Supporting Statement For Paperwork Reduction Act Submissions
A. Background
The Certificate of Destruction will be used by recipients of CMS Data to certify that they have destroyed the data they have received through a CMS Data Use Agreement (DUA). The DUA requires the destruction of the data at the completion of the project/expiration of the DUA.
The DUA addresses the conditions under which CMS will disclose and the User will maintain CMS data that are protected by the Privacy Act of 1974, §552a and the Health Insurance Portability Accountability Act of 1996. CMS has developed policies and procedures for such disclosures that are based on the Privacy Act and the Health Insurance Portability Act (HIPAA).
The Certificate of Destruction is required to close out the DUA and to ensure the data are destroyed and not used for another purpose.
B. Justification
1 . Need and Legal Basis
The Privacy Act allows for discretionary releases of data maintained in Privacy Act protected systems of records under §552a(b) (Conditions of Disclosure). The mandate to account for disclosures of data under the Privacy Act is found at §552a(c)(Accounting of Certain Disclosures). This section states that certain information must be maintained regarding disclosures made by each agency. This information is: Date, Nature, Purpose, and Name/Address of Recipient. Section 552a(e) sets the overall Agency Requirements that each agency must meet in order to maintain records under the Privacy Act. The Certificate of Destruction is required to close out the release of the data under the DUA and to ensure the data are destroyed and not used for another purpose.
2. Information Users
The information collected by the Certificate of Destruction is used by CMS. It is used to ensure that data used under a DUA is destroyed at the completion of the project/expiration of the DUA.
3. Use of Information Technology
Consideration was given to electronic submittal of the Certificate of Destruction. Since the Certificate includes signatures, we cannot accept these forms electronically until such time as CMS can appropriately implement and maintain electronic signatures
4. Duplication of Efforts
This is not a duplicative collection of information. No other collections can substitute for this.
5. Small Businesses
No special considerations are given to small businesses, however, the burden to any User/Requestor of data is minimal.
6. Less Frequent Collection
Data are collected each time a DUA expires or the project is completed.
7. Special Circumstances
No special circumstances.
8. Federal Register/Outside Consultation
The 60-day FR notice published on December 14, 2007.
9. Payments/Gifts to Respondents
There were no payments/gifts to respondents.
10. Confidentiality
The paper Certificates of Destruction are kept in filing cabinets in a locked environment. Files containing Certificates of Destruction or information from these forms will be safeguarded in accordance with Departmental standards and National Institute of Standards and Technology guidelines (e.g., security codes for computer files) which limit access to only authorized personnel. The safeguards shall provide a level of security as contemplated in OMB Circular No. A-130 (revised), Appendix III – Security of Federal Automated Information Systems which sets forth guidelines for security plans for automated information systems in Federal agencies. System securities are Circular #10, Automated Information Systems Security Program, and the CMS Automated Information System (AIS) Guide, Systems Security Policies.
11. Sensitive Questions
There are no sensitive questions arising from this data collection.
12. Burden Estimates (Hours & Wages)
We estimate the time to complete the Certificate of Destruction is 10 minutes per requestor. We estimate that it will take 5 minutes to complete and submit the form and an additional 5 minutes to file a copy of the certificate of data destruction. On an annual basis, we expect to receive an average of 500 Certificates of Destruction per year, for a total of 84 annual hours per year.
Reporting Requirement
500 respondents x (5 min/60 min/hr) = 42 hours
Recordkeeping Requirement
500 respondents x (5 min/60 min/hr) = 42 hours
Cost Burden
500 requestors x $10.50 per hour x 10 minutes each = $875.00
13. Capital Costs
There are no capital costs.
14. Cost to Federal Government
Completion of the DUA does not place additional costs on the Federal Government.
15. Changes to Burden
16. Publication/Tabulation Dates
There are no publication and tabulation dates associated with this collection.
17. Expiration Date
CMS would like an exemption from displaying the expiration date as these forms are used on a continuing basis. To include an expiration date would result in having to discard a potentially large number of forms.
18. Certification Statement
There are no exceptions to the certification statement.
| File Type | application/msword |
| Author | CMS |
| Last Modified By | CMS |
| File Modified | 2007-12-07 |
| File Created | 2007-12-07 |