
Systems Centers, VA Central Office and Veteran Integrated Service 
Networks. Access is controlled by individually unique passwords/codes 
which must be changed periodically by the employee.
    4. The system is hosted in Amazon Web Services Government Cloud 
infrastructure as a service cloud computing environment that has been 
authorized at the high-impact level under the Federal Risk and 
Authorization Management Program. The secure site-to-site encrypted 
network connection is limited to access via the VA trusted internet 
connection.

RECORD ACCESS PROCEDURES:
    Individuals seeking information on the existence and content of 
records in this system pertaining to them should contact the system 
manager in writing as indicated above, or write, call or visit the VA 
facility location where they are or were employed or made contact. A 
request for access to records must contain the requester's full name, 
address, telephone number, be signed by the requester, and describe the 
records sought in sufficient detail to enable VA personnel to locate 
them with a reasonable amount of effort.

CONTESTING RECORD PROCEDURES:
    Individuals seeking to contest or amend records in this system 
pertaining to them should contact the system manager in writing as 
indicated above, or write, call or visit the VA facility location where 
they are or were employed or made contact. A request to contest or 
amend records must state clearly and concisely what record is being 
contested, the reasons for contesting it, and the proposed amendment to 
the record.

NOTIFICATION PROCEDURES:
    Generalized notice is provided by the publication of this notice. 
For specific notice, see Record Access Procedure, above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None

HISTORY:
    73 FR 72117 (November 26, 2008)

[FR Doc. 2023-24193 Filed 11-1-23; 8:45 am]
BILLING CODE P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>