Supporting Statement for Paperwork Reduction Act Submissions
Security Consent and Surrogate Authorization Form
(CMS-10220/OMB Control Number: 0938-1035)
A. Background
Individual and organizational providers must complete the Medicare enrollment application and submit information to ensure they meet the Federal and/or State qualifications to participate in the Medicare program. In addition, the Medicare enrollment application gathers information regarding the provider or supplier’s practice location, the identity of the owners of the enrolling organization, and information necessary to establish the correct claims payment.
Enrollees (individual and organizational providers)have the option of submitting either a CMS-855 form, or submitting information via a web based process. In establishing a web based application process, we allow providers and suppliers the ability to enroll in the Medicare program, revalidate their enrollment and make changes to their enrollment information via Internet-based Provider Enrollment, Chain and Ownership System (PECOS). Individual and organizational providers/suppliers log into Internet-based PECOS using their User IDs and passwords established when they applied on-line to the National Plan and Provider Enumeration System (NPPES) for their National Provider Identifiers (NPIs).
Individual and organizational providers may complete these Medicare enrollment responsibilities on their own or elect to delegate this task to a surrogate. Therefore, the primary function of Security Consent and Surrogate Authorization Form is to grant a surrogacy connection between two individuals or organizations to work on their behalf.
A surrogate is an individual or organization identified by an individual or organizational provider as someone authorized to access CMS computer systems, such as internet-based PECOS, National Provider Plan and Enumeration System (NPPES) and the Medicare and Medicaid Electronic Health Records (EHR) Incentive Program Registration and Attestation System (HITECH), on their behalf and to modify or view any information contained therein that the individual or organizational provider may have permission or right to access in accordance with Medicare statutes, regulations, policies, and usage guidelines for any CMS system. Surrogates may consist of individuals or organizations (e.g., administrative staff, independent contractors, 3rd party consulting companies or credentialing departments). In order for an individual or organizational provider to delegate the Medicare process to a surrogate to access and update their enrollment information in the above mentioned CMS systems on their behalf, it is required that a Security Consent and Surrogate Authorization Form be completed, or individual and organizational providers use an equivalent online process via the PECOS Identity and Access Management (I&A) system.
The Security Consent and Surrogate Authorization form replicates business service agreements between Medicare providers/suppliers and surrogates providing enrollment services. The form, once signed and approved, grants a surrogate access to all current and future enrollment data for the individual or organization provider.
In previous versions, the CMS-10220 form began prior to the instructions stating how to complete the form. The form has been re-sectioned so the instructions are placed prior to the form. This allows users to see the instructions prior to completing the form itself.
B. Justification
1. Need and Legal Basis
Various sections of the Act and the Code of Federal Regulations require providers and suppliers to furnish information concerning the identification of individuals or entities who furnish medical services and/or supplies to beneficiaries before payment can be made, including those who furnish such services and/or supplies on behalf of the individuals or entities.
Sections 1124(a)(1) and 1124A of the Act require disclosure of both the Employer Identification Number (EIN) and Social Security Number (SSN) of each provider or supplier, each person with ownership or control interest in the provider or supplier, as well as any managing employees.
Sections 1814(a), 1815(a), and 1833(e) of the Act require the submission of information necessary to determine the amounts due to a provider or other person.
Section 1842(r) of the Act requires us to establish a system for furnishing a unique identifier for each provider who furnishes services for which payment may be made. In order to do so, we need to collect information unique to that provider or supplier.
Section 1866(j)(1)(C) of the Act requires us to consult with providers and suppliers of services before making changes in provider enrollment forms.
31 U.S.C. section 7701(c) requires that any person or entity doing business with the federal government must provide their Tax Identification Number (TIN).
Section 1866(j)(2)(A) of the Act requires the Secretary, in consultation with the Department of Health and Human Services’ Office of the Inspector General, to establish procedures under which screening is conducted with respect to providers of medical or other items or services and suppliers under Medicare, Medicaid, and CHIP.
Section 1866(j)(2)(B) of the Act requires the Secretary to determine the level of screening to be conducted according to the risk of fraud, waste, and abuse with respect to the category of provider or supplier.
Section 3004(b)(1) of the Public Health Service Act (PHSA) requires the Secretary to adopt an initial set of standards, implementation guidance, and certification criteria and associated standards and implementation specifications will be used to test and certify complete EHRs and EHR modules in order to make it possible for eligible professionals and eligible hospitals to adopt and implement Certified EHR Technology.
Federal law 5 U.S.C. 522(b)(4) requires privileged or confidential commercial or financial information protection from public disclosure.
Executive Order 12600 requires the pre-disclosure of notification procedures for confidential commercial information. Section 31001(I) of the Debt Collection Improvement Act of 1996 (DCIA) (Public Law 104-134) amended 31 U.S.C. 7701 by adding paragraph (c) to require that any person or entity doing business with the Federal Government must provide their Tax Identification Number (TIN).
Section 508 of the Rehabilitation Act of 1973, as incorporated with the Americans with Disabilities Act of 2005 requires all federal electronic and information technology to be accessible to people with disabilities, including employees and members of the public.
The various Medicare Provider/Supplier Enrollment Applications collect this information, including the information necessary to uniquely identify and enumerate the provider/supplier. Additional information necessary to process claims accurately and timely is also collected on the provider/supplier enrollment application. This justification also applies to any surrogate identified by a provider/supplier. CMS is authorized to collect information on the Security Consent and Surrogate Authorization Form (Office of Management and Budget (OMB) approval number 0935-1035) to ensure that the correct information is collected to protect our beneficiaries and the Medicare Trust Fund and to ensure correct payments are made to providers and suppliers and those surrogates given authority on behalf of the providers and suppliers under the Medicare program as established by Title XVIII of the Act.
2. Information Users
The information on the Security Consent and Surrogate Authorization Form will be used by the CMS External User Services (EUS) to establish a relationship between the Individual or Organizational Provider and the Surrogate.
3. Use of Information Technology
This collection lends itself to electronic collection methods and is currently available through the CMS website. The Provider Enrollment, Chain and Ownership System (PECOS) is a secure, intelligent and interactive national data storage system maintained and housed within the CMS Data Center with limited user access through strict CMS systems access protocols. Access to the data maintained in PECOS is limited to CMS and Medicare contractor employees responsible for provider/supplier enrollment activities. The data stored in PECOS mirrors the data collected on the CMS-855s (Medicare Enrollment Applications) and other enrollment related forms and is maintained indefinitely as both historical and current information. If the provider wishes to assign a surrogate, internet-based PECOS will generate the Security Consent and Surrogate Authorization Form with the relevant data printed on the form. The Medicare provider/supplier is required to verify and sign the Security Consent and Surrogate Authorization Form and submit it to the EUS. CMS has also adopted an electronic signature standard; however, practitioners will have the choice to e-sign via the CMS website or to submit a hard copy of the Security Consent and Surrogate Authorization Form signature page with an original signature. The provider also has the choice of printing the entire Security Consent and Surrogate Authorization Form and mailing the complete form with an original signature. Then the data is transferred from the Medicare contractor processing database into PECOS by the Medicare contractor. CMS now has the ability to allow suppliers to upload supporting documentation electronically. Periodically, CMS will require adjustment to the format of the Security Consent and Surrogate Authorization Form (either paper, electronic or both) for clarity or to improve form design. These adjustments do not alter the current OMB data collection approval.
4. Duplication of Efforts
There is no duplicative information collection instrument or process.
5. Small Businesses
These forms will affect small businesses; however, these businesses have always been required to complete and submit the same information in order to task their Medicare enrollment responsibilities to a Surrogate, only if the provider decides to do so.
6. Less Frequent Collection
This information is collected on an as needed basis, usually at the time of initial enrollment of the provider/supplier. The information provided on these forms is necessary if a surrogate will be submitting enrollment information on the Medicare enrolled individual or organizational provider’s behalf at the Medicare enrolled provider’s request. It is essential to collect this information for all surrogates in order for Medicare contractors to ensure the surrogate meets all statutory and regulatory requirements and is properly credentialed, if applicable.
7. Special Circumstances
There are no special circumstances associated with this collection.
8. Federal Register/Outside Consultation
The 60-day notice published February 27, 2017 (82 FR 11921). A 30-day Notice published May 19, 2017 (82 FR 23005). No comments were submitted.
No outside consultation was sought.
9. Payments/Gifts to Respondents
There are no payments or gifts to respondents.
10. Confidentiality
CMS will comply with all Privacy Act, Freedom of Information laws and regulations that apply to this collection. Privileged or confidential commercial or financial information is protected from public disclosure by Federal law 5 U.S.C. 522(b)(4) and Executive Order 12600.
11. Sensitive Questions
There are no sensitive questions associated with this collection.
12. Burden
For this proposed revision of the Security Consent and Surrogate Authorization Form, CMS has recalculated the prior estimated burden hours. CMS believes this recalculation is necessary because the initial burden at the inception of this form in 2012 was an estimation, while the burden reflected in this burden estimate is based on the actual number of Security Consent and Surrogate Authorization Forms processed by the National Plan and Provider Enumeration System (NPPES) since the initial form has been in use. CMS is basing the new burden amounts on information taken directly from the actual forms processed by NPPES for calendar year 2015. The Security Consent and Surrogate Authorization Form is typically only used for initial reporting. CMS does not utilize this form for any other reasons (such as provider/supplier changes of information or withdrawals from the Medicare program). The new figures are exact and therefore this burden estimate is more accurate than prior estimate.
The hour burden to the respondents is calculated based on the following assumptions:
There were approximately 224,100 electronic Security Consent and Surrogate Authorization Forms processed by NPPES in calendar year 2015.
There were approximately 2,000 paper Security Consent and Surrogate Authorization Forms processed by NPPES in calendar year 2015.
Completion of the Security Consent and Surrogate Authorization Form takes one hour to complete and submit to grant a surrogacy connection between two individuals or organizations or between an individual and an organization to work on their behalf.
Providers/suppliers are the respondents who complete the Security Consent and Surrogate Authorization Form.
CMS estimates the new total burden hours for this information collection to be 226,100 hours. This hour burden is calculated based on the time it takes a respondent to complete and submit the Security Consent and Surrogate Authorization Form. The figures are reflected below and in the calculations in Part II of the 83 Worksheets.
CMS is requesting approval of the revised number of burden hours as follows:
HOURS ASSOCIATED WITH COMPLETING THE SECURITY CONSENT AND CONSENT AND SURROGATE AUTHORIZATION FORM
Security Consent and Surrogate Authorization Form –
Subtotal 1 –
224,100 + 2,000 = 226,100 respondents
Subtotal 2 –
224,100 + 2,000 = 226,100 hours
TOTAL = 226,100 respondents @ 226,100 hours to complete and submit the Security Consent and Surrogate Authorization Form
B. Burden Estimate (cost)
The new cost estimate for completing the Security Consent and Surrogate Authorization Form for initial reporting is taken directly from the actual forms processed by NPPES for calendar year 2015, as calculated in the burden hour section of this statement. The new figures are exact and therefore more accurate than prior estimates.
The cost burden to the respondents is calculated based on the following assumptions:
There were approximately 224,100 electronic Security Consent and Surrogate Authorization Forms processed by NPPES in calendar year 2015.
There were approximately 2,000 paper Security Consent and Surrogate Authorization Forms processed by NPPES in calendar year 2015.
Completion of the Security Consent and Surrogate Authorization Form takes one hour to complete and submit to grant a surrogacy connection between two individuals or organizations or between an individual and an organization to work on their behalf.
Providers/suppliers (physicians and/or surgeons) are typically the respondents who complete the Security Consent and Surrogate Authorization Form.
CMS used the hourly wage calculations taken from the most recent wage data provided by the Bureau of Labor Statistics (BLS) for May 2015 (see https://www.bls.gov/oes/current/oes_nat.htm), indicating the mean hourly wage for the general category of "Physicians and Surgeons."
The most recent wage data provided by the BLS for May 2015 for the general category of "Physicians and Surgeons" is $95.05. With fringe benefits and overhead, the total per hour rate is $190.10.
CMS estimates the new total cost burden for this information collection to be $42,981,610. This cost burden is calculated based on the time it takes a respondent to complete and submit the Security Consent and Surrogate Authorization Form. The figures are reflected below and in the calculations in Part II of the 83 Worksheets.
CMS is requesting approval of the revised number of cost burden as follows:
COST ASSOCIATED WITH COMPLETING THE SECURITY CONSENT AND CONSENT AND SURROGATE AUTHORIZATION FORM
Security Consent and Surrogate Authorization Form –
Subtotal 1 –
224,100 respondents submitting the form electronically +
2,000 respondents submitting the paper form
= 224,000 + 2,000 = 226,100 respondents
Subtotal 2 –
224,100 respondents submitting the form electronically @ 1 hour each = 224,100 hours +
2,000 respondents submitting the paper form @ 1 hour each = 2,000 hours
= 224,000 hours + 2,000 hours = 226,100 hours
Subtotal 3 –
224,100 hours x $190.10 = $42,601,410 +
2,000 hours x $190.10 = $380,200
= $42,601,410 + $380,200 = $42,981,610 cost
TOTAL = 226,100 respondents @ 226,100 hours for initial reporting using the Security Consent and Surrogate Authorization Form @ $190.10 per hour = $42,981,610
13. Capital Costs
There are no capital costs associated with this collection.
14. Cost to Federal Government
The form changes will not result in any additional cost to the federal government because Medicare contractors are already processing these forms from individuals and organizations who are completing these forms to grant a surrogacy connection between two individuals or organizations to work on their behalf in either PECOS or HER. These forms will continue to be processed in the course of Federal duties.
15. Changes to Burden
The burden has increased for three reasons.
The first is we are using more accurate data from NPPES to estimate respondents who use the Security Consent and Surrogate Authorization Form to complete and submit the form to grant a surrogacy connection between two individuals or organizations or between an individual and an organization. By doing so, we have increased the number of respondents from 88,650 respondents to 226,100 respondents. This means our burden cost is now $42,981,610 for these respondents.
The second is the previous estimate assumed that approximately 90 percent of individuals (i.e., physicians, non-physician practitioners) and 50 percent of organization providers and suppliers would use an entity other than themselves to complete their Medicare enrollment application and CMS therefore extended the assumption that approximately 90 percent of individuals and 50 percent of organization providers and suppliers would use an entity other than themselves to complete their Security Consent and Surrogate Authorization Form. This has been proven to be an incorrect assumption. NPPES currently reports providers are the respondents who complete and submit the Security Consent and Surrogate Authorization Form. In addition, it was previously estimated that the Security Consent and Surrogate Authorization Form took 15 minutes to complete. Using that figure, the previous burden hour estimate was approximately 22,162 hours. It is now estimated that completion and submission of this form takes approximately one hour. That increases the burden hour estimate by 203,938 hours (from 22,162 to 226,100 hours).
Thirdly, the wage data used in the previous estimates are not the same wage data we currently use (now taken from the BLS wage tables). In the previous version, the wage estimate was $20.00 per hour (administrative wage) and $150.00 per hour (professional wage). Due to the incorrect assumption of who the respondents were for this form and the incorrect amount of time used to calculate the completion and submission of this form, it was calculated that the total cost for completing and submitting the Security Consent and Surrogate Authorization Form was $1,421,250. Using the correct wage data, number of respondents, and amount of time for completion and submission of the Security Consent and Surrogate Authorization Form, this increases the cost by $41,560,360 from $1,421,250 to $42,981,610.
Combined, the increase in burden hours is 203,938 (from 22,162 to 226,100 hours) and the increase in cost is $41,560,360 (from $1,421,250 to $42,981,610). The combined increase in the number of respondents is 137,450 (from 88,650 to 226,100).
16. Publication/Tabulation Dates
There are no plans to publish or tabulate the information collected.
17. Expiration Date
We will display the expiration date on the upper right-hand corner of page 1 on the collection instrument.
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
Author | Kimberly McPhillips |
File Modified | 0000-00-00 |
File Created | 2021-01-22 |