Information Collection Request

Certificate of Data Destruction for Data Acquired from the Centers for Medicare and Medicaid Services

ICR 201107-0938-004 · OMB 0938-1046 · Historical Active

⚠️ Notice: This information collection may be outdated. More recent filings for OMB 0938-1046 can be found here:

2014-09-29 - Extension without change of a currently approved collection

Forms and Documents

Document	Type	Status	Availability
Form CMS-10252 Certificate of Data Destruction for Data Acquired from the Centers for Medicare and Medicaid Services	Form and Instruction	Modified	Available
CMS-10252.Summary of Changes.pdf	Supplementary Document	Uploaded 2011-07-08	Repair queued
CMS-10252 Supporting_Statement_-_Part_A.pdf	Supporting Statement A	Uploaded 2011-07-08	Available

IC Document Collections

IC ID	Collection	Type	Status	Form
184090	Certificate of Data Destruction for Data Acquired from the Centers for Medicare and Medicaid Services	Form and Instruction	Modified

ICR Details

OMB Control No: 0938-1046	ICR Reference No: 201107-0938-004
Status: Historical Active	Previous ICR Reference No: 200803-0938-002
Agency/Subagency: HHS/CMS	Agency Tracking No:
Title: Certificate of Data Destruction for Data Acquired from the Centers for Medicare and Medicaid Services
Type of Information Collection: Revision of a currently approved collection	Common Form ICR: No
Type of Review Request: Regular
OIRA Conclusion Action: Approved without change	Conclusion Date: 09/29/2011
Retrieve Notice of Action (NOA)	Date Received in OIRA: 07/11/2011
Terms of Clearance:

	Inventory as of this Action	Requested	Previously Approved
Expiration Date	09/30/2014	36 Months From Approved	09/30/2011
Responses	500	0	500
Time Burden (Hours)	84	0	84
Cost Burden (Dollars)	0	0	0

Abstract: The Privacy Act of 1976, ?552a requires the Centers for Medicare & Medicaid Services (CMS) to track all disclosures of the agency's Personally Identifiable Information (PII) and the exceptions for these data releases. CMS is also required by the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the Federal Information Security Management Act (FISMA) of 2002 to properly protect all PII data maintained by the agency. Part of this protection mandates that the data be destroyed when no longer required in a manner that prevents any unauthorized disclosure. When entities request CMS PII data, they enter into a Data Use Agreement (DUA) with CMS. The DUA stipulates that the recipient of CMS PII data must properly protect the data according to FISMA and also provide for its appropriate destruction at the completion of the project/study or the expiration date of the DUA. However, under certain circumstances, the data may be approved in writing by CMS for re-use in an additional or follow-on project/study. The DUA Certificate of Disposition (COD) form provides the data recipient to document accordingly this variance in the disposition of the data or the outright destruction of the data. The "Data Use Agreement (DUA) Certificate of Disposition (COD) for Data Acquired from the Centers for Medicare & Medicaid Services (CMS)" will be used by recipients of CMS data to certify that they have properly disposed of the data that they have received through a CMS DUA. The form requires the submitter to provide the Requestor's organization; DUA number; identification by initials as to the actual disposition of the data; listing of the data descriptions and the years of the data; printed name, phone number and e-mail address of the individual signing the form; signature and date signed; and optional point of contact name, phone number and e-mail address.

Authorizing Statute(s): PL: Pub.L. 104 - 191 1173(d) Name of Law: HIPAA

Citations for New Statutory Requirements: None

Associated Rulemaking Information
RIN:	Stage of Rulemaking:	Federal Register Citation:	Date:
	Not associated with rulemaking

Federal Register Notices & Comments
60-day Notice:	Federal Register Citation:	Citation Date:
	76 FR 19776	04/08/2011
30-day Notice:	Federal Register Citation:	Citation Date:
	76 FR 40369	07/08/2011
Did the Agency receive public comments on this ICR? No

Number of Information Collection (IC) in this ICR: 1

IC Title	Form No.	Form Name
Certificate of Data Destruction for Data Acquired from the Centers for Medicare and Medicaid Services	CMS-10252	CMS-10252. Draft Revised DUA

ICR Summary of Burden

	Total Approved	Previously Approved
Annual Number of Responses	500	500
Annual Time Burden (Hours)	84	84
Annual Cost Burden (Dollars)	0	0

Burden increases because of Program Change due to Agency Discretion: No

Burden Increase Due to:

Burden decreases because of Program Change due to Agency Discretion: No

Burden Reduction Due to:

Short Statement:

Annual Cost to Federal Government: $97,333

Does this IC contain surveys, censuses, or employ statistical methods? No

Is the Supporting Statement intended to be a Privacy Impact Assessment required by the E-Government Act of 2002? No

Is this ICR related to the Affordable Care Act [Pub. L. 111-148 & 111-152]? No

Is this ICR related to the Dodd-Frank Wall Street Reform and Consumer Protection Act, [Pub. L. 111-203]? No

Is this ICR related to the American Recovery and Reinvestment Act of 2009 (ARRA)? No

Is this ICR related to the Pandemic Response? Uncollected

Agency Contact: William Parham 4107864669

Common Form ICR: No