(f) ensure that data requests from companies outside HAV meet the VHA data protection criteria and meet legal data protection obligations. 1. PURPOSE: This Veterans Health Administration (VHA) Directive establishes guidelines for authorizing and providing authorized users with access to personally identifiable information (PII) in computer systems (IT) of the Department of Veterans Affairs (VA). HAV-operated computer systems are owned and generally managed by the VA Office of Information and Technology (ILO), while data managed in computer systems is owned by VHA. This directive establishes the directive that requires VHA to be licensed as a data owner and, if necessary, to allow authorized users to access VHA III in DEI systems. AUTHORITY: Title 5 United States Code (U.S.C.) 552a (e) (10); 45 parts CFR 160 and 164; and 38 CFR 14.626-14.637.c. For the purposes of this directive, a data owner is an official of the public authority with legal or operational authority over certain information and responsible for the establishment, collection, maintenance, processing, dissemination or disposal of data. A data owner or designer is also an Agency official who has been identified as responsible for the use or disclosure of HAV data in a DE-IT system. These responsibilities can extend to interconnected systems or interconnected system groups. As established by the Office of General Counsel (OGC), the official owner of the data within the VHA is the Under Secretary for Health. It is HAV`s practice to delegate responsibility and responsibility for business functions and data associated with these functions to certain VHA program offices. Identifying a data holder should normally begin with the program office that sponsored the creation of the data.

c. Director of Health Safety Requirements. The Director of Health Care Safety Requirements is responsible for verifying whether agreements for the use of PII VHA with entities outside HAV or in-house, as provided for in the VHA Directive, are consistent with federal safety law and HAV and HAV safety guidelines. NOTE: This directive does not deny existing authorities that allow a VHA or VHA office to use or obtain HAV-PIIs. This directive and manual VHA 1080.01 are the only ones to describe the requirements for guidelines and processes for access to VHA PII in IED systems. This directive does not cover HAV-PIIs contained in medical devices or on paper. (g) check whether data requests from av researchers meet the VHA data protection criteria when the AV or VHA directive requires a data protection check. 3. CONNEXES PROBLEMS: VHA Manual 1080.01, data usage agreements. g. special users. An authorized user whose needs require specific access to the PII VHA or PHI, for example.

B wide access to electronic medical records beyond the local level (for example.B. national access to the interchange of clearing and registration of guest rooms (CAPRI)) or at a very discreet and highly controlled individual level. A special user can, but is not necessarily a VA employee. Individual users may include the VHA Office of Quality and Safety, VA OGC, VA Office of the Inspector General (OIG), DoD and VSOs, but are not limited to this. Special users are managed nationally by the VHA National Data Systems (NDS), Health Information Access (HIA) Program. NOTE: Local access is not considered a particular user access. (a) The Us Data Protection Act 1974. C 552a (e) (10) states that “agencies must take appropriate administrative, technical and physical security measures to ensure the security and confidentiality of recordings and protect against anticipated threats or risks to their safety or integrity that could result in significant damage, embarrassment, inconvenience or injustice to anyone on whom information is kept”