Data Use Agreement Information Collection Requirements, Model Language, and Supporting Regulations in 45 CFR Section 5b

ICR 201409-0938-011

OMB: 0938-0734

Federal Form Document

ICR Details
0938-0734 201409-0938-011
Historical Active 201107-0938-005
HHS/CMS CMS-R-235
Data Use Agreement Information Collection Requirements, Model Language, and Supporting Regulations in 45 CFR Section 5b
Revision of a currently approved collection   No
Regular
Approved without change 12/19/2014
Retrieve Notice of Action (NOA) 11/18/2014
  Inventory as of this Action Requested Previously Approved
12/31/2017 36 Months From Approved 12/31/2014
9,240 0 2,200
2,742 0 1,100
0 0 0

he Privacy Act of 1976, ?552a requires the Centers for Medicare & Medicaid Services (CMS) to track all disclosures of the agency's Personally Identifiable Information (PII) and the exceptions for these data releases. CMS is also required by the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the Federal Information Security Management Act (FISMA) of 2002 to properly protect all PII data maintained by the agency. When entities request CMS PII data, they enter into a Data Use Agreement (DUA) with CMS. The DUA stipulates that the recipient of CMS PII data must properly protect the data according to FISMA and also provide for its appropriate destruction at the completion of the project/study or the expiration date of the DUA. The DUA form enables the data recipient and CMS to document the request and approval for release of CMS PII data. The form requires the submitter to provide the Requestor's organization; project/study name; CMS contract number (if applicable); data descriptions and the years of the data; retention date; attachments to the agreement; name, title, contact information to include address, city, state, zip code, phone, e-mail, signature and date signed by the requester and custodian; disclosure provision; name of Federal Agency sponsor; Federal Representative name, title, contact information, signature, date; CMS representative name, title, contact information, signature and date; and concurrence/non-concurrence signatures and dates from 3 CMS System Manager or Business Owners. While the data elements collected are not subject to change, the individualized clauses that are incorporated into any specific DUA are subject to change based on a specific case or situation such as disclosures to states, oversight agencies or DUAs for disproportionate share hospital (DSH) data requests as well as updates to DUAs with additional data descriptions, changes to the requestor or adding custodians to current DUAs.

US Code: 5 USC 552(a) Name of Law: The Privacy Act of 1974
  
None

Not associated with rulemaking

  79 FR 36516 06/27/2014
79 FR 53067 09/05/2014
No

1
IC Title Form No. Form Name
Data Use Agreement Information Collection Requirements, Model Language, and Supporting Regulations in 45 CFR Section 5b CMS-R-235, CMS-R-235, CMS-R-235, CMS-R-235, CMS-R-235, CMS-R-235 CMS-R-235.Tab_2a ,   CMS-R-235.Tab_2b ,   CMS-R-235.Tab_2e ,   CMS-R-235.Tab_2i ,   CMS-R-235.Tab_2j ,   CMS-R-235.Tab_2f

  Total Approved Previously Approved Change Due to New Statute Change Due to Agency Discretion Change Due to Adjustment in Estimate Change Due to Potential Violation of the PRA
Annual Number of Responses 9,240 2,200 0 7,040 0 0
Annual Time Burden (Hours) 2,742 1,100 0 1,642 0 0
Annual Cost Burden (Dollars) 0 0 0 0 0 0
Yes
Miscellaneous Actions
No
The burden has increased due to numerous new CMS sponsored programs which are aimed at getting data out to the health care community to encourage innovative changes to reduce the cost of health care for Medicare and Medicaid beneficiaries. These new programs have increased our work load for new data use agreements with corresponding increases to the number of data use agreement addendums and updates.

$313,488
No
No
No
No
No
Uncollected
Kayla Williams 410 786-5887 [email protected]

  No

On behalf of this Federal agency, I certify that the collection of information encompassed by this request complies with 5 CFR 1320.9 and the related provisions of 5 CFR 1320.8(b)(3).
The following is a summary of the topics, regarding the proposed collection of information, that the certification covers:
 
 
 
 
 
 
 
    (i) Why the information is being collected;
    (ii) Use of information;
    (iii) Burden estimate;
    (iv) Nature of response (voluntary, required for a benefit, or mandatory);
    (v) Nature and extent of confidentiality; and
    (vi) Need to display currently valid OMB control number;
 
 
 
If you are unable to certify compliance with any of these provisions, identify the item by leaving the box unchecked and explain the reason in the Supporting Statement.
11/18/2014


© 2024 OMB.report | Privacy Policy