Standards for Privacy of Individually Identifiable Health Information and Supporting Regulations at 45 CFR Parts 160 and 164

ICR 201603-0945-001

OMB: 0945-0003

Federal Form Document

Forms and Documents
Document
Name
Status
Supporting Statement A
2016-06-10
IC Document Collections
IC ID
Document
Title
Status
221884
New
221883
New
221882
New
221881
New
221880
New
221879
New
221878
New
221877
New
221876
New
221875
New
221874
New
221872
New
221871
New
221870
New
221869
New
221868
New
221866
New
221862
New
221861
New
221860
New
221859
New
208577
Removed
208576
Removed
208575
Removed
208574
Removed
208573
Modified
208572
Removed
190153
Modified
190152
Modified
190151
Modified
190150
Modified
190149
Modified
190147
Unchanged
190146
Modified
190145
Modified
190144
Unchanged
190143
Unchanged
10428
Unchanged
ICR Details
0945-0003 201603-0945-001
Historical Active 201309-0945-001
HHS/OCR 20296
Standards for Privacy of Individually Identifiable Health Information and Supporting Regulations at 45 CFR Parts 160 and 164
Revision of a currently approved collection   No
Regular
Approved without change 09/21/2016
Retrieve Notice of Action (NOA) 06/10/2016
  Inventory as of this Action Requested Previously Approved
09/30/2019 36 Months From Approved 01/31/2017
1,015,728,443 0 836,457,025
921,822,708 0 32,762,920
0 0 0

The individually identifiable health information collected is used by patients and by more than 500,000 covered entities affected by the HIPAA Privacy Rule. The information is routinely used by covered entities for treatment, payment, and health care operations. In addition, the information is used for specified public policy purposes, including research, public health, and as required by other laws.

PL: Pub.L. 104 - 191 1 Name of Law: Health Insurance Portability and Accountability Act of 1996
  
None

Not associated with rulemaking

  81 FR 14453 03/17/2016
81 FR 31646 05/19/2016
No

33
IC Title Form No. Form Name
Amendment of Protected Health Information (requests)
Amendment of Protected Health Information (denials)
Accounting for Disclosures of Protected Health Information
Contingency Plan- Criticality Analysis
Maintenance Records
Individual Notice-Substitute Notice (staffing toll-free number)
Individual Notice-Substitute Notice (individuals' voluntary burden to call toll-free number for information)
Less than 500 Affected Individuals (investigating and documenting breach)
Documentation of Security Rule Policies and Procedures and Administrative safeguards business associates
Dissemination of Notice of Privacy Practices for Protected Health Information(health Plans)
Revision of Notice of Privacy Practices for Protected Health Information (drafting revised language health plan
Revison of Notice of Privacy Practices (providers)
Risk Analysis-Documentation
Security Reminders- Periodic Updates
Security Incidents (other than breaches)- Documentation
Contingency Plan- Testing and Revision
Business Associates Needing to establish or Modify Business Associate Agreements with Subcontrractors
Information System Activity Review- Documentation
Individual Notice- Written and E-mail Notice (drafting)
Individual Notice- Substitute Notice (posting or publishing)
Security Incidents- Business Associate reporting of incidents (other than breach) to Covered Entities
Documentation - Review and Update
Individual Notice-Written and E-mail Notice (preparing and documenting notification)
Individual Notice-Written and E-mail Notice(processing and sending)
Notice to Secretary (notice for breaches affecting fewer than 500 individuals)
500 or More Affected Individuals (investigating and documenting breach)
Less than 500 Affected Individuals (investigating and documenting breach) breaches affecting <10 individuals
Rights to request privacy protection for protected health information
Media Notice
Notice to Secretary (notice for breaches affecting 500 or more individuals)
Process for Requesting Exception Determinations (states or persons)
Uses and Disclosures-Organizational Requirement
Uses and Disclosures for which Individual authorization is required
Uses and Disclosures for Research Purposes
Notice of privacy Practices for Protected Health Information/health plan distribution paper mail
Notice of Privacy Practices for Protected Health Information (health care providers - dissemination/acknowledgement
Notice of Privacy Practice for Protected Health Information (Health plans- periodic distribution of NPPs by electronic mail)
Access of Individuals to Protected Health Information (disclosures)

  Total Approved Previously Approved Change Due to New Statute Change Due to Agency Discretion Change Due to Adjustment in Estimate Change Due to Potential Violation of the PRA
Annual Number of Responses 1,015,728,443 836,457,025 0 179,271,418 0 0
Annual Time Burden (Hours) 921,822,708 32,762,920 0 889,059,788 0 0
Annual Cost Burden (Dollars) 0 0 0 0 0 0
Yes
Miscellaneous Actions
Yes
Cutting Redundancy
This information collection does not create any new requirements for regulated entities or individuals. As noted above, we have combined three existing information collections into a single collection addressing burdens associated with the HIPAA Privacy, Security, and Breach Notification Rules. In addition, we have made a number of adjustments to the estimated ongoing annual burdens to reflect our experience with the use of these provisions and increases in average wages for the applicable labor categories.

$300,000
No
No
No
No
No
Uncollected
Sherrette Funn-Coleman 2026905683

  No

On behalf of this Federal agency, I certify that the collection of information encompassed by this request complies with 5 CFR 1320.9 and the related provisions of 5 CFR 1320.8(b)(3).
The following is a summary of the topics, regarding the proposed collection of information, that the certification covers:
 
 
 
 
 
 
 
    (i) Why the information is being collected;
    (ii) Use of information;
    (iii) Burden estimate;
    (iv) Nature of response (voluntary, required for a benefit, or mandatory);
    (v) Nature and extent of confidentiality; and
    (vi) Need to display currently valid OMB control number;
 
 
 
If you are unable to certify compliance with any of these provisions, identify the item by leaving the box unchecked and explain the reason in the Supporting Statement.
06/10/2016


© 2024 OMB.report | Privacy Policy