Unless permitted or required by law,
the Privacy Act and Health Insurance Portability and Accountability
Act (HIPAA) Privacy Rule prohibit covered entities from disclosing
an individual's protected health information to a third party
without a valid privacy authorization. The authorization must
include specified core elements and certain statements. Medicare
beneficiaries will use the "Medicare Authorization to Disclose
Personal Health Information" to authorize Medicare to diclose their
protected health information to a third party.
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.