[Federal Register Volume 78, Number 177 (Thursday, September 12, 2013)]
[Notices]
[Pages 56232-56233]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2013-22148]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of the Secretary

[Document Identifier HHS-OS-20296-30D]


Agency Information Collection Activities; Submission to OMB for 
Review and Approval; Public Comment Request

AGENCY: Office of the Secretary, HHS.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: In compliance with section 3507(a)(1)(D) of the Paperwork 
Reduction Act of 1995, the Office of the Secretary (OS), Department of 
Health and Human Services, has submitted an Information Collection 
Request (ICR), described below, to the Office of Management and Budget 
(OMB) for review and approval. The ICR is for revision of the approved 
information collection assigned OMB control number 0945-0003 scheduled 
to expire on 12/31/2015. Comments submitted during the first public 
review of this ICR will be provided to OMB. OMB will accept further 
comments from the public on this ICR during the review and approval 
period.

DATES: Comments on the ICR must be received on or before October 15, 
2013.

ADDRESSES: Submit your comments to [email protected] or via 
facsimile to (202) 395-5806.

FOR FURTHER INFORMATION CONTACT: Information Collection Clearance 
staff, [email protected] or (202) 690-6162.

SUPPLEMENTARY INFORMATION: When submitting comments or requesting 
information, please include the OMB control number 0945-0003 and 
document identifier HHS-OS-20296-30D for reference.
    Information Collection Request Title: Standards for Privacy of 
Individually Identifiable Health Information, Security Standards for 
the Protection of Electronic Protected Health Information, and 
Supporting Regulations Contained in 45 CFR Parts 160 and 164
    OMB No.: 0945-0003.
    Abstract: The Office for Civil Rights (OCR) is notifying the public 
of revisions to a previously approved OCR data collection. The 
revisions reflect certain regulatory modifications to the HIPAA Privacy 
and Security Rules, pursuant to the Health Information for Economic and 
Clinical Health (HITECH) Act and the Genetic Information 
Nondiscrimination Act (GINA), that were finalized in the Omnibus HIPAA 
Final Rule published on January 25, 2013 (78 FR 5566). These 
modifications strengthen privacy and security protections for 
individually identifiable health information used or disclosed by 
business associates and enhance the rights of individuals with respect 
to their identifiable health information.
    Need and Proposed Use of the Information: The information 
collection addresses HIPAA requirements related to the use, disclosure, 
and safeguarding of individually identifiable health information by 
covered entities affected by the HIPAA Rules. The information is 
routinely used by covered entities and business associates for 
treatment, payment, and health care operations. In addition, the 
information is used for specified public policy purposes, including 
research, public health, and as required by other laws. The Privacy 
Rule also ensures that the individuals are able to exercise certain 
rights with respect to their information, including the rights to 
access and seek amendments to their health records and to receive a 
Notice of Privacy Practices (NPP) from their direct treatment providers 
and health plans.
    Likely Respondents: Respondents include HIPAA covered entities and 
their business associates, as well as members of the public.
    Burden Statement: Burden in this context means the time expended by 
persons to generate, maintain, retain, disclose or provide the 
information requested. This includes the time needed to review 
instructions, to develop, acquire, install and utilize technology and 
systems for the purpose of collecting, validating and verifying 
information, processing and maintaining information, and disclosing and 
providing information, to train personnel and to be able to respond to 
a collection of information, to search data sources, to complete and 
review the collection of information, and to transmit or otherwise 
disclose the information. The total annual burden hours estimated for 
this ICR are summarized in the tables below.

                                    Total Estimated Annualized Burden--Hours
                                  [New burdens associated with the final rule]
----------------------------------------------------------------------------------------------------------------
                                                                  Average number  Average burden
            Section                  Type of         Number of     of responses      hours per     Total burden
                                   respondent       respondents   per respondent     response          hours
----------------------------------------------------------------------------------------------------------------
164.316.......................  Documentation of         300,000               1           70/60         350,000
                                 Security Rule
                                 Policies and
                                 Procedures and
                                 Administrative
                                 Safeguards
                                 (business
                                 associates).
164.504.......................  Business                375,000*               1           20/60         125,000
                                 Associates
                                 Needing to
                                 Establish or
                                 Modify Business
                                 Associate
                                 Agreements with
                                 Subcontractors.
164.520.......................  Revision of                1,500               1            .111             167
                                 Notice of
                                 Privacy
                                 Practices for
                                 Protected
                                 Health
                                 Information
                                 (drafting
                                 revised
                                 language)
                                 (health plans).

[[Page 56233]]

 
164.520.......................  Dissemination of      20,000,000               1       .00333335          66,667
                                 Notice of
                                 Privacy
                                 Practices for
                                 Protected
                                 Health
                                 Information
                                 (health plans).
164.520.......................  Revision of              697,000               1          .11111          77,444
                                 Notice of
                                 Privacy
                                 Practices
                                 (providers).
                                                 ---------------------------------------------------------------
    Total.....................  ................  ..............  ..............  ..............         619,278
----------------------------------------------------------------------------------------------------------------


                               Ongoing Annual Burdens of Compliance With the Rules
----------------------------------------------------------------------------------------------------------------
                                                                     Number of        Average
          Section            Type of respondent      Number of     responses per   burden hours    Total burden
                                                    respondents     respondent     per response        hours
----------------------------------------------------------------------------------------------------------------
160.204...................  Process for                        1               1              16              16
                             Requesting
                             Exception
                             Determinations
                             (states or persons).
164.504...................  Uses and                     700,000               1            5/60          58,333
                             Disclosures--Organi
                             zational
                             Requirements.
164.508...................  Uses and Disclosures         700,000               1               1         700,000
                             for Which
                             Individual
                             authorization is
                             required.
164.512...................  Uses and Disclosures         113,524               1            5/60           9,460
                             for Research
                             Purposes.
164.520...................  Notice of Privacy        100,000,000               1            0.25          416667
                             Practices for
                             Protected Health
                             Information (health
                             plans--periodic
                             distribution of
                             NPPs by paper mail).
164.520...................  Notice of Privacy        100,000,000               1           0.167          278333
                             Practices for
                             Protected Health
                             Information (health
                             plans--periodic
                             distribution of
                             NPPs by electronic
                             mail).
164.520...................  Notice of Privacy        613,000,000               1            3/60      30,650,000
                             Practices for
                             Protected Health
                             Information (health
                             care providers--
                             dissemination and
                             acknowledgement).
164.522...................  Rights to Request            150,000               1            3/60           7,500
                             Privacy Protection
                             for Protected
                             Health Information.
164.524...................  Access of                    150,000               1            3/60           7,500
                             Individuals to
                             Protected Health
                             Information
                             (disclosures).
164.526...................  Amendment of                 150,000               1            3/60           7,500
                             Protected Health
                             Information
                             (requests).
164.526...................  Amendment of                  50,000               1            3/60           2,500
                             Protected Health
                             Information
                             (denials).
164.528...................  Accounting for                70,000               1            3/60           5,833
                             Disclosures of
                             Protected Health
                             Information.
                                                 ---------------------------------------------------------------
    Total.................  ....................  ..............  ..............  ..............      32,143,642
----------------------------------------------------------------------------------------------------------------

    Total Hours: 32,762,920.

Darius Taylor,
Deputy Information Collection Clearance Officer.
[FR Doc. 2013-22148 Filed 9-11-13; 8:45 am]
BILLING CODE 4153-01-P