Vaccination News Home Page

---------------------------------------------------------------

TO KEEP MINNESOTA STATE GOVERNMENT OUT OF YOUR MEDICAL RECORDS,

EMAIL OR WRITE A LETTER NOW!

---------------------------------------------------------------

DEADLINE: WEDNESDAY, SEPTEMBER 18, 2002

---------------------------------------

*** Email letters are accepted! ***

 

 

REGARDING: The Minnesota Department of Health's plan (proposed rule)

to collect, store and use individually-identifiable medical record

data without patient consent.

 

 

ACTION REQUESTED

Please request a public hearing on the proposed rule (see sample

letter below). By law, at least 25 letters are needed for a hearing

to be held. A hearing before an Administrative Law Judge will block

immediate implementation of the proposed rule, and perhaps force the

department to re-write the rule to address citizen concerns. PLEASE

SEND A COPY OF YOUR REQUEST TO CCHC (by email to [email protected],

or by mail to CCHC, 1954 University Ave. W. Ste. 8, St. Paul, MN

55104) CCHC will keep a running tally of the number of requests made.

 

FIND BELOW:

 

* SAMPLE LETTER to Request Hearing

* Rules/Addresses for Hearing Request

* If a Hearing is Held

* Why Your Action on the Rule Could Change the Law

* CCHC's LIST OF CONCERNS

* Link to Proposed Rule, and copy of MN Law

 

__________________________________

SAMPLE LETTER TO REQUEST A HEARING (Please use your own words)

 

Tracy Johnson,

Minnesota Department of Health

121 East Seventh Place, Suite 400

St. Paul, MN 55101

 

Dear Ms. Johnson:

 

RE: Proposed Permanent Rules Relating to Administrative Billing Data,

Minnesota Rules, Chapter 4653.

 

I oppose the entire set of proposed rules for Chapter 4653 regarding

the collection of administrative billing and health data. I am

therefore requesting that you hold a public hearing on the proposed

rule.

 

Sincerely,

 

YOUR FIRST AND LAST NAME

Street Address

City, State, Zip

 

___________________________________

RULES/ADDRESSES FOR HEARING REQUEST

By law, you need only email, fax or mail a letter that says 1) you

oppose the entire set of proposed rules and 2) you request a hearing

on the proposed rule before an Administrative Law Judge (see sample

letter above) and 3) your address and your name. No other informaton

or stated reason for your opposition is required. IF YOU DO NOT

COMPLY with these three requirements, your letter will be ruled

invalid. Send your request for a hearing to: Tracy Johnson, Minnesota

Department of Health, 121 East Seventh Place, Suite 400, St. Paul, MN

55101. Phone: 651-282-5650, FAX: 651-282-5628) EMAIL:

[email protected]

 

____________________

IF A HEARING IS HELD:

Asking for a hearing does not require that you attend the hearing.

Administrative Law Judge Allan W. Klein will hold a hearing if at

least 25 letters asking for a hearing are received. If a hearing is

held, it will be Friday, October 4, 2002, beginning at 9:00 a.m. CCHC

will notify its email list, and the department is required to notify

anyone who requested a hearing. Anyone may attend the hearing or send

letters of concern to the judge for consideration. ( See CCHC List of

Concerns below)

 

________________________________________________

WHY YOUR ACTION ON THE RULE COULD CHANGE THE LAW:

Opposition from the public to the RULE could go a long way toward

changing the LAW. Although the 1993 legislature gave the Department

of Health legal access to patient medical records (buried in a

174-page bill), the legislature is for the most part unaware of this

law. In fact, the 2002 legislature came close to passing an amendment

to stop the Health Department from gaining that access. The amendment

would have required the department to bring the rule before the 2003

legislature for approval prior to adoption. Unfortunately, the

business proponents of the amendment got their cost of data

submission concerns met by Department officials and withdrew the

amendment. However, before it was withdrawn, the amendment had

signatures from both Republicans and Democrats. Those that CCHC spoke

with were both surprised and appalled that state government had a

such authority. A public outpouring of concern could bring the issue

to light and change that.

 

______________________________________

CCHC'S LIST OF CONCERNS ABOUT THE RULE:

 

* GOVERNMENT ACCESS TO PRIVATE MEDICAL RECORDS. The State of

Minnesota plans to collect personal, individually-identifiable

medical, billing, enrollment, demographic, prescription, and mental

health data. (Section 4653.0200)

 

* NO PATIENT CONSENT. No patient consent is required before any data

is disclosed or transmitted.  (Section 4653.0200, subpart 7, page 249)

 

* ENORMOUS AMOUNTS OF DATA WILL BE TRANSMITTED TO STATE GOVERNMENT.

Health insurers and hospitals will together electronically transmit

nearly 100 data elements, including patient name and gender, date of

birth, patient identification and medical record numbers, patient

address, patient race and ethnic background, patient employment and

marital status, medical and mental health diagnoses, procedures

performed, medications prescribed, health status, doctor's names and

identification numbers, name of health insurer, name of hospital,

dollar amount charged, total sum of medical bill, type of insurance,

hospital discharge and admission dates, cause of injury and date of

onset of illness, injury or pregnancy. Health officials will also be

given data on the number of service units (days, visits, miles, or

injections) that were provided to individuals patients during the

entire year. (Section 4653.0200, pp 246-9)

 

* COMMISSIONER CAN ADD NEW DATA REQUIREMENTS WITHOUT PUBLIC NOTICE.

Genetic and lifestyle data could be added to the list of data

requirements. The Commissioner can at his/her own discretion choose

to add a new data element requirement if the element is part of "the

national recommendations for the collection of public health data

elements," or if the element is needed to support assessment of a

public health goal, to affect the quality of or directly enhance the

use of another data element or to fulfill a state or federal law. No

notice must be made to the public regarding the new private data

being transmitted to the state government. No public comment period

is required. (Section 4653.0200, subpart 8, page 250)

 

* HEALTH DEPARTMENT HAS BROAD DISCRETION FOR USE OF DATA. There is no

independent review of use of the data if the Health Department uses

it internally for 4 purposes, including providing background,

planning, or policy development for a project with another state

agency, for the health department's program activities, or for

performing preliminary data analysis that may result in a department

research project proposal. (Section 4653.0500, subpart 1, page 254)

 

* CONSUMERS NOT REPRESENTED APPROPRIATELY. The data use committee

that makes recommendations for department use of the data for

research projects has only one consumer representative. There are

four insurance representatives, three government representatives,

three hospital reps, one research institution rep, one health

services researcher rep, one nurse rep and one physician

representative. (Section 4653.0600, page 255)

 

* CONCENTRATION OF POWER. The data use committee can only make

recommendations. It has no authority to authorize or deny access to

data for research. Sole authority is vested in the Commissioner of

Health. (Section 4653.0500, subpart 4, page 254)

 

* DEPARTMENT RESEARCH RESULTS MAY GO UNCHALLENGED. A request by a

member of the public for access to "public use data" can be denied if

a characteristic of the data could directly or indirectly identify an

individual, provider, or health plan. This acknowledges that the data

is identifiable even if the personal identifiers have been removed or

encrypted as law requires (the department keeps the identifiers in a

separate vault). (Section 4653.0800, subpart 3, page 256)

 

* NO ENFORCEMENT OR PENALTIES FOR BREACH OF PRIVACY. Although the

health commissioner must do audits, require training, and report on

breaches or misuse of data, the commissioner must only report "what

has been done to address any outstanding issues." (Section 4653.0900,

subpart 1, page 257-8)

 

* NOT ENOUGH MANPOWER TO PROTECT DATA. There are, according to the

department, 100 health department research positions. The

Department's sole data steward, who is responsible for limiting

access, implementing system security safeguards, reporting breaches,

overseeing the provision of data, and complying with data practices,

may not be able to effectively assess problems and control access.

(Section 4653.0900, subpart 2, page 258)

 

* BASED ON A PROMISE ONLY. Health officials can contract with outside

agencies, organizations and others to process the data, leading to

privacy hazards external to the department. Researchers and

contractors are required to not use the data to identify individuals,

not duplicate or distribute the data and to destroy copies made, but

there is nothing to guarantee this will not happen. The department's

data will become a pot of gold, making it more tempting to ignore

rule requirements.(Section 4653.0900, subpart 3, page 257)

 

* TRYING TO GET EVERYONE'S DATA. The department is as yet unable to

get data from third-party administrators (TPAs) - those who

administer the health plans of self-insured employers (employers who

use their own cash reserves to pay for the health care costs of their

employees). The Health Department will investigate the availability

of other sources of health data on individuals who are in these

self-insured plans. (Section 4653.1300, page 259)

 

________________________

THE RULE AND CURRENT LAW

 

Proposed Rule:

http://www.comm.media.state.mn.us/bookstore/stateregister/278.pdf

 

MN State Law: Minnesota Statutes 62J (limited sections):

 

==62J.301

      62J.301 Research and data initiatives.

 

[...]

 

     Subd. 2.    Statement of purpose.  The commissioner of

  health shall conduct data and research initiatives in order to

  monitor and improve the efficiency and effectiveness of health

  care in Minnesota.

 

     Subd. 3.    General duties.  The commissioner shall:

 

     (1) collect and maintain data which enable population-based

  monitoring and trending of the access, utilization, quality, and

  cost of health care services within Minnesota;

 

     (2) collect and maintain data for the purpose of estimating

  total Minnesota health care expenditures and trends;

 

     (3) collect and maintain data for the purposes of setting

  cost containment goals under section 62J.04, and measuring cost

  containment goal compliance;

 

     (4) conduct applied research using existing and new data

  and promote applications based on existing research;

 

     (5) develop and implement data collection procedures to

  ensure a high level of cooperation from health care providers

  and health plan companies, as defined in section 62Q.01,

  subdivision 4;

 

     (6) work closely with health plan companies and health care

  providers to promote improvements in health care efficiency and

  effectiveness; and

 

     (7) participate as a partner or sponsor of private sector

  initiatives that promote publicly disseminated applied research

  on health care delivery, outcomes, costs, quality, and

  management.

 

     Subd. 4.    Information to be collected.  (a) The data

  collected may include health outcomes data, patient functional

  status, and health status.  The data collected may include

  information necessary to measure and make adjustments for

  differences in the severity of patient condition across

  different health care providers, and may include data obtained

  directly from the patient or from patient medical records, as

  provided in section 62J.321, subdivision 1.

 

   [...]

 

      62J.321 Data collection and processing procedures.

 

     Subdivision 1.    Data collection.  (a) The commissioner

  shall collect data from health care providers, health plan

  companies, and individuals in the most cost-effective manner,

  which does not unduly burden them.  The commissioner may require

  health care providers and health plan companies to collect and

  provide patient health records and claim files, and cooperate in

  other ways with the data collection process.  The commissioner

  may also require health care providers and health plan companies

  to provide mailing lists of patients.  Patient consent shall not

  be required for the release of data to the commissioner pursuant

  to sections 62J.301 to 62J.42 by any group purchaser, health

  plan company, health care provider; or agent, contractor, or

  association acting on behalf of a group purchaser or health care

  provider.  Any group purchaser, health plan company, health care

  provider; or agent, contractor, or association acting on behalf

  of a group purchaser or health care provider, that releases data

  to the commissioner in good faith pursuant to sections 62J.301

  to 62J.42 shall be immune from civil liability and criminal

  prosecution.

 

     (b) When a group purchaser, health plan company, or health

  care provider submits patient identifying data, as defined in

  section 62J.451, to the commissioner pursuant to sections

  62J.301 to 62J.42, and the data is submitted to the commissioner

  in electronic form, or through other electronic means including,

  but not limited to, the electronic data interchange system

  defined in section 62J.451, the group purchaser, health plan

  company, or health care provider shall submit the patient

  identifying data in encrypted form, using an encryption method

  specified by the commissioner.  Submission of encrypted data as

  provided in this paragraph satisfies the requirements of section

  144.335, subdivision 3b.

 

     (c) The commissioner shall require all health care

  providers, group purchasers, and state agencies to use a

  standard patient identifier and a standard identifier for

  providers and health plan companies when reporting data under

  this chapter.  The commissioner must encrypt patient identifiers

  to prevent identification of individual patients and to enable

  release of otherwise private data to researchers, providers, and

  group purchasers in a manner consistent with chapter 13 and

  sections 62J.55 and 144.335.  This encryption must ensure that

  any data released must be in a form that makes it impossible to

  identify individual patients.

 

     Subd. 2.    Failure to provide data.  The intentional

  failure to provide the data requested under this chapter is

  grounds for disciplinary or regulatory action against a

  regulated provider or group purchaser.  The commissioner may

  assess a fine against a provider or group purchaser who refuses

  to provide data required by the commissioner.  If a provider or

  group purchaser refuses to provide the data required, the

  commissioner may obtain a court order requiring the provider or

  group purchaser to produce documents and allowing the

  commissioner to inspect the records of the provider or group

  purchaser for purposes of obtaining the data required.

 

  [...]

 

     Subd. 6.    Rulemaking.  The commissioner may adopt

  rules to implement sections 62J.301 to 62J.452.

 

 

 

 

 

**************************************************************

A free-market resource for designing the future of health care

**************************************************************

 

Citizens' Council on Health Care

1954 University Ave.W., Suite 8

St. Paul, MN  55104

651-646-8935 phone

651-646-0100 fax

http://www.cchconline.org

**************************

 

NOTE: If you do not wish to receive this email,

contact CCHC to remove your name from the list.

Thank you.