[Federal Register Volume 84, Number 139 (Friday, July 19, 2019)]
[Notices]
[Pages 34905-34907]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-15323]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
[Document Identifier: OS-0945-0003-60D]
Agency Information Collection Request. 60-Day Public Comment
Request
AGENCY: Office of the Secretary, HHS.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: In compliance with the requirement of the Paperwork Reduction
Act of 1995, the Office of the Secretary (OS), Department of Health and
Human Services, is publishing the following summary of a proposed
collection for public comment.
DATES: Comments on the ICR must be received on or before September 17,
2019.
ADDRESSES: Submit your comments to [email protected] or by calling
(202) 795-7714.
FOR FURTHER INFORMATION CONTACT: When submitting comments or requesting
information, please include the document identifier 0945-0003-60D, and
project title for reference, to Sherrette Funn, the Reports Clearance
Officer, [email protected], or call 202-795-7714.
SUPPLEMENTARY INFORMATION: Interested persons are invited to send
comments regarding this burden estimate or any other aspect of this
collection of information, including any of the following subjects: (1)
The necessity and utility of the proposed information collection for
the proper performance of the agency's functions; (2) the accuracy of
the estimated burden; (3) ways to enhance the quality, utility, and
clarity of the information to be collected; and (4) the use of
automated collection techniques or other forms of information
technology to minimize the information collection burden.
Title of the Collection: HIPAA Privacy, Security, and Breach
Notification Rules, and Supporting Regulations Contained in 45 CFR
parts 160 and 164.
Type of Collection: Extension.
OMB No. 0945-0003: Office for Civil Rights (OCR)--Health
Information Privacy Division.
Abstract: Office for Civil Rights (OCR) requests approval to extend
this existing, approved collection without changing any collecting
requirements while OCR obtains public comment through a Notice of
Proposed Rulemaking (NPRM) proposing modifications to the HIPAA Rules
that will affect the hourly burdens associated with the Rules. When the
NPRM is published, we expect to receive robust public comment on
existing burdens associated with compliance with the HIPAA Rules and on
changes in burden that could result from the modifications proposed in
the NPRM. OCR will update this ICR to reflect the input we receive on
this notice and through the rulemaking process.
Likely Respondents: HIPAA covered entities, business associates,
individuals, and professional and trade associations of covered
entities and business associates.
Estimated Annualized Burden Hour Table
----------------------------------------------------------------------------------------------------------------
Number of
Forms (if necessary) Respondents (if Number of responses per Average burden Total burden
necessary) respondents respondents per response hours
----------------------------------------------------------------------------------------------------------------
45 CFR 160.204: Process for A state's chief 1 1 16 16
Requesting Exception elected
Determinations (states or official or
persons). designee.
45 CFR 164.308: Risk Analysis-- Covered 1,700,000 1 10 17,000,000
Documentation. entities;
business
associates.
45 CFR 164.308: Information Covered 1,700,000 12 0.75 15,300,000
System Activity Review-- entities;
Documentation. business
associates.
45 CFR 164.308: Security Covered 1,700,000 12 1 20,400,000
Reminders--Periodic Updates. entities;
business
associates.
45 CFR 164.308: Security Covered 1,700,000 52 5 442,000,000
Incidents (other than entities;
breaches)--Documentation. business
associates.
45 CFR 164.308: Contingency Covered 1,700,000 1 8 13,600,000
Plan--Testing and Revision. entities;
business
associates.
45 CFR 164.308: Contingency Covered 1,700,000 1 4 6,800,000
Plan--Criticality Analysis. entities;
business
associates.
45 CFR 164.310: Maintenance Covered 1,700,000 12 6 122,400,000
Records. entities;
business
associates.
45 CFR 164.314: Security Business 1,000,000 12 20 240,000,000
Incidents--Business Associate associates.
reporting of incidents (other
than breach) to Covered
Entities.
45 CFR 164.316: Documentation-- Covered 1,700,000 1 6 10,200,000
Review and Update. entities;
business
associates.
45 CFR 164.404: Individual Covered entities 58,481 1 0.5 29,241
Notice--Written and E-mail
Notice (drafting).
45 CFR 164.404: Individual Covered entities 58,481 1 0.5 29,241
Notice--Written and E-mail
Notice (preparing and
documenting notification).
45 CFR 164.404: Individual Covered entities 58,481 353 0.008 165,150
Notice--Written and E-mail
Notice (processing and
sending).
45 CFR 164.404: Individual Covered entities 2,746 1 1 2,746
Notice--Substitute Notice
(posting or publishing).
45 CFR 164.404: Individual Covered entities 2,746 1 5.75 15,790
Notice--Substitute Notice
(staffing toll-free number).
[[Page 34906]]
45 CFR 164.404: Individual Covered entities 11,326,440 1 0.125 1,415,805
Notice--Substitute Notice
(individuals' voluntary
burden to call toll-free
number for information).
45 CFR 164.406: Media Notice.. Covered entities 267 1 1.25 334
45 CFR 164.408: Notice to Covered entities 267 1 1.25 334
Secretary (notice for
breaches affecting 500 or
more individuals).
45 CFR 164.408: Notice to Covered entities 58,215 1 1 58,215
Secretary (notice for
breaches affecting <500
individuals).
45 CFR 164.410: Business Business 20 1 50 1,000
associate notice to covered associates.
entity--500 or more Affected
Individuals.
45 CFR 164.410: Business Business 1,165 1 8 9,320
associate notice to covered associates.
entity--Less than 500
Affected Individuals.
45 CFR 164.414: 500 or More Covered entities 267 1 50 13,350
Affected Individuals
(investigating and
documenting breach).
45 CFR 164.414: Less than 500 Covered entities 2,479 1 8 19,832
Affected Individuals
(investigating and
documenting breach)--
affecting 10-499.
45 CFR 164.414: Less than 500 Covered entities 55,736 1 4 222,944
Affected Individuals
(investigating and
documenting breach)--
affecting <10.
45 CFR 164.504: Uses and Covered entities 700,000 1 0.083333333 58,333
Disclosures--Organizational
Requirements.
45 CFR 164.508: Uses and Covered entities 700,000 1 1 700,000
Disclosures for Which
Individual authorization is
required.
45 CFR 164.512: Uses and Covered entities 113,524 1 0.083333333 9,460
Disclosures for Research
Purposes.
45 CFR 164.520: Notice of Covered 100,000,000 1 0.004166667 416,667
Privacy Practices for entities--healt
Protected Health Information h plans.
(health plans--periodic
distribution of NPPs by paper
mail).
45 CFR 164.520: Notice of Covered 100,000,000 1 0.002783333 278,333
Privacy Practices for entities--healt
Protected Health Information h plans.
(health plans--periodic
distribution of NPPs by
electronic mail).
45 CFR 164.520: Notice of Covered 613,000,000 1 0.5 30,650,000
Privacy Practices for entities--healt
Protected Health Information h care
(health care providers-- providers.
dissemination and
acknowledgement).
45 CFR 164.522: Rights to Covered 20,000 1 0.5 1,000
Request Privacy Protection entities--healt
for Protected Health h care
Information. providers,
health plans.
45 CFR 164.524: Access of Covered 200,000 1 0.5 10,000
Individuals to Protected entities--healt
Health Information h care
(disclosures). providers,
health plans,
clearinghouses.
45 CFR 164.526: Amendment of Covered 150,000 1 0.083333333 12,500
Protected Health Information entities--healt
(requests). h care
providers,
health plans,
clearinghouses.
45 CFR 164.526: Amendment of Covered 50,000 1 0.083333333 4,167
Protected Health Information entities--healt
(denials). h care
providers,
health plans,
clearinghouses.
45 CFR 164.528: Accounting for Covered 5,000 1 0.05 250
Disclosures of Protected entities--healt
Health Information. h care
providers,
health plans,
clearinghouses.
---------------------------------------------------------------
Total................... ................ .............. .............. .............. 921,824,027
----------------------------------------------------------------------------------------------------------------
[[Page 34907]]
Terry Clark,
Office of the Secretary, Paperwork Reduction Act Reports Clearance
Officer.
[FR Doc. 2019-15323 Filed 7-18-19; 8:45 am]
BILLING CODE 4150-28-P