In its administration of the Medicare
Modernization Act, the Centers for Medicare & Medicaid Services
(CMS) is a covered entity under the Health Insurance Portability
and Accountability Act of 1996 (HIPAA) rules. As a covered entity,
CMS is required to verify at a high level of assurance all persons
requesting access to CMS' computer systems. Under the Health Care
Reform Bill HR 3590, known as the "Patient Protection and
Affordable Care Act" (PPACA), there are many provisions that
require the secure ingress and egress of data from CMS. CMS has
created the horizontal enterprise services programs to address
those provisions. One of these programs is the Enterprise Identity
Management (EIDM) system. Identity management is an important part
of protecting the security of CMS' data by ensuring that
individuals are who they claim to be. The EIDM solution will
provide an enterprise-wide solution that will also support CMS'
senior management goal to improve the Provider and Health
Information Exchange experience by providing an enterprise-wide set
of credentials and single sign-on capability for multiple CMS
applications.
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.