Office of the Secretary, HHS.
In compliance with section 3507(a)(1)(D) of the Paperwork Reduction Act of 1995, the Office of the Secretary (OS), Department of Health and Human Services, has submitted an Information Collection Request (ICR), described below, to the Office of Management and Budget (OMB) for review and approval. The ICR is for revision of the approved information collection assigned OMB control number 0945-0003 scheduled to expire on 12/31/2015. Comments submitted during the first public review of this ICR will be provided to OMB. OMB will accept further comments from the public on this ICR during the review and approval period.
Comments on the ICR must be received on or before October 15, 2013.
Submit your comments to OIRA_submission@omb.eop.gov or via facsimile to (202) 395-5806.
Start Further Info
FOR FURTHER INFORMATION CONTACT:
Information Collection Clearance staff, Information.CollectionClearance@hhs.gov or (202) 690-6162.
End Further Info
Start Supplemental Information
When submitting comments or requesting information, please include the OMB control number 0945-0003 and document identifier HHS-OS-20296-30D for reference.
Information Collection Request Title: Standards for Privacy of Individually Identifiable Health Information, Security Standards for the Protection of Electronic Protected Health Information, and Supporting Regulations Contained in 45 CFR Parts 160 and 164
OMB No.: 0945-0003.
Abstract: The Office for Civil Rights (OCR) is notifying the public of revisions to a previously approved OCR data collection. The revisions reflect certain regulatory modifications to the HIPAA Privacy and Security Rules, pursuant to the Health Information for Economic and Clinical Health (HITECH) Act and the Genetic Information Nondiscrimination Act (GINA), that were finalized in the Omnibus HIPAA Final Rule published on January 25, 2013 (78 FR 5566). These modifications strengthen privacy and security protections for individually identifiable health information used or disclosed by business associates and enhance the rights of individuals with respect to their identifiable health information.
Need and Proposed Use of the Information: The information collection addresses HIPAA requirements related to the use, disclosure, and safeguarding of individually identifiable health information by covered entities affected by the HIPAA Rules. The information is routinely used by covered entities and business associates for treatment, payment, and health care operations. In addition, the information is used for specified public policy purposes, including research, public health, and as required by other laws. The Privacy Rule also ensures that the individuals are able to exercise certain rights with respect to their information, including the rights to access and seek amendments to their health records and to receive a Notice of Privacy Practices (NPP) from their direct treatment providers and health plans.
Likely Respondents: Respondents include HIPAA covered entities and their business associates, as well as members of the public.
Burden Statement: Burden in this context means the time expended by persons to generate, maintain, retain, disclose or provide the information requested. This includes the time needed to review instructions, to develop, acquire, install and utilize technology and systems for the purpose of collecting, validating and verifying information, processing and maintaining information, and disclosing and providing information, to train personnel and to be able to respond to a collection of information, to search data sources, to complete and review the collection of information, and to transmit or otherwise disclose the information. The total annual burden hours estimated for this ICR are summarized in the tables below.
Total Estimated Annualized Burden—Hours
[New burdens associated with the final rule]
|Section||Type of respondent||Number of respondents||Average number of
responses per respondent||Average burden hours
response||Total burden hours|
|164.316||Documentation of Security Rule Policies and Procedures and Administrative Safeguards (business associates)||300,000||1||70/60||350,000|
|164.504||Business Associates Needing to Establish or Modify Business Associate Agreements with Subcontractors||375,000*||1||20/60||125,000|
|164.520||Revision of Notice of Privacy Practices for Protected Health Information (drafting revised language) (health plans)||1,500||1||.111||167|
|Start Printed Page 56233|
|164.520||Dissemination of Notice of Privacy Practices for Protected Health Information (health plans)||20,000,000||1||.00333335||66,667|
|164.520||Revision of Notice of Privacy Practices (providers)||697,000||1||.11111||77,444|
Ongoing Annual Burdens of Compliance With the Rules
|Section||Type of respondent||Number of respondents||Number of responses per
respondent||Average burden hours
per response||Total burden hours|
|160.204||Process for Requesting Exception Determinations (states or persons)||1||1||16||16|
|164.504||Uses and Disclosures—Organizational Requirements||700,000||1||5/60||58,333|
|164.508||Uses and Disclosures for Which Individual authorization is required||700,000||1||1||700,000|
|164.512||Uses and Disclosures for Research Purposes||113,524||1||5/60||9,460|
|164.520||Notice of Privacy Practices for Protected Health Information (health plans—periodic distribution of NPPs by paper mail)||100,000,000||1||0.25||416667|
|164.520||Notice of Privacy Practices for Protected Health Information (health plans—periodic distribution of NPPs by electronic mail)||100,000,000||1||0.167||278333|
|164.520||Notice of Privacy Practices for Protected Health Information (health care providers—dissemination and acknowledgement)||613,000,000||1||3/60||30,650,000|
|164.522||Rights to Request Privacy Protection for Protected Health Information||150,000||1||3/60||7,500|
|164.524||Access of Individuals to Protected Health Information (disclosures)||150,000||1||3/60||7,500|
|164.526||Amendment of Protected Health Information (requests)||150,000||1||3/60||7,500|
|164.526||Amendment of Protected Health Information (denials)||50,000||1||3/60||2,500|
|164.528||Accounting for Disclosures of Protected Health Information||70,000||1||3/60||5,833|
Total Hours: 32,762,920.
End Supplemental Information
Deputy Information Collection Clearance Officer.
[FR Doc. 2013-22148 Filed 9-11-13; 8:45 am]
BILLING CODE 4153-01-P