Download: docx | pdf

160, subparts A (General Provisions), C (Compliance and Enforcement), and E (Procedures for Hearing), and proposing a new subpart D (Imposition of Civil Money Penalties) that addressed the substantive issues related to the imposition of civil money penalties, and proposing that the above provisions be applied to all of the HIPAA rules.

The four forms included in this package request the following information from covered entities:

• Signed Operating Rules Attestation (Part A)

• Entity Information (Part B)

• Artifact Information (Part C)

• Trading Party Agreement (Part D)

2. Information Users

It is expected that covered entities under HIPAA (health plans, health care clearinghouses, and health care providers who electronically transmit any health information in connection with transaction for which HHS has adopted standards) will complete these forms during a CMS scheduled compliance review. CMS enforcement staff would use the information provided by covered entities to review HIPAA Administrative Simplification compliance in regards to adopted transaction standards, code sets, unique identifiers and operating rules.

3. Use of Information Technology

This process involves the use of electronic and paper collection techniques. It is expected that approximately 95% of the compliance review documents will be forwarded by the entity electronically to the Centers for Medicare & Medicaid Services (CMS) Compliance Review Testing Tool (ASETT). The flow of information electronically allows for a more efficient process.

4. Duplication of Efforts

This information collection does not duplicate any other effort and the information cannot be obtained from any other source.

5. Small Businesses

This collection would impact covered entities that transmit transactions electronically. The burden is minimized by allowing any covered entity of any size to transmit to CMS these documents electronically.

6. Less Frequent Collection

Submission of these forms during a compliance review is mandatory.

7. Special Circumstances

This information collection does not contain any special circumstances.

8. Federal Register/Outside Consultation

The 60-day Federal Register notice published on October 4, 2019 (84 FR 53156). No comments were received. The 30-day Federal Register notice published on December 18, 2019 (84 FR 69380).

The 30-day Federal Register notice published on [OSORA to insert publication date]. We received [TBD] public comments.

9. Payments/Gifts to Respondents

There will be no payments and/or gifts to respondents.

10. Confidentiality

Without the information requested CMS may be unable to proceed with the compliance review process. CMS collects this information under authority of CMS-0014-N (68 FR 60694) issued pursuant to the HIPAA. CMS will use the information provided to conduct HIPAA Administrative Simplification Non-Privacy/Security compliance reviews. Information submitted on these forms is treated confidentially and is protected under the provisions of the Privacy Act of 1974. Names or other identifying information about individuals are disclosed only when it is necessary for investigation of possible HIPAA A.S. Non- Privacy/Security violations, for internal systems operations, or for routine uses, which include disclosure of information outside the Department for purposes associated with HIPAA A.S. Non-Privacy/Security compliance and as permitted by SORN 09-90-0052.

11. Sensitive Questions

This information collection does not contain any sensitive questions.

12. Burden Estimates (Cost and Time)

The covered entity reporting burden for the forms collection of information is estimated to average 150 minutes or 2.5 hours) per form and there are 4 forms. The total burden per entity will be 10 hours ((2.5 hours per form) x (4 forms) x 1 entity)) which would include the time for reviewing instructions, gathering the data needed and entering and reviewing the information on the completed complaint form. An entity will only be required to participate in one compliance review per year.

The calculations are based on the Department of Labor, Bureau of Labor Statistics

estimation for a General Health Care Worker (http://www.bls.gov/oes/current/oes_nat.htm#13-0000) . We added 100% of the median hourly labor wage to the value to account for fringe and overhead.

Total annual time burden

(number of entities) x (1 response /entity) x (hours per response) = 10 x1 x 2.5 = 25 hours

Annual cost per entity response per analyst:

(number of artifacts per entity) x (time (hours) required to collect and complete artifact) x (analyst wage) = total analyst wage per entity

(4 artifacts) x (10 hours) x ($18.56/hour) = $742.40

Total cost for all entities for analysts collection and completion

(number of entities participating ) x (total annual cost) = collective analysts wage for 10 entities

(10 entities) x ($742.40) = $7424.00

It is estimated that all 10 covered entities are subject to be placed on a Corrective Action Plan. To correct the entities deficiencies the General Officer may be asked to provide the following:

1. Structured Corrective Action Plan

2. Written Follow Up with Explanation of Deficiencies

3. Subject to Corrective Action Plan Re-assessment

Time, labor, and correspondence may incur an additional cost as indicated below. Labor costs are based on the completion/review by each entity’s General and/or Operational Manager. We used the mean hourly 2017 Department of Labor rate of

$58.70 reported for a General or Operational Manager from the Department of Labor, Bureau of Labor Statistics (http://www.bls.gov/oes/current/oes_nat.htm#13-0000) at

$58.70/hour at 10 hours per correction which comprises of postal costs, administrative burden, hourly wage, overhead and incidentals of structuring and monitoring the CAP. A General/Operational Manager was used because he/she perhaps has approval authority.

(entity placed on CAP) x (time (hours) to complete CAP) x (hourly wage (which includes postage and incidentals)) = collective CAP structuring

(1 entity) x (10 hours to complete) x ($58.70/hour to structure CAP) = $587.00

(total entity placed on CAP) x (time (hours) to complete CAP) x (hourly wage (which

includes postage and incidentals)) = collective CAP structuring

(10 entity) x (10 hours to complete) x ($58.70/hour to structure CAP) = $5870.00

(entity placed on CAP) x (time (hours) to complete CAP) x (hourly wage (which includes postage and incidentals)) = collective CAP monitoring

(1 entity) x (40 hours to complete) x ($58.70/hour to monitor CAP) = $2,348.00

(total entity placed on CAP) x (time (hours) to complete CAP) x (hourly wage (which includes postage and incidentals)) = collective CAP monitoring

(10 entity) x (40 hours to complete) x ($58.70/hour to monitoring CAP) = $23,480.00

TOTAL ADMINISTRATIVE IMPACT TO INDUSTRY

Annual Collective Analyst Cost + Annual Collective General/Operations Manager Cost

$7424.00 + $23,480.00 = $30,904.00

13. Capital Costs

There are no capital costs for this collection.

14. Cost to Federal Government

There is no cost burden to the federal government as the requested standard administrative simplification artifacts indicating compliance will be processed in the normal course of federal duties.

15. Changes to Burden

This is a new information collection request.

16. Publication/Tabulation Dates

CMS does not plan to publicly disclose any of the information collected.

17. Expiration Date

CMS will display the expiration date on each collection instrument. It is displayed in the PRA Disclosure Statement as well as in the header of each document.

18. Certification Statement

There are no exceptions to the certification statement.

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Title	Administrative Simplification HIPAA Compliance Review (CMS-10662)
Author	Stewart, Kevin M. (CMS/OIT)
File Modified	0000-00-00
File Created	2021-01-14