Certificate of Data Destruction for Data Acquired from the Centers for Medicare and Medicaid Services

ICR 201409-0938-009

OMB: 0938-1046

Federal Form Document

ICR Details
0938-1046 201409-0938-009
Historical Active 201107-0938-004
HHS/CMS CMS-10252
Certificate of Data Destruction for Data Acquired from the Centers for Medicare and Medicaid Services
Extension without change of a currently approved collection   No
Regular
Approved without change 11/20/2014
Retrieve Notice of Action (NOA) 09/29/2014
  Inventory as of this Action Requested Previously Approved
11/30/2017 36 Months From Approved 11/30/2014
500 0 500
84 0 84
0 0 0

The Privacy Act of 1976, ?552a requires the Centers for Medicare & Medicaid Services (CMS) to track all disclosures of the agency's Personally Identifiable Information (PII) and the exceptions for these data releases. CMS is also required by the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the Federal Information Security Management Act (FISMA) of 2002 to properly protect all PII data maintained by the agency. Part of this protection mandates that the data be destroyed when no longer required in a manner that prevents any unauthorized disclosure. When entities request CMS PII data, they enter into a Data Use Agreement (DUA) with CMS. The DUA stipulates that the recipient of CMS PII data must properly protect the data according to FISMA and also provide for its appropriate destruction at the completion of the project/study or the expiration date of the DUA. However, under certain circumstances, the data may be approved in writing by CMS for re-use in an additional or follow-on project/study. The DUA Certificate of Disposition (COD) form provides the data recipient to document accordingly this variance in the disposition of the data or the outright destruction of the data. The "Data Use Agreement (DUA) Certificate of Disposition (COD) for Data Acquired from the Centers for Medicare & Medicaid Services (CMS)" will be used by recipients of CMS data to certify that they have properly disposed of the data that they have received through a CMS DUA. The form requires the submitter to provide the Requestor's organization; DUA number; identification by initials as to the actual disposition of the data; listing of the data descriptions and the years of the data; printed name, phone number and e-mail address of the individual signing the form; signature and date signed; and optional point of contact name, phone number and e-mail address.

PL: Pub.L. 104 - 191 1173(d) Name of Law: HIPAA
  
None

Not associated with rulemaking

  79 FR 33927 06/13/2014
79 FR 53067 09/05/2014
No

1
IC Title Form No. Form Name
Certificate of Data Destruction for Data Acquired from the Centers for Medicare and Medicaid Services CMS-10252 CMS-10252. Draft Revised DUA

  Total Approved Previously Approved Change Due to New Statute Change Due to Agency Discretion Change Due to Adjustment in Estimate Change Due to Potential Violation of the PRA
Annual Number of Responses 500 500 0 0 0 0
Annual Time Burden (Hours) 84 84 0 0 0 0
Annual Cost Burden (Dollars) 0 0 0 0 0 0
No
No

$4,100
No
No
No
No
No
Uncollected
Kayla Williams 410 786-5887 kayla.williams@cms.hhs.gov

  No

On behalf of this Federal agency, I certify that the collection of information encompassed by this request complies with 5 CFR 1320.9 and the related provisions of 5 CFR 1320.8(b)(3).
The following is a summary of the topics, regarding the proposed collection of information, that the certification covers:
 
 
 
 
 
 
 
    (i) Why the information is being collected;
    (ii) Use of information;
    (iii) Burden estimate;
    (iv) Nature of response (voluntary, required for a benefit, or mandatory);
    (v) Nature and extent of confidentiality; and
    (vi) Need to display currently valid OMB control number;
 
 
 
If you are unable to certify compliance with any of these provisions, identify the item by leaving the box unchecked and explain the reason in the Supporting Statement.
09/29/2014


© 2024 OMB.report | Privacy Policy