eLaws | eCases | United States Code | Federal Courts |
Home » 2023 Issues » 88 FR (01/23/2023) » 2023-01196. Agency Information Collection Request. 30-Day Public Comment Request

  2023-01196. Agency Information Collection Request. 30-Day Public Comment Request  

  • Start Preamble

    AGENCY:

    Office of the Secretary, HHS.

    ACTION:

    Notice.

    SUMMARY:

    In compliance with the requirement of the Paperwork Reduction Act of 1995, the Office of the Secretary (OS), Department of Health and Human Services, is publishing the following summary of a proposed collection for public comment.

    DATES:

    Comments on the ICR must be received on or before February 22, 2023.

    ADDRESSES:

    Written comments and recommendations for the proposed information collection should be sent within 30 days of publication of this notice to www.reginfo.gov/​public/​do/​PRAMain. Find this particular information collection by selecting “Currently under 30-day Review—Open for Public Comments” or by using the search function.

    Start Further Info

    FOR FURTHER INFORMATION CONTACT:

    Sherrette Funn, Sherrette.Funn@hhs.gov or (202) 264-0041. When submitting comments or requesting information, please include the document identifier 0945-0003-30D and project title for reference.

    End Further Info End Preamble Start Supplemental Information

    SUPPLEMENTARY INFORMATION:

    Interested persons are invited to send comments regarding this burden estimate or any other aspect of this collection of Start Printed Page 3998 information, including any of the following subjects: (1) The necessity and utility of the proposed information collection for the proper performance of the agency's functions; (2) the accuracy of the estimated burden; (3) ways to enhance the quality, utility, and clarity of the information to be collected; and (4) the use of automated collection techniques or other forms of information technology to minimize the information collection burden.

    Title of the Collection: HIPAA Privacy, Security, and Breach Notification Rules, and Supporting Regulations Contained in 45 CFR parts 160 and 164.

    Type of Collection: Extension

    OMB No. 0945-0003: Office for Civil Rights (OCR)-Health Information Privacy Division

    Abstract: OCR requests approval to extend this existing, approved collection for three years without changing any collection requirements. No public comments were received. In 2021, OCR published a Notice of Proposed Rulemaking (NPRM) proposing modifications to the HIPAA Rules that would affect the hourly burdens associated with the HIPAA Rules. 86 FR 6446. OCR is reviewing public comment received on the NPRM about existing burdens associated with compliance with the HIPAA Rules, and on changes in burden that could result from the modifications proposed in the NPRM. On December 2, 2022, OCR published a second NPRM proposing additional modifications to the HIPAA Rules, available at 87 FR 74216. OCR will also review public comment received on the 2022 NPRM, and will update this ICR to reflect the input we receive on this notice and through the rulemaking process.

    Type of respondent: HIPAA covered entities, business associates, individuals, and professional and trade associations of covered entities and business associates.

    Estimated Annualized Burden Table

    SectionType of respondentNumber of respondentsNumber of responses per respondentAverage burden hours per response [1]Total burden hours
    160.204Process for Requesting Exception Determinations (states or persons)111616
    164.308Risk Analysis—Documentation [2]1,700,00011017,000,000
    164.308Information System Activity Review—Documentation1,700,000120.7515,300,000
    164.308Security Reminders—Periodic Updates1,700,00012120,400,000
    164.308Security Incidents (other than breaches)—Documentation1,700,000525442,000,000
    164.308Contingency Plan—Testing and Revision1,700,0001813,600,000
    164.308Contingency Plan—Criticality Analysis1,700,000146,800,000
    164.310Maintenance Records1,700,000126122,400,000
    164.314Security Incidents—Business Associate reporting of incidents (other than breach) to Covered Entities1,000,0001220240,000,000
    164.316Documentation—Review and Update [3]1,700,0001610,200,000
    164.404Individual Notice—Written and E-mail Notice (drafting) [4]58,48210.529,241
    164.404Individual Notice—Written and E-mail Notice (preparing and documenting notification)58,48210.529,241
    164.404Individual Notice—Written and E-mail Notice (processing and sending) [5]58,4821,9410.008908,108
    164.404Individual Notice—Substitute Notice (posting or publishing) [6]2,746112,746
    164.404Individual Notice—Substitute Notice (staffing toll-free number) [7]2,74613.429,391
    164.404Individual Notice—Substitute Notice (individuals' voluntary burden to call toll-free number for information) [8], [9]113,26410.12514,158
    164.406Media Notice [10]26711.25334
    164.408Notice to Secretary (notice for breaches affecting 500 or more individuals)26711.25334
    164.408Notice to Secretary (notice for breaches affecting fewer than 500 individuals) [11]58,2151158,215
    164.410Business Associate notice to Covered Entity—500 or more individuals affected201501,000
    164.410Business Associate notice to Covered Entity—Less than 500 individuals affected1,165189,320
    164.414500 or More Affected Individuals (investigating and documenting breach)26715013,350
    164.414Less than 500 Affected Individuals (investigating and documenting breach)—affecting 10-4992,4791819,832
    164.414Less than 500 Affected Individuals (investigating and documenting breach)—affecting <1055,73614222,944
    164.504Uses and Disclosures—Organizational Requirements700,00010.08333333358,333
    164.508Uses and Disclosures for Which Individual authorization is required700,00011700,000
    164.512Uses and Disclosures for Research Purposes [12]113,52410.0833333339,460
    Start Printed Page 3999
    164.520Notice of Privacy Practices for Protected Health Information (health plans—periodic distribution of NPPs by paper mail) [13], [18]100,000,00010.004166667416,667
    164.520Notice of Privacy Practices for Protected Health Information (health plans—periodic distribution of NPPs by electronic mail) [19]100,000,00010.002783333278,333
    164.520Notice of Privacy Practices for Protected Health Information (health care providers—dissemination and acknowledgement) [14]613,000,00010.0530,650,000
    164.522Rights to Request Privacy Protection for Protected Health Information [15]20,00010.051,000
    164.524Access of Individuals to Protected Health Information (disclosures) [16]200,00010.0510,000
    164.526Amendment of Protected Health Information (requests)150,00010.08333333312,500
    164.526Amendment of Protected Health Information (denials)50,00010.0833333334,167
    164.528Accounting for Disclosures of Protected Health Information [17]5,00010.05250
    Total2,070921,158,940
    Start Signature

    Sherrette A. Funn,

    Paperwork Reduction Act Reports Clearance Officer, Office of the Secretary.

    End Signature End Supplemental Information

    [FR Doc. 2023-01196 Filed 1-20-23; 8:45 am]

    BILLING CODE 4153-01-P

Visit the Official Version
Leave a Comment

Document Information

Published:
01/23/2023
Department:
Health and Human Services Department
Entry Type:
Notice
Action:
Notice.
Document Number:
2023-01196
Dates:
Comments on the ICR must be received on or before February 22, 2023.
Pages:
3997-3999 (3 pages)
Docket Numbers:
Document Identifier OS-0945-0003
PDF File:
2023-01196.pdf