[Federal Register Volume 87, Number 197 (Thursday, October 13, 2022)] [Notices] [Pages 62107-62109] From the Federal Register Online via the Government Publishing Office [www.gpo.gov] [FR Doc No: 2022-22204] ----------------------------------------------------------------------- DEPARTMENT OF HEALTH AND HUMAN SERVICES [Document Identifier: OS-0945-0003-60D] Agency Information Collection Request; 60-Day Public Comment Request AGENCY: Office of the Secretary, HHS. ACTION: Notice. ----------------------------------------------------------------------- SUMMARY: In compliance with the requirement of the Paperwork Reduction Act of 1995, the Office of the Secretary (OS), Department of Health [[Page 62108]] and Human Services, is publishing the following summary of a proposed collection for public comment. DATES: Comments on the ICR must be received on or before December 12, 2022. ADDRESSES: Submit your comments to [email protected] or by calling (202) 264-0041. FOR FURTHER INFORMATION CONTACT: When submitting comments or requesting information, please include the document identifier OS-0945-0003-60D and project title for reference, to Sherrette A. Funn, email: [email protected], or call (202) 264-0041 the Reports Clearance Officer. SUPPLEMENTARY INFORMATION: Interested persons are invited to send comments regarding this burden estimate or any other aspect of this collection of information, including any of the following subjects: (1) The necessity and utility of the proposed information collection for the proper performance of the agency's functions; (2) the accuracy of the estimated burden; (3) ways to enhance the quality, utility, and clarity of the information to be collected; and (4) the use of automated collection techniques or other forms of information technology to minimize the information collection burden. Title of the Collection: HIPAA Privacy, Security, and Breach Notification Rules, and Supporting Regulations Contained in 45 CFR parts 160 and 164. Type of Collection: Extension. OMB No. 0945-0003: Office for Civil Rights (OCR)--Health Information Privacy Division. Abstract: Office for Civil Rights (OCR) requests approval to extend this existing, approved collection without changing any collection requirements. In 2021, OCR published a Notice of Proposed Rulemaking (NPRM) proposing modifications to the HIPAA Rules that would affect the hourly burdens associated with the HIPAA Rules. 86 FR 6446. OCR is reviewing public comment received on the NPRM about existing burdens associated with compliance with the HIPAA Rules, available at https://www.reginfo.gov/public/do/PRAViewICR?ref_nbr=202011-0945-001, and on changes in burden that could result from the modifications proposed in the NPRM. OCR will update this ICR to reflect the input we receive on this notice and through the rulemaking process. Likely Respondents: HIPAA covered entities, business associates, individuals, and professional and trade associations of covered entities and business associates. Annualized Burden Hour Table -------------------------------------------------------------------------------------------------------------------------------------------------------- Number of Average burden Section Type of respondent Number of responses per hours per Total burden respondents respondent response [1] hours -------------------------------------------------------------------------------------------------------------------------------------------------------- 160.204................................ Process for Requesting Exception 1 1 16 16 Determinations (states or persons). 164.308................................ Risk Analysis--Documentation [2]... 1,700,000 1 10 17,000,000 164.308................................ Information System Activity Review-- 1,700,000 12 0.75 15,300,000 Documentation. 164.308................................ Security Reminders--Periodic 1,700,000 12 1 20,400,000 Updates. 164.308................................ Security Incidents (other than 1,700,000 52 5 442,000,000 breaches)--Documentation. 164.308................................ Contingency Plan--Testing and 1,700,000 1 8 13,600,000 Revision. 164.308................................ Contingency Plan--Criticality 1,700,000 1 4 6,800,000 Analysis. 164.310................................ Maintenance Records................ 1,700,000 12 6 122,400,000 164.314................................ Security Incidents--Business 1,000,000 12 20 240,000,000 Associate reporting of incidents (other than breach) to Covered Entities. 164.316................................ Documentation--Review and Update 1,700,000 1 6 10,200,000 [3]. 164.404................................ Individual Notice--Written and 58,482 1 0.5 29,241 Email Notice (drafting) [4]. 164.404................................ Individual Notice--Written and 58,482 1 0.5 29,241 Email Notice (preparing and documenting notification). 164.404................................ Individual Notice--Written and 58,482 1,941 0.008 908,108 Email Notice (processing and sending) [5]. 164.404................................ Individual Notice--Substitute 2,746 1 1 2,746 Notice (posting or publishing) [6]. 164.404................................ Individual Notice--Substitute 2,746 1 3.42 9,391 Notice (staffing toll-free number) [7]. 164.404................................ Individual Notice--Substitute 113,264 1 0.125 14,158 Notice (individuals' voluntary burden to call toll-free number for information) [8], [9]. 164.406................................ Media Notice [10].................. 267 1 1.25 334 164.408................................ Notice to Secretary (notice for 267 1 1.25 334 breaches affecting 500 or more individuals). 164.408................................ Notice to Secretary (notice for 58,215 1 1 58,215 breaches affecting fewer than 500 individuals) [11]. 164.410................................ Business Associate notice to 20 1 50 1,000 Covered Entity--500 or more individuals affected. 164.410................................ Business Associate notice to 1,165 1 8 9,320 Covered Entity--Less than 500 individuals affected. 164.414................................ 500 or More Affected Individuals 267 1 50 13,350 (investigating and documenting breach). 164.414................................ Less than 500 Affected Individuals 2,479 1 8 19,832 (investigating and documenting breach)--affecting 10-499. 164.414................................ Less than 500 Affected Individuals 55,736 1 4 222,944 (investigating and documenting breach)--affecting <10. [[Page 62109]] 164.504................................ Uses and Disclosures-- 700,000 1 0.083333333 58,333 Organizational Requirements. 164.508................................ Uses and Disclosures for Which 700,000 1 1 700,000 Individual authorization is required. 164.512................................ Uses and Disclosures for Research 113,524 1 0.083333333 9,460 Purposes [12]. 164.520................................ Notice of Privacy Practices for 100,000,000 1 0.004166667 416,667 Protected Health Information (health plans--periodic distribution of NPPs by paper mail) [13], [18]. 164.520................................ Notice of Privacy Practices for 100,000,000 1 0.002783333 278,333 Protected Health Information (health plans--periodic distribution of NPPs by electronic mail) [19]. 164.520................................ Notice of Privacy Practices for 613,000,000 1 0.05 30,650,000 Protected Health Information (health care providers-- dissemination and acknowledgement) [14]. 164.522................................ Rights to Request Privacy 20,000 1 0.05 1,000 Protection for Protected Health Information [15]. 164.524................................ Access of Individuals to Protected 200,000 1 0.05 10,000 Health Information (disclosures) [16]. 164.526................................ Amendment of Protected Health 150,000 1 0.083333333 12,500 Information (requests). 164.526................................ Amendment of Protected Health 50,000 1 0.083333333 4,167 Information (denials). 164.528................................ Accounting for Disclosures of 5,000 1 0.05 250 Protected Health Information [17]. --------------------------------------------------------------------------- Total.............................. ................. 2,070 ................. 921,158,940 -------------------------------------------------------------------------------------------------------------------------------------------------------- Sherrette A. Funn, Paperwork Reduction Act Reports Clearance Officer, Office of the Secretary. [FR Doc. 2022-22204 Filed 10-12-22; 8:45 am] BILLING CODE 4150-28-P