Information Collection Request

Certificate of Data Destruction for Data Acquired from the Centers for Medicare and Medicaid Services

ICR 201409-0938-009 · OMB 0938-1046 · Historical Active

Forms and Documents

Document	Type	Status	Availability
Form CMS-10252 Certificate of Data Destruction for Data Acquired from the Centers for Medicare and Medicaid Services	Form and Instruction	Unchanged	Available
CMS-10252 Supporting_Statement_-_Part_A Apr 2014.doc	Supporting Statement A	Uploaded 2014-09-19	Repair queued

IC Document Collections

IC ID	Collection	Type	Status	Form
184090	Certificate of Data Destruction for Data Acquired from the Centers for Medicare and Medicaid Services	Form and Instruction	Unchanged

ICR Details

OMB Control No: 0938-1046	ICR Reference No: 201409-0938-009
Status: Historical Active	Previous ICR Reference No: 201107-0938-004
Agency/Subagency: HHS/CMS	Agency Tracking No: CMS-10252
Title: Certificate of Data Destruction for Data Acquired from the Centers for Medicare and Medicaid Services
Type of Information Collection: Extension without change of a currently approved collection	Common Form ICR: No
Type of Review Request: Regular
OIRA Conclusion Action: Approved without change	Conclusion Date: 11/20/2014
Retrieve Notice of Action (NOA)	Date Received in OIRA: 09/29/2014
Terms of Clearance:

	Inventory as of this Action	Requested	Previously Approved
Expiration Date	11/30/2017	36 Months From Approved	11/30/2014
Responses	500	0	500
Time Burden (Hours)	84	0	84
Cost Burden (Dollars)	0	0	0

Abstract: The Privacy Act of 1976, ?552a requires the Centers for Medicare & Medicaid Services (CMS) to track all disclosures of the agency's Personally Identifiable Information (PII) and the exceptions for these data releases. CMS is also required by the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the Federal Information Security Management Act (FISMA) of 2002 to properly protect all PII data maintained by the agency. Part of this protection mandates that the data be destroyed when no longer required in a manner that prevents any unauthorized disclosure. When entities request CMS PII data, they enter into a Data Use Agreement (DUA) with CMS. The DUA stipulates that the recipient of CMS PII data must properly protect the data according to FISMA and also provide for its appropriate destruction at the completion of the project/study or the expiration date of the DUA. However, under certain circumstances, the data may be approved in writing by CMS for re-use in an additional or follow-on project/study. The DUA Certificate of Disposition (COD) form provides the data recipient to document accordingly this variance in the disposition of the data or the outright destruction of the data. The "Data Use Agreement (DUA) Certificate of Disposition (COD) for Data Acquired from the Centers for Medicare & Medicaid Services (CMS)" will be used by recipients of CMS data to certify that they have properly disposed of the data that they have received through a CMS DUA. The form requires the submitter to provide the Requestor's organization; DUA number; identification by initials as to the actual disposition of the data; listing of the data descriptions and the years of the data; printed name, phone number and e-mail address of the individual signing the form; signature and date signed; and optional point of contact name, phone number and e-mail address.

Authorizing Statute(s): PL: Pub.L. 104 - 191 1173(d) Name of Law: HIPAA

Citations for New Statutory Requirements: None

Associated Rulemaking Information
RIN:	Stage of Rulemaking:	Federal Register Citation:	Date:
	Not associated with rulemaking

Federal Register Notices & Comments
60-day Notice:	Federal Register Citation:	Citation Date:
	79 FR 33927	06/13/2014
30-day Notice:	Federal Register Citation:	Citation Date:
	79 FR 53067	09/05/2014
Did the Agency receive public comments on this ICR? No

Number of Information Collection (IC) in this ICR: 1

IC Title	Form No.	Form Name
Certificate of Data Destruction for Data Acquired from the Centers for Medicare and Medicaid Services	CMS-10252	CMS-10252. Draft Revised DUA

ICR Summary of Burden

	Total Approved	Previously Approved
Annual Number of Responses	500	500
Annual Time Burden (Hours)	84	84
Annual Cost Burden (Dollars)	0	0

Burden increases because of Program Change due to Agency Discretion: No

Burden Increase Due to:

Burden decreases because of Program Change due to Agency Discretion: No

Burden Reduction Due to:

Short Statement:

Annual Cost to Federal Government: $4,100

Does this IC contain surveys, censuses, or employ statistical methods? No

Is the Supporting Statement intended to be a Privacy Impact Assessment required by the E-Government Act of 2002? No

Is this ICR related to the Affordable Care Act [Pub. L. 111-148 & 111-152]? No

Is this ICR related to the Dodd-Frank Wall Street Reform and Consumer Protection Act, [Pub. L. 111-203]? No

Is this ICR related to the American Recovery and Reinvestment Act of 2009 (ARRA)? No

Is this ICR related to the Pandemic Response? Uncollected

Agency Contact: Kayla Williams 410 786-5887 [email protected]

Common Form ICR: No