Information Collection Request

Administrative Simplification HIPAA Compliance Review (CMS-10662)

ICR 202506-0938-005 · OMB 0938-1390 · Received in OIRA

Forms and Documents

Document Name	Status
Form CMS-10662 Structuring and monitoring the CAP Form and Instruction	Modified
Form CMS-10662 Compliance Review Form and Instruction	Modified
CMS-10662_Supporting_Statement_Part_A.docx Supporting Statement A	2025-06-11
CMS-10662_Response to Public Comments.docx Supplementary Document	2025-06-06
ASHEPS_Compliance_Review_Exhibit_A_Crosswalk_2024_FINAL.pdf Supplementary Document	2025-06-06

IC Document Collections

IC ID	Document Title	Status
239116	Structuring and monitoring the CAP Form and Instruction	Modified
239115	Compliance Review Form and Instruction	Modified

ICR Details

OMB Control No: 0938-1390	ICR Reference No: 202506-0938-005
Status: Received in OIRA	Previous ICR Reference No: 202402-0938-003
Agency/Subagency: HHS/CMS	Agency Tracking No: OIT
Title: Administrative Simplification HIPAA Compliance Review (CMS-10662)
Type of Information Collection: Revision of a currently approved collection	Common Form ICR: No
Type of Review Request: Regular	Date Submitted to OIRA: 06/18/2025

	Requested	Previously Approved
Expiration Date	36 Months From Approved	12/31/2025
Responses	140	60
Time Burden (Hours)	3,040	1,000
Cost Burden (Dollars)	0	0

Abstract: The purpose of this collection is to retrieve information necessary to conduct a compliance review as described in CMS-0014-N (68 FR 60694). These forms will be submitted to the Centers for Medicare & Medicaid Services (CMS), Program Management National Standards Group, from entities covered by HIPAA Administrative Simplification regulations. It is expected that covered entities under HIPAA (health plans, health care clearinghouses, and health care providers who electronically transmit any health information in connection with transaction for which HHS has adopted standards) will complete these forms during a CMS scheduled compliance review. CMS enforcement staff would use the information provided by covered entities to review HIPAA Administrative Simplification compliance in regards to adopted transaction standards, code sets, unique identifiers and operating rules.

Authorizing Statute(s): PL: Pub.L. 104 - 191 264 Name of Law: HIPAA

Citations for New Statutory Requirements: None

Associated Rulemaking Information
RIN:	Stage of Rulemaking:	Federal Register Citation:	Date:
	Not associated with rulemaking

Federal Register Notices & Comments
60-day Notice:	Federal Register Citation:	Citation Date:
	90 FR 3220	01/14/2025
30-day Notice:	Federal Register Citation:	Citation Date:
	90 FR 24632	06/11/2025
Did the Agency receive public comments on this ICR? Yes

Number of Information Collection (IC) in this ICR: 2

IC Title	Form No.	Form Name
Compliance Review	CMS-10662, CMS-10662, CMS-10662, CMS-10662, CMS-10662	Operating_Rule_Response_Attestation , Compliance_Review_Package , Compliance Review Program Triage Questionnaire Clearinghouses , Compliance Review Program Triage Questionnaire Health Plans , Compliance Review Program Triage Questionnaire Providers
Structuring and monitoring the CAP	CMS-10662, CMS-10662	Notice_of_Corrective_Action_ , Corrective Action Follow-up Letter

ICR Summary of Burden

	Total Request	Previously Approved	Change Due to Agency Discretion
Annual Number of Responses	140	60	80
Annual Time Burden (Hours)	3,040	1,000	2,040
Annual Cost Burden (Dollars)	0	0	0

Burden increases because of Program Change due to Agency Discretion: Yes

Burden Increase Due to: Miscellaneous Actions

Burden decreases because of Program Change due to Agency Discretion: No

Burden Reduction Due to:

Short Statement: Burden has increased due to the growth of reviews that are conducted annually. CMS has expanded the program to up to 100 entities annually. CMS has also made the following updates to communications sent to covered entities since the last PRA request; however, there are no changes to data/information collection requests:

Annual Cost to Federal Government: $3,224

Does this IC contain surveys, censuses, or employ statistical methods? No

Does this ICR request any personally identifiable information (see OMB Circular No. A-130 for an explanation of this term)? Please consult with your agency's privacy program when making this determination. No

Does this ICR include a form that requires a Privacy Act Statement (see 5 U.S.C. §552a(e)(3))? Please consult with your agency's privacy program when making this determination. No

Is this ICR related to the Affordable Care Act [Pub. L. 111-148 & 111-152]? No

Is this ICR related to the Dodd-Frank Wall Street Reform and Consumer Protection Act, [Pub. L. 111-203]? No

Is this ICR related to the American Recovery and Reinvestment Act of 2009 (ARRA)? No

Is this ICR related to the Pandemic Response? No

Agency Contact: Stephan McKenzie 410 786-1943 stephan.mckenzie@cms.hhs.gov

Common Form ICR: No