Notice2023-01196
Agency Information Collection Request. 30-Day Public Comment Request
Primary source
Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.
Published
January 23, 2023
Issuing agencies
Health and Human Services Department
Abstract
In compliance with the requirement of the Paperwork Reduction Act of 1995, the Office of the Secretary (OS), Department of Health and Human Services, is publishing the following summary of a proposed collection for public comment.
Full Text
<html>
<head>
<title>Federal Register, Volume 88 Issue 14 (Monday, January 23, 2023)</title>
</head>
<body><pre>
[Federal Register Volume 88, Number 14 (Monday, January 23, 2023)]
[Notices]
[Pages 3997-3999]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2023-01196]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
[Document Identifier OS-0945-0003]
Agency Information Collection Request. 30-Day Public Comment
Request
AGENCY: Office of the Secretary, HHS.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: In compliance with the requirement of the Paperwork Reduction
Act of 1995, the Office of the Secretary (OS), Department of Health and
Human Services, is publishing the following summary of a proposed
collection for public comment.
DATES: Comments on the ICR must be received on or before February 22,
2023.
ADDRESSES: Written comments and recommendations for the proposed
information collection should be sent within 30 days of publication of
this notice to <a href="http://www.reginfo.gov/public/do/PRAMain">www.reginfo.gov/public/do/PRAMain</a>. Find this particular
information collection by selecting ``Currently under 30-day Review--
Open for Public Comments'' or by using the search function.
FOR FURTHER INFORMATION CONTACT: Sherrette Funn, <a href="/cdn-cgi/l/email-protection#b4e7dcd1c6c6d1c0c0d19af2c1dadaf4dcdcc79ad3dbc2"><span class="__cf_email__" data-cfemail="dd8eb5b8afafb8a9a9b8f39ba8b3b39db5b5aef3bab2ab">[email protected]</span></a>
or (202) 264-0041. When submitting comments or requesting information,
please include the document identifier 0945-0003-30D and project title
for reference.
SUPPLEMENTARY INFORMATION: Interested persons are invited to send
comments regarding this burden estimate or any other aspect of this
collection of
[[Page 3998]]
information, including any of the following subjects: (1) The necessity
and utility of the proposed information collection for the proper
performance of the agency's functions; (2) the accuracy of the
estimated burden; (3) ways to enhance the quality, utility, and clarity
of the information to be collected; and (4) the use of automated
collection techniques or other forms of information technology to
minimize the information collection burden.
Title of the Collection: HIPAA Privacy, Security, and Breach
Notification Rules, and Supporting Regulations Contained in 45 CFR
parts 160 and 164.
Type of Collection: Extension
OMB No. 0945-0003: Office for Civil Rights (OCR)-Health Information
Privacy Division
Abstract: OCR requests approval to extend this existing, approved
collection for three years without changing any collection
requirements. No public comments were received. In 2021, OCR published
a Notice of Proposed Rulemaking (NPRM) proposing modifications to the
HIPAA Rules that would affect the hourly burdens associated with the
HIPAA Rules. 86 FR 6446. OCR is reviewing public comment received on
the NPRM about existing burdens associated with compliance with the
HIPAA Rules, and on changes in burden that could result from the
modifications proposed in the NPRM. On December 2, 2022, OCR published
a second NPRM proposing additional modifications to the HIPAA Rules,
available at 87 FR 74216. OCR will also review public comment received
on the 2022 NPRM, and will update this ICR to reflect the input we
receive on this notice and through the rulemaking process.
Type of respondent: HIPAA covered entities, business associates,
individuals, and professional and trade associations of covered
entities and business associates.
Estimated Annualized Burden Table
----------------------------------------------------------------------------------------------------------------
Average
Type of Number of Number of burden hours Total burden
Section respondent respondents responses per per response hours
respondent [1]
----------------------------------------------------------------------------------------------------------------
160.204....................... Process for 1 1 16 16
Requesting
Exception
Determinations
(states or
persons).
164.308....................... Risk Analysis-- 1,700,000 1 10 17,000,000
Documentation
[2].
164.308....................... Information 1,700,000 12 0.75 15,300,000
System Activity
Review--Documen
tation.
164.308....................... Security 1,700,000 12 1 20,400,000
Reminders--Peri
odic Updates.
164.308....................... Security 1,700,000 52 5 442,000,000
Incidents
(other than
breaches)--Docu
mentation.
164.308....................... Contingency 1,700,000 1 8 13,600,000
Plan--Testing
and Revision.
164.308....................... Contingency 1,700,000 1 4 6,800,000
Plan--Criticali
ty Analysis.
164.310....................... Maintenance 1,700,000 12 6 122,400,000
Records.
164.314....................... Security 1,000,000 12 20 240,000,000
Incidents--Busi
ness Associate
reporting of
incidents
(other than
breach) to
Covered
Entities.
164.316....................... Documentation--R 1,700,000 1 6 10,200,000
eview and
Update [3].
164.404....................... Individual 58,482 1 0.5 29,241
Notice--Written
and E-mail
Notice
(drafting) [4].
164.404....................... Individual 58,482 1 0.5 29,241
Notice--Written
and E-mail
Notice
(preparing and
documenting
notification).
164.404....................... Individual 58,482 1,941 0.008 908,108
Notice--Written
and E-mail
Notice
(processing and
sending) [5].
164.404....................... Individual 2,746 1 1 2,746
Notice--Substit
ute Notice
(posting or
publishing) [6].
164.404....................... Individual 2,746 1 3.42 9,391
Notice--Substit
ute Notice
(staffing toll-
free number)
[7].
164.404....................... Individual 113,264 1 0.125 14,158
Notice--Substit
ute Notice
(individuals'
voluntary
burden to call
toll-free
number for
information)
[8], [9].
164.406....................... Media Notice 267 1 1.25 334
[10].
164.408....................... Notice to 267 1 1.25 334
Secretary
(notice for
breaches
affecting 500
or more
individuals).
164.408....................... Notice to 58,215 1 1 58,215
Secretary
(notice for
breaches
affecting fewer
than 500
individuals)
[11].
164.410....................... Business 20 1 50 1,000
Associate
notice to
Covered Entity--
500 or more
individuals
affected.
164.410....................... Business 1,165 1 8 9,320
Associate
notice to
Covered Entity--
Less than 500
individuals
affected.
164.414....................... 500 or More 267 1 50 13,350
Affected
Individuals
(investigating
and documenting
breach).
164.414....................... Less than 500 2,479 1 8 19,832
Affected
Individuals
(investigating
and documenting
breach)--affect
ing 10-499.
164.414....................... Less than 500 55,736 1 4 222,944
Affected
Individuals
(investigating
and documenting
breach)--affect
ing <10.
164.504....................... Uses and 700,000 1 0.083333333 58,333
Disclosures--Or
ganizational
Requirements.
164.508....................... Uses and 700,000 1 1 700,000
Disclosures for
Which
Individual
authorization
is required.
164.512....................... Uses and 113,524 1 0.083333333 9,460
Disclosures for
Research
Purposes [12].
[[Page 3999]]
164.520....................... Notice of 100,000,000 1 0.004166667 416,667
Privacy
Practices for
Protected
Health
Information
(health plans--
periodic
distribution of
NPPs by paper
mail) [13],
[18].
164.520....................... Notice of 100,000,000 1 0.002783333 278,333
Privacy
Practices for
Protected
Health
Information
(health plans--
periodic
distribution of
NPPs by
electronic
mail) [19].
164.520....................... Notice of 613,000,000 1 0.05 30,650,000
Privacy
Practices for
Protected
Health
Information
(health care
providers--diss
emination and
acknowledgement
) [14].
164.522....................... Rights to 20,000 1 0.05 1,000
Request Privacy
Protection for
Protected
Health
Information
[15].
164.524....................... Access of 200,000 1 0.05 10,000
Individuals to
Protected
Health
Information
(disclosures)
[16].
164.526....................... Amendment of 150,000 1 0.083333333 12,500
Protected
Health
Information
(requests).
164.526....................... Amendment of 50,000 1 0.083333333 4,167
Protected
Health
Information
(denials).
164.528....................... Accounting for 5,000 1 0.05 250
Disclosures of
Protected
Health
Information
[17].
---------------------------------------------------------------
Total..................... ................ .............. 2,070 .............. 921,158,940
----------------------------------------------------------------------------------------------------------------
Sherrette A. Funn,
Paperwork Reduction Act Reports Clearance Officer, Office of the
Secretary.
[FR Doc. 2023-01196 Filed 1-20-23; 8:45 am]
BILLING CODE 4153-01-P
</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>Indexed from Federal Register on January 23, 2023.
This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.