VA Form 10-0400a: CPRS Read Only Rules for VSOs

VA Form 10-0400a: CPRS Read Only Rules for VSOsVeterans Service Organizations (VSOs) play a vital role in helping U.S. veterans navigate VA benefits and healthcare. Access to the Computer Patient Record System (CPRS) in read-only mode allows accredited VSO representatives to review medical records securely to better assist veterans with claims. VA Form 10-0400a outlines the mandatory Rules of Behavior for this access.

This article explains the form, its requirements, why it matters, and how to comply, based on official VA sources.

What Is VA Form 10-0400a?

VA Form 10-0400a is titled “Computer Patient Record System (CPRS) Read Only Rules of Behavior for Veterans Service Organization (VSO).” It is a security agreement that accredited representatives of VA-recognized VSOs must sign to gain read-only access to veterans’ electronic health records in CPRS.

The form establishes strict rules for handling sensitive patient information, ensuring compliance with federal laws, VA directives, and privacy protections like HIPAA. It applies specifically to read-only access, meaning users can view but not modify records.

Download the official form here: VA Form 10-0400a PDF.

Purpose of CPRS Read-Only Access for VSOs

CPRS is VA’s legacy electronic health record system used to document patient care, lab results, medications, and clinical notes. Read-only access for VSO representatives enables them to:

  • Review a veteran’s medical history to support disability claims.
  • Gather evidence for appeals or benefits applications.
  • Assist veterans more effectively while maintaining strict confidentiality.

Access is granted only for veterans where the VSO holds a valid Power of Attorney (POA). It is paired with VA Form 10-0400 for the initial access request.

This capability improves representation efficiency while protecting veteran privacy under federal regulations.

Key Rules of Behavior in VA Form 10-0400a

The form requires representatives to agree to several core obligations:

  • Use for Official Duties Only: Access veterans’ individually-identifiable health information solely for assigned duties related to POA-held cases.
  • Protect Confidentiality: Safeguard sensitive information from unauthorized disclosure. This obligation continues even after access ends or VSO involvement terminates.
  • Password and Security: Never share passwords, access codes, or electronic signature codes. Users are accountable for all activity under their credentials.
  • Notify on POA Changes: Immediately inform the Chief, Health Information Management if a Power of Attorney expires or is no longer valid.
  • Report Incidents: Report any security incidents or vulnerabilities to the VHA Information Security Officer (ISO).
  • Compliance with Laws: Follow all VA/VHA policies, federal regulations (including 38 CFR §14.633), and copyright rules. Personal use of government equipment must align with local policies.

The form also references completing the VA Cyber Security Awareness Course and attaching the certificate.

Consequences of Non-Compliance

Violations can lead to serious repercussions, including:

  • Suspension or termination of access privileges.
  • Termination of accreditation.
  • Civil and criminal penalties under federal law.

VA emphasizes ethical judgment beyond the written rules, as access involves protected health information.

How VSO Representatives Can Obtain CPRS Read-Only Access

  1. Accreditation: Ensure you are an accredited representative of a VA-recognized VSO.
  2. Complete Forms: Fill out VA Form 10-0400 (request) and VA Form 10-0400a (rules of behavior) for each veteran with valid POA.
  3. Training: Complete required security and privacy training (e.g., VA Cyber Security Awareness).
  4. Submit: Send forms to the local VA facility’s Chief, Health Information Management or designated ISO, along with supporting documentation like POA.
  5. Additional Systems: Note that separate processes may apply for systems like CAPRI for broader EHR access.

Contact your local VA Regional Office or VSO for guidance on PIV cards, TMS accounts, and submission procedures.

Benefits for Veterans and VSOs

This read-only access streamlines claims assistance, reduces paperwork delays, and enables more informed advocacy. It supports veterans in receiving timely benefits while upholding the highest standards of data security. VSOs using these tools can provide superior service compared to those without electronic access.

Best Practices for Compliance

  • Always verify POA before accessing records.
  • Use secure VA systems and avoid discussing protected information in unsecured channels.
  • Stay current with annual training and policy updates.
  • Report any suspected breaches immediately.

For the latest information, visit official VA resources and consult accredited VSOs.

Ready to proceed? Download VA Form 10-0400a here: Official VA Form 10-0400a PDF.

Veterans seeking representation should contact a VA-accredited VSO representative near them for assistance with claims and record access. This form and process reflect VA’s commitment to secure, effective support for America’s veterans.