508_CMS-10522_Supporting_Statement_Part_A

508_CMS-10522_Supporting_Statement_Part_A.docx

Executive Summary Form for Research Identifiable Data (CMS-10522)

OMB: 0938-1276

Document [docx]
Download: docx | pdf

Supporting Statement Part A



Supporting Statement for Paperwork Reduction Act Submissions




A. Background


The Centers for Medicare & Medicaid Services (CMS) is responsible for administering the Medicare, Medicaid and State Children's Health Insurance Programs. CMS collects data to support the Agency’s mission and operations. These data include information about Medicare beneficiaries, Medicare claims, Medicare providers, and Medicaid eligibility and claims. CMS discloses these identifiable data consistent with the routine uses identified in the Privacy Act Systems of Records notices that are published in the Federal Register and the limitations on uses and disclosures that are set out in the HIPAA Privacy Rule. Routine use is defined as the use of a record for a purpose that is compatible with the purpose for which it was collected.


All requests for identifiable data are received and reviewed by the Division of Privacy Operations & Compliance (DPOC) in the Office of E-Health Standards and Services. DPOC staff and the CMS Privacy Officer review the requests to determine if there is legal authorization for disclosure of the data. If legal authorization exists, the request is reviewed to ensure that the minimal data necessary is requested and approved for the project. Requests for identifiable data for research purposes must be submitted to and approved by the CMS

Privacy Board.


The Office of Information Products & Data Analysis (OIPDA) is the lead for the CMS Privacy

Board. To assist the CMS Privacy Board with its review of research data requests, OIPDA has developed the Executive Summary (ES) forms. The ES collects all the information that the CMS Privacy Board needs to review and make a determination on whether the request meets the requirements for release of identifiable data for research purposes. We currently have three versions of the ES Form and an ES Supplement for Requestors of the National Death Index (NDI) Causes of Death Variables. Each meets the need for a different type of requestor.




Form

Type of Requestors

Executive Summary for Research

Identifiable Data

Most Requestors will use this. HHS Agencies, Non HHS Agencies, Non-Profits, Research Institutes, Colleges and Universities

State Executive Summary for Research

Identifiable Data

States doing research.

Executive Summary for Research Identifiable Data for CMS Virtual Research Data Center(VRDC) Request

Requestors that will be accessing data through the

CMS VRDC.

Executive Summary for Requestors of the

NDI Causes of Death Variable

Any of the above requestors that need the NDI

variables.


Shape2 B. Justification


1. Need and Legal Basis


All requests for identifiable data for research purposes must be reviewed and approved by the CMS Privacy Board, as documented in the Privacy Act and HIPAA. The CMS Privacy Board receives over 325 requests a year. The ES allows for a uniform format for the collection and review of the material needed to determine if a request meets the requirements for research disclosure under the Privacy Act and HIPAA. Previously, requestors submitted the information in their own format and it made it difficult and time consuming to review each request and determine if it met all the requirements.


2. Information Users


The CMS Privacy Board will use the information in the ES to determine if a request meets the requirements for research disclosure under the Privacy Act and HIPAA. The ES will be used to answer the following questions:


Who is requesting the data?

What identifiable data is being requested? Why are they requesting the data?

How is the data going to be used? Who is funding this project?

Is the minimum data necessary being requested?

Is it feasible to obtain individual level authorization from Medicare/Medicaid beneficiaries for this project?

Does the request require the NDI data? How will the research findings be shared? How will the data be managed and protected?


The ES NDI Supplement will be used to answer questions directly related to the use of the

NDI variables.


3. Use of Information Technology


The ES is a PDF form that is completed electronically by the requestor and is submitted to CMS electronically as part of the data request package. The ES only requires a signature, if the project is funded by a commercial entity.

4. Duplication of Efforts


This information collection does not duplicate any other effort and the information cannot be obtained from any other source.


5. Small Businesses


Not Applicable


6. Less Frequent Collection


CMS must have an ES for each research request for identifiable data. Without the ES, the request cannot be reviewed by the CMS Privacy Board.


7. Special Circumstances


Not Applicable


8. Federal Register/Outside Consultation


The 60-day Federal Register notice published on July 11, 2014.


OIPDA has worked with two contractors in developing this form. The first contractor is the Research Data Assistance Center (ResDAC). The ResDAC Assistance Desk is located at the University of Minnesota and staffed by master's-level trained Technical Advisors. They provide technical assistance to researchers interested in using Medicare and/or Medicaid data.


The second contractor is MBL Technologies. CMS established the Data Privacy Safeguard Program to ensure that organizations to which CMS discloses identifiable data provide reasonable assurances on how data are protected, in accordance with CMS responsibilities under the Privacy Act and HIPAA Privacy Rule. As part of a researchers request for identifiable data, the Data Management Plan (DMP) of the ES asks researchers to outline the data privacy and security practices in place at their organization. MBL advise researchers in completing DMPs such that reasonable assurances are in place to protect CMS identifiable data used by research organizations.


ResDAC understands researchers and their projects and MLB understands data security, together they were able to assist OIPDA in developing an ES that is useful and easy to complete.


9. Payments/Gifts to Respondents


Not Applicable


10. Confidentiality


CMS only collects this information for use by the CMS Privacy Board. The ES is not shared with anyone other than DPOC and the CMS Privacy Board. We pledge confidentiality to the information collected.


11. Sensitive Questions


Not Applicable


12. Burden Estimates (Hours & Wages)


Number of Respondents Annually 325 Average Frequency of Response 1 ES per Data Request Annual Hour Burden Up to 2 Hours per Request Annual Cost to Requestor $78.00 per Request


Total annual burden would be 325 respondents x 1 response per respondent x 2 hours per response = (325x1x2) = 650 hours.


Total annual cost would be 325 respondents x $78 per respondent = $25,350.


ResDAC works closely with the requestor to complete their request package to CMS. We worked with ResDAC to determine the average burden for completing the ES. The burden on requestors should not vary greatly and this average should cover all complexity of research requests. The requestors should already have the information for the ES from the

development of their research project. There is no additional cost burden other than completing the ES.


The ES is usually completed by a research assistant. We used the information in the

following link to help determine an average cost burden. We took the average assistant salary and figured the hourly rate.


http://oira.unc.edu/faculty-salaries-at-research-and-aau-universities.html


We have prepared two Executive Summary Form 83 Part IIs to cover the different types of requestors that request CMS identifiable data.


13. Capital Costs


The requestors should already have the information for the ES as part of their research development. There is no additional cost burden other than completing the ES.


14. Cost to Federal Government


Without the ES, it may take a CMS Privacy Board member and DPOC analyst an hour or two to read through each requestors documentation to determine if the research requirements are being met. With the ES, a CMS Privacy Board member can review a research request in 15 minutes or less. We used the following link to determine the cost to CMS:


http://www.opm.gov/policy-data-oversight/pay-leave/salaries-wages/2013/general- schedule/dcb_h.pdf




DPOC Analyst without ES (GS11)

2 Hours

$59.00

CMS Privacy Board Review without ES (GS 13)

2 Hours

$85.00

Total Annual Cost per request without ES


$144


CMS Privacy Board Review with ES


¼ Hour


$11

DPCO Analyst with ES

¼ Hour

$7

Total Annual Cost per request with the ES


$18


15.


Changes to Burden





This is a new information collection request.




16.


Publication/Tabulation Dates





Not Applicable




17.


Expiration Date




CMS would like an exemption from displaying the expiration date as these forms are used on a continuing basis. To include an expiration date would result in having to discard a potentially large number of forms.

Shape1

2


File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
AuthorCMS
File Modified0000-00-00
File Created2021-01-25

© 2024 OMB.report | Privacy Policy