CMS-10148.Supporting Statement-11-29-06

Supporting Statement For the Health Insurance Portability and Accountability Act (HIPAA) Administrative
Simplification (A.S.) Non-Privacy Enforcement

A. Background

This submission modifies the information collection requirements in CMS-0014-N. The purpose of this collection is to establish a complaint form to capture complaint information voluntarily submitted to the Centers for Medicare and Medicaid Services (CMS), Office of E-Health Standards and Services (OESS) by the public regarding the Health Insurance Portability and Accountability Act (HIPAA) Administrative Simplification (A.S.) regulations except the Privacy Rule.

HIPAA became law in 1996 (Public Law 104–191). Subtitle F of Title II of HIPAA, titled ‘‘Administrative Simplification,’’ (A.S.) requires the Secretary of HHS to adopt national standards for certain information-related activities of the health care industry. The HIPAA provisions, by statute, apply only to “covered entities” referred to in section 1320d – 2(a)(1) of this title. Responsibility for administering and enforcing the HIPAA A.S. Transactions, Code Sets, Identifiers and Security Rules has been delegated to the Centers for Medicare & Medicaid Services (‘‘CMS’’). The initial information collected to enforce these rules will be used to initiate enforcement actions. Information collected subsequent to the initial information collection are not subject to the PRA since these collections are within the exemption at 5 CFR 1320.4(a).

This information collection change clarifies the “Identify the HIPAA Non-Privacy complaint category” section of the complaint form. In this section, complainants are given an opportunity to check the “Unique Identifiers” option to categorize the type of HIPAA complaint being filed. The revised form now includes a “”For a Unique Identifier Complaint” section, that allows a complaint to further categorize their identifier complaint as either a “National Provider Identifier (NPI)” or an “Employer Identification Number (EIN)” complaint. This change does not have an additional burden impact.

B. Justification

1 . Need and Legal Basis

The Secretary of Health and Human Services delegated to the Administrator, Centers for Medicare & Medicaid Services (CMS), the authority to investigate complaints of noncompliance with, and to make decisions regarding the interpretation, implementation, and enforcement of certain regulations adopting administrative simplification standards. See 68 FR 60694 (October 23, 2003). These regulations are codified at 45 CFR, parts 160, 162, and 164. This delegation includes authority with respect to the following regulations: the Transaction and Code Set Rule (TCS), 65 FR 50313 (August 17, 2000), the National Employer Identifier Number (EIN) Rule, 67 FR 38009 (May 31, 2002), the Security Rule, 68 FR 8334 (February 20, 2003), the National Provider Identifier Rule, 69 FR 3434 (January 23, 2004) and the HIPAA Enforcement Final Rule,

45 CFR Parts 160 and 164 (February 16, 2006).PROD1PC65 with RUL

This delegation does not include authority with respect to the regulations adopted under section 264 of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Pub. L. 104-191, as amended, known as the Privacy Rule. The Secretary has delegated to the Office for Civil Rights the authority to receive and investigate complaints as they may relate to the Privacy Rule codified at 45 CFR parts 160 and 164. For the purpose of this notice, “administrative simplification provisions” means the administrative simplification regulatory requirements under HIPAA, other than privacy.

2. Information Users

The initial complaint submission can be performed using a paper or electronic form. It is expected that covered entities under HIPAA (health plans, health care clearinghouses, covered health care providers) and possibly individuals will submit the complaint form.

3. Use of Information Technology

This process involves the use of electronic and paper collection techniques. It is expected that approximately 90% of complaints submitted will be electronic. The electronic process allows for a more efficient submission process. This collection is currently available for completion electronically and will be expanded to collect additional HIPAA A.S. complaint types in the future. The collection requires an acknowledgement submission button as the electronic signature or signature on paper.

4. Duplication of Efforts

This information collection does not duplicate any other effort and the information cannot be obtained from any other source.

5. Small Businesses

This collection would impact small businesses or other small entities if the entity chooses to submit a HIPAA A.S. complaint. The burden is minimized by allowing an entity of any size to submit complaints electronically.

6. Less Frequent Collection

Submission of the complaint form is a voluntary process.

7. Special Circumstances

This information collection does not contain any special circumstances.

8. Federal Register/Outside Consultation

Attached is a copy of the 60-day Federal Register notice that published on December 8, 2006.

9. Payments/Gifts to Respondents

There will be no payments and/or gifts to respondents.

10. Confidentiality