September 16, 1998, Comments on the Applicability of the Paperwork Reduction Act (PRA) regarding the August 12, 1998 NPRM on Security and Electronic Signature Standards

National Committee on Vital & Health Statistics

September 16, 1998

Health Care Financing Administration
Office of Information Services
Security and Standards Group
Division of HCFA Enterprise Standards
Room N2-14-26
7500 Security Boulevard
Baltimore, MD 21244-1850
ATTN: John Burke, HCFA-0049

Office of Information and Regulatory Affairs
Office of Management and Budget
Room 10235
New Executive Office Building
Washington, DC 20503
ATTN: Allison Herron Eydt, HCFA Desk Officer

Dear Mr. Burke and Ms. Eydt:

The National Committee on Vital and Health Statistics submits the following comments on the Collection of Information Requirements in the Notice of Proposed Rule Making (NPRM), HCFA-0049-P, Security and Electronic Signature Standards.

On the issue of the applicability of the Paperwork Reduction Act of 1995 to the electronic signature standard:

The purposes of the Paperwork Reduction Act (PRA) and of the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) would appear to be extraordinarily compatible. Both seek to minimize paperwork burden and to ensure public benefit. However, in a practical sense, application of the PRA in this instance would be contrary to these principles and threatens to impose a substantial barrier to the adoption, implementation, and future modification of health care electronic data interchange (EDI) standards of which the electronic signature standard is a critical component.

There may be a role for the PRA in evaluating what Government programs do to implement the standards in their programmatic spheres. However, we do not believe that the adoption of standards, as required by HIPAA, constitutes an “information collection” in the sense that it is defined under the PRA. Further, it is hard to imagine a more clear- cut case of usual and customary business activities than the application of a signature to the administrative and financial functions, which include billing, adjudicating claims, and payment for services, covered by this and previously proposed rules.

Finally, the PRA regulations (at §1320.18) appear to be clear that OMB has the discretion to apply or not to apply the PRA to these rules. We urge OMB to follow the intent of both the PRA and HIPAA by not applying the PRA in this instance.

Sincerely,

Don E. Detmer, M.D.
Chair