CMS EIDM reviewed the comment provided by OMB and determined it is not within the scope of our collection. While “covered entities” was mentioned in the “CMS EIDM Supporting Statement – Part A_508, Section B. Justification, Subsection 1. Need and Legal Basis,” it strictly refers to the existing “HIPPA Security Rule” regarding verification of people attempting to access personal health information (PHI). As a federal agency and a steward of tax payers dollars, we have a fiduciary duty to protect information, including PHI. Based on HIPAA regulations, it is the responsibility of the covered entity to assign unique credentials for tracking purposes. CMS EIDM is not directly responsible for the enforcement of this rule and is unable to require a licensed attorney to assist covered entities with the understanding and compliance of the rule, as indicated in the comment.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| Author | KAYLA WILLIAMS |
| File Modified | 0000-00-00 |
| File Created | 2021-01-22 |