HHS Policy for the Information Collection Clearance Process

Document #: HHS-OCIO-OES-2024-12-008
Version #: 1.0
Last Reviewed: 12/2024
Next Review: 12/2027
Owner: OCIO/OES
Approved By: Jennifer Wendel, HHS CIO

Table of Contents

  1. Nature of Changes
  2. Purpose
  3. Background
  4. Scope
  5. Authorities
  6. Policy
  7. Roles and Responsibilities
  8. Information and Assistance
  9. Effective Date and Implementation
  10. Approval

Appendix A: Procedures

Appendix B: Standards

Appendix C: Guidance

Appendix D: Forms and Templates

Appendix E: Additional Resources

Glossary and Acronyms

1. Nature of Changes

This HHS Policy for the Information Collection Clearance Process (hereafter Policy) is the first issuance to establish the requirements for organizational Information Collection Request (ICR) clearance process and procedures throughout the U.S. Department of Health and Human Services (HHS). This Policy does not supersede any other applicable law, higher-level agency directive, or policy guidance.

2. Purpose

This Policy establishes the Department’s requirements for the HHS ICR clearance process and sets forth the framework to implement the Paperwork Reduction Act (PRA) of 1995, Public Law (Pub. L.) 104-13, in accordance with Title 5 Code of Federal Regulations (CFR) Part 1320, Controlling Paperwork Burdens on the Public.  According to the Office of Management and Budget (OMB) guidance, the PRA must be adhered to when collecting information from individual people (including federal contractors), business and associations, state, local and tribal governments, and foreign governments, and individual people. In general, the PRA applies even when information is collected from non-US citizens, residences, or businesses as those entities are considered “persons” under the Act. PRA clearance is not needed if it satisfies specific exceptions, including: collecting information from federal employees or military personnel as part of their work duties; requesting from fewer than 10 people; requesting non-standardized questions done in connection with direct observations; or providing discussion time or questions at online or in-person public hearings or meetings.

This Policy provides guidance to Operating Divisions (OpDivs) and Staff Divisions (StaffDivs) to assist staff in determining if an information collection requires clearance under the PRA. This Policy defines the roles and responsibilities of HHS staff for purposes of the PRA, provides considerations for public involvement, and details the procedures required to effectively and efficiently obtain OMB approval to collect the information. All OpDivs and StaffDiv program offices planning to initiate an ICR must adhere to the requirements and procedures in this Policy, unless there is an exception in place, such as section 2035 of the 21st Century Cures Act which exempts the National Institutes of Health (NIH) from PRA requirements for voluntary collections of information during the conduct of research.

3. Background

The PRA governs how federal agencies collect information from the American public. On August 29, 1995, OMB published a rule, "Controlling Paperwork Burdens on the Public; Regulatory Changes Reflecting Recodification of the Paperwork Reduction Act," (Title 5, Chapter II, Subchapter B, Part 1320) that implements the provisions of the PRA. Each federal agency must ensure the quality and accuracy of the information it collects and that it is used for its intended purpose while also minimizing the associated burden imposed on the American public. Before a federal agency imposes an applicable information collection upon the public, an ICR must be sent to and approved by OMB before the information collection begins. Each agency’s information collection, and the annual response hours and cost burden incurred by the public, are tracked in the Regulatory Information Service Center (RISC)/ Office of Information and Regulatory Affairs (OIRA) Combined Information System (ROCIS).  

The PRA requires federal agencies to:

  • Designate a senior official who reports to the agency head.
  • Establish an office responsible for ensuring compliance with and effective implementation of the information policies and information resources management responsibilities under the PRA, including the reduction of information collection burdens on the public.
  • Establish a process within that office sufficiently independent of program responsibility to evaluate fairly whether proposed information collections should be approved.
  • Submit and publish notices in the Federal Register and to OIRA, within OMB, to describe proposed information collections and solicit comments from the public.
  • Receive approval from OIRA before commencing the proposed information collection.
  • Report to OIRA information collections conducted in violation of the PRA’s provisions and progress of initiatives to reduce information collection burden.

The intent of the PRA is, in part, to:

  • Minimize the paperwork burden the federal government imposes on individuals, businesses, educational and nonprofit institutions, federal contractors, and state, local and tribal governments resulting from the collection of information by or for the federal government, especially by utilizing modern technology.
  • Ensure the greatest possible public benefit from and maximize the utility of information created, collected, maintained, used, shared, and disseminated by or for the federal government.
  • Ensure that an information collection is not unnecessarily duplicative of information otherwise reasonably accessible.
  • Maximize the cooperation of agencies in making information available.
  • Improve the quality and use of federal information to strengthen decision making, accountability, and openness in government and society.
  • Improve the quality of information collected and subsequently the integrity, quality, and utility of the federal statistical system.
  • Minimize the cost to the federal government of the creation, collection, maintenance, use, dissemination, and disposition of information.

4. Scope

This Policy applies to all HHS OpDivs, StaffDivs, and organizations conducting business for and on behalf of the Department through contractual relationships, cooperative agreements, and certain grants. This Policy does not supersede any other applicable law or higher-level agency directive or policy guidance. All staff conducting or overseeing information collections on behalf of the federal government are subject to this Policy. OpDivs and StaffDivs must comply with this Policy or create a more restrictive policy, but not one that is less restrictive, less comprehensive, or less compliant with these Department policy requirements.

5. Authorities

Authorities include:

6. Policy

The PRA requires every federal agency, except those specifically exempted, to obtain approval from OMB for any planned information collections subject to the PRA. Approved information collections must be renewed at least every three (3) years or formally discontinued.

The following criteria are important elements of an ICR:

  1. Before collecting information, OpDivs and StaffDivs must ensure that the proposed collection is not duplicative of previously collected information and ensure the following:
    1. The information is essential to the HHS component’s mission and demonstrates practical use for the office in performing its function.
    2. The cost of the information collection is worth the benefit derived from it.
    3. The information collection, when appropriate, uses effective and efficient statistical survey methodology appropriate to the purpose for which the information is to be collected.
    4. The manner of the collection is the most efficient, effective, and economical as possible.
    5. The information collection to the maximum extent practicable, uses information technology to reduce burden and improve data quality, agency efficiency and responsiveness to the public.
  2. Collections of information must be designed to meet only tasks that would benefit agency activities and include reasonable due dates.
  3. One-time information collections may not be designed when the need for a recurring collection of information is indicated.
  4. Information collected within HHS must minimize burden, should be justified by the need, and not exceed the minimum collection needed. The HHS and OS ICCO will submit information collections and an annual information collection budget (ICB) of burden hours to OMB in accordance with 5 CFR Part 1320.17.
  5. Collections of information that require special handling, such as classified and controlled unclassified information (CUI), must be protected from unauthorized disclosure in accordance with HHS policy.
  6. Collections of information that include personally identifiable information (PII) require special handling and appropriate safeguarding. In accordance with the E-Government Act of 2002, and consistent with the PRA, a Privacy Impact Assessment (PIA) is required before initiating a new electronic collection of PII for ten or more persons. A PIA is necessary to ensure:
    1. PII is acquired and maintained only when relevant and necessary to accomplish an authorized HHS mission or function. For example, the Privacy Act at 5 U.S.C. § 552a(e)(7) prohibits a federal agency from maintaining records describing how an individual exercises free speech and other rights guaranteed by the First Amendment, unless expressly authorized by statute or the individual or pertinent to and within the scope of an authorized law enforcement activity. Most collections of such information would be unauthorized.
    2. Supporting information technology appropriately protects the privacy of individuals.
  7. A tailored privacy notice is provided on or with the collection instrument at the point of collection, when collecting information from an individual. If the information will be retrieved by personal identifier, the notice must be in the form of a Privacy Act Statement. Once an information collection has been approved and licensed with an OMB control number, the collected information must be appropriately maintained and safeguarded. For additional information on privacy requirements, points of contact, and resources, see the HHS Privacy Program web page. For additional information on PRA, see OMB’s Federal Collection of Information web page. For additional information on Privacy, see OMB’s Privacy web page.
  8. OMB approval is required for voluntary collections, mandatory collections, and collections required to obtain a federal benefit (e.g., jobs, grants, permits). For general guidelines on whether an information collection needs OMB approval, see Appendix A.
  9. HHS components that conduct or sponsor an information collection that requires OMB approval are responsible for obtaining OMB approval.
    1. An information collection is considered “conducted” by HHS if the information is collected using HHS staff and resources.
    2. An information collection is considered “sponsored” by HHS if HHS collects the information, uses another agency to collect the information, enters into a contract or cooperative agreement with a person, or in similar ways causes another agency, contractor, partner in a cooperative agreement, or person to obtain, solicit, or require the disclosure to third parties or the public of information by or for an HHS organization.
  10. HHS components cannot ask members of the public to respond to a collection that requires OMB approval but does not have OMB approval. If HHS components do so, they will be in violation of the PRA. If uncleared collections or changes are discovered, OIRA may insist that the collections are stopped. OMB reports these violations to Congress and the President in the Information Collection Budget. OMB requires each federal agency to submit an annual ICB estimating the hours of burden to be imposed on the public in the next fiscal year and verifying accomplishments in prior years for routine data collection. Each year, OMB determines the ICB format, reduction goals, and other required inputs. To achieve reduction goals, HHS components:
    1. Should carefully review their rules and regulations.
    2. Be prepared to offset increases in some collections by identifying decreases in others.
    3. Be prepared to plan their ICR needs in advance as appropriate and necessary and be aware of estimates for new ICRs that were submitted in the ICB. PRA clearance in support of an OpDiv’s emergency response role and carried out under a declared response order (e.g., Stafford Act or Public Health Emergency (PHE)) will not impact a component's proposed or existing collection plan.

For a more detailed overview of the Information Collection Clearance process please see Appendix A. For additional questions, please contact the HHS ICCO at PRA@hhs.gov.

7. Roles and Responsibilities

7.1 HHS Chief Information Officer (CIO)

The HHS CIO, or designee, must:

  1. Establish the HHS and Office of the Secretary ICCO and the related processes for determining whether proposed information collections require OMB approval and for fairly evaluating whether ICRs should be approved by HHS for submission to OMB.
  2. Designate one or more Information Collection Clearance Officer(s) for the HHS and OS ICCO.
  3. Be accountable to OMB for PRA violations throughout HHS and provide reports to OMB (and, when required, to Congress) on such violations.
  4. Ensure that proposed collections of information throughout HHS meet the standards set forth in the PRA.
  5. Approve Department information collection policy and the Department's ICB and OpDiv management of information collection burden on the public.

7.2 Executive Director of the Office of Enterprise Services (OES)

The Executive Director of OES must:

  1. Ensure the Department’s compliance and conformance with OMB regulations, policies, standards, procedures, and instructions concerning agency reviews, paperwork reduction and OMB approval of collections of information.
  2. Oversee the development of the Department’s information collection policy, the ICB data call, and monitor OpDiv and OS management of the information collection burden on the public.

7.3 Director of the OS Information Collection Clearance Office (ICCO)

The Director of the OS ICCO must:

  1. Serve as the Department’s representative with OMB, HHS components, other federal agencies, and external organizations on matters pertaining to PRA.
  2. Provide leadership and guidance to ensure uniformity in PRA activities throughout the Department.
  3. Conduct periodic compliance evaluations of HHS PRA program.
  4. Advise the HHS CIO, HHS OES Executive Director, and OpDivs on PRA issues and develop Department-wide PRA policies, procedures, guidance, technical assistance, and training materials.
  5. Establish and disseminate standards to ensure that HHS components clearly identify staff responsibilities to comply with the agency’s PRA program.
  6. Coordinate PRA issues with other federal and regulatory agencies including OMB, General Services Administration (GSA), and Government Accountability Office (GAO).
  7. Serve as the liaison to OMB on ICR management clearances and related activities. Work closely with the OpDivs to ensure each proposed information collection meets all PRA requirements.
  8. Certify to OMB that the proposed collection of information meets the standards set forth in the PRA and timely and officially submits each information collection to OMB for review and action.
  9. Respond to inquiries about OMB reviews, and maintain ICR system records of transmittals, clearances, and OMB actions.
  10. Consult with the HHS Records Management Officer about ICRs to ensure records have an authorized disposition per the applicable records retention schedule as outlined in the HHS Policy for Records Management.
  11. Consolidate the ICB information from OS and other OpDiv ICCOs and submit the Department's response to OMB in a timely manner to meet the assigned due date.

7.4 OpDiv Designated Authority

The OpDiv designated authority must:

  1. Support the implementation of an ICCO within their areas of responsibility to accomplish the objectives identified in PRA regulations and this
  2. Designate an OpDiv ICCO Clearance Officer who will serve as a single point of contact within the OpDiv on PRA matters. The OpDiv Clearance Officer interacts with ICR submitters to ensure ICRs are submitted in the timeframe required to prevent ICR violations or request emergency or extension approvals from OMB. Any changes in this designation must be immediately reported to the HHS ICCO, including the name, title, email address, and telephone number of the designee.

7.5 OpDiv ICCO Clearance Officer

The OpDiv ICCO Clearance Officer must:

  1. Serve as the primary contact for overseeing the OpDiv’s PRA program.
  2. Complete a ROCIS certificate within 60 days of accepting a position within a PRA office.
  3. Collaborate with key stakeholders on PRA activities and actions; such as the annual ICB data call, expiring ICRs, etc.
  4. Coordinate OpDiv PRA issues with other federal and regulatory agencies, including OMB and GSA.
  5. Coordinate periodic review, development, and maintenance of ICR requests for all OpDiv PRA information collections and:
    1. Establish new ICRs.
    2. Monitor an increase or decrease in the level of burden for information collections.
    3. Review tracking of current or expired ICRs.
  6. Ensure that the designated OpDiv employee(s) and contractor(s) complete the mandatory ROCIS training.
  7. Provide training, technical assistance and guidance in preparing ICRs.
  8. Monitor ICR activities and ensure periodic evaluations of the OpDiv’s PRA program to comply with applicable laws, and Departmental and OpDiv regulations, policies, standards, and procedures.
  9. Review reports of expiring ICRs generated by the HHS ICCO to coordinate the preparation of renewal ICRs or those to be discontinued.
  10. Ensure ICRs comply with the PRA and identify and resolve violations, including the Privacy Act and E-Government Act, as applicable.
  11. Ensure that an up-to-date inventory is maintained for all ICRs, submissions, approvals, burden hours, total responses, and supporting materials.
  12. Consult with the OpDivs and OS Records Management officer about ICRs to ensure records have an authorized disposition per the applicable records retention schedule as outlined in the HHS Policy for Records Management.
  13. Review and enter in ROCIS new ICRs (for the HHS and OS ICCO to officially submit to OMB) and extensions and revisions of currently approved ICRs before they expire.

7.6 OpDiv ICR Submitters

OpDiv ICR submitters must:

  1. Consult with their OpDiv ICCO to determine if an information collection requires clearance from OMB.
  2. Ensure that the collection is necessary for the proper performance of the OpDiv’s authorized mission or function and has practical use.
  3. Prepare and initiate publication of Federal Register Notices in time to submit a request prior to the expiration date of an existing ICR, or in time to meet the use date of a new ICR. Work closely with the OpDiv ICCO to prepare ICRs ready for processing in a timely manner and officially submit the information collection to the HHS and OS ICCO.
  4. Comply with PRA, other applicable legal requirements in 44 U.S.C. Chapter 35, and any applicable privacy requirements.
  5. Institute procedures to protect the information’s confidentiality to the extent permitted by law when respondents submit proprietary or other confidential information.
  6. Comply with the terms of clearance. If required by the terms of clearance, submit additional justification for the information collection within the specified timeframe after approval to conduct the information collection is granted. Failure to comply with the terms of clearance can result in withdrawal of the information collection’s approval.
  7. Communicate to their OpDiv ICCO the decision to either discontinue the information collection or request an extension of the approval period, prior to the end of information collection approval period.

8. Information and Assistance

HHS Office of Enterprise Services (OES) is responsible for the development and management of this Policy. Questions, comments, suggestions, and requests for information about this Policy should be directed to PRA@hhs.gov.

9. Effective Date and Implementation

The effective date of this Policy is one month after the Policy is approved to give HHS components time to align their processes. This Policy must be reviewed, at a minimum, every three (3) years from the approval date. The HHS CIO has the authority to grant a one (1) year extension of the Policy. To archive this Policy, approval must be granted, in writing, by the HHS CIO.

10. Approval

/S/
Jennifer Wendel, HHS Chief Information Officer (CIO)
12/27/2024

Appendix A: Procedures

Please note that this appendix is subject to change at any time. The current version of this Policy will always reside in the OCIO Policy Library.

A.1 High-Level Overview of the Information Collection Clearance Process

A high-level overview of the ICR clearance process is illustrated in the process diagram below (see Figure 1). The process diagram lists questions to determine whether PRA applies, which types of PRA clearance may apply and the different types of approval processes. The diagram is not comprehensive, and it is best to consult with the OpDiv/OS ICCO to determine the most appropriate ICR process.

The ability to answer the following four questions, plays a critical role in determining whether PRA clearance is required: “What type of information are you collecting?”; “Who are you collecting the information from?”; “How will you be collecting information?”; and “Why are you collecting this information?”.

A.2 Do I Need Clearance?

Not every request or collection of information falls under the PRA’s scope, and may not need clearance at all (e.g., if information is requested from fewer than ten people or groups that do not represent the majority of an industry or sector). It is important to note that voluntary collections are not automatically exempt from the PRA process. Regardless of whether the collection is voluntary (i.e., the public is not required by law to provide information) or mandatory, the Paperwork Reduction Act treats the collection the same.

When deciding if PRA clearance is needed, submitters should consider the following:

  • What type of information are you collecting?
  • Who are you collecting it from?
  • How will you be collecting information?
  • Why are you collecting this information?

This is just a starting point to see if the information collection needs PRA clearance. PRA submitters are encouraged to get in touch with their OpDiv ICCO who will coordinate with the HHS ICCO to answer more in-depth questions about the PRA process.

A.2.1 What Type of Information Are You Collecting?

The type of information to be collected will help determine if PRA clearance applies. The following sections provide a high-level overview of the types of information collections that require PRA clearance as well as those that do not.

A.2.1.1 Needs PRA Clearance

PRA clearance is required when asking for information collected by or on behalf of the federal government (pra.digital.gov). Some examples include:

  • Forms, such as the IRS 1040, U.S. Individual Income Tax Return;
  • Written reports, such as recipient performance reports;
  • Surveys, such as customer satisfaction or behavioral surveys;
  • Recordkeeping requirements, such as the small businesses requirement to retain tax-related documents for 3 years;
  • Third-party or public disclosures, such as nutrition labeling requirements for food;
  • Program evaluations, such as looking at the outcomes of a subsidized housing initiative for seniors;
  • Research studies and focus groups with a set of the same questions or tasks; and
  • Applications for benefits or grant programs
A.2.1.2 Does Not Need PRA Clearance

PRA clearance is not required for the following examples (pra.digital.gov):

  • Direct observation, such as watching how long it takes someone to complete a transaction, or how someone uses a new website to find answers.
  • General requests for public input and comments, such as a “Tell Us About Your Experience”, sheet with open-ended space for someone to respond.
  • Information for voluntary commercial transactions, like payment and delivery details.

Information asked for or received in connection with an in-person or online public hearing or meeting.

These exemptions should be narrowly construed to only include the situations listed, and specific questions on the exemptions should be directed to your OMB Desk Officer. It is important to note that some information collections are generally not subject to the PRA, such as certain federal investigations and civil actions, antitrust actions, and intelligence activities. 5 C.F.R. 1320.3(h) outlines in more detail what is not considered information and therefore not subject to PRA. OMB provides a list of exclusions to the regulatory definition of information under the PRA.

A.2.2 Who Are You Collecting Information From?

Who you are collecting information from helps determine if PRA clearance is needed. The following sections provide a high-level overview of collections which require PRA clearance. 

A.2.2.1 Members of the Public

The term “members of the public” means people or groups outside of the federal government. Some groups that are considered “members of the public” include:

  • Individual people (including federal contractors and grantees)
  • Businesses and associations
  • State, territorial, tribal, and local governments
  • Foreign governments, businesses, and individual people

In general, the PRA applies even when information is collected from non-U.S. citizens, residences, or businesses as those entities are considered “persons” under the Act. If a collection request is only required from federal employees or military personnel as part of their job, then a PRA clearance is not needed. If the information is not part of work-related duties, then a PRA clearance is needed.

A.2.2.2 Ten or More People or Groups

If the same information collection is posed to  ten or more people or entities, then a PRA clearance is needed. If requesting information from fewer than ten people or groups, but they represent the majority or all of an industry or sector, a PRA clearance is needed. It is best to consult with the OpDiv  ICCO to determine specifics regarding the collection.

A.2.3 How Will You Be Collecting Information?

Using technology to collect information is an excellent way to reduce costs to the public while providing a useful service. Some social media and web-based technologies are not subject to the PRA clearance process, and do not need approval. Listed below are several social media and web-based technologies as well as the determination as to whether they need PRA clearance. Broader clarifications on social media and web-based technologies can be found in OMB’s Social Media Guidance Memo.

  • Email or Text Subscriptions to Alerts and Publications - The collection of mailing addresses, email addresses, or mobile numbers for newsletters, text alerts, agency updates, and other publications does not need PRA approval.
  • Wikis and Collaborative Drafting Platforms - Web-based collaboration tools that facilitate interactions between the agency and the public and essentially provide a technology-based equivalent to in-person collaboration generally do not need PRA approval. If they are used to collect information that an agency would otherwise gather by asking for responses to identical questions, however, they would need PRA approval.
  • Social Networks, Blogs, Webinars, and Other Public Meetings - Covered under the “public meetings” exclusion, these generally do not need PRA approval:
    • Public conference calls
    • Webinars
    • Blogs
    • Discussion boards
    • Forums
    • Chat sessions
    • Social networks
    • Online communities
    • Public Meeting Event Registration -
      • limited to basic, self-identification information and a request for general feedback.
  • User Account Creation - Profiles and accounts that only request an email address, username, password, and geographic location (e.g., state, region, or ZIP code) do not need PRA approval. If more information is requested, it may need PRA approval, because the information requested likely goes beyond the scope of what’s needed to create an account. Similarly, if the account is created to collect information for agency program purposes, like the online Free Application for Federal Student Aid (FAFSA), it needs PRA approval.
  • Website Display Customization - Allowing users to customize or influence the look of an agency website, such as filtering navigation menu items and saving their preferences, does not need PRA approval.
  • Ratings and Rankings - Social media tools that let users vote on, rank, sort, organize, or otherwise rate the value of ideas, questions, and comments do not need PRA approval. For example, PRA clearance is generally not needed to solicit a user rating for an agency’s mobile app. If the results of the ratings can be used for policy or planning purposes, however, this would need PRA approval.
  • Voluntary Commercial Sales Orders - Information about choosing, paying for, and delivering an item sold by the U.S. Government does not need PRA approval. For example, the payment information and delivery address collected to allow a member of the public to order a national park pass online.
  • Filtering Agency Data - Methods that let users sort and filter agency data, like drop-down menus and standardized text or numeric entries, do not need PRA approval.
  • Data Calculation - Information collected to help users get details from a table or formula does not need PRA approval, as long as that information is not used for another purpose. The IRS’s Withholding Calculator or GSA’s Per Diem Lookup are good examples.

A.2.4 Why Are You Collecting This Information?

In order to explain the circumstances that make the collection of information necessary, identify any legal or administrative requirements that necessitate the collection. Specific references to statutes, executive orders, regulations, notices, directives, or other relevant documents that the agency feels directs them to collect the information must be cited. A full understanding of why the government must collect the information described, needs to be included in the ICR submission.

A.3 Types of PRA Clearance

There are many types of PRA clearance. The sections below provide a brief explanation of each type of clearance to ensure the requestor is on the right track to approval.

  1. Normal clearance is used for new requests, Revision and Extension requests, Non-substantive Change requests and Reinstatement requests.
  2. Common Form clearance is used for a form already approved and in use by another agency.
  3. Generic clearance is used for regular, umbrella or the fast-track process (once it’s granted).
  4. Emergency review and clearance is used in very limited cases. Emergency review is a formal process that is based on statute (5 CFR 1320.13). The ICR renewal process needs to be initiated via the normal (non-emergency) PRA process and OMB must receive the ICR before the maximum 6-month emergency approval expiration.
  5. Expedited review and clearance is used in very limited cases. Expedited review and clearance is negotiated in consultation with your OMB Desk Officer.

A.3.1 Normal Clearance

Most PRA approval requests go through the standard approval process.  A non-substantive change request is a request to make minor changes to an approved information collection without altering its content: rewording a question, changing the order of questions, reformatting a form, and adding a title.

A.3.2 Common Form Clearance

A “common form” is an information collection that can be used by two or more agencies, or government-wide, for the same purpose. One agency will host the collection to use itself, and additional agencies can request to use that collection.

After OMB approves the primary collection, any agency that wishes to collect the same information and use it for the same purpose can obtain expedited approval by providing its agency-specific information to OMB (e.g., burden estimates and number of respondents).

Because the hosting agency has already gone through the PRA approval process, an expedited, 3-day approval is used for other agencies using the common form. Common Forms are called “Standard Forms” (also known as “SF forms”).

A.3.3 Generic Clearance

Generic clearance is for a very specific type of collection, usually associated with surveys. It allows for conducting more than one information collection using very similar methods. Generic clearances still require the initial generic collection to go through the normal PRA process, but allows for quicker clearance of associated collections later on.

Generic clearance is best for multiple collections that:

  • Request similar information;
  • Have a low burden estimate;
  • Do not raise substantive or policy issues; and/or
  • Have details that will not be known until shortly before data is collected.

Generic clearances may involve statistical methods and analysis. Customer satisfaction surveys, focus group tests, and website usability surveys are all a good fit for generic clearance. Most information collections are not appropriate for generic clearances.

If a generic clearance is suitable, the requestor must work with the OpDiv/OS ICCO. The OpDiv/OS ICCO will work with OMB’s OIRA to map out details of what information can and cannot be collected under the generic clearance. This ensures the approval is not only a good fit for the current collection, but future collections as well.

A.3.3.1 Generic Clearance: Fast-Track Process

The fast-track process is not a type of approval that can be requested; but is a specific type of generic clearance primarily used for customer satisfaction surveys. Fast-track requests generally are reviewed within five to ten business days after submitting all materials.

Many agencies have an approved fast-track generic clearance for customer satisfaction surveys. Check with the HHS ICCO at PRA@hhs.gov to confirm if a collection can be submitted under the fast-track process.

A.3.4 Emergency and Expedited Clearances

For emergency and expedited clearances, OMB will work to streamline its review process while still complying with the PRA. For emergency clearances only, OMB may decide to modify or waive the public comment requirements, while making every possible effort to get public input about the collection.

Emergency clearances can only be approved for a maximum of six months. To avoid a lapse in the collection, agencies must renew the collection (i.e., submit the extension package to OMB) before emergency approval expires using the normal PRA process.

These types of clearances are rare, granted only when there is a time-sensitive need based on very specific criteria for reasons outside of the agency’s control. Expedited clearances must be negotiated between the OpDiv and the corresponding OMB Desk Officer. Typically, OMB will agree to concurrently review an ICR during the 30-day public comment period with the goal of approving the ICR as soon as the comment period concludes, and all comments (if applicable) have been addressed.

 The PRA allows for a collection that is eligible for emergency approval if the standard PRA approval process would cause:

  • Likely public harm (such as the delivery of resources after a natural disaster); or
  • Missing a court-ordered or statutory deadline.

 Internal delays are not emergencies; to avoid a lapse in the collection plan ahead for the PRA process. HHS components must formally request emergency clearance in accordance with implementing regulations of the PRA, 5 CFR 1320.13, and specific instructions from their  OMB Desk Officer(s). OMB will review the emergency clearance request and, if approved, advise the OpDiv on how to proceed. Each OpDiv should consult its OMB Desk Officer for questions specific to the emergency clearance process.

A.4 PRA Approval Processes

A.4.1 Plan Ahead for PRA

Most organizations estimate six to nine months for standard PRA clearance from development of the information collection to OIRA’s decision. By law, this process, in most cases, includes at least three months of public comment.

The project timeline for PRA varies depending on internal and external processes. The submitter can start the 60-day comment period in the Federal Register and consider public comments while simultaneously developing the more detailed request for OMB review. The program should develop the best ICR product (see A.5.1. ROCIS Submission Requirements) in order to start the process but note that the ICR product may be revised during and after the 60-day notice and comment period to address both internal refinements and changes made in response to public comments.

PRA approval does take time, and it is important to plan ahead. Table-1 below provides a high-level process overview for the standard clearance. Additional details for each step in the process can be found below the table. Please note that the process is slightly different for a collection of information stemming from a proposed rule.

A.4.2 High-Level Process Overview for Standard Clearance

Table 1 – High-Level Process Overview for Standard Clearance
Steps Who is Involved?
OpDiv/OS Public HHS OMB
Step 1 – OpDiv/OS develop the information request.
Step 2 – OpDiv/OS publish 60-day notice to the Federal Register for comment
Step 3 – OpDiv/OS consider the public comments on the notice, and make changes, if applicable
Step 4 – OpDiv/OS publish the 30-day notice to the Federal Register for public comment and concurrently HHS ICCO submits final package to OMB for review
Step 5OMB reviews and engages the HHS ICCO and/or OpDiv as needed on questions/ comments, then issues a decision
Step 1 – Develop the Information Collection Request within your agency
  • After it is determined that a collection requires PRA clearance, an ICR needs to be developed. A justification for OMB (eg. Supporting Statement A), and any necessary supporting documents (eg. Instruments) is included in OMB’s review of the ICR package. If the collection includes statistical methodology, then a Supporting Statement B will need to be included. The Supporting Statement A includes details about:What information is being collected;
  • Who is it being collected from;
  • Why is it being collected; and
  • How will the information be used once it is collected.

This information helps the public understand the collection during the comment period.

Step 2 – Issue a 60-day Federal Register notice for public comments

Since information will be collected from the public, the PRA ensures the public has time to ask questions and offer comments or ideas. The Federal Register notice needs to have enough detail for the public to consider these questions:

  • Is collecting this information necessary?
  • Does the burden estimate seem accurate and justified, and could it be lower?
  • Is the information to be collected high quality, clear, and useful?
Step 3 – Consider the public comments on the notice

Reviewing comments from the public is an excellent way to understand how your information collection is interpreted. Review and consideration of public comments is essential and allows the requestor to adjust and improve the request before submitting the collection to OMB for review. Part of the review involves a summary of public comments, and any changes made based on them.

Step 4 – Issue a 30-day notice to the Federal Register and concurrently submit the final package to OMB

The 30-day Federal Register notice lets the public know the requestor has submitted the collection to OMB and that OMB is reviewing it. It includes all the information from the 60-day notice and any changes that have been made from public comments. If the public has further comments, they are sent to OMB directly.

Concurrently, the full ICR package is submitted to OMB via ROCIS for clearance. The HHS ICCO will review the complete ICR package and certify it prior to sending to OMB for review and approval.

Step 5 – OMB review and engagement with HHS on questions/comments and approval

OMB typically reviews ICR packages within sixty days, from the date of submission or publication of the 30-day Federal Register notice (whichever is later) but can take longer in some circumstances.

During this time, your ICR package should be reviewed by an OIRA desk officer. The desk officer will look at how the collection’s supporting statement and documentation meet the standards of the PRA.

A.4.3 Process Overview for Information Collections Associated with Proposed and Final Rules

For information collections associated with proposed and final rules, there is a slightly different process that an agency must go through to get OMB approval as compared to the standard process described in A.4.2. Additional details for each step in the process can be found below in Table 2.

Table 2 – Process for Information Collections Associated with Proposed and Final Rules
Steps Who is Involved?
OpDiv/OS Public HHS OMB
Step 1 – OpDiv/OS develop the information request concurrently with proposed rule and final rule.
Step 2 – OpDiv/OS publish proposed rule in the Federal Register soliciting public comment on associated ICRs and  submits full ICR package to OMB via ROCIS for comment and "comment-file" clearance.
Step 3 – OMB reviews proposed collection, any comments received and provides comment responses.
Step 4 – OpDiv/OS considers the public comments on the proposed rule and the information collection
Step 5 – OpDiv/OS publishes Final Rule and submits to the HHS ICCO for final approval and submission to OMB
Step 1 - Develop the information collection request within your agency

The agency develops the information request. The agency may have an internal approval process at this stage.

Step 2 - Publish Proposed Rule in the Federal Register and submit request to OMB

When the notice of proposed rulemaking goes out for comment, an agency must state the following in the rule preamble: 1) that the proposed rule contains an information collection; 2) describe and identify the collection; and 3) indicate that it has been submitted to OMB for review. This step and the solicitation for comments on the collection in the proposed rule replace the 60-day and 30-day Federal Register notices required in the more typical information collection process. The agency must also concurrently submit the proposed collection to OMB for review.

Step 3 - OMB reviews proposed collection

OMB will review the information collection and any comments received. Part of the review involves a summary of public comments (and responses either in the supporting statement or as an attachment), and any changes made based on them. At this stage, OMB may have comments on the collection and defer final review until the agency finalizes the associated rule. Alternately, OMB may indicate the collection is fine as is (preapproved). Either action will conclude review of the proposed collection submitted to OMB. NOTE: Neither of these actions grants final approval to collect the information, which occurs later in Step 5.

Step 4 – The Agency considers the public comments on the proposed rule

The agency will consider public comments received on both the rule and the information collection and make changes if applicable.

Step 5 – The Agency publishes the Final Rule and submits final request to OMB

If OMB filed comments on the collection and deferred review at Step 3, then the agency must resubmit the collection to OMB for review when the agency finalizes the associated rule. The agency does not need to publish another Federal Register notice at this stage. The collection will then be reviewed by OMB and approved if the collection meets the standards of the PRA.

If OMB “preapproved” the collection at Step 3 and it remains unchanged from when it was pre-approved, then the agency can take action in ROCIS to finalize the approval and receive an OMB control number. But if there were substantive changes to the collection, then the agency must resubmit the collection to OMB for review and approval. If there is uncertainty about whether the changes are substantive the organization should consult the OpDiv/OS ICCO who will reach out to the HHS ICCO.

A.4.4 OMB Review Timeline and Process

OMB typically reviews ICR packages within sixty days, from the date of submission or publication of the 30-day Federal Register notice (whichever is later) but can take longer in some circumstances.

During this time, the ICR package should be reviewed by an OIRA desk officer. The desk officer will look at how the collection’s supporting statement and documentation meet the standards of the PRA.

A.5. Submitting ICRs to OMB

Federal agencies are required to use ROCIS to create and submit their ICRs to OMB for review.

ROCIS is a digital platform developed to improve the ability of OMB and individual federal agencies to meet their collection of information responsibilities under the PRA.

ROCIS provides HHS the ability to:

  • Submit ICRs to the HHS ICCO for certification and submission to OMB.
  • Track the receipt and status of OIRA’s review of individual ICRs.
  • View current and historical OIRA decisions and related records.
  • Identify, search, segment, aggregate, and analyze burden data.
  • Use information stored in the ROCIS database to prepare the agency’s annual information collection budget.

A login ID and training are required to access ROCIS. Contact the OpDiv/OS ICCO to schedule training.

A.5.1. ROCIS Submission Requirements

Once the designated PRA staff receives ROCIS training and a login ID from GSA, the next step is to review the user manuals and training schedules links available on the ROCIS login screen.

An ICR package submitted to the HHS ICCO for review includes the following items:

  1. Supporting Statement Part A, Justification.
  2. Supporting Statement Part B (if the collection requires statistical methods ).
  3. Citation for the published 60-Day Federal Register Notice and a summary of all comments received and responses to comments during the 60-day notice period.
  4. Citation for the published 30-Day Federal Register Notice.
  5. Citation for the relevant statute and regulation mandating or authorizing the collection of information.
  6. Proposed information collection instruments with appropriate Public Burden Statement and any additional forms, documents, or pamphlets issued with the information collection. If this is an electronic application, screenshots may be provided of the entire online form.
  7. Privacy Impact Assessment (if the ICR involves the collection of personally identifiable information (PII) it should be removed prior to entering in ROCIS).
  8. System of Records Notice (if the collection is creating a system of records).
  9. Explanatory material to be given to prospective respondents, and follow-up material to be given to members of the public who do not respond.

A.6. OMB PRA Approval Process Timeline

HHS follows the OMB PRA approval process. For PRA planning purposes, estimate six to nine months for PRA clearance from agency ICR development to OIRA’s decision, but discuss first with your OpDiv ICCO or OS ICCO a timeline estimate specific to your request. By law, this process, in most cases, includes at least three months of public comment. The OMB PRA approval process may vary depending on the complexities and type of the collection. Below is a high-level outline of the process and timeline estimate for an ICR to undergo the OMB approval process. HHS Components  should account for any internal steps or clearances outside of this process and plan accordingly.

  1. Begin drafting and finalizing your 60-Day Federal Register Notice, 30-Day Federal Register Notice and your Information Collection (OpDiv/OS internal process).
  2. Submit for publication, the 60-Day Notice in the Federal Register (allow 3-4 business days for it to publish).
  3. Allow for the public comment period for the 60-Day Federal Register Notice (60 calendar days starting on the publication date).
  4. Submit for publication, the 30-Day Notice in the Federal Register (allow 3-4 business days for it to publish).
  5. Enter an ICR submission package in ROCIS. Once the 30-Day Federal Register Notice is published submit the package.
  6. Allow 1-10 business days for the HHS ICCO to review and certify the ICR package for submission to OMB (although this may vary depending on the completeness of the ICR submission package).
  7. Allow for OMB review including releasing unverified comments to the agency, and if applicable, an HHS pass back period. The average total OMB review period is 60 days, which includes the 30-day public comment period in the Federal Register and OMB’s formal 30-day review period. OMB’s formal 30-day review period does not begin until the 30-day public comment period has closed. During the 60-day OMB review period, discussion concerning the ICR may occur between OMB, the HHS ICCO, and the OpDiv or OS ICCO. Comments received by OMB from the public during the 30-day comment period may also be discussed during this time (allow a minimum of 60 calendar days).
  8. The final step is approval. At the conclusion of the 60-day OMB review, OMB issues a Notice of Action (NOA) through ROCIS. The OMB NOA provides a response, most commonly: Approved without change; Approved with change; Disapproval with a process for appeal; or Withdrawal. The terms of clearance may be attached to the ICR.

Based on this estimation of approval time, we recommend that HHS components begin renewing their expiring collections and submitting any new or anticipated information collections several months out to allow for internal agency program review and approval before entering the package into ROCIS.

A.7. Estimating Burden

A.7.1 Burden Hours and Respondent Cost

One of the goals of the PRA is for the federal government to consider and account for the impact on the public when asking for information. This impact is called burden and includes the value of both the time and the effort required to fulfill a collection along with the financial cost.

Some common burden activities include:

  • Reviewing instructions
  • Compiling materials necessary for collection
  • Acquiring, installing, and utilizing technology and systems
  • Adjusting existing ways to comply with previous instructions and requirements
  • Searching data sources
  • Completing and reviewing the information collection
  • Compiling and sending information

The PRA requires that agencies estimate burden to understand what is involved for the public to comply with a request. Agencies are responsible for consulting with members of the public and affected agencies concerning each proposed collection of information (5 CFR 1320.8(d)(1), to:

  • Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility.
  • Evaluate the accuracy of the agency’s estimate of the burden of the proposed collection of information including the validity of the methodology and assumptions used.
  • Enhance the quality, utility, and clarity of the information to be collected.
  • Minimize the burden of the collection of information on those who are to respond, including the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology.
  • Describe efforts to consult with persons outside the agency to obtain their views on the availability of data, frequency of collection, the clarity of instructions and recordkeeping, disclosure, or reporting format (if any), and on the data elements to be recorded, disclosed, or reported.

Overall, burden can seem intimidating, especially in a large collection. The following burden activity questions are a starting point and can help determine if a burden activity should be factored into the estimate. This list is not comprehensive, rather a starting point to begin thinking about the scope of burden in the collection.

  • How much time, effort, and cost will it take for respondents to understand what information the agency is asking for and how to collect it?
  • How much time, effort, and cost will it take for the respondents to locate, gather, and compile necessary documentation required for the information collection?
  • What technology and systems do respondents need to gather, process, store, and send information?
  • Is this new technology that needs to be bought?
  • If it does not exist at all, what is the cost of development? Is there a cost associated with installation or with training? Are there one-time costs?
  • Is there a cost to use the technology, like a subscription?
  • If a previous collection has been updated or changed, how will the current methods need to be adjusted?
  • Will the collection require staff, contractors, or other agents to undergo training to respond?
  • How much time or money is needed to ensure they understand both program and policy context, and can respond to the collection?
  • Will there be additional training for actual reporting and recordkeepingmethods?
  • Are there public or private data sources that respondents can use to respond to the collection?
  • What would be the cost of creating new data sources?
  • How much time, money, and effort will it take to perform all tasks in the collection?
  • Does the information also need to be certified for accuracy and reliability?
  • What must be done to send the collected information to the federal agency requesting it?
  • Does it need to be sent or disclosed to a third party, like other federal agencies or offices, state or local governments, other companies, or members of the public?

A.7.2 Avoiding Excessive Burden

One of the goals of the PRA is for the federal government to consider and account for the impact on the public when asking for information. This impact is called burden and includes the value of both the time and the effort required to fulfill a collection along with the financial cost.

Some examples of excessive burden include:

  • Addressing more respondents than necessary.
  • Asking questions that are not relevant or essential.
    • The requestor must justify questions about personally sensitive matters like religious beliefs or political affiliation, or questions that may cause persons to incriminate themselves.
  • Asking for a reporting frequency that is higher than necessary.
  • Not considering an alternative approach to obtain the information.
  • Requesting information in a different format than is usually maintained.

If the collection involves activities seen as excessive, the requestor must justify them in the purpose and need sections of the collection, in the supporting statement.

It is important to consult with your OMB desk officer for questions regarding the applicability of exceptions to the PRA approval process.

Appendix B: Standards

Please note that this appendix is subject to change at any time. The current version of this Policy will always reside in the OCIO Policy Library.

No standards are required to implement this policy, however, the reader should reference OMB Directives referenced in Appendix E.

Appendix C: Guidance

Please note that this appendix is subject to change at any time. The current version of this Policy will always reside in the OCIO Policy Library.

No additional guidance is required to implement this policy, however the reader should reference OMB and HHS Guidances referenced in Appendix E.

Appendix D: Forms and Templates

Please note that this appendix is subject to change at any time. The current version of this Policy will always reside in the OCIO Policy Library.

No forms or templates are required to implement this policy.

Appendix E: Additional Resources

Please note that this appendix is subject to change at any time. The current version of this Policy will always reside in the OCIO Policy Library.

Glossary and Acronyms

Definitions:

Burden – the time, effort, or financial resources expended by persons to generate, maintain, or provide information to or for a Federal agency, including the resources expended for (A) reviewing instructions; (B) acquiring, installing, and utilizing technology and systems; (C) adjusting the existing ways to comply with any previously applicable instructions and requirements; (D) searching data sources; (E) completing and reviewing the collection of information; and (F) transmitting, or otherwise disclosing the information. (44 U.S.C. 3502)

Collection of Information – means, except as provided in § 1320.4, the obtaining, causing to be obtained, soliciting, or requiring the disclosure to an agency, third parties or the public of information by or for an agency by means of identical questions posed to, or identical reporting, recordkeeping, or disclosure requirements imposed on, ten or more persons, whether such collection of information is mandatory, voluntary, or required to obtain or retain a benefit. (5 CFR 1320.3 Definitions)

Fast-track Process The fast-track process allows agencies to submit such collections directly to OMB without posting in the Federal Register, since these agencies will have already created a generic clearance for these types of collections. The collection can then be quickly approved, unless OMB identifies any problems, and if so, they will notify the agency within five business days of submission. Consider using the fast-track process for your data collection activities when:

  • The data collection is focused on improving existing or future services, products, or communication materials.
  • The data collection is voluntary.
  • Statistical rigor is not required.
  • The burden on participants is not high; and
  • Public dissemination of results is not intended.

(Digital.gov, Paperwork Reduction Act Fast Track Process)

Information Any statement or estimate of fact or opinion, regardless of form or format, whether in numerical, graphic, or narrative form, and whether oral or maintained on paper, electronic or other media. (5 CFR 1320.3(h) Definitions)

Information Collection Budget (ICB) An annual comprehensive budget of burden hours for all collections of information from the public, to be conducted or sponsored by a federal agency in the succeeding 12 months. The ICB is a projection by each federal agency of the total number of burden hours it intends to require from the public to provide it with information. It is an estimate of the time necessary for individuals, businesses, and organizations to collect, record, submit, and maintain records of information provided to the federal government. The sum of all agencies’ ICBs is the ICB for the federal government.

Information Collection Request (ICR) - Obtaining, causing to be obtained, soliciting, or requiring the disclosure to third parties or the public of facts or opinions regardless of the form or format. Typical formats include, written report forms, application forms, schedules, questionnaires, reporting or recordkeeping requirements, or similar methods calling for the collection of information. The following are methods used to collect information under an ICR:

  • Mail (forms);
  • Personal or telephone interviews or group interviews (such as focus group sessions);
  • Communication via a web-based application;
  • Automated, electronic, mechanical, or other technological collection techniques (such as electronic transmissions from airplanes, boats, or drones to ground or satellite receiving stations); or
  • Any other approach through which the respondent or potential respondent can provide the response, recordkeeping, or disclosure requested.

ICR Submitter – The individual (federal employee or contractor) responsible for preparing the ICR.

OMB Control Number – An official control number assigned by OMB to a collection of information denoting that OMB has approved of the collection.

Personally Identifiable Information (PII) - Any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.

Recordkeeping Requirement - A requirement imposed by or for an agency on persons to maintain specified records, including a requirement to—

(A) retain such records;
(B) notify third parties, the Federal Government, or the public of the existence of such records;
(C) disclose such records to third parties, the Federal Government, or the public; or
(D) report to third parties, the Federal Government, or the public regarding such records
(44 U.S.C. 3502).

Respondents - A respondent is an individual, partnership, association, corporation (including government owned but contractor operated facilities), business trust, legal representative, organized group of individuals, State, territory, or local government or component thereof. The term excludes current employees of the federal government for purposes of obtaining information about and within the scope of their employment.

ROCIS - Regulatory Information Service Center (RISC) Office of Information and Regulatory Affairs (OIRA) Combined Information System (ROCIS) is the digital platform used by agencies to submit PRA clearance requests to OIRA.

Survey - Systematic data collections using personal or telephonic interviews or self-administered questionnaires, in paper or digital format, from a sample or census of 10 or more persons. Surveys may elicit characteristics of a given population, including attitudes, opinions, behavior, and related demographic, social, and economic data to identical questions that are to be used for statistical compilations for research or policy assessment purposes.

Acronyms:

  • OES – Office of Enterprise Services
  • CFR – Code of Federal Regulations
  • CIO – Chief Information Officer
  • CIPSEA - Confidential Information Protection and Statistical Efficiency Act
  • CUI – Controlled Unclassified Information
  • FISMA – Federal Information Security Modernization Act
  • FRN – Federal Register Notice
  • GAO – Government Accountability Office
  • GSA – General Services Administration
  • HHS – Health and Human Services
  • ICB – Information Collection Budget
  • ICCOs – Information Collection Clearance Offices
  • ICR – Information Collection Request
  • IT – Information Technology
  • NIH – National Institutes of Health
  • NOA – Notice of Action
  • OMB – Office of Management and Budget
  • OCIO – Office of the Chief Information Officer
  • OpDiv – Operating Division
  • OIRA – Office of Information and Regulatory Affairs
  • OS – Office of the Secretary
  • PHE – Public Health Emergency
  • PIA – Privacy Impact Assessment
  • PII – Personally Identifiable Information
  • PRA – Paperwork Reduction Act of 1995
  • ROCIS – Regulatory Information Service Center (RISC)/ Office of Information and Regulatory Affairs (OIRA) Combined Information System
  • SORN – System of Records Notice
  • S.C. – United States Code
Content created by Office of the Chief Information Officer (OCIO)
Content last reviewed