SUPPORTING STATEMENT
End Stage Renal Disease (ESRD) Application Access Request Form
A. Background
The Center for Clinical Standards and Quality (CCSQ) is developing a new suite of systems to support the End Stage Renal Disease (ESRD) program. Due to the sensitivity of the data being collected and reported, CMS must ensure that only authorized personnel have access to data. Personnel are given access to the ESRD systems through the creation of user ID’s and passwords within the QualityNet Identity Management System (QIMS), PRA package CMS-10267; however, once within the system, the system determines the rights/privileges the personnel has over the data within the system. Such access rights include:
Viewing and Reporting
Updating
Adding
Deleting
The sole purpose of the ESRD Application Access Request Form is to identify the individual’s data access rights once within the ESRD system. This function/data collection is currently being accomplished under “Part B” of the QualityNet Identity Management System Account Form (CMS-10267; OMB Control# 0938-1050). Once the ESRD Application Access Form is approved, the QualityNet Identity Management System (QIMS) Account Form (CMS-10267; OMB Control# 0938-1050) will be revised to remove Part B from the QIMS data collection. The ESRD Application Access Request Form will be a new form and will be assigned its own OMB Control number. ESRD system accounts created using the current QIMS Account Form – Part B will not need to submit an ESRD Application Access Form for the creation of their account since that information was collected under Part B.
The QIMS Account Registration and the ESRD Application Access Request forms are required for identity and security management of individuals accessing the Consolidated Renal Operations in a Web Enabled Network (CROWNWeb) system and the End Stage Renal Disease Quality Incentive Program (ESRD QIP) system. CROWNWeb is the system that is mandated for the Medicare and Medicaid Programs Conditions of Coverage for End-Stage Renal Disease Facilities, Final Rule published April 15, 2008. ESRD QIP is the system that is mandated for the Medicare and Medicaid Programs Conditions for Coverage for End-Stage Renal Disease Facilities, Final Rule published November 1, 2011, with the title Medicare Program; End-Stage Renal Disease Prospective Payment System and Quality Incentive Program; Ambulance Fee Schedule; Durable Medical Equipment; and Competitive Acquisition of Certain Durable Medical Equipment, Prosthetics, Orthotics and Supplies, Final Rule published November 1, 2011.
Current ESRD systems:
CROWNWeb
The “Consolidated Renal Operations in a Web Enabled Network (CROWNWeb)” system which will replace two legacy systems that collect information for the CMS-2728 End Stage Renal Disease Medical Evidence Report Medicare Entitlement and/or Patient Registration (OMB No. 0938-0046) and the CMS-2746 ESRD Death Notification (OMB No. 0938-0448). CROWNWeb is the system that is mandated by the “Medicare and Medicaid Programs Conditions for Coverage for End-Stage Renal Disease Facilities”, Final Rule published April 15, 2008. Due to the sensitivity of the data available in CROWNWeb, CMS must ensure that only authorized dialysis facility and ESRD Network Organization personnel have access to CROWNWeb data pertaining to their organization.
ESRD QIP
The End Stage Renal Disease Quality Incentive Program (ESRD QIP) is a new system thatCMS plans to release into production July 29, 2013. ESRD QIP creates a financial incentive for providers to improve the quality of patient care by linking their performance on specified quality meaures to payment. The ESRD QIP system collects clinical and attestation data for these quality measures from Medicare claims and dialysis facility providers, and aggregates the information to determine performance scores and to allow facilities an opportunity to review scores before public dissemination. Scores will be publicly reported through various reports and facility-posted certificates. Providers can receive up to a 2% payment reduction based on theor performance scores.
B. Justification
1. Need and Legal Basis
The ESRD QIP is described in 1881(h) of the Social Security Act, as added by 153(c) of the Medicare Improvements for Patients and Providers Action of 2008 (MIPPA). MIPPA establishes a mandate for payment reductions of up to 2% for providers that do not meet or exceed QIP performance standards, applied to renal dialysis services beginning January 1, 2012. Due to the sensitivity of the data in the ESRD QIP system, CMS must ensure that only authorized dialysis facility, ESRD Network Organization, and facility corporate owner personnel have access to data pertaining to their organization.
The need and legal basis information provided by the CMS Information Security Officer (ISSO) is listed below. Since the ESRD Systems Access Request form is for the collection of personally identifiable information and the assignment of ESRD application privileges, the web pages referenced below govern User Identification (need for, creation of, care of, handling of, preservation, authentication, storage, association, and authorization).
http://www.cms.hhs.gov/InformationSecurity/12_Laws_Regs.asp
http://csrc.nist.gov/publications/PubsFIPS.html (particularly FIPS 198, 199 AND 201-1)
http://csrc.nist.gov/publications/PubsSPs.html (particular SP 800-53 Rev 2)
http://csrc.nist.gov/publications/PubsByLR.html (SP 800-63 V1.0.2)
2. Information Users
The information collected on the ESRD Application Access Request Form will be used to allow users to access the CROWWWeband ESRD QIP computer applications. Designated Security Officers nad End User Managers will authorize access to these computer applications. Other users, as designated by CMS and dialysis facility providers, will use this information to establish users for each user role within the applications.
The total collection for ESRD applications is expected to reach 25,000. The ESRD application users are comprised of staff from dialysis facilities, ESRD Networks, CMS and CMS contractors.
3. Use of Information Technology
The ESRD Application Access Request form will be available from the QualityNet web site (www.qualitynet.org) under the ESRD tab. Individuals requesting access can print the form from the website and complete their request for submission following the form’s instructions. The ESRD Application Access Request form will improve the burden to the ESRD community greatly because the personnel requesting access to the ESRD systems will now only need 1 user account and access request form for all ESRD systems. Also, the form and instructions are on-line so the individual will have immediate access to the instructions and required paper work, as well as access to help desk support. The automation and consolidation of this process has reduced the burden of time and cost to the ESRD community.
4. Duplication of Similar Information
Since the ESRD Application Access Request form is replacing PART B of the QIMS Account Registration form, there is no duplication of similar information being collected. Part A of the QIMS Account form will still collect applicant information which will not be collected in the ESRD Application Access Request form. No existing information submitted in PART B of the QIMS Account Registration form will have to be resubmitted.
5. Small Businesses
A small business would be described as a provider that is not a member of a chain organization and/or has a small dialysis patient population. These providers are legislatively required to maintain the same patient information and to report on this information in the same manner as all other providers of renal services. Also, limited and approved CMS contractor staff have access rights to assist in the Security Official’s data entry burden should assistance be requested and authorization be provided by the ESRD Networks or dialysis facilities.
6. Less Frequent Collection
Due to the sensitivity of the data within CROWNWeb and the ESRD QIP system, the QIMS Account registration form must also be collected in order to ensure that only authorized dialysis facilities and their corporate owners for ESRD QIP and ESRD Network Organization personnel have access to the CROWNWeb and ESRD QIP systems. The ESRD Application Access Request form is required to define the individual’s data privileges once within the systems.
7. Special Circumstances
The ESRD Application Access form does not have a recertification process. The privileges of the applicant only change after access is granted by the submission of additional ESRD Application Access Request forms.
The form has no connection to a statistical survey.
There are no requirements for statistical data classification.
Since the data collected on the form contains personally identifiable information, confidentiality rules apply. We are following all the regulations mandated by the CMS Information System Security Officer (ISSO) and the CMS Chief Information Officer (CIO).
No trade secrets or confidential information is involved in this process.
8. Federal Register Notice/Outside Consultation
The 60-day Federal Register notice published on …
………..June 28, 2013. There were no comments received.
9. Payment/Gifts to Respondents
No payments or gifts are made to respondents.
10. Confidentiality
A confidentiality statement is provided on the ESRD Application Access Request form as it related to the Privacy Act regulations. The forms are received by QIMS Security Officers, processed into an Access Database that NWITS created and provided when their contract expired, and are filed. These forms will be shredded when the stipulated retention period of no more than 7.5 years has expired.
11. Sensitive Questions
The ESRD Application Access Request form contains no sensitive questions.
12. Burden Estimates (Total Hours & Wages and Postage Fees)
Many of the CROWNWeb users will also be ESRD QIP system users; therefore, the number of ESRD Application Access request forms collected is estimated to be 25,000. We expect the majority of the forms to be collected within calendar year 2013. For subsequent years (2014 and beyond), CMS estimates the collection to be approximately 1,000 forms addressing deletion and change requests to existing forms due to user privilege changes.
Data Collection Effort |
Estimated Number of Respondents |
Number of Responses per Respondent |
Total Number of Responses |
Average Burden Hour Per Response |
Total Burden Hours |
Hourly Wage Rate* |
Total Respondent Costs |
ESRD System Access Request Form – Year 1 |
25,000 |
1 |
25,000 |
.25 |
6,250 |
33.23 |
$207,687.50 |
ESRD System Access Request Form – Subsequent Years |
1,000 |
1 |
1,000 |
.25 |
250 |
33.23 |
$8,308 |
ESRD System Access Request Form – Total 3-Year Burden |
27,000 |
1 |
27,000 |
.25 |
6,750 |
33.23 |
$224,303.50 |
Estimated Hourly Wage:
*$33.23 is the national “mean” hourly wage displayed for Registered Nurses on the Bureau of Labor Statistics website as of April 29, 2013. (http://www.bls.gov/oes/2011/may/oes291111.htm)
Average time to complete account registration process (breakdown below): 15 minutes
10 minutes to complete, print and sign form
5 minutes to obtain management approval signature
First Year: Estimated registration costs = $207,688
(25,000 x $33.23) x.25)
Subsequent Years: Estimated registration costs = $8,308
(1,000 x $33.23) x.25)
Annual Mailing cost: There is no additional mailing cost. The original form signed by the Applicant’s End User Manger (EUM) will be kept on file at the EUM’s location.
Year 1 Burden =
New Forms 25,000
Total Cost $207,688
Subsequent Year(s) Burden =
New Forms 1,000
Total Cost $8,308
13. Capital Costs
No capital costs are expected since the data entry collection system is a web-based system. Form applicants, managers, security officers, and help desk staff only need a computer that has internet access.
14. Cost to the Federal Government
The cost to the Federal Government is not expected to exceed $10,000 for help desk support to field calls specific to the ESRD Application Access Request Form. The help desk will no longer be responsible for activating and maintaining the information collected in this form, only assisting in questions an individual may have on completing the form. Also, CMS expects the number of help desk calls specific to the use of this form to be low because in person training and/or on-line web training which includes requesting system access and completing this form will be provided for the CROWNWeb and ESRD QIP system users.The Government has one GS-13 employee who provides oversight on this help desk contract.
15. Changes to Burden
This new ESRD Application Access Request Form was originally submitted as “Part B” of the QualityNet Identity Management System Account Form (CMS-10267; OMB Control# 0938-1050). Once this submission is approved, the QualityNet Identity Management System (QIMS) Account Form will be revised to remove Part B from QIMS collection. ESRD system accounts created using the current QIMS Account Form – Part B will not need to submit an ESRD Application Access Form for the creation of their account since that information was collected under Part B.
The cost of the first year is expected to be much higher than the subsequent years because it includes the creation the ESRD community’s system access for the CROWNWeb and ESRD QIP systems. The cost of the subsequent years will predominately be for updating and deleting access privileges.
16. Publication and Tabulation Dates
The information collected is used solely for the creation and maintenance of CROWNWeb and ESRD QIP system’s access privileges.
17. Expiration Date
CMS would like an exemption from displaying the expiration date as these forms are on-line web PDF files that will be used on a continuing basis.
| File Type | application/msword |
| Author | HCFA Software Control |
| Last Modified By | Denise King |
| File Modified | 2013-10-31 |
| File Created | 2013-10-31 |