FR 2021-01541

The Department of Veterans Affairs (VA) has announced a significant update to its system of records called "The Revenue Program-Billing and Collections Records-VA." This update is being conducted to ensure compliance with the Privacy Act of 1974. These changes will affect various aspects of the system, such as system numbers, locations, purposes, and notably, categories of individuals covered by the system. Furthermore, these updates involve new procedures for storing records electronically, with data being stored at secure locations like Amazon Web Services and Cerner Technology Centers. These updates aim to improve efficiency and the protection of veterans' information, which is crucial for maintaining trust in the VA's record-keeping practices. The public is invited to comment on these changes, with a February 24, 2021 deadline for submissions.

Significant Issues and Concerns

One of the primary concerns emerging from this document is how the VA will secure electronic records stored at contractor facilities. The document lacks specificity regarding the management and monitoring of data access to prevent potential breaches. Additionally, while the use of Amazon Web Services (AWS) is highlighted, there is insufficient detail outlining how data security will be managed within the AWS GovCloud environment. This could raise apprehensions about the VA's ability to guarantee data safety effectively.

Another issue is the complexity and technical nature of the document, particularly in sections regarding legal and procedural safeguards. This complexity might pose challenges for a general audience in thoroughly understanding the content. There is also a dense list of routine uses and categories of individuals covered which could lead to confusion. Simplifying these elements or providing a concise summary of key points could enhance public comprehension.

The effectiveness of the described security measures remains unquantified, as the document does not outline how these safeguards are assessed or evaluated for efficacy. This lack of clarity could undermine confidence in the VA's commitment to protecting sensitive information. Furthermore, the document does not mention any specific auditing or oversight mechanisms, raising concerns about accountability and adherence to the Privacy Act of 1974.

Impact on the Public and Stakeholders

Broadly, the impact on the public includes enhanced awareness and potential reassurance regarding the VA’s ongoing efforts to secure and manage veterans' information. By updating the system to comply with contemporary privacy standards, the VA strives to maintain public trust and improve the efficiency of its services.

For specific stakeholders, including veterans and their families, these changes could have both positive and negative impacts. Positively, the updates could lead to more efficient billing and collections processes, potentially resulting in faster and more accurate handling of claims and payments. On the negative side, without adequate explanations and assurances regarding data security, stakeholders might experience increased concerns about the privacy of their sensitive information.

Moreover, healthcare providers and contracted facilities, stakeholders in these records, may face adjustments to meet the new procedural requirements, which can have operational and financial implications. Ensuring that these entities have the necessary infrastructure to comply with these updates is vital for a smooth transition.

Overall, while the VA's intended updates aim to enhance the management of sensitive records, there remain pertinent concerns surrounding data security, complexity of communication, and accountability that stakeholders and the public may wish to focus on during the comment period.