Supporting Statement A
Possession, Use, and Transfer of Select Agents and Toxins (42 CFR Part 73)
(OMB Control No. 0920-0576)
Revision
Centers for Disease Control and Prevention
Office of Public Health Preparedness and Response
Division of Select Agents and Toxins
Lori Bane
(404) 718-2006
(404) 718-2097 FAX
June 4, 2020
Table of Content
1. Circumstances Making the Collection of Information Necessary 3
2. Purpose and Use of Information Collection 5
3. Use of Improved Technology and Burden Reduction 5
4. Efforts to Identify Duplication and Use of Similar Information 5
5. Impact on Small Businesses or Other Small Entities 6
6. Consequences of Collecting the Information Less Frequently 6
7. Special Circumstances Relating to the Guidelines of 5 CFR 1320.5 6
8. Comments in Response to the Federal Register Notice and Efforts to Consult Outside the Agency 6
9. Explanation of Any Payment or Gift to Respondents 7
10. Assurance of Confidentiality Provided to Respondents 7
11. Justification of Sensitive Questions 9
12. Estimates of Annualized Burden Hours and Costs 9
13. Estimates of Other Total Annual Cost Burden to Respondents or Record keepers 11
14. Annualized Cost to the Government 11
15. Explanation for Program Changes or Adjustments 12
16. Plans for Tabulation and Publication and Project Time Schedule 12
17. Reason(s) Display of OMB Expiration Date is Inappropriate 12
18. Exceptions to Certification for Paperwork Reduction Act Submission 12
Supporting Statement A
The goal of
the study is to support the Public Health Safety and Bioterrorism
Preparedness and Response Act of 2002 and ensure select agents or
toxins are managed appropriately to prevent any threats to human
health or safety. The intended
use of the study is to fulfill the requirements promulgated by HHS
under this part and also subject to corresponding regulations
promulgated by USDA at 9 CFR Part 121 and 7 CFR Part 331.
The method
used to collect data/information is an electronic data collection
system that uses electronic forms, which are available on the
Federal Select Agent Program website at
http://www.selectagents.gov/forms.html in a pdf-fillable format for
electronic submission.
The
subpopulation to be studied are those individuals or entities
requesting the possession and use of select agents and toxins or
any changes to the entity’s registration, transfer of select
agents and toxins, report the theft, loss or release of a select
agent or toxin and report the identification of a select agent or
toxin contained in a specimen presented for diagnosis,
verification, or proficiency testing.
This
collection of information does not employ statistical methods. The
data collection is mandated by 42 CFR 73.
This is a request for revision to OMB Control No. 0920-0576: Possession, Use, and Transfer of Select Agents and Toxins; Final Rule. The data collection and reporting requirements are required under 42 CFR Part 73 (Attachment 1). This request reflects revisions to the forms since Office of Management and Budget (OMB)’s approval in October 2017. The revisions to the data collection are primarily changes to the forms to clarify instructions, correct editorial errors from previous submission, and reformat the structure of the forms based on the day-to-day processing of these forms. Changes were made to the following forms: Report of Identification of a Select Agent or Toxin, Request of Exemption, Report of a Release/Loss/Theft, and Request, and Request to Transfer Select Agents and Toxins. The Centers for Disease Control and Prevention (CDC) is requesting a 3-year approval for this data collection. CDC in conjunction with U.S. Department of Agriculture (USDA)/ Animal and Plant Health Inspection Service (APHIS) will be using the same forms for this data collection.
Subtitle A of the Public Health Security and Bioterrorism Preparedness and Response Act of 2002, (42 U.S.C. 262a), requires the United States Department of Health and Human Services (HHS) to regulate the possession, use, and transfer of biological agents or toxins that have the potential to pose a severe threat to public health and safety (select agents and toxins). Subtitle B of the Public Health Security and Bioterrorism Preparedness and Response Act of 2002 (which may be cited as the Agricultural Bioterrorism Protection Act of 2002), (7 U.S.C. 8401), requires the USDA to regulate the possession, use, and transfer of biological agents or toxins that have the potential to pose a severe threat to animal or plant health, or animal or plant products (select agents and toxins). Accordingly, HHS and USDA have promulgated regulations requiring individuals or entities that possess, use, or transfer select agents and toxins to register with the CDC or APHIS. See 42 C.F.R. Part 73, 7 C.F.R. Part 331, and 9 C.F.R. Part 121 (the select agent regulations). The Federal Select Agent Program (FSAP) is the collaboration of the CDC, Division of Select Agents and Toxins (DSAT) and the APHIS Agriculture Select Agent Services (AgSAS) to administer the select agent regulations in a manner to minimize the administrative burden on persons subject to the select agent regulations. The FSAP administers the select agent regulations in close coordination with the Federal Bureau of Investigation’s Criminal Justice Information Services (CJIS). Accordingly, CDC and APHIS have adopted an identical system to collect information for the possession, use, and transfer of select agents and toxins.
The agents and toxins subject to the HHS data collection are those that pose a serious threat to public health and safety. These agents and toxins are further identified as non-overlap or overlap agents or toxins. These agents and toxins are subject to requirements promulgated by HHS under 42 CFR Part 73 and also subject to corresponding regulations promulgated by USDA at 9 CFR Part 121 and 7 CFR Part 331. This information will assist with meeting the goals of the Public Health Safety and Bioterrorism Preparedness and Response Act of 2002 and ensure select agents or toxins are managed appropriately to prevent any threats to human health or safety.
Request for Exclusion: An attenuated strain of a select agent or a select toxin modified to be less potent or toxic may be excluded from the requirements of this part based upon a determination by the HHS Secretary that the attenuated strain or modified toxin does not pose a severe threat to public health and safety (42 CFR 73.3 and 4 (e)). CDC has not developed standardized forms to use in the above situation. Rather, the entity should provide the information as requested in the appropriate section of the regulation.
The Report of Identification of Select Agent or Toxin form (42 CFR 73.5(a) (b) and 73.6(a) (b)) is used by clinical or diagnostic laboratories and other entities to notify FSAP that a select agent or toxin identified as the result of diagnosis, verification, or proficiency testing have been disposed of in a proper manner.
The Request for Exemption form (42 CFR 73.5(d)(e) and 73.6(d)(e)) is used by entities that are using an investigational product that are, bear, or contain select agents or toxins.
The Application for Registration (42 CFR, 73.7(d)) is used by entities to register with FSAP. The Application for Registration requests facility information; a list of select agents or toxins in use, possession, or for transfer by the entity; characterization of the select agent or toxin; and laboratory information. This form is also used by the entity to amend their registration (42 CFR, 73.7(h) (1)) if any changes occur in the information submitted. When applying for an amendment to a certificate of registration, an entity must obtain the relevant portion of the application package and submit the information requested in the package to FSAP.
The Amendment to a Certificate of Registration Form is used to amend a Certificate of Registration.
Documentation of Self-Inspection: Prior to issuance of a certificate of registration, CDC inspects entities to ensure compliance with this regulation (42 CFR 73.18). As part of the inspection process, the entity may need to respond to written requests from CDC. CDC has not developed standardized forms to use in the above situation. Rather, the entity should provide the information as requested in the appropriate section of the regulation.
Request for Expedited Review: An entity may apply to the HHS Secretary for an expedited review of an individual by the Attorney General (42 CFR 73.10(e)). To apply for this expedited review, an entity must submit a request in writing to the HHS Secretary establishing the need for such action. CDC has not developed standardized forms to use in the above situation. Rather, the entity should provide the information as requested in the appropriate section of the regulation.
Security Plan: An individual or entity required to register under this part must develop and implement a written security plan. The security plan must be sufficient to safeguard the select agent or toxin against unauthorized access, theft, loss, or release (42 CFR 73.11(a)). CDC has not developed standardized forms to use in the above situation. Rather, the entity should provide the information as requested in the appropriate section of the regulation.
Biosafety Plan: An individual or entity required to register under this part must develop and implement a written biosafety plan that is commensurate with the risk of the select agent or toxin, given its intended use. The biosafety plan must contain sufficient information and documentation to describe the biosafety and containment procedures for the select agent or toxin, including any animals (including arthropods) or plants intentionally or accidentally exposed to or infected with a select agent (42 CFR 73.12(a)). CDC has not developed standardized forms to use in the above situation. Rather, the entity should provide the information as requested in the appropriate section of the regulation.
Request Regarding a Restricted Experiment: An individual or entity may not conduct, or possess products resulting from, the following experiments unless approved by and conducted in accordance with the conditions prescribed by the HHS Secretary:
(1) Experiments that involve the deliberate transfer of, or selection for, a drug resistance trait to select agents that are not known to acquire the trait naturally, if such acquisition could compromise the control of disease agents in humans, veterinary medicine, or agriculture.
(2) Experiments involving the deliberate formation of synthetic or recombinant DNA containing genes for the biosynthesis of select toxins lethal for vertebrates at an LD[50] < 100 ng/kg body weight (42 CFR 73.13 (a)). CDC has not developed standardized forms to use in the above situation. Rather, the entity should provide the information as requested in the appropriate section of the regulation.
Incident Response Plan: An individual or entity required to register under this part must develop and implement a written incident response plan based upon a site-specific risk assessment. The incident response plan must be coordinated with any entity-wide plans, kept in the workplace, and available to employees for review (42 CFR 73.14 (a)). CDC has not developed standardized forms to use in the above situation. Rather, the entity should provide the information as requested in the appropriate section of the regulation.
Training: The Responsible Official must ensure a record of the training provided to each individual with access to select agents and toxins and each escorted individual (e.g., laboratory workers, visitors, etc.) is maintained. The record must include the name of the individual, the date of the training, a description of the training provided, and the means used to verify that the employee understood the training (42 CFR 73.16(d)). CDC has not developed standardized forms to use in the above situation. Rather, the entity should provide the information as requested in the appropriate section of the regulation.
The Request to Transfer Select Agent or Toxin form (42 CFR 73.16) is used by entities requesting pre-authorization from FSAP to receive or send a select agent or toxin.
Records: An individual or entity required to register under this part must maintain complete records relating to the activities covered by the select agent regulations (42 CFR 73.17 (a)). CDC has not developed standardized forms to use in the above situation. Rather, the entity should provide the information as requested in the appropriate section of the regulation.
The Report of Potential Theft, Loss, or Release of Select Agent or Toxin form (42 CFR 73.19(a) (b)) is completed by entities whenever there is theft, loss, or release of a select agent or toxin.
CDC/DSAT has implemented a secure information system, eFSAP. The IT system is used to submit select agent program information using a two-way portal that is accessible by both FSAP and the regulated community. eFSAP increases efficiency by greatly enhancing information exchange using electronic forms which are available on the Federal Select Agent Program website at http://www.selectagents.gov/forms.html in a pdf-fillable format for electronic submission. The use of eFSAP allows respondents to copy previous information and amend any future submissions. The environment provides for the electronic exchange of information for creating, amending, and submitting registration applications; requests for approvals for transfers, exemptions, or exclusions; and reports of identification and theft, loss, or release of a select agent or toxin.
The FSAP continues working to identify duplication of the proposed data collection. DSAT has established relationships with the following federal agencies: Department of Homeland Security (DHS), the Department of Defense; Department of Army Inspector General (DoD, DAIG) and the Department Veterans Affairs. Each of these agencies shares a similar interest in the possession, use and transfers of select agents and toxins and has participated in joint inspections.
The Public Health Safety and Bioterrorism Preparedness and Response Act of 2002 (Public Law 107) required the development of a common registration system for the purpose of verifying the credentials, licenses, accreditations, and hospital privileges of such professionals during public health emergencies. There is no similar database available to identify individuals or entities registered to possess, use and transfer select agents and toxins.
CDC recognizes that a small number of entities affected by the data collection requirements of this regulation may be small businesses. For this reason, the information needed in the data collection has been kept to a minimum.
There are legal obstacles to reducing the burden by collecting this information less frequently. The purpose of this information collection is to meet mandated regulatory requirements. If this information were collected less frequently, it would not be possible for DSAT to carry out its commitments to protect the public health as mandated by these regulations
This request fully complies with the regulation in 5 CFR 1320.5.
A8A. A “60 Day Federal Register Notice” was published in the Federal Register on Friday, April 3, 2020, Vol. 85, No. 65, Pages 18980 - 18982 (Attachment 2). No substantive comments were received.
FSAP began revising the proposed data collection instruments in the winter of 2019. The following representatives from AgSAS assisted with the development of the data collection instruments:
Narda Huyke
Animal Plant Health and Inspection Service
U.S. Department of Agriculture
4700 River Road, Unit 40
Riverdale, MD 20737-1231
Phone: (301) 851-2052
Kimberly A. Hardy
Animal Plant Health and Inspection Service
U.S. Department of Agriculture
4700 River Rd.,
Unit 123
Riverdale, MD 20737
Phone: (301)
851-2727
[email protected]
Respondents will not receive any payment or gift.
This submission has been reviewed by the Information Collection Request Office (ICRO) who determined that the Privacy Act does apply. The following information in identifiable form (IIF) will be collected: name, date of birth, department of justice identification number and job title. The Application for Registration (APHIS/CDC Form 1) requires the Responsible Official or Alternate Responsible Official provide the name, date of birth, department of justice identification number and job title of each individual that has access to select agents and toxins. The information is shared with the Federal Bureau of Investigation (FBI)/ Criminal Justice Information Services Division (CJIS). The FSAP approves the individual or entity to possess, use and transfer select agents and toxins based on the security risk assessment performed by CJIS.
To comply with the Office of Management and Budget (OMB) Memoranda (M) 07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information, a Federal Register notice Vol. 76, No. 16, Tuesday, January 25, 2011, pages 4483-4485, was published to alter the System of Records, 09-20-0170 (Attachment 3), National Select Agent Registry (NSAR)/Select Agent Transfer and Entity Registration Information System (SATERIS), HHS/CDC/COTPER. CDC is in the process of publishing a “Modified System of Records Maintained by HHS’ Centers for Disease Control and Prevention (CDC), System No. 09-20-0170, Electronic Federal Select Agent Program portal (eFSAP portal).” The document is currently under review by OMB (Attachment 4).
The following special safeguards are provided to protect the records from inadvertent disclosure:
Safeguards conform to the HHS Information Security and Privacy Program, http://www.hhs.gov/ocio/securityprivacy/index.html, the HHS Information Security and Privacy Policy (IS2P), and applicable federal laws, rules and policies, including: the E-Government Act of 2002, which includes the Federal Information Security Management Act of 2002 (FISMA), 44 U.S.C. 3541-3549, as amended by the Federal Information Security Modernization Act of 2014, 44 U.S.C. 3551-3558; all pertinent National Institutes of Standards and Technology (NIST) publications; and OMB Circular A-130, Managing Information as a Strategic Resource.
Administrative and Technical Safeguards: Security measures are implemented on government computers to control unauthorized access to the system. Attempts to gain access by unauthorized individuals are automatically recorded and reviewed by FSAP on a regular basis. Individuals who have routine access to these records are limited to staff (FTEs and contractors having security clearances at T3 (Non-Critical Sensitive positions requiring Secret clearance) or T4 (Non-Sensitive High Risk (Public Trust)) levels) who have responsibility for conducting regulatory oversight.
Protection for computerized records includes programmed verification of valid user identification code and password prior to logging on to the system; mandatory password changes, limited log-ins, virus protection, encryption, firewalls, and intrusion detection systems, and user rights/file attribute restrictions. Password protection imposes user name and password log-in requirements to prevent unauthorized access. Each user name is assigned limited access rights to files and directories at varying levels to control file sharing. There are routine daily backup procedures, and backup files are securely stored off-site. Security controls are reviewed on an ongoing basis.
Knowledge of individual tape passwords is required to access backups, and access to the system is limited to users obtaining prior supervisory approval. To avoid inadvertent data disclosure, a special additional procedure is performed to ensure that all Privacy Act data are removed from computer hard drives. Additional safeguards may also be built into the program by the system analyst as warranted by the sensitivity of the data set.
FTEs and contractor employees who maintain records are instructed in specific procedures to protect the security of records, and are to check with the system manager prior to making disclosure of data. When individually identifiable data are being used in a room, admittance at either federal or contractor sites is restricted to specifically authorized personnel.
Appropriate Privacy Act provisions and breach notification provisions are included in applicable contracts, and the CDC Project Director, contract officers, and project officers oversee compliance with these requirements. Upon completion of the contract, all data will be either returned to federal government or destroyed, as specified by the contract that includes breach notifications.
Records that are eligible for destruction are disposed of using destruction methods prescribed by NIST SP 800-88. Hard copy records are placed in a locked container or designated secure storage area while awaiting destruction. Records are destroyed in a manner that precludes its reconstruction, such as secured cross shredding. Utilizing the HHS Security Rule Guidance Material found at https://www.hhs.gov/hipaa/for-professionals/security/guidance/index.html, electronic information will be deleted or overwritten using Department of Defense National Institute of Standards and Technology/ General Services Administration (NIST/GSA) approved overwriting software that wipes the entire physical disk and not just the virtual disk. In addition, the physical destruction is obtained by using a National Security Agency/Central Security Service (NSA/CSS) approved degaussing device.
Physical Safeguards: Paper records are maintained in locked cabinets in secured rooms through electronic access in a restricted access location that is controlled by an electronic cardkey system that is limited to staff who have responsibility for conducting regulatory oversight. Electronic data files are encrypted using Federal Information Processing Standards Publication (FIPS) 140-2, and stored in a restricted access location. The computer room is protected by an automatic sprinkler system and numerous automatic sensors (e.g., water, heat, smoke, etc.) which are monitored, and a proper mix of portable fire extinguishers is located throughout the computer room. Computer workstations, lockable personal computers, and automated records are located in secured areas.
Implementation Guidelines: The safeguards outlined above are in accordance with applicable laws, rules and policies, including the HHS Information Security Program Policy, all pertinent NIST publications and OMB Circular A-130, Managing Information as a Strategic Resource.
Institutional Review Board
Institutional Review Board approval is not required.
There are questions in the data collection instruments that are directly related to criminal behavior which is considered sensitive information. The Public Health Safety and Bioterrorism Preparedness and Response Act of 2002 (Public Law 107) required the development of a common registration system for the purpose of verifying the credentials, licenses, accreditations, and hospital privileges of such professionals during public health emergencies. Therefore, questions in reference criminal behavior are necessary to obtain information regarding possible criminal activity.
Estimated Annualized Burden Hours
The total estimated annualized burden for all data collection was calculated using the 2018 Annual Report of the Federal Select Agent Program available at https://www.selectagents.gov/annualreport2018.html or FSAP IT system and is estimated as 4467 hours. Information will be collected through FSAP IT system, fax, email and hard copy mail from respondents. The currently approved annualized burden is 8,347 The 2020 estimated annualized burden hours are 4467. Burden has reduced due to the decrease in the number of respondents and the implementation of eFSAP.
Estimated Annualized Burden Hours
Section |
Form Name |
Number of Respondents |
Number of Responses per Respondent |
Average Burden per Response (in hours) |
Total Burden Hours |
Sections 3 & 4 |
Request for Exclusions |
1 |
1 |
1 |
1 |
Sections 5 & 6 |
Report of Identification of a Select Agent or Toxin |
1,181 |
1 |
1 |
1,181 |
Sections 5 & 6 |
Request of Exemption |
1 |
1 |
1 |
1 |
Section 7 |
Application for Registration |
3 |
1 |
5 |
|
Section 7 |
Amendment to a Certificate of Registration |
253 |
5 |
1 |
1,265 |
Section 9 |
Documentation of self-inspection |
253 |
1 |
1 |
253 |
Section 10 |
Request for Expedited Review |
1 |
1 |
30/60 |
1 |
Section 11 |
Security Plan |
253 |
1 |
1 |
253 |
Section 12 |
Biosafety Plan |
253 |
1 |
1 |
253 |
Section 13 |
Request Regarding a Restricted Experiment |
1 |
1 |
2 |
2 |
Section 14 |
Incident Response Plan |
253 |
1 |
1 |
253 |
Section 15 |
Training |
253 |
1 |
1 |
253 |
Section 16 |
Request to Transfer Select Agents and Toxins |
253 |
1 |
1.5 |
380 |
Section 17 |
Records |
253 |
1 |
30/60 |
127 |
Section 19 |
Notification of Theft, Loss, or Release |
201 |
1 |
1 |
201 |
Section 20 |
Administrative Review |
28 |
1 |
1 |
28 |
Total |
|
|
|
|
4467 |
Estimated Annualized Burden Costs
Section |
Form Name |
Total Burden Hours |
Hourly Wage Rate
|
Total Respondent Cost |
Sections 3 & 4 |
Request for Exclusions |
1 |
$38.24 |
$38.24 |
Sections 5 & 6 |
Report of Identification of a Select Agent or Toxin |
1,181 |
$38.24 |
$45161.44 |
Sections 5 & 6 |
Request of Exemption |
1 |
$38.24 |
$38.24 |
Section 7 |
Application for Registration |
15 |
$38.24 |
$573.60 |
Section 7 |
Amendment to a Certificate of Registration |
1,265 |
$38.24 |
$48,373.60 |
Section 9 |
Documentation of self-inspection |
253 |
$38.24 |
$9,674.72 |
Section 10 |
Request for Expedited Review |
1 |
$38.24 |
$38.24 |
Section 11 |
Security Plan |
253 |
$38.24 |
$9,674.72 |
Section 12 |
Biosafety Plan |
253 |
$38.24 |
$9,674.72 |
Section 13 |
Request Regarding a Restricted Experiment |
2 |
$38.24 |
$76.48 |
Section 14 |
Incident Response Plan |
253 |
$38.24 |
$9,674.72 |
Section 15 |
Training |
253 |
$38.24 |
$9,674.72 |
Section 16 |
Request to Transfer Select Agents and Toxins |
380 |
$38.24 |
$14,531.20 |
Section 17 |
Records |
127 |
$38.24 |
$4,856.48 |
Section 19 |
Notification of Theft, Loss, or Release |
201 |
$38.24 |
$7,686.24 |
Section 20 |
Administrative Review |
28 |
$38.24 |
$1,070.72 |
Total Cost |
|
|
|
$170,818.08 |
When estimating the annualized burden costs, CDC assumes that the hourly burden would be evenly split between managerial staff and clerical staff. We are using an average hourly respondent labor rate of $59.56 for managerial staff and $ 16.92 for clerical staff. To calculate the mean hourly rate, we averaged these two figures for an hourly wage rate of $38.24. These rates were obtained from the Bureau of Labor Statistics, from the 2018 Occupational Employment Statistics Survey by Occupation (http://www.bls.gov/oes/).
Respondents incur no capital or maintenance costs. The only costs incurred to respondents are those associated with telephone calls, mailing, and fax transmissions. All of these costs are part of normal business expenses.
The total annualized cost for implementing these regulatory activities budgeted is $19,896,009 and includes FTE’s and contracts.
Compensation summary $9,863121
Personnel benefits 2,911,843
Misc Personnel cost est. 160,000
Travel 900,000
Transportation: Shipping 5,000
Rent, telecommunication, other communication & utilities 70,000
Printing & reproduction 10,000
Consulting and other services 5,841,045
Supplies & materials 50,000
Equipment 60,000
Grand Total: $19,896,009
The program changes in this revised data collection are primarily changes to the forms to clarify instructions, correct editorial errors from previous submissions, and reformat the structure of the forms based on the day-to-day processing of these forms. There is a reduction in burden due to the decrease in the number of respondents and the implementation of eFSAP.
There are no plans for tabulation and publication of these data.
The display of the OMB expiration date is appropriate.
There are no exceptions to the certification.
Attachment 1 Possession, Use and Transfer of Select Agents and Toxins (42 CFR Part 73) – Final Rule
Attachment 2 60-Day Federal Register Notice 0920-0576
Attachment 3 System of Record Notice
Attachment 4 Modification Notice of System of Records
Attachment 5 Request for Exclusions
Attachment 6 Report of Identification of a Select Agent or Toxin
Attachment 7 Request for Exemption
Attachment 8 Application for Registration
Attachment 9 Amendment to a Certificate of Registration
Attachment 10 Documentation of self-inspection
Attachment 11 Request for Expedited Review
Attachment 12 Security Plan
Attachment 13 Biosafety Plan
Attachment 14 Request Regarding a Restricted Experiment
Attachment 15 Incident Response Plan
Attachment 16 Training
Attachment 17 Request to Transfer Select Agents and Toxins
Attachment 18 Records
Attachment 19 Notification of Theft, Loss, or Release
Attachment 20 Administrative Review
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File Title | Supporting Statement for |
Author | zoz1 |
File Modified | 0000-00-00 |
File Created | 2021-07-08 |