Health Breach Notification Rule

ICR 200909-3084-002

OMB: 3084-0150

Federal Form Document

⚠️ Notice: This information collection may be outdated. More recent filings for OMB 3084-0150 can be found here:

Forms and Documents

Document Name	Status
HIT SS for Final rule_mtd.pdf Supporting Statement A	2009-09-22

IC Document Collections

IC ID	Document Title	Status
188849	Creating a toll-free line & related non-labor costs	Modified
188848	Identifying breach, affected customers, notifying customers, etc.	Modified

ICR Details

OMB Control No: 3084-0150	ICR Reference No: 200909-3084-002
Status: Historical Active	Previous ICR Reference No: 200904-3084-002
Agency/Subagency: FTC	Agency Tracking No:
Title: Health Breach Notification Rule
Type of Information Collection: New collection (Request for a new OMB Control Number)	Common Form ICR: No
Type of Review Request: Regular
OIRA Conclusion Action: Approved without change	Conclusion Date: 09/23/2009
Retrieve Notice of Action (NOA)	Date Received in OIRA: 09/22/2009
Terms of Clearance:

	Inventory as of this Action	Requested	Previously Approved
Expiration Date	09/30/2012	36 Months From Approved
Responses	22	0	0
Time Burden (Hours)	34,837	0	0
Cost Burden (Dollars)	260,657	0	0

Abstract: The American Recovery and Reinvestment Act of 2009 ("Recovery Act") requires the Department of Health and Human Services to study, in consultation with the FTC, potential privacy, security, and breach notification requirements and submit a report to Congress containing recommendations within one year of enactment of the Recovery Act. Until Congress enacts new legislation implementing any recommendations contained in the HHS/FTC report, the Recovery Act contains temporary requirements, to be enforced by the FTC, that such entities notify customers in the event of a security breach. The proposed rule implements these requirements.

Authorizing Statute(s): PL: Pub.L. 111 - 5 13407 Name of Law: American Recovery and Reinvestment Act of 2009

Citations for New Statutory Requirements: PL: Pub.L. 111 - 5 13407 Name of Law: American Recovery and Reinvestment Act of 2009

Associated Rulemaking Information
RIN:	Stage of Rulemaking:	Federal Register Citation:	Date:
3084-AB17	Final or interim final rulemaking	74 FR 42962	08/25/2009

Federal Register Notices & Comments
Did the Agency receive public comments on this ICR? No

Number of Information Collection (IC) in this ICR: 2

IC Title	Form No.	Form Name
Creating a toll-free line & related non-labor costs
Identifying breach, affected customers, notifying customers, etc.

ICR Summary of Burden

	Total Approved	Change Due to New Statute
Annual Number of Responses	22	22
Annual Time Burden (Hours)	34,837	34,837
Annual Cost Burden (Dollars)	260,657	260,657

Burden increases because of Program Change due to Agency Discretion: No

Burden Increase Due to:

Burden decreases because of Program Change due to Agency Discretion: No

Burden Reduction Due to:

Short Statement: This is a new rule having provisions requiring notification to consumers and to the Commission; thus, there are "collection(s) of information" subject to the PRA.

Annual Cost to Federal Government: $300,000

Does this IC contain surveys, censuses, or employ statistical methods? No

Is the Supporting Statement intended to be a Privacy Impact Assessment required by the E-Government Act of 2002? No

Is this ICR related to the Affordable Care Act [Pub. L. 111-148 & 111-152]? Uncollected

Is this ICR related to the Dodd-Frank Wall Street Reform and Consumer Protection Act, [Pub. L. 111-203]? Uncollected

Is this ICR related to the American Recovery and Reinvestment Act of 2009 (ARRA)? Yes

Is this ICR related to the Pandemic Response? Uncollected

Agency Contact: Cora Han 2023262441 [email protected]

Common Form ICR: No