To Keep Minnesota State Government Out of Your Medical Records, Email or Write a Letter Today!

DEADLINE: WEDNESDAY, SEPTEMBER 18, 2002

*** Email letters are accepted! ***

REGARDING: The Minnesota Department of Health's plan (proposed rule) to collect, store and use individually-identifiable medical record data without patient consent: Proposed Permanent Rules Relating to Administrative Billing Data, Minnesota Rules, Chapter 4653.

ACTION REQUESTED
Please request a public hearing on the proposed rule (see sample letter below). By law, at least 25 letters are needed for a hearing to be held. A hearing before an Administrative Law Judge will block immediate implementation of the proposed rule, and perhaps force the department to re-write the rule to address citizen concerns. If possible, please send CCHC a copy (info@cchfreedom.org)

FIND BELOW:

Sample Letter to Request a Hearing (Feel free to use your own words)


Tracy Johnson,
Minnesota Department of Health
121 East Seventh Place, Suite 400
St. Paul, MN 55101

Dear Ms. Johnson:

RE: Proposed Permanent Rules Relating to Administrative Billing Data, Minnesota Rules, Chapter 4653.

I oppose the entire set of proposed rules for Chapter 4653 regarding the collection of administrative billing and health data. I am therefore requesting that you hold a public hearing on the proposed rule.

Sincerely,

YOUR FIRST AND LAST NAME
Street Address
City, State, Zip


Rules/Addresses for Hearing Request
By law, you need only email, fax or mail a letter that says 1) you oppose the entire set of proposed rules and 2) you request a hearing on the proposed rule before an Administrative Law Judge (see sample letter above) and 3) your address and your name. No other information or stated reason for your opposition is required, but you may add your objections in the letter. However, IF YOU DO NOT COMPLY with these three requirements, your letter will be ruled invalid. Send your request for a hearing to: Tracy Johnson, Minnesota Department of Health, 121 East Seventh Place, Suite 400, St. Paul, MN 55101. Phone: 651-282-5650, FAX: 651-282-5628) EMAIL: Tracy.L.Johnson@health.state.mn.us

If a Hearing is Held:
Asking for a hearing does not require that you attend the hearing. Administrative Law Judge Allan W. Klein will hold a hearing if at least 25 letters asking for a hearing are received. If a hearing is held, it will be Friday, October 4, 2002, beginning at 9:00 a.m. CCHC will notify its email list, and the health department is required to notify anyone who requested a hearing. At that point, concerned individuals should send letters of concern to the judge for consideration at Judge Allan W. Klein, Office of Administrative Hearings, 100 Washington Square, Suite 1700, Minneapolis, MN 55401-2138, phone: 612-341-7609, fax 612-349-2665).( See CCHC List of Concerns below)

Why Your Action on the Rule Could Change the Law:
Opposition from the public to the RULE could go a long way toward changing the LAW. Although the 1993 legislature gave the Department of Health legal access to patient medical records (buried in a 174-page bill), the legislature is for the most part unaware of this law. In fact, the 2002 legislature came close to passing an amendment to stop the Health Department from gaining that access. The amendment would have required the department to bring the rule before the 2003 legislature for approval prior to adoption. Unfortunately, the business proponents of the amendment got their cost of data submission concerns met by Department officials and withdrew the amendment. However, before it was withdrawn, the amendment had signatures from both Republicans and Democrats. Those that CCHC spoke with did not realize that Minnesota has such a law on its books. A public outpouring of concern could bring the issue to light and change that.

CCHC'S List of Concerns about the Rule:

  • GOVERNMENT ACCESS TO PRIVATE MEDICAL RECORDS. The State of Minnesota plans to collect personal, individually-identifiable medical, billing, enrollment, demographic, prescription, and mental health data. (Section 4653.0200)
  • NO PATIENT CONSENT. No patient consent is required before any data is disclosed or transmitted to the government. This is a violation of constitutional rights against unreasonable search and seizure as provided in the Fourth Amendment. (Section 4653.0200, subpart 7, page 249)
  • ENORMOUS AMOUNTS OF DATA WILL BE TRANSMITTED TO STATE GOVERNMENT. Health insurers and hospitals will together electronically transmit nearly 100 data elements, including patient name and gender, date of birth, patient identification and medical record numbers, patient address, patient race and ethnic background, patient employment and marital status, medical and mental health diagnoses, procedures performed, medications prescribed, health status, doctor's names and identification numbers, name of health insurer, name of hospital, dollar amount charged, total sum of medical bill, type of insurance, hospital discharge and admission dates, cause of injury and date of onset of illness, injury or pregnancy. Health officials will also be given data on the number of service units (days, visits, miles, or injections) that were provided to individuals patients during the entire year. (Section 4653.0200, pp 246-9)
  • COMMISSIONER CAN ADD NEW DATA REQUIREMENTS WITHOUT PUBLIC NOTICE. Genetic and lifestyle data could be added to the list of data requirements. The Commissioner can at his/her own discretion choose to add a new data element requirement if the element is part of "the national recommendations for the collection of public health data elements," or if the element is needed to support assessment of a public health goal, to affect the quality of or directly enhance the use of another data element or to fulfill a state or federal law. No notice must be made to the public regarding the new private data being transmitted to the state government. No public comment period is required. (Section 4653.0200, subpart 8, page 250)
  • HEALTH DEPARTMENT HAS BROAD DISCRETION FOR USE OF DATA. There is no independent review of use of the data if the Health Department uses it internally for 4 purposes, including providing background, planning, or policy development for a project with another state agency, for the health department's program activities, or for performing preliminary data analysis that may result in a department research project proposal. (Section 4653.0500, subpart 1, page 254)
  • CONSUMERS NOT REPRESENTED APPROPRIATELY. The data use committee that makes recommendations for department use of the data for research projects has only one consumer representative. There are four insurance representatives, three government representatives, three hospital reps, one research institution rep, one health services researcher rep, one nurse rep and one physician representative. (Section 4653.0600, page 255)
  • CONCENTRATION OF POWER. The data use committee can only make recommendations. It has no authority to authorize or deny access to data for research. Sole authority is vested in the Commissioner of Health. (Section 4653.0500, subpart 4, page 254)
  • DEPARTMENT RESEARCH RESULTS MAY GO UNCHALLENGED. A request by a member of the public for access to "public use data" can be denied if a characteristic of the data could directly or indirectly identify an individual, provider, or health plan. This acknowledges that the data is identifiable even if the personal identifiers have been removed or encrypted as law requires (the department keeps the identifiers in a separate vault). (Section 4653.0800, subpart 3, page 256)
  • NO ENFORCEMENT OR PENALTIES FOR BREACH OF PRIVACY. Although the health commissioner must do audits, require training, and report on breaches or misuse of data, the commissioner must only report "what has been done to address any outstanding issues." (Section 4653.0900, subpart 1, page 257-8)
  • NOT ENOUGH MANPOWER TO PROTECT DATA. There are, according to the department, 100 health department research positions. The Department's sole data steward, who is responsible for limiting access, implementing system security safeguards, reporting breaches, overseeing the provision of data, and complying with data practices, may not be able to effectively assess problems and control access. (Section 4653.0900, subpart 2, page 258)
  • BASED ON A PROMISE ONLY. Health officials can contract with outside agencies, organizations and others to process the data, leading to privacy hazards external to the department. Researchers and contractors may not use the data to identify individuals, duplicate or distribute the data and they must destroy any copies made, but there is nothing to guarantee this will happen. Given the current value of data, the department will be sitting on a pot of gold, making it more tempting to ignore rule requirements that have no teeth.(Section 4653.0900, subpart 3, page 257)
  • TRYING TO GET EVERYONE'S DATA. The department is as yet unable to get data from third-party administrators (TPAs) - those who administer the health plans of self-insured employers (employers who use their own cash reserves to pay for the health care costs of their employees). The Health Department will investigate the availability of other sources of health data on individuals who are in these self-insured plans. (Section 4653.1300, page 259)

The Rule and Current Law:

* Proposed Rule: http://www.comm.media.state.mn.us/bookstore/stateregister/278.pdf

* MN State Law: Minnesota Statutes 62J (limited sections):

==62J.301
62J.301 Research and data initiatives.

[...]

Subd. 2. Statement of purpose. The commissioner of health shall conduct data and research initiatives in order to monitor and improve the efficiency and effectiveness of health care in Minnesota.

Subd. 3. General duties. The commissioner shall:

  1. collect and maintain data which enable population-based monitoring and trending of the access, utilization, quality, and cost of health care services within Minnesota;
  2. collect and maintain data for the purpose of estimating total Minnesota health care expenditures and trends;
  3. collect and maintain data for the purposes of setting cost containment goals under section 62J.04, and measuring cost containment goal compliance;
  4. conduct applied research using existing and new data and promote applications based on existing research;
  5. develop and implement data collection procedures to ensure a high level of cooperation from health care providers and health plan companies, as defined in section 62Q.01, subdivision 4;
  6. work closely with health plan companies and health care providers to promote improvements in health care efficiency and effectiveness; and
  7. participate as a partner or sponsor of private sector initiatives that promote publicly disseminated applied research on health care delivery, outcomes, costs, quality, and management.

Subd. 4. Information to be collected. (a) The data collected may include health outcomes data, patient functional status, and health status. The data collected may include information necessary to measure and make adjustments for differences in the severity of patient condition across different health care providers, and may include data obtained directly from the patient or from patient medical records, as provided in section 62J.321, subdivision 1.

[...]

62J.321 Data collection and processing procedures.

Subdivision 1. Data collection. (a) The commissioner shall collect data from health care providers, health plan companies, and individuals in the most cost-effective manner, which does not unduly burden them. The commissioner may require health care providers and health plan companies to collect and provide patient health records and claim files, and cooperate in other ways with the data collection process. The commissioner may also require health care providers and health plan companies to provide mailing lists of patients. Patient consent shall not be required for the release of data to the commissioner pursuant to sections 62J.301 to 62J.42 by any group purchaser, health plan company, health care provider; or agent, contractor, or association acting on behalf of a group purchaser or health care provider. Any group purchaser, health plan company, health care provider; or agent, contractor, or association acting on behalf of a group purchaser or health care provider, that releases data to the commissioner in good faith pursuant to sections 62J.301 to 62J.42 shall be immune from civil liability and criminal prosecution.

(b) When a group purchaser, health plan company, or health care provider submits patient identifying data, as defined in section 62J.451, to the commissioner pursuant to sections 62J.301 to 62J.42, and the data is submitted to the commissioner in electronic form, or through other electronic means including, but not limited to, the electronic data interchange system defined in section 62J.451, the group purchaser, health plan company, or health care provider shall submit the patient identifying data in encrypted form, using an encryption method specified by the commissioner. Submission of encrypted data as provided in this paragraph satisfies the requirements of section 144.335, subdivision 3b.

(c) The commissioner shall require all health care providers, group purchasers, and state agencies to use a standard patient identifier and a standard identifier for providers and health plan companies when reporting data under this chapter. The commissioner must encrypt patient identifiers to prevent identification of individual patients and to enable release of otherwise private data to researchers, providers, and group purchasers in a manner consistent with chapter 13 and sections 62J.55 and 144.335. This encryption must ensure that any data released must be in a form that makes it impossible to identify individual patients.

Subd. 2. Failure to provide data. The intentional failure to provide the data requested under this chapter is grounds for disciplinary or regulatory action against a regulated provider or group purchaser. The commissioner may assess a fine against a provider or group purchaser who refuses to provide data required by the commissioner. If a provider or group purchaser refuses to provide the data required, the commissioner may obtain a court order requiring the provider or group purchaser to produce documents and allowing the commissioner to inspect the records of the provider or group purchaser for purposes of obtaining the data required.

[...]

Subd. 6. Rulemaking. The commissioner may adopt rules to implement sections 62J.301 to 62J.452.