0920-0576-2020REv-Supporting Statement A ICROv1200713 final

0920-0576-2020REv-Supporting Statement A ICROv1200713 final.docx

Possession, Use, and Transfer of Select Agents and Toxins (42 CFR 73)

OMB: 0920-0576

Document [docx]
Download: docx | pdf





Supporting Statement A


Possession, Use, and Transfer of Select Agents and Toxins (42 CFR Part 73)

(OMB Control No. 0920-0576)


Revision


Centers for Disease Control and Prevention

Office of Public Health Preparedness and Response

Division of Select Agents and Toxins



Lori Bane

(404) 718-2006

(404) 718-2097 FAX

[email protected]

June 4, 2020





















Table of Content








Supporting Statement A

Shape1

  • The goal of the study is to support the Public Health Safety and Bioterrorism Preparedness and Response Act of 2002 and ensure select agents or toxins are managed appropriately to prevent any threats to human health or safety.

  • The intended use of the study is to fulfill the requirements promulgated by HHS under this part and also subject to corresponding regulations promulgated by USDA at 9 CFR Part 121 and 7 CFR Part 331.

  • The method used to collect data/information is an electronic data collection system that uses electronic forms, which are available on the Federal Select Agent Program website at http://www.selectagents.gov/forms.html in a pdf-fillable format for electronic submission.

  • The subpopulation to be studied are those individuals or entities requesting the possession and use of select agents and toxins or any changes to the entity’s registration, transfer of select agents and toxins, report the theft, loss or release of a select agent or toxin and report the identification of a select agent or toxin contained in a specimen presented for diagnosis, verification, or proficiency testing.

  • This collection of information does not employ statistical methods. The data collection is mandated by 42 CFR 73.





















A. Justification


This is a request for revision to OMB Control No. 0920-0576: Possession, Use, and Transfer of Select Agents and Toxins; Final Rule. The data collection and reporting requirements are required under 42 CFR Part 73 (Attachment 1). This request reflects revisions to the forms since Office of Management and Budget (OMB)’s approval in October 2017. The revisions to the data collection are primarily changes to the forms to clarify instructions, correct editorial errors from previous submission, and reformat the structure of the forms based on the day-to-day processing of these forms. Changes were made to the following forms: Report of Identification of a Select Agent or Toxin, Request of Exemption, Report of a Release/Loss/Theft, and Request, and Request to Transfer Select Agents and Toxins. The Centers for Disease Control and Prevention (CDC) is requesting a 3-year approval for this data collection. CDC in conjunction with U.S. Department of Agriculture (USDA)/ Animal and Plant Health Inspection Service (APHIS) will be using the same forms for this data collection.


1. Circumstances Making the Collection of Information Necessary


Subtitle A of the Public Health Security and Bioterrorism Preparedness and Response Act of 2002, (42 U.S.C. 262a), requires the United States Department of Health and Human Services (HHS) to regulate the possession, use, and transfer of biological agents or toxins that have the potential to pose a severe threat to public health and safety (select agents and toxins). Subtitle B of the Public Health Security and Bioterrorism Preparedness and Response Act of 2002 (which may be cited as the Agricultural Bioterrorism Protection Act of 2002), (7 U.S.C. 8401), requires the USDA to regulate the possession, use, and transfer of biological agents or toxins that have the potential to pose a severe threat to animal or plant health, or animal or plant products (select agents and toxins). Accordingly, HHS and USDA have promulgated regulations requiring individuals or entities that possess, use, or transfer select agents and toxins to register with the CDC or APHIS. See 42 C.F.R. Part 73, 7 C.F.R. Part 331, and 9 C.F.R. Part 121 (the select agent regulations). The Federal Select Agent Program (FSAP) is the collaboration of the CDC, Division of Select Agents and Toxins (DSAT) and the APHIS Agriculture Select Agent Services (AgSAS) to administer the select agent regulations in a manner to minimize the administrative burden on persons subject to the select agent regulations. The FSAP administers the select agent regulations in close coordination with the Federal Bureau of Investigation’s Criminal Justice Information Services (CJIS). Accordingly, CDC and APHIS have adopted an identical system to collect information for the possession, use, and transfer of select agents and toxins.



2. Purpose and Use of Information Collection


The agents and toxins subject to the HHS data collection are those that pose a serious threat to public health and safety. These agents and toxins are further identified as non-overlap or overlap agents or toxins. These agents and toxins are subject to requirements promulgated by HHS under 42 CFR Part 73 and also subject to corresponding regulations promulgated by USDA at 9 CFR Part 121 and 7 CFR Part 331. This information will assist with meeting the goals of the Public Health Safety and Bioterrorism Preparedness and Response Act of 2002 and ensure select agents or toxins are managed appropriately to prevent any threats to human health or safety.


Request for Exclusion: An attenuated strain of a select agent or a select toxin modified to be less potent or toxic may be excluded from the requirements of this part based upon a determination by the HHS Secretary that the attenuated strain or modified toxin does not pose a severe threat to public health and safety (42 CFR 73.3 and 4 (e)). CDC has not developed standardized forms to use in the above situation. Rather, the entity should provide the information as requested in the appropriate section of the regulation.


The Report of Identification of Select Agent or Toxin form (42 CFR 73.5(a) (b) and 73.6(a) (b)) is used by clinical or diagnostic laboratories and other entities to notify FSAP that a select agent or toxin identified as the result of diagnosis, verification, or proficiency testing have been disposed of in a proper manner.


The Request for Exemption form (42 CFR 73.5(d)(e) and 73.6(d)(e)) is used by entities that are using an investigational product that are, bear, or contain select agents or toxins.


The Application for Registration (42 CFR, 73.7(d)) is used by entities to register with FSAP. The Application for Registration requests facility information; a list of select agents or toxins in use, possession, or for transfer by the entity; characterization of the select agent or toxin; and laboratory information. This form is also used by the entity to amend their registration (42 CFR, 73.7(h) (1)) if any changes occur in the information submitted. When applying for an amendment to a certificate of registration, an entity must obtain the relevant portion of the application package and submit the information requested in the package to FSAP.


The Amendment to a Certificate of Registration Form is used to amend a Certificate of Registration.


Documentation of Self-Inspection: Prior to issuance of a certificate of registration, CDC inspects entities to ensure compliance with this regulation (42 CFR 73.18). As part of the inspection process, the entity may need to respond to written requests from CDC. CDC has not developed standardized forms to use in the above situation. Rather, the entity should provide the information as requested in the appropriate section of the regulation.


Request for Expedited Review: An entity may apply to the HHS Secretary for an expedited review of an individual by the Attorney General (42 CFR 73.10(e)). To apply for this expedited review, an entity must submit a request in writing to the HHS Secretary establishing the need for such action. CDC has not developed standardized forms to use in the above situation. Rather, the entity should provide the information as requested in the appropriate section of the regulation.


Security Plan: An individual or entity required to register under this part must develop and implement a written security plan. The security plan must be sufficient to safeguard the select agent or toxin against unauthorized access, theft, loss, or release (42 CFR 73.11(a)). CDC has not developed standardized forms to use in the above situation. Rather, the entity should provide the information as requested in the appropriate section of the regulation.


Biosafety Plan: An individual or entity required to register under this part must develop and implement a written biosafety plan that is commensurate with the risk of the select agent or toxin, given its intended use. The biosafety plan must contain sufficient information and documentation to describe the biosafety and containment procedures for the select agent or toxin, including any animals (including arthropods) or plants intentionally or accidentally exposed to or infected with a select agent (42 CFR 73.12(a)). CDC has not developed standardized forms to use in the above situation. Rather, the entity should provide the information as requested in the appropriate section of the regulation.


Request Regarding a Restricted Experiment: An individual or entity may not conduct, or possess products resulting from, the following experiments unless approved by and conducted in accordance with the conditions prescribed by the HHS Secretary:

(1) Experiments that involve the deliberate transfer of, or selection for, a drug resistance trait to select agents that are not known to acquire the trait naturally, if such acquisition could compromise the control of disease agents in humans, veterinary medicine, or agriculture.

(2) Experiments involving the deliberate formation of synthetic or recombinant DNA containing genes for the biosynthesis of select toxins lethal for vertebrates at an LD[50] < 100 ng/kg body weight (42 CFR 73.13 (a)). CDC has not developed standardized forms to use in the above situation. Rather, the entity should provide the information as requested in the appropriate section of the regulation.



Incident Response Plan: An individual or entity required to register under this part must develop and implement a written incident response plan based upon a site-specific risk assessment. The incident response plan must be coordinated with any entity-wide plans, kept in the workplace, and available to employees for review (42 CFR 73.14 (a)). CDC has not developed standardized forms to use in the above situation. Rather, the entity should provide the information as requested in the appropriate section of the regulation.


Training: The Responsible Official must ensure a record of the training provided to each individual with access to select agents and toxins and each escorted individual (e.g., laboratory workers, visitors, etc.) is maintained. The record must include the name of the individual, the date of the training, a description of the training provided, and the means used to verify that the employee understood the training (42 CFR 73.16(d)). CDC has not developed standardized forms to use in the above situation. Rather, the entity should provide the information as requested in the appropriate section of the regulation.


The Request to Transfer Select Agent or Toxin form (42 CFR 73.16) is used by entities requesting pre-authorization from FSAP to receive or send a select agent or toxin.


Records: An individual or entity required to register under this part must maintain complete records relating to the activities covered by the select agent regulations (42 CFR 73.17 (a)). CDC has not developed standardized forms to use in the above situation. Rather, the entity should provide the information as requested in the appropriate section of the regulation.


The Report of Potential Theft, Loss, or Release of Select Agent or Toxin form (42 CFR 73.19(a) (b)) is completed by entities whenever there is theft, loss, or release of a select agent or toxin.

3. Use of Improved Technology and Burden Reduction


CDC/DSAT has implemented a secure information system, eFSAP. The IT system is used to submit select agent program information using a two-way portal that is accessible by both FSAP and the regulated community. eFSAP increases efficiency by greatly enhancing information exchange using electronic forms which are available on the Federal Select Agent Program website at http://www.selectagents.gov/forms.html in a pdf-fillable format for electronic submission. The use of eFSAP allows respondents to copy previous information and amend any future submissions. The environment provides for the electronic exchange of information for creating, amending, and submitting registration applications; requests for approvals for transfers, exemptions, or exclusions; and reports of identification and theft, loss, or release of a select agent or toxin.


4. Efforts to Identify Duplication and Use of Similar Information


The FSAP continues working to identify duplication of the proposed data collection. DSAT has established relationships with the following federal agencies: Department of Homeland Security (DHS), the Department of Defense; Department of Army Inspector General (DoD, DAIG) and the Department Veterans Affairs. Each of these agencies shares a similar interest in the possession, use and transfers of select agents and toxins and has participated in joint inspections.


The Public Health Safety and Bioterrorism Preparedness and Response Act of 2002 (Public Law 107) required the development of a common registration system for the purpose of verifying the credentials, licenses, accreditations, and hospital privileges of such professionals during public health emergencies. There is no similar database available to identify individuals or entities registered to possess, use and transfer select agents and toxins.


5. Impact on Small Businesses or Other Small Entities


CDC recognizes that a small number of entities affected by the data collection requirements of this regulation may be small businesses. For this reason, the information needed in the data collection has been kept to a minimum.


6. Consequences of Collecting the Information Less Frequently


There are legal obstacles to reducing the burden by collecting this information less frequently. The purpose of this information collection is to meet mandated regulatory requirements. If this information were collected less frequently, it would not be possible for DSAT to carry out its commitments to protect the public health as mandated by these regulations


7. Special Circumstances Relating to the Guidelines of 5 CFR 1320.5


This request fully complies with the regulation in 5 CFR 1320.5.


8. Comments in Response to the Federal Register Notice and Efforts to Consult Outside the Agency


A8A. A “60 Day Federal Register Notice” was published in the Federal Register on Friday, April 3, 2020, Vol. 85, No. 65, Pages 18980 - 18982 (Attachment 2). No substantive comments were received.

A8B. Consultation Outside the Agency


FSAP began revising the proposed data collection instruments in the winter of 2019. The following representatives from AgSAS assisted with the development of the data collection instruments:


Narda Huyke

Animal Plant Health and Inspection Service

U.S. Department of Agriculture

4700 River Road, Unit 40

Riverdale, MD 20737-1231

Phone: (301) 851-2052

[email protected]


Kimberly A. Hardy
Animal Plant Health and Inspection Service

U.S. Department of Agriculture

4700 River Rd., Unit 123
Riverdale, MD 20737
Phone: (301) 851-2727
[email protected]

9. Explanation of Any Payment or Gift to Respondents


Respondents will not receive any payment or gift.


10. Assurance of Confidentiality Provided to Respondents


This submission has been reviewed by the Information Collection Request Office (ICRO) who determined that the Privacy Act does apply. The following information in identifiable form (IIF) will be collected: name, date of birth, department of justice identification number and job title. The Application for Registration (APHIS/CDC Form 1) requires the Responsible Official or Alternate Responsible Official provide the name, date of birth, department of justice identification number and job title of each individual that has access to select agents and toxins. The information is shared with the Federal Bureau of Investigation (FBI)/ Criminal Justice Information Services Division (CJIS). The FSAP approves the individual or entity to possess, use and transfer select agents and toxins based on the security risk assessment performed by CJIS.


To comply with the Office of Management and Budget (OMB) Memoranda (M) 07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information, a Federal Register notice Vol. 76, No. 16, Tuesday, January 25, 2011, pages 4483-4485, was published to alter the System of Records, 09-20-0170 (Attachment 3), National Select Agent Registry (NSAR)/Select Agent Transfer and Entity Registration Information System (SATERIS), HHS/CDC/COTPER. CDC is in the process of publishing a “Modified System of Records Maintained by HHS’ Centers for Disease Control and Prevention (CDC), System No. 09-20-0170, Electronic Federal Select Agent Program portal (eFSAP portal).” The document is currently under review by OMB (Attachment 4).


The following special safeguards are provided to protect the records from inadvertent disclosure:

Safeguards conform to the HHS Information Security and Privacy Program, http://www.hhs.gov/ocio/securityprivacy/index.html, the HHS Information Security and Privacy Policy (IS2P), and applicable federal laws, rules and policies, including: the E-Government Act of 2002, which includes the Federal Information Security Management Act of 2002 (FISMA), 44 U.S.C. 3541-3549, as amended by the Federal Information Security Modernization Act of 2014, 44 U.S.C. 3551-3558; all pertinent National Institutes of Standards and Technology (NIST) publications; and OMB Circular A-130, Managing Information as a Strategic Resource.


Administrative and Technical Safeguards: Security measures are implemented on government computers to control unauthorized access to the system. Attempts to gain access by unauthorized individuals are automatically recorded and reviewed by FSAP on a regular basis. Individuals who have routine access to these records are limited to staff (FTEs and contractors having security clearances at T3 (Non-Critical Sensitive positions requiring Secret clearance) or T4 (Non-Sensitive High Risk (Public Trust)) levels) who have responsibility for conducting regulatory oversight.


Protection for computerized records includes programmed verification of valid user identification code and password prior to logging on to the system; mandatory password changes, limited log-ins, virus protection, encryption, firewalls, and intrusion detection systems, and user rights/file attribute restrictions. Password protection imposes user name and password log-in requirements to prevent unauthorized access. Each user name is assigned limited access rights to files and directories at varying levels to control file sharing. There are routine daily backup procedures, and backup files are securely stored off-site. Security controls are reviewed on an ongoing basis.


Knowledge of individual tape passwords is required to access backups, and access to the system is limited to users obtaining prior supervisory approval. To avoid inadvertent data disclosure, a special additional procedure is performed to ensure that all Privacy Act data are removed from computer hard drives. Additional safeguards may also be built into the program by the system analyst as warranted by the sensitivity of the data set.


FTEs and contractor employees who maintain records are instructed in specific procedures to protect the security of records, and are to check with the system manager prior to making disclosure of data. When individually identifiable data are being used in a room, admittance at either federal or contractor sites is restricted to specifically authorized personnel.


Appropriate Privacy Act provisions and breach notification provisions are included in applicable contracts, and the CDC Project Director, contract officers, and project officers oversee compliance with these requirements. Upon completion of the contract, all data will be either returned to federal government or destroyed, as specified by the contract that includes breach notifications.


Records that are eligible for destruction are disposed of using destruction methods prescribed by NIST SP 800-88. Hard copy records are placed in a locked container or designated secure storage area while awaiting destruction. Records are destroyed in a manner that precludes its reconstruction, such as secured cross shredding. Utilizing the HHS Security Rule Guidance Material found at https://www.hhs.gov/hipaa/for-professionals/security/guidance/index.html, electronic information will be deleted or overwritten using Department of Defense National Institute of Standards and Technology/ General Services Administration (NIST/GSA) approved overwriting software that wipes the entire physical disk and not just the virtual disk. In addition, the physical destruction is obtained by using a National Security Agency/Central Security Service (NSA/CSS) approved degaussing device.


Physical Safeguards: Paper records are maintained in locked cabinets in secured rooms through electronic access in a restricted access location that is controlled by an electronic cardkey system that is limited to staff who have responsibility for conducting regulatory oversight. Electronic data files are encrypted using Federal Information Processing Standards Publication (FIPS) 140-2, and stored in a restricted access location. The computer room is protected by an automatic sprinkler system and numerous automatic sensors (e.g., water, heat, smoke, etc.) which are monitored, and a proper mix of portable fire extinguishers is located throughout the computer room. Computer workstations, lockable personal computers, and automated records are located in secured areas.


Implementation Guidelines: The safeguards outlined above are in accordance with applicable laws, rules and policies, including the HHS Information Security Program Policy, all pertinent NIST publications and OMB Circular A-130, Managing Information as a Strategic Resource.


Institutional Review Board


Institutional Review Board approval is not required.



11. Justification of Sensitive Questions


There are questions in the data collection instruments that are directly related to criminal behavior which is considered sensitive information. The Public Health Safety and Bioterrorism Preparedness and Response Act of 2002 (Public Law 107) required the development of a common registration system for the purpose of verifying the credentials, licenses, accreditations, and hospital privileges of such professionals during public health emergencies. Therefore, questions in reference criminal behavior are necessary to obtain information regarding possible criminal activity.


12. Estimates of Annualized Burden Hours and Costs


Estimated Annualized Burden Hours


The total estimated annualized burden for all data collection was calculated using the 2018 Annual Report of the Federal Select Agent Program available at https://www.selectagents.gov/annualreport2018.html or FSAP IT system and is estimated as 4467 hours. Information will be collected through FSAP IT system, fax, email and hard copy mail from respondents. The currently approved annualized burden is 8,347 The 2020 estimated annualized burden hours are 4467. Burden has reduced due to the decrease in the number of respondents and the implementation of eFSAP.


Estimated Annualized Burden Hours

Section

Form Name

Number of Respondents

Number of Responses per Respondent

Average Burden per Response (in hours)

Total Burden Hours

Sections 3 & 4

Request for Exclusions

1

1

1

1

Sections 5 & 6

Report of Identification of a Select Agent or Toxin

1,181

1

1

1,181

Sections 5 & 6

Request of Exemption

1

1

1

1

Section 7

Application for Registration

3

1

5

15

Section 7

Amendment to a Certificate of Registration

253

5

1

1,265

Section 9

Documentation of self-inspection

253

1

1

253

Section 10

Request for Expedited Review

1

1

30/60

1

Section 11

Security Plan

253

1

1

253

Section 12

Biosafety Plan

253

1

1

253

Section 13

Request Regarding a Restricted Experiment

1

1

2

2

Section 14

Incident Response Plan

253

1

1

253

Section 15


Training

253

1

1

253

Section 16

Request to Transfer Select Agents and Toxins

253

1

1.5

380

Section 17

Records

253

1

30/60

127

Section 19

Notification of Theft, Loss, or Release

201

1

1

201

Section 20

Administrative Review

28

1

1

28

Total





4467



Estimated Annualized Burden Costs


Section

Form Name

Total Burden Hours

Hourly Wage Rate


Total Respondent Cost

Sections 3 & 4

Request for Exclusions

1

$38.24

$38.24

Sections 5 & 6

Report of Identification of a Select Agent or Toxin

1,181

$38.24

$45161.44

Sections 5 & 6

Request of Exemption

1

$38.24

$38.24

Section 7

Application for Registration

15

$38.24

$573.60

Section 7

Amendment to a Certificate of Registration

1,265

$38.24

$48,373.60

Section 9

Documentation of self-inspection

253

$38.24

$9,674.72

Section 10

Request for Expedited Review

1

$38.24

$38.24

Section 11

Security Plan

253

$38.24

$9,674.72

Section 12

Biosafety Plan

253

$38.24

$9,674.72

Section 13

Request Regarding a Restricted Experiment

2

$38.24

$76.48

Section 14

Incident Response Plan

253

$38.24

$9,674.72

Section 15

Training

253

$38.24

$9,674.72

Section 16

Request to Transfer Select Agents and Toxins

380

$38.24

$14,531.20

Section 17

Records

127

$38.24

$4,856.48

Section 19

Notification of Theft, Loss, or Release

201

$38.24

$7,686.24

Section 20

Administrative Review

28

$38.24

$1,070.72

Total Cost




$170,818.08


When estimating the annualized burden costs, CDC assumes that the hourly burden would be evenly split between managerial staff and clerical staff. We are using an average hourly respondent labor rate of $59.56 for managerial staff and $ 16.92 for clerical staff. To calculate the mean hourly rate, we averaged these two figures for an hourly wage rate of $38.24. These rates were obtained from the Bureau of Labor Statistics, from the 2018 Occupational Employment Statistics Survey by Occupation (http://www.bls.gov/oes/).


13. Estimates of Other Total Annual Cost Burden to Respondents or Record keepers


Respondents incur no capital or maintenance costs. The only costs incurred to respondents are those associated with telephone calls, mailing, and fax transmissions. All of these costs are part of normal business expenses.

14. Annualized Cost to the Government


The total annualized cost for implementing these regulatory activities budgeted is $19,896,009 and includes FTE’s and contracts.



Compensation summary $9,863121

Personnel benefits 2,911,843

Misc Personnel cost est. 160,000

Travel 900,000

Transportation: Shipping 5,000

Rent, telecommunication, other communication & utilities 70,000

Printing & reproduction 10,000

Consulting and other services 5,841,045

Supplies & materials 50,000

Equipment 60,000


Grand Total: $19,896,009

15. Explanation for Program Changes or Adjustments


The program changes in this revised data collection are primarily changes to the forms to clarify instructions, correct editorial errors from previous submissions, and reformat the structure of the forms based on the day-to-day processing of these forms. There is a reduction in burden due to the decrease in the number of respondents and the implementation of eFSAP.


16. Plans for Tabulation and Publication and Project Time Schedule


There are no plans for tabulation and publication of these data.


17. Reason(s) Display of OMB Expiration Date is Inappropriate


The display of the OMB expiration date is appropriate.


18. Exceptions to Certification for Paperwork Reduction Act Submission


There are no exceptions to the certification.



List of Attachments:


Attachment 1 Possession, Use and Transfer of Select Agents and Toxins (42 CFR Part 73) – Final Rule


Attachment 2 60-Day Federal Register Notice 0920-0576


Attachment 3 System of Record Notice


Attachment 4 Modification Notice of System of Records


Attachment 5 Request for Exclusions


Attachment 6 Report of Identification of a Select Agent or Toxin


Attachment 7 Request for Exemption


Attachment 8 Application for Registration


Attachment 9 Amendment to a Certificate of Registration


Attachment 10 Documentation of self-inspection


Attachment 11 Request for Expedited Review


Attachment 12 Security Plan


Attachment 13 Biosafety Plan


Attachment 14 Request Regarding a Restricted Experiment


Attachment 15 Incident Response Plan


Attachment 16 Training


Attachment 17 Request to Transfer Select Agents and Toxins


Attachment 18 Records


Attachment 19 Notification of Theft, Loss, or Release


Attachment 20 Administrative Review




File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
File TitleSupporting Statement for
Authorzoz1
File Modified0000-00-00
File Created2021-01-31

© 2024 OMB.report | Privacy Policy