§162.923 Requirements for covered entities.
§162.925 Additional requirements for health plans.
Discussion: As referenced in the proposed rule, the emerging and increasing use of health care EDI standards and transactions has raised the issue of the applicability of the PRA. As such, we solicited comment on whether a regulation that adopts an EDI standard used to exchange certain information constitutes an information collection is subject to the PRA. Public comments were presented which suggested that the use of an EDI standard is not an information collection and under the PRA. The Office of Management and Budget, however, has determined that this regulatory requirement (which mandates that the private sector disclose information and do so in a particular format) constitutes an agency sponsored third-party disclosure as defined under the Paperwork Reduction Act of 1995 (PRA).
HIPAA mandates the Secretary to adopt standards that have been developed, adopted, or modified by a standard setting organization, unless there is no such standard, or unless a different standard would substantially reduce administrative costs. OMB has concluded that the scope of its review under the PRA would be limited to the review and approval of this regulatory requirement, that is, the Secretary’s decision to adopt or reject an established industry standard, based on the HIPAA criterion of whether a different standard would substantially reduce administrative costs. For example, if OMB concluded under the PRA that a different standard would substantially reduce administrative costs as compared to an established industry standard, the Secretary would be required to reconsider its decision under the HIPAA standards. The Secretary would be required to make a new determination of whether it is appropriate to adopt an established industry standard or whether it should enter into negotiated rulemaking to develop an alternative standard (section 1172(c)(2)(A)).
The burden associated with these requirements, which is subject to the PRA, is the initial one-time burden on the entities identified above to modify their current computer system requirements. However, the burden associated with the routine or ongoing use of these requirements is exempt from the PRA as defined in 5 CFR 1320.3(b)(2).
Based on the assumption that the burden associated with HIPAA, Title II systems modifications may overlap and the HIPAA standards would replace the use of multiple standards, resulting in a reduction of burden, commenters should take into consideration when drafting comments that: 1) one or more of these standards may not be used; 2) some of the these standards may already be in use by several of the estimated entities; 3) systems modifications may be performed in an aggregate manner during the course of routine business and/or; 4) systems modifications may be made by contractors such as practice management vendors, in a single effort for a multitude of affected entities.
As required by section 3504(h) of the Paperwork Reduction Act of 1995, we have submitted a copy of this document to the Office of Management and Budget (OMB) for its review of these information collection requirements.
If you comment on these information collection and recordkeeping requirements, please e-mail comments to Paperwork@hcfa.gov (Attn:HCFA-0149) or mail copies directly to the following:
Health Care Financing Administration,
Office of Information Services,
Information Technology Investment Management Group,
Division of HCFA Enterprise Standards,
Room C2-26-17, 7500 Security Boulevard,
Baltimore, MD 21244-1850.
Office of Information and Regulatory Affairs,
Office of Management and Budget,
Room 10235, New Executive Office Building,
Washington, DC 20503,
Attn: Allison Herron Eydt, HCFA Desk Officer.